Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 22 February 2026
RSS59 vulnerabilities published on 22 February 2026
Severity:
Inventory Webapp SQL Injection: Unauthenticated Data Manipulation
CVE-2019-25443
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code th...
8.8
WebIncorp ERP: Unauthenticated SQL Injection via prod_id Parameter
CVE-2019-25440
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throu...
8.8
NoviSmart CMS Allows Malicious Requests to Access Database
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code throug...
8.8
XOOPS CMS 2.5.9: Unauthorized access to sensitive database info
CVE-2019-25433
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code thr...
8.8
Ashop Shopping Cart Software allows attackers to extract sensitive database info
CVE-2019-25391
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the ...
8.8
microASP Portal+ CMS exposes sensitive data through SQL injection
CVE-2019-25366
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malic...
8.8
qinming99 dst-admin Delete Backup Function Can Be Disrupted Remotely
CVE-2026-2957
A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admi...
5.3
Web Ofisi Platinum E-Ticaret v5 allows hackers to steal sensitive data
CVE-2019-25461
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by inject...
8.8
Web Ofisi Platinum E-Ticaret v5: Unauthenticated Access to Sensitive Database Info
CVE-2019-25460
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by inject...
8.8
Web Ofisi Firma v13: Unauthenticated database info disclosure via SQL injection
CVE-2019-25457
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code...
8.8
Web Ofisi E-Ticaret v3: Unauthenticated Database Access via Malicious GET Requests
CVE-2019-25455
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL c...
8.8
Dolibarr ERP/CRM 10.0.1 allows hackers to extract sensitive database info
CVE-2019-25452
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated a...
8.8
Dolibarr ERP/CRM 10.0.1 allows attackers to access sensitive database data
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting...
7.1
Web Wiz Forums 12.01 allows unauthorized access to database info
CVE-2019-25442
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL cod...
8.8
Zaher1307 tiny_web_server allows remote attackers to cause a crash
CVE-2026-2940
A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/...
6.9
SourceCodester Student Result Management System: Remote Access Risk
CVE-2026-2938
A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/s...
6.9
funadmin Configuration Handler Allows Unauthorized Access
CVE-2026-2896
GHSA-5m2g-4cf6-c3rg
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the com...
5.5
UTT HiPER 810G allows remote attackers to execute code
CVE-2026-2935
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Execu...
7.3
Libvips: Large File Processing Can Crash System
CVE-2026-2913
A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/so...
2.0
JeecgBoot 3.9.0: Server-side Request Forgery in Upload Function
CVE-2026-2945
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp....
5.3
Funadmin Backend Endpoint Exposes User Information to Hackers
CVE-2026-2898
GHSA-gcxp-xg77-798j
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.ph...
2.0
RyMcu Forest 0.0.5: Remote Code Injection Through User Info Update
CVE-2026-2947
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/ap...
5.1
Rymcu Forest 0.0.5: Cross-Site Scripting in Article Comments
CVE-2026-2946
A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file sr...
5.1
The Plus Addons for Elementor plugin lets attackers hijack emails and redirects
CVE-2026-2385
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insuff...
5.3
funadmin Exposes Sensitive Info to Remote Attackers
CVE-2026-2894
GHSA-8hhx-xq9j-xwfj
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/log...
5.5