Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 11,761 - 11,780 of 14,291 CVEs
CVE-2026-2553 MEDIUM - 6.3

A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results in sql injection. The...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2552 MEDIUM - 5.5

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected compone...

Vendor: zentao
Product: zentao
Published: Feb 16, 2026
Source: NVD
CVE-2025-2418 MEDIUM - 4.3

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing.This issue affects Web Application Firewall: from 4.30 through 16022026. NOTE: The vendor was contacted early about this disclosure but did not respond in...

Published: Feb 16, 2026
Source: NVD
CVE-2025-13821 MEDIUM - 5.7

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID: ...

Vendor: Mattermost
Product: Mattermost
Published: Feb 16, 2026
Source: NVD
CVE-2026-2551 MEDIUM - 5.4

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploit h...

Vendor: zentao
Product: zentao
Published: Feb 16, 2026
Source: NVD
CVE-2026-0999 MEDIUM - 5.4

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548

Vendor: mattermost
Product: mattermost_server
Published: Feb 16, 2026
Source: NVD
CVE-2026-0998 MEDIUM - 4.3

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite ar...

Vendor: mattermost
Product: mattermost_server
Published: Feb 16, 2026
Source: NVD
CVE-2026-0997 MEDIUM - 4.3

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions...

Vendor: mattermost
Product: mattermost_server
Published: Feb 16, 2026
Source: NVD
CVE-2026-2548 MEDIUM - 6.3

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this ...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2537 MEDIUM - 4.7

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched ...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2536 MEDIUM - 6.3

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be initia...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2535 MEDIUM - 6.3

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has be...

Vendor: comfast
Product: cf-n1_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2534 MEDIUM - 6.3

A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploi...

Vendor: comfast
Product: cf-n1_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2532 MEDIUM - 6.3

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate...

Published: Feb 16, 2026
Source: NVD
CVE-2026-2531 MEDIUM - 6.3

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exp...

Vendor: pip
Product: MindsDB
Published: Feb 16, 2026
Source: NVD
CVE-2026-2530 MEDIUM - 6.3

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the p...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2529 MEDIUM - 6.3

A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2528 MEDIUM - 6.3

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to command injection. Remote exploitation of the attack is possible. The exploit i...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2527 MEDIUM - 6.3

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be uti...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD
CVE-2026-2526 MEDIUM - 6.3

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be ...

Vendor: wavlink
Product: wl-wn579a3_firmware
Published: Feb 16, 2026
Source: NVD