Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
Showing 12,201 - 12,220 of 14,675 CVEs
CVE-2026-2194 MEDIUM - 6.3

A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.

Vendor: dlink
Product: di-7100g_c1_firmware
Published: Feb 09, 2026
Source: NVD
CVE-2026-2193 MEDIUM - 6.3

A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible.

Vendor: dlink
Product: di-7100g_c1_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2183 MEDIUM - 6.3

A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible. T...

Published: Feb 08, 2026
Source: NVD
CVE-2026-2179 MEDIUM - 4.7

A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utili...

Vendor: phpgurukul
Product: hospital_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2178 MEDIUM - 6.3

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component run_lldb. The manipulation of the argument args results in command injection. It is possible to la...

Published: Feb 08, 2026
Source: NVD
CVE-2026-2176 MEDIUM - 6.3

A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be executed remotely.

Vendor: fabian
Product: contact_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2169 MEDIUM - 6.3

A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public ...

Vendor: dlink
Product: dwr-m921_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2168 MEDIUM - 6.3

A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Vendor: dlink
Product: dwr-m921_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2167 MEDIUM - 6.3

A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and may...

Vendor: totolink
Product: wa300_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2163 MEDIUM - 4.7

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly availab...

Vendor: dlink
Product: dir-600_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2162 MEDIUM - 4.7

A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Vendor: clive_21
Product: news_portal_project
Published: Feb 08, 2026
Source: NVD
CVE-2026-2160 MEDIUM - 4.3

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated...

Vendor: oretnom23
Product: simple_responsive_tourism_website
Published: Feb 08, 2026
Source: NVD
CVE-2026-2159 MEDIUM - 4.3

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. It i...

Vendor: oretnom23
Product: simple_responsive_tourism_website
Published: Feb 08, 2026
Source: NVD
CVE-2026-2154 MEDIUM - 4.3

A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting. Rem...

Vendor: pamzey
Product: patients_waiting_area_queue_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2153 MEDIUM - 4.3

A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed an...

Published: Feb 08, 2026
Source: NVD
CVE-2026-2150 MEDIUM - 4.3

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patient_id causes cross site scripting. The attack can be initiated remotely. The ...

Vendor: pamzey
Product: patients_waiting_area_queue_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2149 MEDIUM - 4.3

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results in cross site scripting. It is possible to lau...

Vendor: pamzey
Product: patients_waiting_area_queue_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2148 MEDIUM - 5.3

A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been d...

Vendor: tenda
Product: ac21_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2147 MEDIUM - 5.3

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made avail...

Vendor: tenda
Product: ac21_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2146 MEDIUM - 6.3

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to b...

Published: Feb 08, 2026
Source: NVD