Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-2954 — Dromara UJCMS ImportDataController import-channel importChanel injection

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a ma…

ujcms | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2019-25462 — Web Ofisi Rent a Car v3 SQL Injection via klima Parameter

Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25461 — Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers…

ticaret | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25460 — Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attac…

ticaret platinum_e-ticaret | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2019-25459 — Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL…

emlak | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2019-25458 — Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can sen…

firma_rehberi | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25457 — Web Ofisi Firma v13 SQL Injection via oz Parameter

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can …

firma | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.1 CRITICAL
CVE-2019-25456 — Web Ofisi Emlak v2 SQL Injection via ara Parameter

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can se…

emlak | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25455 — Web Ofisi E-Ticaret v3 SQL Injection via ara.html

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send…

ticaret e-ticaret | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.1 CRITICAL
CVE-2026-2953 — Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulatio…

ujcms | Remote | Path Traversal
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-2952 — Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxar…

vaelsys | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
5.4 MEDIUM
CVE-2026-2947 — rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component U…

forest | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2019-25452 — Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attack…

dolibarr_erp\/crm | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
7.5 HIGH
CVE-2019-25450 — Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can …

dolibarr_erp\/crm | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25446 — DIGIT CENTRIS ERP Every version SQL Injection via datum1 Parameter

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameter…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25443 — Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malici…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25442 — Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GE…

web_wiz_forums | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25440 — WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET …

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25439 — NoviSmart CMS SQL Injection via Referer HTTP Header

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can cr…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25433 — XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET re…

xoops | Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
Showing 20 of 5225 Results