Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,216
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,581 - 11,600 of 13,404 CVEs
CVE-2026-2152 HIGH - 7.2

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. Th...

Vendor: dlink
Product: dir-615_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2151 HIGH - 7.2

A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the ...

Vendor: dlink
Product: dir-615_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2143 HIGH - 7.2

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is poss...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2142 HIGH - 7.2

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be use...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2140 HIGH - 8.8

A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available an...

Vendor: tenda
Product: tx9_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2139 HIGH - 8.8

A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly...

Vendor: tenda
Product: tx9_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2138 HIGH - 8.8

A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

Vendor: tenda
Product: tx9_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2137 HIGH - 8.8

A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor: tenda
Product: tx3_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2136 HIGH - 7.3

A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

Vendor: projectworlds
Product: online_food_ordering_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2133 HIGH - 7.3

A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has bee...

Vendor: fabian
Product: online_music_site
Published: Feb 08, 2026
Source: NVD
CVE-2026-2132 HIGH - 7.3

A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can be executed remotely. The exploit has been r...

Vendor: fabian
Product: online_music_site
Published: Feb 08, 2026
Source: NVD
CVE-2026-2129 HIGH - 7.2

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The attack may be initiated remotely. The exploit ...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2025-15100 HIGH - 8.8

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible for aut...

Vendor: jayarsiech
Product: JAY Login & Register
Published: Feb 08, 2026
Source: NVD
CVE-2026-2120 HIGH - 7.2

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be i...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2118 HIGH - 7.2

A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. The attack can be launched remotely. The exp...

Vendor: utt
Product: 810_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2117 HIGH - 7.3

A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. The attack can be initiated remotely. The exploit has been made p...

Vendor: angeljudesuarez
Product: society_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2116 HIGH - 7.3

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

Vendor: angeljudesuarez
Product: society_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2115 HIGH - 7.3

A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

Vendor: angeljudesuarez
Product: society_management_system
Published: Feb 07, 2026
Source: NVD
CVE-2026-2114 HIGH - 7.3

A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be use...

Vendor: angeljudesuarez
Product: society_management_system
Published: Feb 07, 2026
Source: NVD
CVE-2026-25859 HIGH - 8.8

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.

Vendor: WeKan
Product: WeKan
Published: Feb 07, 2026
Source: NVD