Latest CVE Feed
-
5.3
MEDIUMCVE-2026-1658
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially... Read more
Affected Products : directory_services- Published: Feb. 19, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-2869
A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can... Read more
Affected Products : janet- Published: Feb. 21, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-2865
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product resul... Read more
Affected Products : agri-trading_online_shopping_system- Published: Feb. 21, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Injection
-
9.1
CRITICALCVE-2026-26747
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.force_url" is not set and default is "false". ... Read more
Affected Products : monica- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2026-2849
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\Cach... Read more
Affected Products : warehouse- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2850
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerControlle... Read more
Affected Products : warehouse- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2851
A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\Inpo... Read more
Affected Products : warehouse- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2019-25444
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to ext... Read more
Affected Products : fiverr_clone_script- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2019-25445
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-r... Read more
Affected Products : fiverr_clone_script- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-2858
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locall... Read more
Affected Products : wren- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2019-25435
Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious pay... Read more
Affected Products : deviceviewer- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2019-25436
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password param... Read more
Affected Products : deviceviewer- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter... Read more
Affected Products : labcollector- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-2034
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit ... Read more
Affected Products : dicom_viewer_pro- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2026-2506
The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customer_name' data and rendering it in the admin customer list withou... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2026-2499
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2026-2498
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2026-2489
The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Watched domains' textarea on the attachment importer settings page in all versions up to, and including, 1.1. This is due to insufficient input sanitization and ... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-2029
The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[labb_pricing_item]` shortcode's `title` and `value` attributes in all versions up to, and including, 3.9.2 due to insufficient input sanitiz... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
7.6
HIGHCVE-2026-27970
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internatio... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting