Common Vulnerabilities and Exposures (CVE)

CVE-2026-26098

Feb 20, 2026 23:03:35 UTC

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

CVE-2026-26099

Feb 20, 2026 23:03:24 UTC

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

CVE-2026-26100

Feb 20, 2026 23:03:13 UTC

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

CVE-2026-26101

Feb 20, 2026 23:03:04 UTC

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

CVE-2026-26102

Feb 20, 2026 23:02:51 UTC

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

CVE-2019-25454

Feb 20, 2026 22:57:02 UTC

phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script pay...

CVE-2019-25453

Feb 20, 2026 22:57:01 UTC

phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb p...

CVE-2019-25451

Feb 20, 2026 22:57:00 UTC

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to m...

CVE-2019-25449

Feb 20, 2026 22:56:59 UTC

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:...

CVE-2019-25448

Feb 20, 2026 22:56:58 UTC

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the docum...

CVE-2019-25447

Feb 20, 2026 22:56:57 UTC

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers ...

CVE-2019-25441

Feb 20, 2026 22:54:52 UTC

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell comma...

CVE-2019-25438

Feb 20, 2026 22:54:51 UTC

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the ...

CVE-2019-25437

Feb 20, 2026 22:54:50 UTC

Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into ...

CVE-2019-25436

Feb 20, 2026 22:54:49 UTC

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old...