Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,101 - 11,120 of 14,604 CVEs
CVE-2026-27513 MEDIUM - 4.3

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-ch...

Vendor: Shenzhen Tenda Technology Co., Ltd.
Product: Tenda F3
Published: Feb 23, 2026
Source: NVD
CVE-2026-27512 MEDIUM - 6.1

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affecte...

Vendor: Shenzhen Tenda Technology Co., Ltd.
Product: Tenda F3
Published: Feb 23, 2026
Source: NVD
CVE-2026-27511 MEDIUM - 4.3

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticat...

Vendor: Shenzhen Tenda Technology Co., Ltd.
Product: Tenda F3
Published: Feb 23, 2026
Source: NVD
CVE-2026-22568 MEDIUM - 5.5

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.

Vendor: Zscaler
Product: ZIA Admin UI
Published: Feb 23, 2026
Source: NVD
CVE-2026-2697 MEDIUM - 6.3

An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

Vendor: tenable
Product: security_center
Published: Feb 23, 2026
Source: NVD
CVE-2025-70044 MEDIUM - 6.5

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.

Vendor: fofolee
Product: utools-quickcommand
Published: Feb 23, 2026
Source: NVD
CVE-2026-2985 MEDIUM - 6.3

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible to...

Published: Feb 23, 2026
Source: NVD
CVE-2026-2984 MEDIUM - 6.5

A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID leads to denial of service. The attack can be executed remotely. The exploit is publicly available and m...

Vendor: munyweki
Product: student_result_management_system
Published: Feb 23, 2026
Source: NVD
CVE-2025-59873 MEDIUM - 5.9

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the applicat...

Vendor: HCL Software
Product: ZIE for Web
Published: Feb 23, 2026
Source: NVD
CVE-2026-2979 MEDIUM - 6.3

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched ...

Vendor: fastapiadmin
Product: fastapi-admin
Published: Feb 23, 2026
Source: NVD
CVE-2026-26365 MEDIUM - 4.0

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai process...

Vendor: Akamai
Product: Ghost
Published: Feb 23, 2026
Source: NVD
CVE-2026-2978 MEDIUM - 6.3

A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be...

Vendor: fastapiadmin
Product: fastapi-admin
Published: Feb 23, 2026
Source: NVD
CVE-2026-2977 MEDIUM - 6.3

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the attac...

Vendor: fastapiadmin
Product: fastapi-admin
Published: Feb 23, 2026
Source: NVD
CVE-2026-2976 MEDIUM - 4.3

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure. It is...

Vendor: fastapiadmin
Product: fastapi-admin
Published: Feb 23, 2026
Source: NVD
CVE-2026-2975 MEDIUM - 5.3

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed f...

Vendor: fastapiadmin
Product: fastapi-admin
Published: Feb 23, 2026
Source: NVD
CVE-2026-2971 MEDIUM - 4.3

A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting. The ...

Vendor: a466350665
Product: smart-sso
Published: Feb 23, 2026
Source: NVD
CVE-2026-2970 MEDIUM - 4.6

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high compl...

Vendor: datapizza
Product: datapizza-ai
Published: Feb 23, 2026
Source: NVD
CVE-2026-2969 MEDIUM - 4.7

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elemen...

Vendor: datapizza
Product: datapizza_ai
Published: Feb 23, 2026
Source: NVD
CVE-2026-2997 MEDIUM - 5.4

Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course.

Published: Feb 23, 2026
Source: NVD
CVE-2026-2964 MEDIUM - 5.0

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to l...

Vendor: higuma
Product: webaudiorecorder.js
Published: Feb 23, 2026
Source: NVD