Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,216
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 11,561 - 11,580 of 13,404 CVEs
CVE-2026-2187 HIGH - 8.8

A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been mad...

Vendor: tenda
Product: rx3_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2186 HIGH - 8.8

A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and ...

Vendor: tenda
Product: rx3_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2185 HIGH - 8.8

A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carri...

Vendor: tenda
Product: rx3_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2184 HIGH - 7.3

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed...

Published: Feb 08, 2026
Source: NVD
CVE-2026-2182 HIGH - 7.2

A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the p...

Vendor: utt
Product: 521g_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2181 HIGH - 8.8

A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remote...

Vendor: tenda
Product: rx3_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2180 HIGH - 8.8

A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used...

Vendor: tenda
Product: rx3_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2177 HIGH - 7.3

A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

Vendor: fast5
Product: prison_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2175 HIGH - 7.2

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to ...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2174 HIGH - 7.3

A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.

Vendor: fabian
Product: contact_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2173 HIGH - 7.3

A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.

Vendor: fabian
Product: online_examination_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2172 HIGH - 7.3

A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched rem...

Vendor: fabian
Product: online_application_system_for_admission
Published: Feb 08, 2026
Source: NVD
CVE-2026-2171 HIGH - 7.3

A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit ha...

Vendor: fabian
Product: online_student_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2166 HIGH - 7.3

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried out...

Vendor: fabian
Product: online_reviewer_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2165 HIGH - 7.3

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be exe...

Published: Feb 08, 2026
Source: NVD
CVE-2026-2164 HIGH - 7.3

A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The e...

Published: Feb 08, 2026
Source: NVD
CVE-2026-2161 HIGH - 7.3

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made publ...

Vendor: clive_21
Product: directory_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2158 HIGH - 7.3

A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.

Vendor: carmelo
Product: student_web_portal
Published: Feb 08, 2026
Source: NVD
CVE-2026-2157 HIGH - 7.2

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2155 HIGH - 7.2

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 08, 2026
Source: NVD