Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.3 MEDIUM
CVE-2026-2966 — Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipu…

mongoose | Remote | Cryptography
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
4.8 MEDIUM
CVE-2026-2965 — 07FLYCMS/07FLY-CMS/07FlyCRM System Extension edit.html cross site scripting

A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extensi…

customer_relationship_management | Remote | Cross-Site Scripting
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.8 CRITICAL
CVE-2026-2964 — higuma web-audio-recorder-js Dynamic Config Handling WebAudioRecorder.js extend prototype…

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipul…

webaudiorecorder.js | Remote | Misconfiguration
Feb 23, 2026 Feb 26, 2026
Feb 23, 2026
Feb 26, 2026
9.8 CRITICAL
CVE-2026-24494 — SQL injection vulnerability in Order Up Online Ordering System

SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a…

Remote | Injection
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2026-2963 — Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the …

jinher_oa_c6 | Remote | Injection
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2962 — D-Link DWR-M960 Scheduled Reboot Configuration Endpoint formDateReboot sub_460F30 stack-b…

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. T…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2961 — D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based over…

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2960 — D-Link DWR-M960 formDhcpv6s sub_468D64 stack-based overflow

A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to st…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2959 — D-Link DWR-M960 formNewSchedule sub_44E0F8 stack-based overflow

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url r…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.0 HIGH
CVE-2026-2958 — D-Link DWR-M960 formWsc sub_457C5C stack-based overflow

A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-bas…

dwr-m960_firmware dwr-m960 | Remote | Memory Corruption
Feb 23, 2026 Feb 23, 2026
Feb 23, 2026
Feb 23, 2026
9.1 CRITICAL
CVE-2026-2588 — Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bi…

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium…

crypt\ | Remote | Memory Corruption
Feb 23, 2026 Mar 04, 2026
Feb 23, 2026
Mar 04, 2026
8.1 HIGH
CVE-2026-2957 — qinming99 dst-admin File BackupController.java deleteBackup denial of service

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the compone…

dst-admin | Remote | Denial of Service
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-2956 — qinming99 dst-admin restore revertBackup command injection

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command inje…

dst-admin | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-2954 — Dromara UJCMS ImportDataController import-channel importChanel injection

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a ma…

ujcms | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2019-25462 — Web Ofisi Rent a Car v3 SQL Injection via klima Parameter

Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25461 — Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers…

ticaret platinum_e-ticaret | Remote | Injection
Feb 22, 2026 Mar 10, 2026
Feb 22, 2026
Mar 10, 2026
8.8 HIGH
CVE-2019-25460 — Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attac…

ticaret platinum_e-ticaret | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2019-25459 — Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL…

emlak | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.8 CRITICAL
CVE-2019-25458 — Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can sen…

firma_rehberi | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25457 — Web Ofisi Firma v13 SQL Injection via oz Parameter

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can …

firma | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
Showing 20 of 5265 Results