Export limit exceeded: 334371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334371 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26747 | 1 Monicahq | 1 Monica | 2026-02-23 | N/A |
| A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.force_url" is not set and default is "false". The application generates absolute URLs (such as those used in password reset emails) using the user-supplied Host header. This allows remote attackers to poison the password reset link sent to a victim, | ||||
| CVE-2026-26745 | 1 Opensourcepos | 1 Opensourcepos | 2026-02-23 | N/A |
| OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or parameter binding. This allows an attacker with access to modify the currency_symbol value to inject arbitrary SQL expressions, which are executed when the affected query is subsequently processed. | ||||
| CVE-2025-70833 | 1 Pocketmanga | 1 Smanga | 2026-02-23 | N/A |
| An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php. | ||||
| CVE-2026-26721 | 1 Key Systems | 1 Global Facilities Management Software | 2026-02-23 | N/A |
| An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter. | ||||
| CVE-2026-26722 | 1 Key Systems | 1 Global Facilities Management Software | 2026-02-23 | N/A |
| An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality. | ||||
| CVE-2026-26723 | 1 Key Systems | 1 Global Facilities Management Software | 2026-02-23 | N/A |
| Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter. | ||||
| CVE-2026-26724 | 1 Key Systems | 1 Global Facilities Management Software | 2026-02-23 | N/A |
| Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint. | ||||
| CVE-2026-26725 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-23 | N/A |
| An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter. | ||||
| CVE-2026-26746 | 1 Opensourcepos | 1 Opensourcepos | 2026-02-23 | N/A |
| OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code Execution (RCE). | ||||
| CVE-2026-26370 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-02-23 | N/A |
| WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | ||||
| CVE-2025-59819 | 1 Zenitel | 1 Alphacom Xe Audio Server | 2026-02-23 | 6.5 Medium |
| This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path. | ||||
| CVE-2026-26050 | 1 Ricoh | 1 Jobblogging Aggregation Tool | 2026-02-23 | N/A |
| The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges. | ||||
| CVE-2026-21620 | 1 Erlang | 3 Erlang/otp, Erlang\/otp, Otp | 2026-02-23 | 4.2 Medium |
| Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0. | ||||
| CVE-2026-2486 | 2 Litonice13, Wordpress | 2 Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations, Wordpress | 2026-02-23 | 6.4 Medium |
| The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-10970 | 1 Kolay Software Inc. | 1 Talentics | 2026-02-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14547 | 1 Silabs | 2 Gecko Sdk, Simplicity Sdk | 2026-02-23 | N/A |
| An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service. | ||||
| CVE-2026-21627 | 1 Tassos.gr | 6 Advanced Custom Fields, Convert Forms, Engagebox and 3 more | 2026-02-23 | N/A |
| The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction. | ||||
| CVE-2025-14055 | 1 Silabs | 1 Simplicity Sdk | 2026-02-23 | N/A |
| An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet. | ||||
| CVE-2025-52603 | 1 Hcltech | 1 Connections | 2026-02-23 | 3.5 Low |
| HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser. | ||||
| CVE-2026-2846 | 1 Utt | 1 Hiper 520 | 2026-02-23 | 7.2 High |
| A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||