CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-25458 Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send... | 9.8 | CRITICAL | โ | 0 |
| CVE-2019-25457 Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can s... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25456 Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can sen... | 9.1 | CRITICAL | โ | 0 |
| CVE-2019-25455 Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send ... | 7.5 | HIGH | โ | 0 |
| CVE-2026-2953 A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation... | 5.4 | MEDIUM | โ | 0 |
| CVE-2026-2952 A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxarg... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2947 A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component Us... | 3.5 | LOW | โ | 0 |
| CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attacke... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can i... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25446 DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters... | 8.2 | HIGH | โ | 0 |
| CVE-2019-25443 Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicio... | 8.2 | HIGH | โ | 0 |
| CVE-2019-25442 Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET... | 7.5 | HIGH | โ | 0 |
| CVE-2019-25440 WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET r... | 8.2 | HIGH | โ | 0 |
| CVE-2019-25439 NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can cra... | 8.2 | HIGH | โ | 0 |
| CVE-2019-25433 XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET req... | 8.2 | HIGH | โ | 0 |
| CVE-2019-25391 Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST... | 8.2 | HIGH | โ | 0 |
| CVE-2019-25366 microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attacke... | 8.2 | HIGH | โ | 0 |
| CVE-2026-2946 A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of... | 3.5 | LOW | โ | 0 |
| CVE-2026-2945 A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl ... | 6.3 | MEDIUM | โ | 0 |
| CVE-2026-2944 A security flaw has been discovered in Tosei Online Store Management System ใใใๅบ่็ฎก็ใทในใใ 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handle... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2943 A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the... | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-2940 A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the c... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2939 A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation res... | 2.4 | LOW | โ | 0 |
| CVE-2026-2938 A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2935 A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lea... | 7.2 | HIGH | โ | 0 |
| CVE-2026-2934 A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The m... | 2.4 | LOW | โ | 0 |
| CVE-2026-2385 The The Plus Addons for Elementor โ Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all ve... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-2933 A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation... | 2.4 | LOW | โ | 0 |
| CVE-2026-2932 A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Perfor... | 2.4 | LOW | โ | 0 |
| CVE-2026-2930 A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of th... | 6.3 | MEDIUM | โ | 0 |
| CVE-2026-2929 A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the ... | 8.8 | HIGH | โ | 0 |
| CVE-2026-1369 The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | 4.3 | MEDIUM | โ | 0 |
| CVE-2026-2928 A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipula... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2927 A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2926 A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the arg... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2925 A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Perfo... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2913 A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer... | 2.5 | LOW | โ | 0 |
| CVE-2026-2912 A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2911 A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to ... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2910 A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer o... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2909 A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pin... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2908 A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configurat... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2907 A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This m... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2906 A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argume... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2905 A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the arg... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2904 A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack ca... | 8.8 | HIGH | โ | 0 |
| CVE-2026-2903 A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can... | 3.3 | LOW | โ | 0 |
| CVE-2026-2898 A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulat... | 5.5 | MEDIUM | โ | 0 |
| CVE-2026-2897 A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The ma... | 2.4 | LOW | โ | 0 |
| CVE-2026-2896 A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipula... | 7.3 | HIGH | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.