Total CVEs

138,770

Critical Severity

3,601

High Severity

12,907

Last 7 Days

1,529
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 3,461 - 3,474 of 3,474 CVEs
CVE-2025-15435 CRITICAL - 9.8

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor...

Vendor: yonyou
Product: ksoa
Published: Jan 02, 2026
Source: NVD
CVE-2025-15434 CRITICAL - 9.8

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early ab...

Vendor: yonyou
Product: ksoa
Published: Jan 02, 2026
Source: NVD
CVE-2025-15427 CRITICAL - 9.8

A security flaw has been discovered in Seeyon Zhiyuan OA Web Application System up to 20251222. This impacts an unknown function of the file /carManager/carUseDetailList.j%73p. The manipulation of the argument CAR_BRAND_NO results in sql injection. The attack may be performed from remote. The exploi...

Vendor: seeyon
Product: oa_web_application_system
Published: Jan 02, 2026
Source: NVD
CVE-2025-15425 CRITICAL - 9.8

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has be...

Vendor: yonyou
Product: ksoa
Published: Jan 02, 2026
Source: NVD
CVE-2025-15424 CRITICAL - 9.8

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exp...

Vendor: yonyou
Product: ksoa
Published: Jan 02, 2026
Source: NVD
CVE-2025-14998 CRITICAL - 9.8

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to ...

Published: Jan 02, 2026
Source: NVD
CVE-2025-15421 CRITICAL - 9.8

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public...

Vendor: yonyou
Product: ksoa
Published: Jan 02, 2026
Source: NVD
CVE-2025-15420 CRITICAL - 9.8

A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The ven...

Vendor: yonyou
Product: ksoa
Published: Jan 02, 2026
Source: NVD
CVE-2025-68620 CRITICAL - 9.1

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated po...

Vendor: signalk
Product: signal_k_server
Published: Jan 01, 2026
Source: NVD
CVE-2025-15410 CRITICAL - 9.8

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and...

Vendor: anisha
Product: online_guitar_store
Published: Jan 01, 2026
Source: NVD
CVE-2025-15409 CRITICAL - 9.8

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing manipulation of the argument del_pro can lead to sql injection. The attack may be performed from remote. The exploit ha...

Vendor: anisha
Product: online_guitar_store
Published: Jan 01, 2026
Source: NVD
CVE-2025-15408 CRITICAL - 9.8

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public a...

Vendor: anisha
Product: online_guitar_store
Published: Jan 01, 2026
Source: NVD
CVE-2025-15407 CRITICAL - 9.8

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and...

Vendor: anisha
Product: online_guitar_store
Published: Jan 01, 2026
Source: NVD
CVE-2026-0544 CRITICAL - 9.8

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and m...

Vendor: itsourcecode
Product: school_management_system
Published: Jan 01, 2026
Source: NVD