Total
330934 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25261 | 2026-02-03 | 7.8 High | ||
| AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges. | ||||
| CVE-2025-5319 | 2026-02-03 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Information and Communication Technologies Industry and Trade Ltd. Co. Efficiency Management System allows SQL Injection.This issue affects Efficiency Management System: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-67851 | 2026-02-03 | 6.1 Medium | ||
| A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet. | ||||
| CVE-2026-24992 | 2026-02-03 | 5.3 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.2. | ||||
| CVE-2026-24669 | 2026-02-03 | 7.8 High | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and potential account takeover. This issue has been patched in version 4.2. | ||||
| CVE-2026-24668 | 2026-02-03 | 6.5 Medium | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue has been patched in version 4.2. | ||||
| CVE-2026-24667 | 2026-02-03 | 5 Medium | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user accounts. This issue has been patched in version 4.2. | ||||
| CVE-2026-24666 | 2026-02-03 | 6.5 Medium | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2. | ||||
| CVE-2026-24665 | 2026-02-03 | 8.7 High | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors view the submission. This issue has been patched in version 4.2. | ||||
| CVE-2026-24774 | 2026-02-03 | 4.3 Medium | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by directly accessing a crafted URL. This issue has been patched in version 4.2. | ||||
| CVE-2026-24773 | 2026-02-03 | 7.5 High | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user identifiers. This issue has been patched in version 4.2. | ||||
| CVE-2025-46696 | 1 Dell | 3 Secure Connect Gateway, Secure Connect Gateway Appliance, Secure Connect Gateway Application | 2026-02-03 | 6.4 Medium |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-9127 | 1 Purestorage | 2 Portworx, Px Enterprise | 2026-02-03 | 5.5 Medium |
| A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions. | ||||
| CVE-2026-24966 | 2026-02-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through <= 1.4.1. | ||||
| CVE-2026-24674 | 2026-02-03 | 4.7 Medium | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and tricking victims into visiting them. This issue has been patched in version 4.2. | ||||
| CVE-2026-24673 | 2026-02-03 | 4.3 Medium | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the application’s built-in decompression functionality. This issue has been patched in version 4.2. | ||||
| CVE-2025-71002 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.5 Medium |
| A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-1312 | 2026-02-03 | 5.4 Medium | ||
| An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue. | ||||
| CVE-2026-24672 | 2026-02-03 | 7.3 High | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing privileges access affected application pages. This issue has been patched in version 4.2. | ||||
| CVE-2026-24671 | 2026-02-03 | 6.1 Medium | ||
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated high-privileged users (teachers or administrators) to inject malicious JavaScript into multiple user-controllable input fields across the application, which is executed when other users access affected pages. This issue has been patched in version 4.2. | ||||