CVEs from 2026
Total
14,774
critical
critical 1,334
high
high 4,998
medium
medium 4,821
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22471 | high | 8.8 | 8.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecomm… | |||
| CVE-2026-3292 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argum… | |||
| CVE-2026-25109 | high | 8.8 | 8.8 | 3mo ago | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input … | |||
| CVE-2026-20910 | high | 8.8 | 8.8 | 3mo ago | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input in… | |||
| CVE-2026-3270 | high | 8.8 | 8.8 | 3mo ago | PSI Probe vulnerable to Server-Side Request Forgery | |||
| CVE-2026-3265 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipul… | |||
| CVE-2026-3264 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Ex… | |||
| CVE-2026-3262 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulati… | |||
| CVE-2026-3150 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher… | |||
| CVE-2026-3149 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a ma… | |||
| CVE-2026-3102 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulati… | |||
| CVE-2026-3101 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be ex… | |||
| CVE-2026-3067 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/uti… | |||
| CVE-2026-3066 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformU… | |||
| CVE-2026-3065 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performin… | |||
| CVE-2026-3064 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler… | |||
| CVE-2026-2697 | high | 8.8 | 8.8 | 3mo ago | An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | |||
| CVE-2026-2979 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Sche… | |||
| CVE-2026-2978 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the comp… | |||
| CVE-2026-2977 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component S… | |||
| CVE-2026-2956 | high | 8.8 | 8.8 | 3mo ago | A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command inje… | |||
| CVE-2026-2930 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of t… | |||
| CVE-2026-2824 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulatio… | |||
| CVE-2026-2823 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Perf… | |||
| CVE-2026-2822 | high | 8.8 | 8.8 | 4mo ago | A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backen… | |||
| CVE-2026-0974 | high | 8.8 | 8.8 | 4mo ago | The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'i… | |||
| CVE-2026-23230 | high | 8.8 | 8.8 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitf… | |||
| CVE-2026-2623 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the co… | |||
| CVE-2026-2617 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of… | |||
| CVE-2026-2563 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the componen… | |||
| CVE-2026-2562 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of th… | |||
| CVE-2026-2561 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation r… | |||
| CVE-2026-2535 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_channel. The manipulation of the argum… | |||
| CVE-2026-2534 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of th… | |||
| CVE-2026-2530 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injec… | |||
| CVE-2026-2526 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in co… | |||
| CVE-2026-1618 | high | 8.8 | 8.8 | 4mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.3… | |||
| CVE-2026-2218 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID cause… | |||
| CVE-2026-2194 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely… | |||
| CVE-2026-2178 | high | 8.8 | 8.8 | 4mo ago | xcode-mcp-server vulnerable to Command Injection | |||
| CVE-2026-2169 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command i… | |||
| CVE-2026-2168 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injectio… | |||
| CVE-2026-2167 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr result… | |||
| CVE-2026-2146 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Perfo… | |||
| CVE-2026-2141 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.… | |||
| CVE-2026-2135 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames … | |||
| CVE-2026-2131 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remo… | |||
| CVE-2026-2107 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\wareh… | |||
| CVE-2026-2106 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the fi… | |||
| CVE-2026-2105 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\ma… | |||
| CVE-2026-2079 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src… | |||
| CVE-2026-2078 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\wa… | |||
| CVE-2026-2077 | high | 8.8 | 8.8 | 4mo ago | A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset… | |||
| CVE-2026-2076 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\rep… | |||
| CVE-2026-2075 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\c… | |||
| CVE-2026-2065 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipula… | |||
| CVE-2026-2015 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulati… | |||
| CVE-2026-2008 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Perf… | |||
| CVE-2026-1819 | high | 8.8 | 8.8 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS. This issue affects Vi… | |||
| CVE-2026-1811 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename … | |||
| CVE-2026-1810 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the co… | |||
| CVE-2026-22550 | high | 8.8 | 8.8 | 4mo ago | OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution. | |||
| CVE-2026-24070 | high | 8.8 | 8.8 | 4mo ago | During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication … | |||
| CVE-2026-1746 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation o… | |||
| CVE-2026-1702 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing… | |||
| CVE-2026-1691 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML… | |||
| CVE-2026-1638 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp r… | |||
| CVE-2026-1625 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of th… | |||
| CVE-2026-1624 | high | 8.8 | 8.8 | 4mo ago | A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota… | |||
| CVE-2026-1597 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session lea… | |||
| CVE-2026-1596 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes co… | |||
| CVE-2026-1551 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can … | |||
| CVE-2026-1550 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the comp… | |||
| CVE-2026-1548 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injec… | |||
| CVE-2026-1544 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os co… | |||
| CVE-2026-1327 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request H… | |||
| CVE-2026-1326 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Thi… | |||
| CVE-2026-0834 | high | 8.8 | 8.8 | 5mo ago | Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory rese… | |||
| CVE-2026-1193 | high | 8.8 | 8.8 | 5mo ago | MineAdmin has Incorrect Privilege Assignment | |||
| CVE-2026-1169 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launch… | |||
| CVE-2026-22031 | high | 8.8 | 8.8 | 5mo ago | Fastify Middie Middleware Path Bypass | |||
| CVE-2026-1150 | high | 8.8 | 8.8 | 5mo ago | A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The mani… | |||
| CVE-2026-1149 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The man… | |||
| CVE-2026-1145 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffe… | |||
| CVE-2026-1144 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free… | |||
| CVE-2026-1141 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation l… | |||
| CVE-2026-1066 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation resu… | |||
| CVE-2026-23622 | high | 8.8 | 8.8 | 5mo ago | alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass | |||
| CVE-2026-0822 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Rem… | |||
| CVE-2026-0803 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/sessio… | |||
| CVE-2026-0733 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of th… | |||
| CVE-2026-0641 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_… | |||
| CVE-2026-0574 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller… | |||
| CVE-2026-0547 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registrat… | |||
| CVE-2026-46392 | high | 8.7 | 8.7 | 17h ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the file… | |||
| CVE-2026-9024 | high | 8.7 | 8.7 | 5d ago | A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could all… | |||
| CVE-2026-48527 | high | 8.7 | 8.7 | 8d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode… | |||
| CVE-2026-47762 | high | 8.7 | 8.7 | 9d ago | TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments | |||
| CVE-2026-47760 | high | 8.7 | 8.7 | 9d ago | TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs | |||
| CVE-2026-42197 | high | 8.7 | 8.7 | 10d ago | RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execut… |