Security Vulnerabilities
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-17
phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-17
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-02-17
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.
CVSS Score
3.5
EPSS Score
0.0
Published
2026-02-17
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-17
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-02-17
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-02-17
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-17
A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.2
EPSS Score
0.004
Published
2026-02-17
A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-02-16