Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,919
Quick preset (or use dates below)
Clear Filters
Showing 12,221 - 12,240 of 14,675 CVEs
CVE-2026-2141 MEDIUM - 6.3

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remot...

Published: Feb 08, 2026
Source: NVD
CVE-2026-2135 MEDIUM - 6.3

A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now publ...

Vendor: utt
Product: 810_firmware
Published: Feb 08, 2026
Source: NVD
CVE-2026-2134 MEDIUM - 4.7

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been d...

Vendor: phpgurukul
Product: hospital_management_system
Published: Feb 08, 2026
Source: NVD
CVE-2026-2131 MEDIUM - 6.3

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Published: Feb 08, 2026
Source: NVD
CVE-2026-2130 MEDIUM - 6.3

A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to version ...

Vendor: npm
Product: mcp-maigret
Published: Feb 08, 2026
Source: NVD
CVE-2026-2209 MEDIUM - 6.3

A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. ...

Vendor: wekan_project
Product: wekan
Published: Feb 08, 2026
Source: NVD
CVE-2026-2208 MEDIUM - 4.3

A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely. Upgrading to version 8.21 is recommended to ...

Vendor: wekan_project
Product: wekan
Published: Feb 08, 2026
Source: NVD
CVE-2026-2207 MEDIUM - 5.3

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely. Upgra...

Vendor: wekan_project
Product: wekan
Published: Feb 08, 2026
Source: NVD
CVE-2026-2206 MEDIUM - 6.3

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack remote...

Vendor: wekan_project
Product: wekan
Published: Feb 08, 2026
Source: NVD
CVE-2026-2205 MEDIUM - 4.3

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to miti...

Vendor: wekan_project
Product: wekan
Published: Feb 08, 2026
Source: NVD
CVE-2026-2122 MEDIUM - 6.3

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and...

Published: Feb 08, 2026
Source: NVD
CVE-2026-25568 MEDIUM - 4.3

WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards due to incomplete server-side enforcement.

Vendor: WeKan
Product: WeKan
Published: Feb 07, 2026
Source: NVD
CVE-2026-25567 MEDIUM - 4.3

WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier.

Vendor: WeKan
Product: WeKan
Published: Feb 07, 2026
Source: NVD
CVE-2026-25565 MEDIUM - 6.5

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access.

Vendor: WeKan
Product: WeKan
Published: Feb 07, 2026
Source: NVD
CVE-2026-25562 MEDIUM - 4.3

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.

Vendor: WeKan
Product: WeKan
Published: Feb 07, 2026
Source: NVD
CVE-2026-2111 MEDIUM - 4.3

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can be ...

Published: Feb 07, 2026
Source: NVD
CVE-2026-2109 MEDIUM - 5.4

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicly a...

Published: Feb 07, 2026
Source: NVD
CVE-2026-2108 MEDIUM - 5.3

A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be util...

Published: Feb 07, 2026
Source: NVD
CVE-2026-2107 MEDIUM - 6.3

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handler...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD
CVE-2026-2106 MEDIUM - 6.3

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the compo...

Vendor: yeqifu
Product: warehouse
Published: Feb 07, 2026
Source: NVD