Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,706
Quick preset (or use dates below)
Clear Filters
Showing 11,701 - 11,720 of 14,604 CVEs
CVE-2026-2536 MEDIUM - 6.3

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initia...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2535 MEDIUM - 6.3

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has be...

Vendor: comfast
Product: cf-n1_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2534 MEDIUM - 6.3

A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploi...

Vendor: comfast
Product: cf-n1_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2532 MEDIUM - 6.3

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2531 MEDIUM - 6.3

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exp...

Vendor: pip
Product: MindsDB
Published: Feb 16, 2026
Source: NVD
CVE-2026-2530 MEDIUM - 6.3

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the p...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2529 MEDIUM - 6.3

A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2528 MEDIUM - 6.3

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. Remote exploitation of the attack is possible. The exploit i...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2527 MEDIUM - 6.3

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be uti...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2526 MEDIUM - 6.3

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be ...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2525 MEDIUM - 5.3

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor: free5gc
Product: free5gc
Published: Feb 16, 2026
Source: NVD
CVE-2026-2524 MEDIUM - 5.3

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the ...

Vendor: open5gs
Product: open5gs
Published: Feb 16, 2026
Source: NVD
CVE-2026-2523 MEDIUM - 5.3

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now...

Vendor: open5gs
Product: open5gs
Published: Feb 16, 2026
Source: NVD
CVE-2026-2522 MEDIUM - 5.3

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be us...

Vendor: open5gs
Product: open5gs
Published: Feb 16, 2026
Source: NVD
CVE-2026-2521 MEDIUM - 5.3

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public an...

Vendor: open5gs
Product: open5gs
Published: Feb 15, 2026
Source: NVD
CVE-2026-26367 MEDIUM - 6.5

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce role-...

Vendor: JUNG
Product: eNet SMART HOME server
Published: Feb 15, 2026
Source: NVD
CVE-2019-25377 MEDIUM - 5.4

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the conte...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25376 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogACL p...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25375 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver paramete...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25374 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough_networks parameter to exec...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD