Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 22 February 2026
RSS59 vulnerabilities published on 22 February 2026
Severity:
Dromara UJCMS 10.0.2: Remote Code Injection via Import Channel
CVE-2026-2954
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of th...
5.3
Web Ofisi Emlak V2: Unauthenticated Attackers Can Steal Sensitive Data
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries...
8.8
Web Ofisi Firma Rehberi v1 allows hackers to extract sensitive data
CVE-2019-25458
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting S...
8.8
Vaelsys 4.1.0 Allows Remote Code Execution
CVE-2026-2952
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request H...
6.9
Tosei Online Store Management System Allows Remote Code Execution
CVE-2026-2944
A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/mon...
6.9
Online Reviewer System 1.0: SQL Injection via Test ID Input
CVE-2026-2912
A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments...
6.9
Web Ofisi Emlak v2: Unauthenticated Access to Sensitive Database Info
CVE-2019-25456
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code ...
8.8
Dromara UJCMS 101.2: Path Traversal Risk in Template Handler
CVE-2026-2953
A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of...
5.3
qinming99 dst-admin: Unauthorized Code Execution via File Restores
CVE-2026-2956
A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipula...
5.3
Tenda Router Allows Remote Code Execution
CVE-2026-2930
A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of th...
5.3
D-Link DWR-M960: Unsecured Wireless Access Can Be Hacked Remotely
CVE-2026-2929
A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless ...
7.4
D-Link DWR-M960: Unauthorized Access via Malicious URL
CVE-2026-2928
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WL...
7.4
D-Link DWR-M960 1.01.07: Remote Code Execution via Overflow
CVE-2026-2927
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the co...
7.4
D-Link DWR-M960: Remote Attack through LTE Configuration Setting
CVE-2026-2926
A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configura...
7.4
D-Link DWR-M960: Remote Code Execution through Buffer Overflow
CVE-2026-2925
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the c...
7.4
Tenda FH451: Unsecured File Processing Can Lead to Remote Attack
CVE-2026-2911
A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipul...
7.4
Tenda HG9 Device Can Be Crashed by Malicious Network Traffic
CVE-2026-2910
A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the ...
7.4
Tenda Router Diagnostic Ping Endpoint Allows Remote Code Execution
CVE-2026-2909
A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpo...
7.4
Tenda HG9 Router: Unsecured Functionality Can Be Manipulated Remotely
CVE-2026-2908
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopB...
7.4
Tenda HG9 300001138: Unsecured Configuration Endpoint Allows Remote Exploit
CVE-2026-2907
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of...
7.4
Tenda HG9: Remote Attack Possible via Samba Configuration Setting
CVE-2026-2906
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Conf...
7.4
Tenda Wireless Router May Allow Remote Hacking
CVE-2026-2905
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless C...
7.4
UTT HiPER 810G Software Has a Buffer Overflow Flaw
CVE-2026-2904
A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manip...
7.4
Web Ofisi Rent a Car v3: Unauthenticated database access via 'klima' parameter
CVE-2019-25462
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL ...
8.8
DIGIT CENTRIS ERP lets attackers access sensitive data
CVE-2019-25446
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...
8.8