Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Thursday's vulnerability disclosures are dominated by multiple critical HP product vulnerabilities and a CVSS 10.0 Dell RecoverPoint flaw under active exploitation. The disclosure volume includes 20 critical CVEs (up 186% from the prior day) and 82 high-priority vulnerabilities (up 71%), reflecting a significant escalation in disclosed risk. Notable critical entries include CVE-2026-27175, CVE-2026-27174, and CVE-2026-27180 affecting HP products with CVSS 9.8 scores, alongside CVE-2026-1937 targeting WordPress. Microsoft Windows and Office account for six actively exploited vulnerabilities, with additional confirmed exploitation in GitLab, Apple OS, and Google Chromium. Patch availability currently stands at 0%, requiring organizations to prioritize compensating controls and monitoring for all affected systems.
Dell RecoverPoint CVE-2026-22769 carries a perfect CVSS 10.0 score with confirmed active exploitation
20 critical CVEs disclosed, a 186% increase over the prior day's 7 critical vulnerabilities
82 high-priority CVEs represent a 71% increase from the previous day's 48 high-priority disclosures
HP products account for at least 7 critical vulnerabilities with CVSS 9.4-9.8, indicating widespread exposure across HP environments
Microsoft Windows and Office have 6 actively exploited CVEs spanning remote code execution and privilege escalation vectors
0% patch availability across all 102 disclosed CVEs; 20 vulnerabilities have confirmed active exploitation
Immediate action: Prioritize Dell RecoverPoint, HP product lines, Microsoft Windows, and Microsoft Office for immediate review and apply compensating controls such as network segmentation and enhanced monitoring. With no patches currently available for any of the 102 disclosed vulnerabilities, organizations should implement detection rules for known exploitation patterns and restrict access to affected services until vendor remediations are released.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-22769
10π
DellRecoverPoint for
β° Federal Deadline:February 20, 2026(2 days remaining)
Dell RecoverPoint for Virtual Machines contains hardcoded credentials that allow unauthenticated remote attackers to gain root-level access and establish persistence.
CVSS Base10
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2021-39935
9.5π Late Disclosure
GitLabCommunity and Enterprise Editions
β° Federal Deadline:February 23, 2026(5 days remaining)
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-64328
9.5
SangomaFreePBX
β° Federal Deadline:February 23, 2026(5 days remaining)
Sangoma FreePBX OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2019-19006
9.5π Late Disclosure
SangomaFreePBX
β° Federal Deadline:February 23, 2026(5 days remaining)
Sangoma FreePBX Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-11953
9.5π
React Native CommunityCLI
β° Federal Deadline:February 25, 2026(7 days remaining)
React Native Community CLI OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-24423
9.5
SmarterToolsSmarterMail
β° Federal Deadline:February 25, 2026(7 days remaining)
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-21513
9.5π
MicrosoftWindows
β° Federal Deadline:March 2, 2026(12 days remaining)
A protection mechanism failure in the MSHTML Framework allows an unauthenticated attacker to bypass security features over a network, potentially leading to unauthorized system access.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-21525
9.5
MicrosoftWindows
β° Federal Deadline:March 2, 2026(12 days remaining)
Microsoft Windows NULL Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-21510
9.5π
MicrosoftWindows
β° Federal Deadline:March 2, 2026(12 days remaining)
A protection mechanism failure in the Windows Shell allows an unauthenticated attacker to bypass security features over a network connection.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-21533
9.5π
MicrosoftWindows
β° Federal Deadline:March 2, 2026(12 days remaining)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate their privileges locally on the affected system.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-21519
9.5π
MicrosoftWindows
β° Federal Deadline:March 2, 2026(12 days remaining)
A type confusion vulnerability in the Desktop Window Manager (DWM) allows an authorized local attacker to elevate their privileges to a higher level.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-21514
9.5π
MicrosoftOffice
β° Federal Deadline:March 2, 2026(12 days remaining)
A security feature bypass vulnerability in Microsoft Office Word exists due to reliance on untrusted inputs, allowing an unauthorized local attacker to circumvent security protections.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-20700
9.5π
AppleApple OS
β° Federal Deadline:March 4, 2026(14 days remaining)
A memory corruption vulnerability in Apple software was addressed through improved state management to prevent potential exploitation.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2024-43468
9.5π Late Disclosure
MicrosoftConfiguration Manager
β° Federal Deadline:March 4, 2026(14 days remaining)
Microsoft Configuration Manager SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-15556
9.5
Notepad++Notepad++
β° Federal Deadline:March 4, 2026(14 days remaining)
Notepad++ Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2020-7796
9.5π Late Disclosure
SynacorZimbra Collaboration Suite
β° Federal Deadline:March 9, 2026(19 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2024-7694
9.5π Late Disclosure
TeamT5ThreatSonar Anti-Ransomware
β° Federal Deadline:March 9, 2026(19 days remaining)
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2008-0015
9.5π Late Disclosure
MicrosoftWindows
β° Federal Deadline:March 9, 2026(19 days remaining)
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-2441
9.5π
GoogleChromium
β° Federal Deadline:March 9, 2026(19 days remaining)
Google Chrome is vulnerable to a "Use After Free" condition in its CSS engine, which could allow a remote attacker to execute arbitrary code via a crafted webpage.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2021-22175
9.5π Late Disclosure
GitLabGitLab
β° Federal Deadline:March 10, 2026(20 days remaining)
GitLab Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-27175
9.8π
HPscript
MajorDoMo is vulnerable to unauthenticated remote code execution via a race condition and unsanitized user input in the rc/index.php and cycle_execs.php components.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-27174
9.8π
HPconsole feature
MajorDoMo allows unauthenticated remote code execution via the admin panel's PHP console due to a logic error that bypasses authentication and passes input to the eval() function.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-27180
9.8π
HPfiles
MajorDoMo is vulnerable to unauthenticated remote code execution via update URL poisoning, allowing an attacker to force the system to download and extract a malicious update package.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-70141
9.4π
HPbased on
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php, allowing unauthenticated attackers to invoke administrative methods and delete or modify records.
CVSS Base9.4
β
CRSSelect profile
CVE-2026-1937
9.8π
WordPressis vulnerable
The YayMail plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on an AJAX action, allowing authenticated attackers to gain administrative access.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-70149
9.8
HPvia the
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-70152
9.8
HPand
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.
CVSS Base9.8
β
CRSSelect profile
CVE-2019-25365
9.8ππ Late Disclosure
the configurationChaosPro
A buffer overflow in ChaosPro 2.0's configuration file handling allows attackers to gain remote code execution on Windows XP systems by overwriting the Structured Exception Handler (SEH).
CVSS Base9.8
β
CRSSelect profile
CVE-2026-25548
9.1
HPcode
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion (LFI) and Log Poisoning attack. An authenticated administrator can execute arbitrary system commands on the server by manipulating the `public_invoice_template` setting to include poisoned log files containing PHP code. Version 1.7.1 patches the issue.
CVSS Base9.1
β
CRSSelect profile
CVE-2025-70150
9.8
HPthat allows
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-65791
9.8π
HPZoneMinder
ZoneMinder is vulnerable to remote command injection because user-supplied input is passed unsanitized to the exec() function in the image.php view.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-14009
10π
NLTK ProjectNLTK (Natural Language Toolkit)
The NLTK downloader lacks path validation in its unzip function, allowing attackers to execute arbitrary code via malicious zip packages that overwrite Python files during extraction.
CVSS Base10
β
CRSSelect profile
CVE-2019-25361
9.8ππ Late Disclosure
the SYSTNFTP client
A buffer overflow in the Ayukov NFTP client's SYST command handling allows remote attackers to execute arbitrary code on the client machine via a crafted server response.
CVSS Base9.8
β
CRSSelect profile
CVE-2019-25362
9.8ππ Late Disclosure
WMV to AVI MPEG DVD WMV ConvertorWMV to AVI MPEG DVD WMV Convertor
A stack-based buffer overflow in the license handling fields of this video converter allows attackers to execute arbitrary code via a 6000-byte malicious payload.
CVSS Base9.8
β
CRSSelect profile
CVE-2019-25360
9.8ππ Late Disclosure
the CSVAida64 Engineer
Aida64 Engineer contains a buffer overflow in its CSV logging configuration that allows attackers to execute arbitrary code via a malformed log file using SEH overwrite techniques.
CVSS Base9.8
β
CRSSelect profile
CVE-2019-25364
9.8ππ Late Disclosure
the POP3MailCarrier
A buffer overflow in the POP3 USER command handling in MailCarrier 2.51 allows remote attackers to execute arbitrary code by sending an oversized buffer to the service.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-1435
9.8π
Graylog WebGraylog Web Interface
Graylog Web Interface 2.2.3 fails to invalidate old session identifiers upon new logins, allowing attackers with a leaked sessionId to maintain unauthorized persistent access to the account.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-70998
9.8π
UTTHiPER 810 / nv810v4 router firmware
Insecure default credentials in the Telnet service of UTT HiPER routers allow remote attackers to gain root access via automated scripts.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-2686
9.8π
SECCNDingcheng G10
A command injection vulnerability in the SECCN Dingcheng G10 login script allows unauthenticated remote attackers to execute OS commands via the User argument.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-70146
9.1π
ProjectWorldsOnline Time Table Generator
Missing authentication in administrative scripts of the Online Time Table Generator allows unauthenticated attackers to perform unauthorized data operations via direct HTTP requests.
CVSS Base9.1
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-1426
8.8
WordPressis vulnerable
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2650
8.8
GoogleChrome prior
Heap buffer overflow in Media in Google Chrome prior to 145
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2649
8.8
GoogleChrome prior
Integer overflow in V8 in Google Chrome prior to 145
CVSS Base8.8
β
CRSSelect profile
CVE-2026-1714
8.6
WordPressis vulnerable
The ShopLentor β WooCommerce Builder for Elementor & Gutenberg +21 Modules β All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3
CVSS Base8.6
β
CRSSelect profile
CVE-2026-2495
7.5
WordPressis vulnerable
The WPNakama β Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2627
7.8π
Microsoftshared
A security flaw has been identified in Softland FBackup up to version 9 that could allow for unauthorized access or data manipulation.
CVSS Base7.8
β
CRSSelect profile
CVE-2026-2019
7.2
WordPressis vulnerable
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2296
7.2
WordPressis vulnerable
The Product Addons for Woocommerce β Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3
CVSS Base7.2
β
CRSSelect profile
CVE-2025-36247
7.1π
IBMDb2 for
IBM Db2 version 11 for Linux, UNIX, and Windows is affected by a security vulnerability that could lead to unauthorized system access.
CVSS Base7.1
β
CRSSelect profile
CVE-2026-22048
7.1π
MicrosoftEntra ID
NetApp StorageGRID versions prior to 11 contain a security vulnerability that could impact the integrity of object storage environments.
CVSS Base7.1
β
CRSSelect profile
CVE-2026-2576
7.5
WordPressplugin for
The Business Directory Plugin β Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6
CVSS Base7.5
β
CRSSelect profile
CVE-2024-55270
8.8π Late Disclosure
ManagementMultiple Products
phpgurukul Student Management System 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-26119
8.8π
MicrosoftWindows Admin Center
Improper authentication within Microsoft Windows Admin Center enables an authorized attacker to escalate privileges via network access. This flaw facilitates unauthorized administrative control.
CVSS Base8.8
β
CRSSelect profile
CVE-2025-70064
8.8
HPMultiple Products
PHPGurukul Hospital Management System v4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-70151
8.8
HPand upload
code-projects Scholars Tracking System 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-1368
7.5
WordPressplugin before
The Video Conferencing with Zoom WordPress plugin before 4
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25349
7.5π Late Disclosure
forMultiple Products
ScadaApp for iOS 1
CVSS Base7.5
β
CRSSelect profile
CVE-2026-25087
7
Apache ArrowArrow
Use After Free vulnerability in Apache Arrow C++
CVSS Base7
β
CRSSelect profile
CVE-2026-1216
7.2
WordPressis vulnerable
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5
CVSS Base7.2
β
CRSSelect profile
CVE-2026-1931
7.2
WordPressis vulnerable
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0
CVSS Base7.2
β
CRSSelect profile
CVE-2025-70147
7.5
HPand
Missing authentication in /admin/student
CVSS Base7.5
β
CRSSelect profile
CVE-2025-70148
7.5
HPin CodeAstro
Missing authentication and authorization in print_membership_card
CVSS Base7.5
β
CRSSelect profile
CVE-2026-27178
7.2
HPrendering code
MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox
CVSS Base7.2
β
CRSSelect profile
CVE-2025-33245
8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution
CVSS Base8
β
CRSSelect profile
CVE-2025-33241
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33243
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33250
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33251
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33252
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33253
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file
CVSS Base7.8
β
CRSSelect profile
CVE-2026-27099
8
JenkinsMultiple Products
Jenkins 2
CVSS Base8
β
CRSSelect profile
CVE-2026-22860
7.5
webMultiple Products
Rack is a modular Ruby web server interface
CVSS Base7.5
β
CRSSelect profile
CVE-2026-23599
7.8
LinuxMultiple Products
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux
CVSS Base7.8
β
CRSSelect profile
CVE-2026-27177
7.2
HPMultiple Products
MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration
CVSS Base7.2
β
CRSSelect profile
CVE-2026-23595
8.8π
The affected software providerApplication API
An authentication bypass vulnerability in the application's API allows unauthenticated attackers to create unauthorized administrative accounts, leading to full system compromise.
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13689
8.8π
IBMDataStage on
Unrestricted file uploads in IBM DataStage on Cloud Pak for Data allow authenticated users to execute arbitrary commands and access sensitive information.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2630
8.8
TenableMultiple Products
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13691
8.1π
IBMDataStage on
A high-severity security vulnerability has been identified in IBM DataStage on Cloud Pak for Data 5, potentially allowing unauthorized access or system compromise.
CVSS Base8.1
β
CRSSelect profile
CVE-2026-27182
8.4
MouseMultiple Products
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000
CVSS Base8.4
β
CRSSelect profile
CVE-2025-33236
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33239
7.8
NVIDIAMegatron Bridge
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33240
7.8
NVIDIAMegatron Bridge
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33246
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33249
7.8
NVIDIANeMo Framework
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection
CVSS Base7.8
β
CRSSelect profile
CVE-2025-1272
7.7
startingKernel lockdown
The Linux Kernel lockdown mode for kernel versions starting on 6
CVSS Base7.7
β
CRSSelect profile
CVE-2025-33088
7.4π
IBMConcert
A security vulnerability in IBM Concert 1 could allow for unauthorized actions or data exposure, impacting the overall security posture of the application.
CVSS Base7.4
β
CRSSelect profile
CVE-2026-25926
7.3
ArchPath vulnerability
Notepad++ is a free and open-source source code editor
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7631
8.6
Tumeva InternetMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd
CVSS Base8.6
β
CRSSelect profile
CVE-2026-2629
7.3
InforMultiple Products
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7
CVSS Base7.3
β
CRSSelect profile
CVE-2026-27179
8.2
commandsMultiple Products
MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module
CVSS Base8.2
β
CRSSelect profile
CVE-2026-2616
8.8
UnknownMultiple Products
A vulnerability has been found in Beetel 777VR1 up to 01
CVSS Base8.8
β
CRSSelect profile
CVE-2025-70397
8.8
jizhicmsMultiple Products
jizhicms 2
CVSS Base8.8
β
CRSSelect profile
CVE-2025-70828
8.8
UnknownMultiple Products
An issue in Datart v1
CVSS Base8.8
β
CRSSelect profile
CVE-2019-25351
8.8π Late Disclosure
CentovaMultiple Products
Centova Cast 3
CVSS Base8.8
β
CRSSelect profile
CVE-2025-67905
8.7
MalwarebytesMultiple Products
Malwarebytes AdwCleaner before v
CVSS Base8.7
β
CRSSelect profile
CVE-2019-25357
8.4π Late Disclosure
CenterMultiple Products
Control Center PRO 6
CVSS Base8.4
β
CRSSelect profile
CVE-2026-24708
8.2
NovaMultiple Products
An issue was discovered in OpenStack Nova before 30
CVSS Base8.2
β
CRSSelect profile
CVE-2019-25359
8.2π Late Disclosure
InforMultiple Products
SD
CVSS Base8.2
β
CRSSelect profile
CVE-2026-23648
7.8
GloryMultiple Products
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions
CVSS Base7.8
β
CRSSelect profile
CVE-2025-60035
7.8
UnknownMultiple Products
A vulnerabilityΒ has been identified in the OPC
CVSS Base7.8
β
CRSSelect profile
CVE-2025-60036
7.8
UnknownMultiple Products
A vulnerability has been identified in the UA
CVSS Base7.8
β
CRSSelect profile
CVE-2025-60037
7.8
UnknownMultiple Products
A vulnerabilityΒ has been identified in Rexroth IndraWorks
CVSS Base7.8
β
CRSSelect profile
CVE-2025-60038
7.8
UnknownMultiple Products
A vulnerabilityΒ has been identified in Rexroth IndraWorks
CVSS Base7.8
β
CRSSelect profile
CVE-2025-61982
7.8
OpenCFDMultiple Products
An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506
CVSS Base7.8
β
CRSSelect profile
CVE-2026-0874
7.8
UnknownMultiple Products
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
β
CRSSelect profile
CVE-2026-0875
7.8
UnknownMultiple Products
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
β
CRSSelect profile
CVE-2026-2507
7.5
WhenMultiple Products
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25350
7.5π Late Disclosure
XMediaMultiple Products
XMedia Recode 3
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25352
7.5π Late Disclosure
HTTPMultiple Products
Crystal Live HTTP Server 6
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25353
7.5π Late Disclosure
ManagementMultiple Products
Foscam Video Management System 1
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25354
7.5π Late Disclosure
iSmartViewProMultiple Products
iSmartViewPro 1
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25355
7.5π Late Disclosure
gSOAPMultiple Products
gSOAP 2
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25358
7.5π Late Disclosure
FileOptimizerMultiple Products
FileOptimizer 14
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25363
7.5π Late Disclosure
WMVMultiple Products
WMV to AVI MPEG DVD WMV Convertor 4
CVSS Base7.5
β
CRSSelect profile
CVE-2019-25401
7.5π Late Disclosure
adminMultiple Products
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page
CVSS Base7.5
β
CRSSelect profile
CVE-2026-27181
7.5
UnknownMultiple Products
MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2620
7.3
WarningMultiple Products
A weakness has been identified in Huace Monitoring and Early Warning System 2
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2621
7.3
ManagementMultiple Products
A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2668
7.3
UnknownMultiple Products
A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2684
7.3
ArchMultiple Products
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2615
7.2
UnknownMultiple Products
A flaw has been found in Wavlink WL-NU516U1 up to 20251208
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2670
7.2
UnknownMultiple Products
A vulnerability was identified in Advantech WISE-6610 1