Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,189
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,661 - 11,680 of 13,404 CVEs
CVE-2019-25305 HIGH - 7.8

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.

Vendor: Inforprograma
Product: JumpStart
Published: Feb 06, 2026
Source: NVD
CVE-2019-25304 HIGH - 7.8

SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute w...

Vendor: Issivs
Product: Intelligent Security System SecurOS Enterprise
Published: Feb 06, 2026
Source: NVD
CVE-2019-25303 HIGH - 7.1

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database info...

Vendor: thejshen
Product: contentManagementSystem
Published: Feb 06, 2026
Source: NVD
CVE-2019-25302 HIGH - 7.8

Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code ...

Vendor: Acer
Product: Launch Manager
Published: Feb 06, 2026
Source: NVD
CVE-2019-25300 HIGH - 7.1

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database informat...

Vendor: thejshen
Product: Globitek CMS
Published: Feb 06, 2026
Source: NVD
CVE-2019-25299 HIGH - 7.1

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or p...

Vendor: rimbalinux
Product: AhadPOS
Published: Feb 06, 2026
Source: NVD
CVE-2019-25298 HIGH - 7.1

html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

Vendor: lolypop55
Product: html5_snmp
Published: Feb 06, 2026
Source: NVD
CVE-2019-25293 HIGH - 7.8

BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject mali...

Vendor: bluestacks
Product: Blue Stacks App Player
Published: Feb 06, 2026
Source: NVD
CVE-2019-25292 HIGH - 7.8

Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gai...

Vendor: Alps
Product: Alps HID Monitor Service
Published: Feb 06, 2026
Source: NVD
CVE-2019-25266 HIGH - 7.8

Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locat...

Vendor: Wondershare
Product: Wondershare Application Framework Service
Published: Feb 06, 2026
Source: NVD
CVE-2026-2057 HIGH - 7.3

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Vendor: bontrofftech
Product: medical_center_portal_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2025-13523 HIGH - 7.7

Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connecti...

Vendor: Mattermost
Product: Mattermost Confluence Plugin
Published: Feb 06, 2026
Source: NVD
CVE-2026-2018 HIGH - 7.3

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2014 HIGH - 7.3

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been rele...

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2013 HIGH - 7.3

A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2012 HIGH - 7.3

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly dis...

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2011 HIGH - 7.3

A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public an...

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-24930 HIGH - 8.4

UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Feb 06, 2026
Source: NVD
CVE-2026-24926 HIGH - 8.4

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Feb 06, 2026
Source: NVD
CVE-2026-24925 HIGH - 7.3

Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Feb 06, 2026
Source: NVD