Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2026-26930

    SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.... Read more

    Affected Products : smartermail
    • Published: Feb. 16, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-2954

    A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results i... Read more

    Affected Products : ujcms
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25462

    Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to e... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25461

    Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25460

    Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malici... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25459

    Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il,... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25458

    Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat'... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25457

    Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25456

    Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25455

    Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to ... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2026-2953

    A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed f... Read more

    Affected Products : ujcms
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2026-2952

    A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible t... Read more

    Affected Products : vaelsys
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2026-2947

    A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross s... Read more

    Affected Products : forest
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2019-25452

    Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL ... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2019-25450

    Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode,... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2019-25446

    DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2019-25443

    Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or ... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2019-25442

    Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF value... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2019-25440

    WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id va... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2019-25439

    NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in t... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
Showing 20 of 4605 Results