Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,121 - 11,140 of 14,604 CVEs
CVE-2026-2963 MEDIUM - 6.3

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The exploit...

Published: Feb 23, 2026
Source: NVD
CVE-2026-2957 MEDIUM - 5.4

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. Th...

Vendor: dst-admin_project
Product: dst-admin
Published: Feb 22, 2026
Source: NVD
CVE-2026-2956 MEDIUM - 6.3

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be us...

Vendor: dst-admin_project
Product: dst-admin
Published: Feb 22, 2026
Source: NVD
CVE-2026-2954 MEDIUM - 6.3

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the a...

Vendor: ujcms
Product: ujcms
Published: Feb 22, 2026
Source: NVD
CVE-2026-2953 MEDIUM - 5.4

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to...

Vendor: ujcms
Product: ujcms
Published: Feb 22, 2026
Source: NVD
CVE-2026-2945 MEDIUM - 6.3

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has been m...

Published: Feb 22, 2026
Source: NVD
CVE-2026-2943 MEDIUM - 4.3

A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit is p...

Published: Feb 22, 2026
Source: NVD
CVE-2026-2385 MEDIUM - 5.3

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting attacker-contr...

Published: Feb 22, 2026
Source: NVD
CVE-2026-2930 MEDIUM - 6.3

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The e...

Vendor: tenda
Product: a18_firmware
Published: Feb 22, 2026
Source: NVD
CVE-2026-1369 MEDIUM - 4.3

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

Published: Feb 22, 2026
Source: NVD
CVE-2026-2898 MEDIUM - 5.5

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization. The attack may be performed from remot...

Vendor: funadmin
Product: funadmin
Published: Feb 22, 2026
Source: NVD
CVE-2026-2894 MEDIUM - 5.3

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might be...

Vendor: funadmin
Product: funadmin
Published: Feb 21, 2026
Source: NVD
CVE-2026-1787 MEDIUM - 4.8

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated...

Published: Feb 21, 2026
Source: NVD
CVE-2025-14339 MEDIUM - 6.5

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only validating the `X-WP-Nonce` ...

Vendor: wedevs
Product: weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins
Published: Feb 21, 2026
Source: NVD
CVE-2026-2864 MEDIUM - 5.4

A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to path traversal. The attack can be launched re...

Published: Feb 21, 2026
Source: NVD
CVE-2026-27469 MEDIUM - 6.1

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting (XSS) vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whic...

Vendor: isso-comments
Product: isso
Published: Feb 21, 2026
Source: NVD
CVE-2026-27458 MEDIUM - 5.4

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists (/lists/feed). An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA se...

Vendor: Kovah
Product: LinkAce
Published: Feb 21, 2026
Source: NVD
CVE-2026-2863 MEDIUM - 5.4

A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

Published: Feb 21, 2026
Source: NVD
CVE-2026-2861 MEDIUM - 5.3

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version ...

Vendor: foswiki
Product: foswiki
Published: Feb 21, 2026
Source: NVD
CVE-2026-26047 MEDIUM - 6.5

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade perfo...

Vendor: composer
Product: moodle/moodle
Published: Feb 21, 2026
Source: NVD