Latest CVE Feed
-
5.5
MEDIUMCVE-2026-2148
A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiat... Read more
Affected Products : ac21_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-2218
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack i... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-2165
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to ... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
5.8
MEDIUMCVE-2026-25904
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is ar... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Server-Side Request Forgery
-
8.3
HIGHCVE-2026-2182
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely.... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2026-2162
A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has be... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2026-2108
A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploi... Read more
Affected Products : coco_annotator- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2026-1608
The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying anot... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-66601
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and ver... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2026-1615
All versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untruste... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-2221
A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack i... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2026-2226
A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be la... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
9.0
HIGHCVE-2026-2202
A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launch... Read more
Affected Products : ac8_firmware- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2026-2207
A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is ... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-2208
A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely.... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
8.3
HIGHCVE-2026-2085
A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection... Read more
Affected Products : dwr-m921_firmware- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.0
HIGHCVE-2026-2086
A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer o... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
5.8
MEDIUMCVE-2026-2081
A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out rem... Read more
Affected Products : dir-823x_firmware- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-2199
A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in s... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection