Latest CVE Vulnerabilities

6.4 MEDIUM

CVE-2026-1614 — Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Sto…

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and includ…

rise_blocks | Remote | Cross-Site Scripting

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

9.2 CRITICAL

CVE-2026-3179 — A path traversal vulnerability was found in the FTP Backup on the ADM.

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path tr…

data_master | Remote | Path Traversal

Feb 25, 2026 Feb 26, 2026

Feb 25, 2026

Feb 26, 2026

9.0 HIGH

CVE-2026-3165 — Tenda F453 httpd AdvSetWrlsafeset fromSetWifiGusetBasic buffer overflow

A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit…

f453_firmware f453 | Remote | Memory Corruption

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

9.8 CRITICAL

CVE-2026-3164 — itsourcecode News Portal Project contactus.php sql injection

A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in s…

news_portal_project | Remote | Injection

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

7.5 HIGH

CVE-2026-3163 — SourceCodester Website Link Extractor URL file_get_contents server-side request forgery

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-s…

website_link_extractor | Remote | Server-Side Request Forgery

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

9.8 CRITICAL

CVE-2026-3153 — itsourcecode Document Management System register.php sql injection

A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injec…

document_management_system | Remote | Injection

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

9.8 CRITICAL

CVE-2026-3152 — itsourcecode College Management System teacher-salary.php sql injection

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id cau…

college_management_system | Remote | Injection

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

9.8 CRITICAL

CVE-2026-3151 — itsourcecode College Management System login.php sql injection

A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql…

college_management_system | Remote | Injection

Feb 25, 2026 Feb 25, 2026

Feb 25, 2026

8.3 HIGH

CVE-2026-3100 — An improper certificate validation vulnerability was found in the FTP Backup on the ADM.

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remot…

data_master | Remote | Cryptography

Feb 25, 2026 Feb 26, 2026

Feb 25, 2026

Feb 26, 2026

9.8 CRITICAL

CVE-2026-25785 — Lanscope Endpoint Manager (On-Premises) Path Traversal Remote Code Execution

Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbit…

lanscope_endpoint_manager | Path Traversal

Feb 25, 2026 Feb 27, 2026

Feb 25, 2026

Feb 27, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences