Latest CVE Feed
-
0.0
NACVE-2025-69806
p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-26031
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by e... Read more
Affected Products : learning- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-59386
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
Affected Products : quts_hero- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2025-66274
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
Affected Products : quts_hero- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-58466
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify contr... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-63421
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
-
9.8
CRITICALCVE-2025-66277
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-52026
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, username... Read more
Affected Products : gemscms_backend- Published: Jan. 23, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-24128
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting (XSS) v... Read more
- Published: Jan. 24, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-15551
The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middl... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-2073
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from rem... Read more
- Published: Feb. 07, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-2083
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack re... Read more
Affected Products : social_networking_site- Published: Feb. 07, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2085
A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection... Read more
- Published: Feb. 07, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2026-2214
A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack re... Read more
Affected Products : online_music_site- Published: Feb. 09, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2026-2059
A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote.... Read more
Affected Products : medical_center_portal_management_system- Published: Feb. 06, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2021-47912
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially... Read more
Affected Products : php_melody- Published: Feb. 01, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2026-2391
### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to th... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-2320
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
Affected Products : chrome- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-2318
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
Affected Products : chrome- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Misconfiguration