Latest CVE Feed
-
8.3
HIGHCVE-2026-2157
A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection.... Read more
Affected Products : dir-823x_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-2158
A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2026-2235
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-15100
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function.... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-10465
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-2079
A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java... Read more
Affected Products : warehouse- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-2166
A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql inject... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-66597
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and ve... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cryptography
-
6.5
MEDIUMCVE-2026-2167
A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed f... Read more
Affected Products : wa300_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-2083
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack re... Read more
Affected Products : social_networking_site- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.9
CRITICALCVE-2026-1868
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template exp... Read more
Affected Products : ai-gateway- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
6.3
MEDIUMCVE-2025-66595
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link crafted by an attacker, the user’s account could be compromised. The... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Request Forgery
-
9.0
HIGHCVE-2026-2086
A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer o... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-2087
A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remot... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.0
HIGHCVE-2026-2202
A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launch... Read more
Affected Products : ac8_firmware- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2185
A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer... Read more
Affected Products : rx3_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-2106
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\... Read more
Affected Products : warehouse- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2107
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoCont... Read more
Affected Products : warehouse- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-66599
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as f... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.4
MEDIUMCVE-2026-1613
The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting