Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,706
Quick preset (or use dates below)
Clear Filters
Showing 11,681 - 11,700 of 14,604 CVEs
CVE-2026-2565 MEDIUM - 6.6

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high c...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2563 MEDIUM - 6.3

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the a...

Vendor: jdcloud
Product: ax6600_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2562 MEDIUM - 6.3

A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The...

Vendor: jdcloud
Product: ax6600_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2561 MEDIUM - 6.3

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit...

Vendor: jdcloud
Product: ax6600_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2032 MEDIUM - 4.3

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS < 147.2.1.

Vendor: mozilla
Product: firefox
Published: Feb 16, 2026
Source: NVD
CVE-2026-2560 MEDIUM - 6.3

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can be ...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2558 MEDIUM - 6.3

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. ...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2556 MEDIUM - 6.3

A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be init...

Vendor: cskefu
Product: cskefu
Published: Feb 16, 2026
Source: NVD
CVE-2025-14350 MEDIUM - 4.3

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the cha...

Vendor: Mattermost
Product: Mattermost
Published: Feb 16, 2026
Source: NVD
CVE-2026-2555 MEDIUM - 5.0

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization. The...

Vendor: jeecg
Product: jeecg_boot
Published: Feb 16, 2026
Source: NVD
CVE-2026-2553 MEDIUM - 6.3

A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results in sql injection. The...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2552 MEDIUM - 5.5

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected compone...

Vendor: zentao
Product: zentao
Published: Feb 16, 2026
Source: NVD
CVE-2025-2418 MEDIUM - 4.3

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing.This issue affects Web Application Firewall: from 4.30 through 16022026. NOTE: The vendor was contacted early about this disclosure but did not respond in...

Published: Feb 16, 2026
Source: NVD
CVE-2025-13821 MEDIUM - 5.7

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID: ...

Vendor: Mattermost
Product: Mattermost
Published: Feb 16, 2026
Source: NVD
CVE-2026-2551 MEDIUM - 5.4

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploit h...

Vendor: zentao
Product: zentao
Published: Feb 16, 2026
Source: NVD
CVE-2026-0999 MEDIUM - 5.4

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548

Vendor: mattermost
Product: mattermost_server
Published: Feb 16, 2026
Source: NVD
CVE-2026-0998 MEDIUM - 4.3

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite ar...

Vendor: mattermost
Product: mattermost_server
Published: Feb 16, 2026
Source: NVD
CVE-2026-0997 MEDIUM - 4.3

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions...

Vendor: mattermost
Product: mattermost_server
Published: Feb 16, 2026
Source: NVD
CVE-2026-2548 MEDIUM - 6.3

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this ...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2537 MEDIUM - 4.7

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched ...

Published: Feb 16, 2026
Source: NVD