Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,904
Quick preset (or use dates below)
Clear Filters
Showing 13,261 - 13,280 of 14,327 CVEs
CVE-2026-1137 HIGH - 8.8

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The...

Published: Jan 19, 2026
Source: NVD
CVE-2026-0943 HIGH - 7.5

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.Β  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.

Published: Jan 19, 2026
Source: NVD
CVE-2026-1133 HIGH - 7.3

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has be...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1132 HIGH - 7.3

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has b...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1131 HIGH - 7.3

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been dis...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1130 HIGH - 7.3

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been p...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1129 HIGH - 7.3

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public a...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1125 HIGH - 7.3

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made avail...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1124 HIGH - 7.3

A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the att...

Published: Jan 18, 2026
Source: NVD
CVE-2026-0863 HIGH - 8.5

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permis...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1123 HIGH - 7.3

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and ...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1122 HIGH - 7.3

A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclos...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1121 HIGH - 7.3

A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and ...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1120 HIGH - 7.3

A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been discl...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1119 HIGH - 7.3

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been ...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1105 HIGH - 7.3

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was co...

Published: Jan 18, 2026
Source: NVD
CVE-2026-1059 HIGH - 7.3

A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried ou...

Published: Jan 17, 2026
Source: NVD
CVE-2026-1050 HIGH - 7.3

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be lau...

Published: Jan 17, 2026
Source: NVD
CVE-2025-14478 HIGH - 7.5

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in vul...

Vendor: kraftplugins
Product: Demo Importer Plus
Published: Jan 17, 2026
Source: NVD
CVE-2026-20960 HIGH - 8.0

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

Published: Jan 16, 2026
Source: NVD