Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.1

    MEDIUM
    CVE-2026-2947

    A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross s... Read more

    Affected Products : forest
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting
  • 8.2

    HIGH
    CVE-2019-25452

    Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL ... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 7.1

    HIGH
    CVE-2019-25450

    Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode,... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25446

    DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25443

    Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or ... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25442

    Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF value... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25440

    WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id va... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25439

    NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in t... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25433

    XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar_pdf.php endpoint with malicious cid ... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25391

    Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint wit... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 8.2

    HIGH
    CVE-2019-25366

    microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL i... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 5.1

    MEDIUM
    CVE-2026-2946

    A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The ... Read more

    Affected Products : forest
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting
  • 6.5

    MEDIUM
    CVE-2026-2945

    A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may... Read more

    Affected Products : jeecg_boot
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Server-Side Request Forgery
  • 7.5

    HIGH
    CVE-2026-2944

    A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId resu... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Injection
  • 5.3

    MEDIUM
    CVE-2026-2943

    A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The atta... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting
  • 7.5

    HIGH
    CVE-2026-2940

    A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler. This manipulation causes out-of-b... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption
  • 4.8

    MEDIUM
    CVE-2026-2939

    A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch ... Read more

    Affected Products : school_management_system
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting
  • 7.5

    HIGH
    CVE-2026-2938

    A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to i... Read more

    Affected Products : student_result_management_system
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Authorization
  • 8.3

    HIGH
    CVE-2026-2935

    A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remote... Read more

    Affected Products :
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Memory Corruption
  • 4.8

    MEDIUM
    CVE-2026-2934

    A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site sc... Read more

    Affected Products : yifang
    • Published: Feb. 22, 2026
    • Modified: Feb. 22, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4590 Results