Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,892
Quick preset (or use dates below)
Clear Filters
Showing 12,161 - 12,180 of 14,217 CVEs
CVE-2026-25722 HIGH - 9.1

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection ...

Vendor: anthropics
Product: claude-code
Published: Feb 06, 2026
Source: NVD
CVE-2026-24419 HIGH - 6.5

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The application fails to validate that comma-separat...

Vendor: devcode-it
Product: openstamanager
Published: Feb 06, 2026
Source: NVD

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulat...

Vendor: gogs
Product: gogs
Published: Feb 06, 2026
Source: NVD
CVE-2025-70963 HIGH - 7.6

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.

Vendor: go
Product: github.com/gophish/gophish
Published: Feb 06, 2026
Source: NVD

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to ...

Vendor: gogs
Product: gogs
Published: Feb 06, 2026
Source: NVD
CVE-2026-2103 HIGH - 7.1

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all ...

Published: Feb 06, 2026
Source: NVD
CVE-2026-2059 HIGH - 7.3

A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public...

Vendor: bontrofftech
Product: medical_center_portal_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2058 HIGH - 7.3

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is po...

Published: Feb 06, 2026
Source: NVD
CVE-2019-25305 HIGH - 7.8

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.

Vendor: Inforprograma
Product: JumpStart
Published: Feb 06, 2026
Source: NVD
CVE-2019-25304 HIGH - 7.8

SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute w...

Vendor: Issivs
Product: Intelligent Security System SecurOS Enterprise
Published: Feb 06, 2026
Source: NVD
CVE-2019-25303 HIGH - 7.1

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database info...

Vendor: thejshen
Product: contentManagementSystem
Published: Feb 06, 2026
Source: NVD
CVE-2019-25302 HIGH - 7.8

Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code ...

Vendor: Acer
Product: Launch Manager
Published: Feb 06, 2026
Source: NVD
CVE-2019-25300 HIGH - 7.1

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database informat...

Vendor: thejshen
Product: Globitek CMS
Published: Feb 06, 2026
Source: NVD
CVE-2019-25299 HIGH - 7.1

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or p...

Vendor: rimbalinux
Product: AhadPOS
Published: Feb 06, 2026
Source: NVD
CVE-2019-25298 HIGH - 7.1

html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

Vendor: lolypop55
Product: html5_snmp
Published: Feb 06, 2026
Source: NVD
CVE-2019-25293 HIGH - 7.8

BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject mali...

Vendor: bluestacks
Product: Blue Stacks App Player
Published: Feb 06, 2026
Source: NVD
CVE-2019-25292 HIGH - 7.8

Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gai...

Vendor: Alps
Product: Alps HID Monitor Service
Published: Feb 06, 2026
Source: NVD
CVE-2019-25266 HIGH - 7.8

Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locat...

Vendor: Wondershare
Product: Wondershare Application Framework Service
Published: Feb 06, 2026
Source: NVD
CVE-2026-2057 HIGH - 7.3

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Vendor: bontrofftech
Product: medical_center_portal_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2025-13523 HIGH - 7.7

Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connecti...

Vendor: Mattermost
Product: Mattermost Confluence Plugin
Published: Feb 06, 2026
Source: NVD