CVEs from 2026
Total
13,833
critical
critical 1,206
high
high 4,492
medium
medium 4,322
low
low 469
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44855 | high | 7.2 | 7.2 | 20d ago | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent… | |||
| CVE-2026-44854 | high | 7.2 | 7.2 | 20d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arb… | |||
| CVE-2026-44853 | high | 7.2 | 7.2 | 20d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arb… | |||
| CVE-2026-44852 | high | 7.2 | 7.2 | 20d ago | An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authentica… | |||
| CVE-2026-8431 | high | 7.2 | 7.2 | 20d ago | An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affe… | |||
| CVE-2026-23823 | high | 7.2 | 7.2 | 20d ago | A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacke… | |||
| CVE-2026-23821 | high | 7.2 | 7.2 | 20d ago | A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Su… | |||
| CVE-2026-23820 | high | 7.2 | 7.2 | 20d ago | A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environme… | |||
| CVE-2026-8051 | high | 7.2 | 7.2 | 20d ago | OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||
| CVE-2026-6690 | high | 7.2 | 7.2 | 21d ago | The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the … | |||
| CVE-2026-41951 | high | 7.2 | 7.2 | 21d ago | Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI. | |||
| CVE-2026-8273 | high | 7.2 | 7.2 | 22d ago | A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation caus… | |||
| CVE-2026-8272 | high | 7.2 | 7.2 | 22d ago | A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os comma… | |||
| CVE-2026-8271 | high | 7.2 | 7.2 | 22d ago | A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the f… | |||
| CVE-2026-8265 | high | 7.2 | 7.2 | 22d ago | A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the… | |||
| CVE-2026-8259 | high | 7.2 | 7.2 | 22d ago | A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip lea… | |||
| CVE-2026-3828 | high | 7.2 | 7.2 | 24d ago | Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e… | |||
| CVE-2026-7330 | high | 7.2 | 7.2 | 25d ago | The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST par… | |||
| CVE-2026-27891 | high | 7.2 | 7.2 | 25d ago | FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism | |||
| CVE-2026-41641 | high | 7.2 | 7.2 | 26d ago | @nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call | |||
| CVE-2026-20035 | high | 7.2 | 7.2 | 26d ago | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to i… | |||
| CVE-2026-7332 | high | 7.2 | 7.2 | 27d ago | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, … | |||
| CVE-2026-39383 | high | 7.2 | 7.2 | 27d ago | Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL | |||
| CVE-2026-7857 | high | 7.2 | 7.2 | 27d ago | A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer… | |||
| CVE-2026-7856 | high | 7.2 | 7.2 | 27d ago | A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name c… | |||
| CVE-2026-7855 | high | 7.2 | 7.2 | 27d ago | A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of th… | |||
| CVE-2026-43874 | high | 7.2 | 7.2 | 27d ago | AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass | |||
| CVE-2026-7851 | high | 7.2 | 7.2 | 27d ago | A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The atta… | |||
| CVE-2026-7833 | high | 7.2 | 7.2 | 27d ago | A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulatio… | |||
| CVE-2026-4803 | high | 7.2 | 7.2 | 28d ago | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and inclu… | |||
| CVE-2026-38751 | high | 7.2 | 7.2 | 28d ago | OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php) | |||
| CVE-2026-3120 | high | 7.2 | 7.2 | 28d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue aff… | |||
| CVE-2026-5063 | high | 7.2 | 7.2 | 1mo ago | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to,… | |||
| CVE-2026-7490 | high | 7.2 | 7.2 | 1mo ago | CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution… | |||
| CVE-2026-5324 | high | 7.2 | 7.2 | 1mo ago | The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v… | |||
| CVE-2026-6229 | high | 7.2 | 7.2 | 1mo ago | The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs i… | |||
| CVE-2026-7049 | high | 7.2 | 7.2 | 1mo ago | The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes … | |||
| CVE-2026-5113 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation me… | |||
| CVE-2026-5112 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc… | |||
| CVE-2026-5111 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden … | |||
| CVE-2026-5110 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc… | |||
| CVE-2026-5109 | high | 7.2 | 7.2 | 1mo ago | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Optio… | |||
| CVE-2026-42404 | high | 7.2 | 7.2 | 1mo ago | Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API | |||
| CVE-2026-7435 | high | 7.2 | 7.2 | 1mo ago | SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attack… | |||
| CVE-2026-7461 | high | 7.2 | 7.2 | 1mo ago | Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticat… | |||
| CVE-2026-7246 | high | 7.2 | 7.2 | 1mo ago | Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account. | |||
| CVE-2026-42615 | high | 7.2 | 7.2 | 1mo ago | CyberChef has a Cross-site Scripting issue | |||
| CVE-2026-7247 | high | 7.2 | 7.2 | 1mo ago | A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation… | |||
| CVE-2026-7219 | high | 7.2 | 7.2 | 1mo ago | A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overfl… | |||
| CVE-2026-7218 | high | 7.2 | 7.2 | 1mo ago | A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipu… | |||
| CVE-2026-1460 | high | 7.2 | 7.2 | 1mo ago | A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could al… | |||
| CVE-2026-7191 | high | 7.2 | 7.2 | 1mo ago | Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillm… | |||
| CVE-2026-6992 | high | 7.2 | 7.2 | 1mo ago | A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. T… | |||
| CVE-2026-4821 | high | 7.2 | 7.2 | 1mo ago | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands… | |||
| CVE-2026-33518 | high | 7.2 | 7.2 | 1mo ago | An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more priv… | |||
| CVE-2026-26943 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln… | |||
| CVE-2026-26942 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacke… | |||
| CVE-2026-24506 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln… | |||
| CVE-2026-24505 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability,… | |||
| CVE-2026-24504 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation… | |||
| CVE-2026-22761 | high | 7.2 | 7.2 | 1mo ago | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading … | |||
| CVE-2026-4048 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applian… | |||
| CVE-2026-3519 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Loa… | |||
| CVE-2026-3518 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applia… | |||
| CVE-2026-3517 | high | 7.2 | 7.2 | 1mo ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the Lo… | |||
| CVE-2026-4116 | high | 7.2 | 7.2 | 2mo ago | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. | |||
| CVE-2026-4113 | high | 7.2 | 7.2 | 2mo ago | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | |||
| CVE-2026-4112 | high | 7.2 | 7.2 | 2mo ago | Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privile… | |||
| CVE-2026-5844 | high | 7.2 | 7.2 | 2mo ago | A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddres… | |||
| CVE-2026-5338 | high | 7.2 | 7.2 | 2mo ago | A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipul… | |||
| CVE-2026-27043 | high | 7.2 | 7.2 | 2mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6. | |||
| CVE-2026-23759 | high | 7.2 | 7.2 | 3mo ago | Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command do… | |||
| CVE-2026-4253 | high | 7.2 | 7.2 | 3mo ago | A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of t… | |||
| CVE-2026-3873 | high | 7.2 | 7.2 | 3mo ago | Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-1497 | high | 7.2 | 7.2 | 3mo ago | Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an… | |||
| CVE-2026-20892 | high | 7.2 | 7.2 | 3mo ago | Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands. | |||
| CVE-2026-25836 | high | 7.2 | 7.2 | 3mo ago | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attac… | |||
| CVE-2026-3798 | high | 7.2 | 7.2 | 3mo ago | A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Request Path Handler. T… | |||
| CVE-2026-3752 | high | 7.2 | 7.2 | 3mo ago | A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handle… | |||
| CVE-2026-3751 | high | 7.2 | 7.2 | 3mo ago | A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. Th… | |||
| CVE-2026-3750 | high | 7.2 | 7.2 | 3mo ago | A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3Clie… | |||
| CVE-2026-3711 | high | 7.2 | 7.2 | 3mo ago | A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplane… | |||
| CVE-2026-3710 | high | 7.2 | 7.2 | 3mo ago | A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument fligh… | |||
| CVE-2026-3704 | high | 7.2 | 7.2 | 3mo ago | A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The mani… | |||
| CVE-2026-3662 | high | 7.2 | 7.2 | 3mo ago | A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command … | |||
| CVE-2026-3661 | high | 7.2 | 7.2 | 3mo ago | A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is pos… | |||
| CVE-2026-28436 | high | 7.2 | 7.2 | 3mo ago | Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be trigg… | |||
| CVE-2026-27541 | high | 7.2 | 7.2 | 3mo ago | Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.6. | |||
| CVE-2026-3487 | high | 7.2 | 7.2 | 3mo ago | A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument cour… | |||
| CVE-2026-3486 | high | 7.2 | 7.2 | 3mo ago | A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no lea… | |||
| CVE-2026-3040 | high | 7.2 | 7.2 | 3mo ago | A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. T… | |||
| CVE-2026-2969 | high | 7.2 | 7.2 | 3mo ago | datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler | |||
| CVE-2026-2666 | high | 7.2 | 7.2 | 3mo ago | mingSoft MCMS does not properly restrict file uploads | |||
| CVE-2026-2537 | high | 7.2 | 7.2 | 4mo ago | A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component HTTP POST Request Handler. … | |||
| CVE-2026-2227 | high | 7.2 | 7.2 | 4mo ago | A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injectio… | |||
| CVE-2026-2226 | high | 7.2 | 7.2 | 4mo ago | A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_fil… | |||
| CVE-2026-2213 | high | 7.2 | 7.2 | 4mo ago | A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of … | |||
| CVE-2026-2179 | high | 7.2 | 7.2 | 4mo ago | A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql inje… | |||
| CVE-2026-2163 | high | 7.2 | 7.2 | 4mo ago | A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVE… | |||
| CVE-2026-2162 | high | 7.2 | 7.2 | 4mo ago | A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. … |