7.5

CVSS3.1

CVE-2026-22905 - Authentication Bypass via URI Traversal

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

πŸ“… Published: Feb. 9, 2026, 7:40 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:33 p.m.

9.8

CVSS3.1

CVE-2026-22904 - Stack Overflow via Oversized Cookie Fields in lighttpd

Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.

πŸ“… Published: Feb. 9, 2026, 7:40 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:34 p.m.

9.8

CVSS3.1

CVE-2026-22903 - Stack Overflow via SESSIONID Cookie in lighttpd

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

πŸ“… Published: Feb. 9, 2026, 7:39 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:36 p.m.

4.8

CVSS4.0

CVE-2026-2222 - code-projects Online Reviewer System btn_functions.php cross site scripting

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack ma…

πŸ“… Published: Feb. 9, 2026, 7:32 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:38 p.m.

8.7

CVSS4.0

CVE-2026-2236 - HGiga|C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

πŸ“… Published: Feb. 9, 2026, 7:20 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:42 p.m.

7.1

CVSS4.0

CVE-2026-2235 - HGiga|C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

πŸ“… Published: Feb. 9, 2026, 7:17 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:43 p.m.

9.3

CVSS4.0

CVE-2026-2234 - HGiga|C&Cm@il - Missing Authentication

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.

πŸ“… Published: Feb. 9, 2026, 7:09 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:40 p.m.

2.8

CVSS3.1

CVE-2026-2239 - gimp: GIMP: Application crash (DoS) via crafted PSD file due to heap-buffer-overflow

No description is available for this CVE.

πŸ“… Published: Feb. 9, 2026, 7:07 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 7:07 a.m.

6.9

CVSS4.0

CVE-2026-2221 - code-projects Online Reviewer System Login index.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The e…

πŸ“… Published: Feb. 9, 2026, 7:02 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:41 p.m.

8.4

CVSS4.0

CVE-2026-24466 -

Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

πŸ“… Published: Feb. 9, 2026, 6:59 a.m. πŸ”„ Last Modified: Feb. 9, 2026, 3:43 p.m.
Total resulsts: 331841
Page 19 of 33,185
Β« previous page Β» next page
Filters