Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-2152 A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the arg... | 7.2 | HIGH | — | 0 |
| CVE-2026-2151 A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads ... | 7.2 | HIGH | — | 0 |
| CVE-2026-2150 A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulatio... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2149 A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2148 A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation lea... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2147 A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2146 A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Perfor... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2145 A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipula... | 3.5 | LOW | — | 0 |
| CVE-2026-2143 A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the arg... | 7.2 | HIGH | — | 0 |
| CVE-2026-2142 A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The... | 7.2 | HIGH | — | 0 |
| CVE-2026-2141 A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.j... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2140 A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList... | 8.8 | HIGH | — | 0 |
| CVE-2026-2139 A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argum... | 8.8 | HIGH | — | 0 |
| CVE-2026-2138 A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overf... | 8.8 | HIGH | — | 0 |
| CVE-2026-2137 A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. ... | 8.8 | HIGH | — | 0 |
| CVE-2026-2136 A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injec... | 7.3 | HIGH | — | 0 |
| CVE-2026-2135 A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames r... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2134 A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2133 A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimag... | 7.3 | HIGH | — | 0 |
| CVE-2026-2132 A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the a... | 7.3 | HIGH | — | 0 |
| CVE-2026-2131 A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remot... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2130 A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argumen... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2209 A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2208 A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2207 A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2206 A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Perform... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2205 A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to inform... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2129 A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipst... | 7.2 | HIGH | — | 0 |
| CVE-2025-15100 The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met... | 8.8 | HIGH | — | 0 |
| CVE-2025-15027 The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2122 A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2120 A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of... | 7.2 | HIGH | — | 0 |
| CVE-2026-2118 A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation ... | 7.2 | HIGH | — | 0 |
| CVE-2026-2117 A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument act... | 7.3 | HIGH | — | 0 |
| CVE-2026-2116 A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads ... | 7.3 | HIGH | — | 0 |
| CVE-2026-2115 A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id ca... | 7.3 | HIGH | — | 0 |
| CVE-2026-2114 A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results... | 7.3 | HIGH | — | 0 |
| CVE-2026-25859 Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations. | 8.8 | HIGH | — | 0 |
| CVE-2026-25858 macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account pass... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25857 Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell comm... | 8.8 | HIGH | — | 0 |
| CVE-2026-25568 WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPriva... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25567 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25566 WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination a... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25565 WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users wit... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25564 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs ... | 7.5 | HIGH | — | 0 |
| CVE-2026-25563 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs ... | 7.5 | HIGH | — | 0 |
| CVE-2026-25562 WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards ac... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25561 WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId)... | 7.5 | HIGH | — | 0 |
| CVE-2026-25560 WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15564 A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. Th... | 3.3 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.