CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,475
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5569 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper a… | |||
| CVE-2026-5562 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation lea… | |||
| CVE-2026-5526 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation result… | |||
| CVE-2026-23450 | critical | 9.8 | 9.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_… | |||
| CVE-2026-5463 | critical | 9.8 | 9.8 | 2mo ago | Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This break… | |||
| CVE-2026-5368 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the… | |||
| CVE-2026-5334 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This … | |||
| CVE-2026-5333 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host res… | |||
| CVE-2026-5244 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pu… | |||
| CVE-2026-34159 | critical | 9.8 | 9.8 | 2mo ago | llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthentica… | |||
| CVE-2026-34072 | critical | 9.8 | 9.8 | 2mo ago | Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthe… | |||
| CVE-2026-5257 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulati… | |||
| CVE-2026-5256 | critical | 9.8 | 9.8 | 2mo ago | A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument… | |||
| CVE-2026-5183 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead… | |||
| CVE-2026-5176 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provid… | |||
| CVE-2026-5035 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en… | |||
| CVE-2026-5034 | critical | 9.8 | 9.8 | 2mo ago | A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation… | |||
| CVE-2026-5033 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The … | |||
| CVE-2026-5030 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipul… | |||
| CVE-2026-5020 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The ma… | |||
| CVE-2026-5019 | critical | 9.8 | 9.8 | 2mo ago | A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parame… | |||
| CVE-2026-5018 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulat… | |||
| CVE-2026-5017 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manip… | |||
| CVE-2026-4965 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performin… | |||
| CVE-2026-22738 | critical | 9.8 | 9.8 | 2mo ago | Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key | |||
| CVE-2026-4908 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of … | |||
| CVE-2026-34060 | critical | 9.8 | 9.8 | 2mo ago | Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpol… | |||
| CVE-2026-26213 | critical | 9.8 | 9.8 | 2mo ago | thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to e… | |||
| CVE-2026-33728 | critical | 9.8 | 9.8 | 2mo ago | dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data witho… | |||
| CVE-2026-4809 | critical | 9.8 | 9.8 | 2mo ago | plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling… | |||
| CVE-2026-4850 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of… | |||
| CVE-2026-4698 | critical | 9.8 | 9.8 | 2mo ago | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |||
| CVE-2026-4784 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argum… | |||
| CVE-2026-31851 | critical | 9.8 | 9.8 | 2mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authent… | |||
| CVE-2026-31848 | critical | 9.8 | 9.8 | 2mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the e… | |||
| CVE-2026-4581 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the ar… | |||
| CVE-2026-4580 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulati… | |||
| CVE-2026-4579 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the ar… | |||
| CVE-2026-29796 | critical | 9.8 | 9.8 | 3mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |||
| CVE-2026-25192 | critical | 9.8 | 9.8 | 3mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |||
| CVE-2026-4499 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be laun… | |||
| CVE-2026-4497 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command in… | |||
| CVE-2026-4473 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment_action.php. The manipulation of the argume… | |||
| CVE-2026-4472 | critical | 9.8 | 9.8 | 3mo ago | A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulatio… | |||
| CVE-2026-4471 | critical | 9.8 | 9.8 | 3mo ago | A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin_edit_employee.php. Executing a manipulation of the argume… | |||
| CVE-2026-4470 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a … | |||
| CVE-2026-4469 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_edit_menu_action.php. Such … | |||
| CVE-2026-3548 | critical | 9.8 | 9.8 | 3mo ago | Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string… | |||
| CVE-2026-27542 | critical | 9.8 | 9.8 | 3mo ago | Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce… | |||
| CVE-2026-4319 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the ar… | |||
| CVE-2026-4228 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the… | |||
| CVE-2026-4223 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads t… | |||
| CVE-2026-4210 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, D… | |||
| CVE-2026-4209 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-4207 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-4206 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, … | |||
| CVE-2026-4205 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-4204 | critical | 9.8 | 9.8 | 3mo ago | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-… | |||
| CVE-2026-4203 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-… | |||
| CVE-2026-4197 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, … | |||
| CVE-2026-4196 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-4195 | critical | 9.8 | 9.8 | 3mo ago | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-… | |||
| CVE-2026-4194 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-… | |||
| CVE-2026-4180 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id le… | |||
| CVE-2026-4014 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulat… | |||
| CVE-2026-3981 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID resu… | |||
| CVE-2026-3980 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_… | |||
| CVE-2026-1524 | critical | 9.8 | 9.8 | 3mo ago | An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or mo… | |||
| CVE-2026-30903 | critical | 9.8 | 9.8 | 3mo ago | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | |||
| CVE-2026-3944 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql in… | |||
| CVE-2026-27842 | critical | 9.8 | 9.8 | 3mo ago | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. | |||
| CVE-2026-24448 | critical | 9.8 | 9.8 | 3mo ago | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. | |||
| CVE-2026-29515 | critical | 9.8 | 9.8 | 3mo ago | MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send a… | |||
| CVE-2026-3843 | critical | 9.8 | 9.8 | 3mo ago | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially cra… | |||
| CVE-2026-30930 | critical | 9.8 | 9.8 | 3mo ago | Glances has SQL Injection via Process Names in TimescaleDB Export | |||
| CVE-2026-23240 | critical | 9.8 | 9.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync… | |||
| CVE-2026-3818 | critical | 9.8 | 9.8 | 3mo ago | A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql inje… | |||
| CVE-2026-3813 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_… | |||
| CVE-2026-3795 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path tr… | |||
| CVE-2026-3794 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper auth… | |||
| CVE-2026-3765 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql i… | |||
| CVE-2026-3762 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The m… | |||
| CVE-2026-3760 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing a manipulation of the argument seme res… | |||
| CVE-2026-3759 | critical | 9.8 | 9.8 | 3mo ago | A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm lead… | |||
| CVE-2026-3758 | critical | 9.8 | 9.8 | 3mo ago | A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument I… | |||
| CVE-2026-3757 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm… | |||
| CVE-2026-3747 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument su… | |||
| CVE-2026-3746 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of th… | |||
| CVE-2026-3744 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql i… | |||
| CVE-2026-3740 | critical | 9.8 | 9.8 | 3mo ago | A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_… | |||
| CVE-2026-3736 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulati… | |||
| CVE-2026-3735 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulati… | |||
| CVE-2026-3730 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performi… | |||
| CVE-2026-3723 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno … | |||
| CVE-2026-3709 | critical | 9.8 | 9.8 | 3mo ago | A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username … | |||
| CVE-2026-3708 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argu… | |||
| CVE-2026-3705 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno … | |||
| CVE-2026-3696 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ma… | |||
| CVE-2026-26288 | critical | 9.8 | 9.8 | 3mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |||
| CVE-2026-26051 | critical | 9.8 | 9.8 | 3mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… |