Total
4069 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2169 | 1 Dlink | 2 Dwr-m921, Dwr-m921 Firmware | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2172 | 1 Fabian | 1 Online Application System For Admission | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2173 | 1 Fabian | 1 Online Examination System | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2026-2176 | 1 Fabian | 1 Contact Management System | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be executed remotely. | |||||
| CVE-2026-2193 | 1 Dlink | 2 Di-7100g C1, Di-7100g C1 Firmware | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible. | |||||
| CVE-2026-2194 | 1 Dlink | 2 Di-7100g C1, Di-7100g C1 Firmware | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2218 | 1 Dlink | 2 Dcs-933l, Dcs-933l Firmware | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-2057 | 1 Bontrofftech | 1 Medical Center Portal Management System | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2026-2018 | 1 Itsourcecode | 1 School Management System | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2014 | 1 Itsourcecode | 1 School Management System | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2013 | 1 Itsourcecode | 1 School Management System | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-2012 | 1 Itsourcecode | 1 School Management System | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2011 | 1 Itsourcecode | 1 School Management System | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-1746 | 1 Jeecg | 1 Jeecg Boot | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1596 | 1 Dlink | 2 Dwr-m961, Dwr-m961 Firmware | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2026-1124 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1129 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1130 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1131 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1687 | 1 Tenda | 2 Hg10, Hg10 Firmware | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||