Latest CVE Feed
-
5.5
MEDIUMCVE-2026-2109
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be... Read more
Affected Products : coco_annotator- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2026-2110
A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of exces... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-2176
A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be execute... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2026-0555
The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and... Read more
Affected Products : premmerce- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-25562
WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing a... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
9.0
HIGHCVE-2026-2186
A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The ... Read more
Affected Products : rx3_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-2116
A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack r... Read more
Affected Products : society_management_system- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-22903
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-22904
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote ... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-22905
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-2141
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipula... Read more
Affected Products : wukongcrm- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-2117
A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. The attack can be in... Read more
Affected Products : society_management_system- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2026-0632
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level ac... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2026-25846
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-2122
A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. Th... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2026-1960
Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint.... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-2194
A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.... Read more
Affected Products : di-7100g_c1_firmware- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2026-2156
A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes ... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
8.3
HIGHCVE-2026-2157
A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection.... Read more
Affected Products : dir-823x_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-2149
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results i... Read more
Affected Products : patients_waiting_area_queue_management_system- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting