Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,909
Quick preset (or use dates below)
Clear Filters
Showing 12,041 - 12,060 of 14,217 CVEs
CVE-2025-59023 HIGH - 8.2

Crafted delegations or IP fragments can poison cached delegations in Recursor.

Vendor: PowerDNS
Product: Recursor
Published: Feb 09, 2026
Source: NVD
CVE-2025-10465 HIGH - 8.8

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not resp...

Vendor: Birtech Information Technologies Industry and Trade Ltd. Co.
Product: Sensaway
Published: Feb 09, 2026
Source: NVD
CVE-2025-10463 HIGH - 7.3

Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendor: Birtech Information Technologies Industry and Trade Ltd. Co.
Product: Senseway
Published: Feb 09, 2026
Source: NVD
CVE-2026-25847 HIGH - 8.2

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible

Vendor: JetBrains
Product: PyCharm
Published: Feb 09, 2026
Source: NVD
CVE-2026-2225 HIGH - 7.3

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been published...

Vendor: clive_21
Product: news_portal_project
Published: Feb 09, 2026
Source: NVD
CVE-2025-7799 HIGH - 8.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This issue affects e-Taxpayer Accounting Website: through 07082025.

Published: Feb 09, 2026
Source: NVD
CVE-2026-2236 HIGH - 7.5

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Published: Feb 09, 2026
Source: NVD
CVE-2026-2223 HIGH - 7.3

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate ...

Vendor: fabian
Product: online_reviewer_system
Published: Feb 09, 2026
Source: NVD
CVE-2026-22905 HIGH - 7.5

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Vendor: WAGO
Product: 0852-1322, 0852-1328
Published: Feb 09, 2026
Source: NVD
CVE-2026-2221 HIGH - 7.3

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The ex...

Vendor: fabian
Product: online_reviewer_system
Published: Feb 09, 2026
Source: NVD
CVE-2026-2220 HIGH - 7.3

A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be executed remotely. The explo...

Vendor: fabian
Product: online_reviewer_system
Published: Feb 09, 2026
Source: NVD
CVE-2026-0870 HIGH - 7.8

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.

Published: Feb 09, 2026
Source: NVD
CVE-2026-2217 HIGH - 7.3

A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

Vendor: admerc
Product: event_management_system
Published: Feb 09, 2026
Source: NVD
CVE-2026-2212 HIGH - 7.3

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The e...

Vendor: fabian
Product: online_music_site
Published: Feb 09, 2026
Source: NVD
CVE-2026-2211 HIGH - 7.3

A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly dis...

Vendor: fabian
Product: online_music_site
Published: Feb 09, 2026
Source: NVD
CVE-2026-2210 HIGH - 7.2

A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 09, 2026
Source: NVD
CVE-2026-2203 HIGH - 8.8

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possib...

Vendor: tenda
Product: ac8_firmware
Published: Feb 09, 2026
Source: NVD
CVE-2026-2202 HIGH - 8.8

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and ma...

Vendor: tenda
Product: ac8_firmware
Published: Feb 09, 2026
Source: NVD
CVE-2026-2199 HIGH - 7.3

A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated rem...

Vendor: fabian
Product: online_reviewer_system
Published: Feb 09, 2026
Source: NVD
CVE-2026-2198 HIGH - 7.3

A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to launch the attack remo...

Vendor: fabian
Product: online_reviewer_system
Published: Feb 09, 2026
Source: NVD