Latest CVE Feed
-
4.3
MEDIUMCVE-2026-24314
Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are ... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-15589
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enable... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-3070
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be la... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2026-3069
A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The ... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-3068
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-3067
A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-3066
A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Ex... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE c... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2026-3091
An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-3065
A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in com... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-3064
A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to co... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-3057
A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode resul... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-3054
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. ... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Cross-Site Scripting
-
5.7
MEDIUMCVE-2026-27129
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which only resolves IPv4 addresses. When a hostname has only ... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Server-Side Request Forgery
-
6.9
MEDIUMCVE-2026-27128
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usa... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Race Condition
-
7.0
HIGHCVE-2026-27127
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Server-Side Request Forgery
-
5.9
MEDIUMCVE-2026-27126
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` component when using the `html` column type. The applicati... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-26983
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-26981
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istr... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Memory Corruption