Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,892
Quick preset (or use dates below)
Clear Filters
Showing 12,181 - 12,200 of 14,217 CVEs
CVE-2026-2018 HIGH - 7.3

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2014 HIGH - 7.3

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been rele...

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2013 HIGH - 7.3

A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2012 HIGH - 7.3

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly dis...

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-2011 HIGH - 7.3

A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public an...

Vendor: itsourcecode
Product: school_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-24930 HIGH - 8.4

UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Feb 06, 2026
Source: NVD
CVE-2026-24926 HIGH - 8.4

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Feb 06, 2026
Source: NVD
CVE-2026-24925 HIGH - 7.3

Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Feb 06, 2026
Source: NVD
CVE-2025-15566 HIGH - 8.8

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets acces...

Vendor: Kubernetes
Product: ingress-nginx
Published: Feb 06, 2026
Source: NVD
CVE-2026-24302 HIGH - 8.6

Azure Arc Elevation of Privilege Vulnerability

Vendor: microsoft
Product: azure_arc
Published: Feb 05, 2026
Source: NVD
CVE-2026-21532 HIGH - 8.2

Azure Function Information Disclosure Vulnerability

Vendor: microsoft
Product: azure_functions
Published: Feb 05, 2026
Source: NVD
CVE-2026-25628 HIGH - 8.6

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0...

Vendor: rust
Product: qdrant
Published: Feb 05, 2026
Source: GitHub

Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access ...

Vendor: rubygems
Product: spree_api
Published: Feb 05, 2026
Source: GitHub

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users (including names, addresses and phone numbers). This iss...

Vendor: rubygems
Product: spree_storefront
Published: Feb 05, 2026
Source: GitHub
CVE-2026-25732 HIGH - 7.5

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOAD_DIR / file.name. Malicious filenames containing ../ sequences allow attackers...

Vendor: pip
Product: nicegui
Published: Feb 05, 2026
Source: GitHub
CVE-2026-23989 HIGH - 8.2

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can ...

Vendor: go
Product: github.com/opencloud-eu/reva/v2
Published: Feb 05, 2026
Source: GitHub
CVE-2025-15330 HIGH - 8.8

Tanium addressed an improper input validation vulnerability in Deploy.

Vendor: Tanium
Product: Deploy
Published: Feb 05, 2026
Source: NVD
CVE-2025-15311 HIGH - 7.8

Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.

Vendor: Tanium
Product: Tanium Appliance
Published: Feb 05, 2026
Source: NVD
CVE-2026-1707 HIGH - 7.4

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the ...

Vendor: pip
Product: pgadmin4
Published: Feb 05, 2026
Source: NVD
CVE-2025-15557 HIGH - 8.8

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confidentiality and integrity of device-to-cloud communication, ena...

Vendor: TP-Link Systems Inc.
Product: Tapo H100 v1, Tapo P100 v1
Published: Feb 05, 2026
Source: NVD