Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.1 CRITICAL
CVE-2019-25456 — Web Ofisi Emlak v2 SQL Injection via ara Parameter

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can se…

emlak | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25455 — Web Ofisi E-Ticaret v3 SQL Injection via ara.html

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send…

ticaret e-ticaret | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
9.1 CRITICAL
CVE-2026-2953 — Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulatio…

ujcms | Remote | Path Traversal
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-2952 — Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxar…

vaelsys | Remote | Injection
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
5.4 MEDIUM
CVE-2026-2947 — rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component U…

forest | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
8.8 HIGH
CVE-2019-25452 — Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attack…

dolibarr_erp\/crm | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
7.5 HIGH
CVE-2019-25450 — Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can …

dolibarr_erp\/crm | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25446 — DIGIT CENTRIS ERP Every version SQL Injection via datum1 Parameter

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameter…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25443 — Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malici…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25442 — Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GE…

web_wiz_forums | Remote | Injection
Feb 22, 2026 Mar 02, 2026
Feb 22, 2026
Mar 02, 2026
8.8 HIGH
CVE-2019-25440 — WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET …

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25439 — NoviSmart CMS SQL Injection via Referer HTTP Header

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can cr…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25433 — XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET re…

xoops | Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25391 — Ashop Shopping Cart Software Lastest Latest SQL Injection via bannedcustomers.php

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POS…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
8.8 HIGH
CVE-2019-25366 — microASP Portal+ CMS SQL Injection via pagina.phtml

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attack…

Remote | Injection
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
5.4 MEDIUM
CVE-2026-2946 — rymcu forest Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cr…

A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java o…

forest | Remote | Cross-Site Scripting
Feb 22, 2026 Feb 25, 2026
Feb 22, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2026-2945 — JeecgBoot uploadImgByHttp server-side request forgery

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl…

jeecg_boot | Remote | Server-Side Request Forgery
Feb 22, 2026 Mar 03, 2026
Feb 22, 2026
Mar 03, 2026
9.8 CRITICAL
CVE-2026-2944 — Tosei Online Store Management System ネット店舗管理システム HTTP POST Request monitor.php system os …

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handl…

online_store_management_system | Remote | Injection
Feb 22, 2026 Feb 26, 2026
Feb 22, 2026
Feb 26, 2026
5.3 MEDIUM
CVE-2026-2943 — SapneshNaik Student Management System index.php cross site scripting

A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of th…

Remote | Cross-Site Scripting
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
7.5 HIGH
CVE-2026-2940 — Zaher1307 tiny_web_server URL tiny.c out-of-bounds write

A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the …

Remote | Memory Corruption
Feb 22, 2026 Feb 23, 2026
Feb 22, 2026
Feb 23, 2026
Showing 20 of 5265 Results