Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2026-2133

    A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2026-2131

    A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit i... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-2130

    A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The attack ma... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-2132

    A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-2209

    A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authori... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-2208

    A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely.... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2026-2207

    A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is ... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-2206

    A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls.... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-2205

    A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remo... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2026-2129

    A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The a... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-15100

    The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function.... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-15027

    The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_use... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-2122

    A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. Th... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2120

    A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2026-2118

    A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection.... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2117

    A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. The attack can be in... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2116

    A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack r... Read more

    Affected Products :
    • Published: Feb. 08, 2026
    • Modified: Feb. 08, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2115

    A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id causes sql injection. It is possible to initiate the atta... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 07, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2026-2114

    A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results in sql injection. The attack may be performed from rem... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 07, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2026-25859

    Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.... Read more

    Affected Products :
    • Published: Feb. 07, 2026
    • Modified: Feb. 07, 2026
    • Vuln Type: Authorization
Showing 20 of 4570 Results