Recent
itsourcecode Society Management System edit_expenses.php sql injection
Published 2026-02-07 by VulDB
itsourcecode Society Management System delete_expenses.php sql injection
Published 2026-02-07 by VulDB
itsourcecode Society Management System edit_admin.php sql injection
Published 2026-02-07 by VulDB
WeKan < 8.20 Migration Functionality Insufficient Permission Checks
Published 2026-02-07 by VulnCheck
WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass
Published 2026-02-07 by VulnCheck
WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId
Published 2026-02-07 by VulnCheck
WeKan < 8.19 Cross-board Card Move Without Destination Authorization
Published 2026-02-07 by VulnCheck
WeKan < 8.19 Read-only Board Roles Can Update Cards
Published 2026-02-07 by VulnCheck
WeKan < 8.19 Checklist Deletion IDOR via Missing Relationship Validation
Published 2026-02-07 by VulnCheck
WeKan < 8.19 Checklist Creation Cross-Board IDOR
Published 2026-02-07 by VulnCheck
WeKan < 8.19 Attachments Publication Information Disclosure
Published 2026-02-07 by VulnCheck
WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass
Published 2026-02-07 by VulnCheck
WeKan < 8.19 LDAP Authentication Filter Injection
Published 2026-02-07 by VulnCheck
macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure
Published 2026-02-07 by VulnCheck
Tenda G300-F Command Injection via formSetWanDiag
Published 2026-02-07 by VulnCheck
Mapnik value.cpp operator divide by zero
Published 2026-02-07 by VulDB
yuan1994 tpadmin WebUploader preview.php deserialization
Published 2026-02-07 by VulDB
JeecgBoot Retrieval-Augmented Generation edit path traversal
Published 2026-02-07 by VulDB
Tasin1025 SwiftBuy login.php excessive authentication
Published 2026-02-07 by VulDB
jsbroks COCO Annotator Delete Category undo improper authorization
Published 2026-02-07 by VulDB
jsbroks COCO Annotator Endpoint long_task denial of service
Published 2026-02-07 by VulDB
yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization
Published 2026-02-07 by VulDB
yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization
Published 2026-02-07 by VulDB
yeqifu warehouse Department Management DeptController.java deleteDept improper authorization
Published 2026-02-07 by VulDB
SourceCodester Online Class Record System search.php sql injection
Published 2026-02-07 by VulDB
SourceCodester Online Class Record System controller.php sql injection
Published 2026-02-07 by VulDB
PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection
Published 2026-02-07 by VulDB
SourceCodester Online Class Record System login.php sql injection
Published 2026-02-07 by VulDB
UTT HiPER 810G Management formFireWall strcpy buffer overflow
Published 2026-02-07 by VulDB
D-Link DWR-M921 USSD Configuration Endpoint formUSSDSetup sub_419F20 command injection
Published 2026-02-07 by VulDB
D-Link DIR-823X set_language os command injection
Published 2026-02-07 by VulDB
code-projects Social Networking Site delete_post.php sql injection
Published 2026-02-07 by VulDB
D-Link DIR-823X set_mac_clone os command injection
Published 2026-02-07 by VulDB
D-Link DIR-823X set_password os command injection
Published 2026-02-07 by VulDB
UTT HiPER 810 formUser setSysAdm command injection
Published 2026-02-07 by VulDB
yeqifu warehouse Menu Management MenuController.java deleteMenu improper authorization
Published 2026-02-07 by VulDB
The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification
Published 2026-02-07 by Wordfence
The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes
Published 2026-02-07 by Wordfence
OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published 2026-02-07 by Wordfence
Wonka Slide <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published 2026-02-07 by Wordfence
Wikiloops Track Player <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published 2026-02-07 by Wordfence
TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update
Published 2026-02-07 by Wordfence
Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint
Published 2026-02-07 by Wordfence
Video Onclick <= 0.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published 2026-02-07 by Wordfence
Subitem AL Slider <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
Published 2026-02-07 by Wordfence
Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key
Published 2026-02-07 by Wordfence
MP-Ukagaka <= 1.5.2 - Reflected Cross-Site Scripting
Published 2026-02-07 by Wordfence
Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published 2026-02-07 by Wordfence
yeqifu warehouse Permission Management PermissionController.java deletePermission improper authorization
Published 2026-02-07 by VulDB
yeqifu warehouse Role Management RoleController.java deleteRole improper authorization
Published 2026-02-07 by VulDB
yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization
Published 2026-02-07 by VulDB
Post Slides <= 1.0.1 - Contributor+ Local File Inclusion
Published 2026-02-07 by WPScan
Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published 2026-02-07 by Wordfence
Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid
Published 2026-02-07 by Wordfence
Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode
Published 2026-02-07 by Wordfence
Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode
Published 2026-02-07 by Wordfence
yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access control
Published 2026-02-07 by VulDB
O2OA HTTP POST Request check xml external entity reference
Published 2026-02-07 by VulDB
itsourcecode School Management System index.php sql injection
Published 2026-02-07 by VulDB
HCL DevOps Velocity is susceptible to a Denial of Service vulnerability
Published 2026-02-07 by HCL
UTT 进取 520W formP2PLimitConfig strcpy buffer overflow
Published 2026-02-07 by VulDB
Wing FTP Server < 6.2.7 - Cross-site Request Forgery
Published 2026-02-06 by VulnCheck
TapinRadio 2.12.3 - 'username' Denial of Service
Published 2026-02-06 by VulnCheck
TapinRadio 2.12.3 - 'address' Denial of Service
Published 2026-02-06 by VulnCheck
AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service
Published 2026-02-06 by VulnCheck
AbsoluteTelnet 11.12 - "license name" Denial of Service
Published 2026-02-06 by VulnCheck
AbsoluteTelnet 11.12 - "license entry" Denial of Service
Published 2026-02-06 by VulnCheck
QuickDate 1.3.2 - SQL Injection
Published 2026-02-06 by VulnCheck
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Published 2026-02-06 by VulnCheck
Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
Published 2026-02-06 by VulnCheck
SprintWork 2.3.1 - Local Privilege Escalation
Published 2026-02-06 by VulnCheck
Cuckoo Clock 5.0 - Buffer Overflow
Published 2026-02-06 by VulnCheck
DBPower C300 HD Camera - Remote Configuration Disclosure
Published 2026-02-06 by VulnCheck
Core FTP Lite 1.3 - Denial of Service (PoC)
Published 2026-02-06 by VulnCheck
eLection 2.0 - 'id' SQL Injection
Published 2026-02-06 by VulnCheck
ATutor 2.2.4 - 'id' SQL Injection
Published 2026-02-06 by VulnCheck
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Published 2026-02-06 by VulnCheck
AMSS++ v 4.31 - 'id' SQL Injection
Published 2026-02-06 by VulnCheck
AMSS++ 4.7 - Backdoor Admin Account
Published 2026-02-06 by VulnCheck
SpotFTP-FTP Password Recover 2.4.8 - Denial of Service
Published 2026-02-06 by VulnCheck
aSc TimeTables 2020.11.4 - Denial of Service
Published 2026-02-06 by VulnCheck
Core FTP LE 2.2 - Denial of Service
Published 2026-02-06 by VulnCheck
Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Published 2026-02-06 by VulnCheck
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Published 2026-02-06 by VulnCheck
Antrea has invalid enforcement order for network policy rules caused by integer overflow
Published 2026-02-06 by GitHub_M
Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability
Published 2026-02-06 by GitHub_M
3DP-MANAGER Uses Hard-coded Credentials
Published 2026-02-06 by GitHub_M
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Published 2026-02-06 by GitHub_M
AdonisJS multipart body parsing has Prototype Pollution issue
Published 2026-02-06 by GitHub_M
Heap Overflow in Vim
Published 2026-02-06 by GitHub_M
DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade
Published 2026-02-06 by GitHub_M
Unauthenticated Spree Commerce users can view completed guest orders by Order ID
Published 2026-02-06 by GitHub_M
UTT 进取 520W formPolicyRouteConf strcpy buffer overflow
Published 2026-02-06 by VulDB
Command Injection on OpenProject repositories leads to Remote Code Execution
Published 2026-02-06 by GitHub_M
OpenProject vulnerable to Stored HTML injection
Published 2026-02-06 by GitHub_M
ggml-org llama.cpp GBNF Grammar llama-grammar.cpp llama_grammar_advance_stack stack-based overflow
Published 2026-02-06 by VulDB
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
Published 2026-02-06 by BT
Information Disclosure via Bucket Squatting in Google Cloud Agentspace.
Published 2026-02-06 by GoogleCloud
Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver
Published 2026-02-06 by GitHub_M
UTT 进取 520W formSyslogConf strcpy buffer overflow
Published 2026-02-06 by VulDB
Spree allows unauthenticated users can access all guest addresses
Published 2026-02-06 by GitHub_M
Trilium Notes has a Timing Attack Vulnerability in /api/login/sync
Published 2026-02-06 by GitHub_M
Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping
Published 2026-02-06 by GitHub_M
Enclave has a sandbox escape via infinite recursion and error objects
Published 2026-02-06 by GitHub_M
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Published 2026-02-06 by GitHub_M
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
Published 2026-02-06 by GitHub_M
Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Published 2026-02-06 by GitHub_M
Payload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)
Published 2026-02-06 by GitHub_M
UTT 进取 520W formTimeGroupConfig strcpy buffer overflow
Published 2026-02-06 by VulDB
Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling
Published 2026-02-06 by GitHub_M
SCEditor affected by DOM XSS via emoticon URL/HTML injection
Published 2026-02-06 by GitHub_M
OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply
Published 2026-02-06 by GitHub_M
PrestaShop has a time based enumeration in FO login form
Published 2026-02-06 by GitHub_M
Qdrant affected by arbitrary file write via `/logger` endpoint
Published 2026-02-06 by GitHub_M
Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK
Published 2026-02-06 by GitHub_M
Domain allowlist bypass enables credential exfiltration
Published 2026-02-06 by GitHub_M
UTT 进取 520W formIpGroupConfig strcpy buffer overflow
Published 2026-02-06 by VulDB
DeepAudit Affected by User Enumeration via Broken Access Control
Published 2026-02-06 by GitHub_M
EPyT-Flow has unsafe JSON deserialization (__type__)
Published 2026-02-06 by GitHub_M
iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()
Published 2026-02-06 by GitHub_M
Load more ↓