Latest CVE Feed
-
7.6
HIGHCVE-2026-22567
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Injection
-
9.0
HIGHCVE-2026-3016
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-3015
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remote... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2026-2697
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cryptography
-
0.0
NACVE-2025-70045
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-70044
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-70043
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-14905
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string len... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-21420
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalatio... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-69700
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-2985
A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-si... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Server-Side Request Forgery
-
6.9
MEDIUMCVE-2026-2984
A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID leads to denial of service. The attack can be executed remo... Read more
Affected Products : student_result_management_system- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2025-59873
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network lo... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-40986
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/<XSS>'. This vulnerability ... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-40701
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. Th... Read more
Affected Products : soteshop- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2026-2983
A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes imprope... Read more
Affected Products : student_result_management_system- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-41002
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Injection
-
9.0
HIGHCVE-2026-2981
A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The ex... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2026-2980
A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption