Total
686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22267 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-20 | N/A | 8.1 HIGH |
| Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2026-22268 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-20 | N/A | 6.3 MEDIUM |
| Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection. | |||||
| CVE-2026-1597 | 1 Bdtask | 1 Saleserp | 2026-02-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2676 | 2026-02-19 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | |||||
| CVE-2025-14282 | 2026-02-18 | N/A | 5.4 MEDIUM | ||
| A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer. | |||||
| CVE-2026-2549 | 2026-02-18 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-0574 | 1 Yeqifu | 1 Warehouse | 2026-02-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. | |||||
| CVE-2026-2010 | 1 Publiccms | 1 Publiccms | 2026-02-17 | 3.6 LOW | 4.2 MEDIUM |
| A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2026-1702 | 1 Mayurik | 1 Pet Grooming Management Software | 2026-02-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-1964 | 1 Wekan Project | 1 Wekan | 2026-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component. | |||||
| CVE-2026-1962 | 1 Wekan Project | 1 Wekan | 2026-02-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component. | |||||
| CVE-2025-43914 | 1 Dell | 1 Data Domain Operating System | 2026-02-12 | N/A | 7.5 HIGH |
| Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-27021 | 1 Nokia | 2 G42, G42 Firmware | 2026-02-11 | N/A | 7.0 HIGH |
| The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory. Details: The output of "sudo -l" reports the presence of "devmem" command executable as super user without using a password. This command allows to read and write an arbitrary memory area of the target device, specifying an absolute address. | |||||
| CVE-2026-1733 | 1 Crmeb | 1 Crmeb | 2026-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1894 | 1 Wekan Project | 1 Wekan | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. The patch is named 251d49eea94834cf351bb395808f4a56fb4dbb44. Upgrading the affected component is recommended. | |||||
| CVE-2026-2206 | 1 Wekan Project | 1 Wekan | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able to resolve this issue. The patch is named 4ce181d17249778094f73d21515f7f863f554743. It is advisable to upgrade the affected component. | |||||
| CVE-2026-2209 | 1 Wekan Project | 1 Wekan | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component. | |||||
| CVE-2026-1898 | 1 Wekan Project | 1 Wekan | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able to mitigate this issue. Patch name: 146905a459106b5d00b4f09453a6554255e6965a. You should upgrade the affected component. | |||||
| CVE-2025-3569 | 1 Jameszbl | 1 Db-hospital-drug | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2015 | 1 Portabilis | 1 I-educar | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||