{
"Source": "CVE FEED",
"Title": "CVE-2026-2182 - UTT 进取 521G setSysAdm doSystem command injection",
"Content": "CVE ID : CVE-2026-2182
Published : Feb. 8, 2026, 8:15 p.m. | 1 hour, 44 minutes ago
Description : A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2182 - UTT 进取 521G setSysAdm doSystem command injection",
"Content": "CVE ID : CVE-2026-2182
Published : Feb. 8, 2026, 8:15 p.m. | 1 hour, 44 minutes ago
Description : A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2183 - Great Developers Certificate Generation System csv.php unrestricted upload",
"Content": "CVE ID : CVE-2026-2183
Published : Feb. 8, 2026, 8:15 p.m. | 1 hour, 44 minutes ago
Description : A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The code repository of the project has not been active for many years.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2183 - Great Developers Certificate Generation System csv.php unrestricted upload",
"Content": "CVE ID : CVE-2026-2183
Published : Feb. 8, 2026, 8:15 p.m. | 1 hour, 44 minutes ago
Description : A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The code repository of the project has not been active for many years.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2195 - code-projects Online Reviewer System questions-view.php sql injection",
"Content": "CVE ID : CVE-2026-2195
Published : Feb. 8, 2026, 11:32 p.m. | 28 minutes ago
Description : A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2195 - code-projects Online Reviewer System questions-view.php sql injection",
"Content": "CVE ID : CVE-2026-2195
Published : Feb. 8, 2026, 11:32 p.m. | 28 minutes ago
Description : A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2194 - D-Link DI-7100G C1 start_proxy_client_email command injection",
"Content": "CVE ID : CVE-2026-2194
Published : Feb. 8, 2026, 11:32 p.m. | 28 minutes ago
Description : A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2194 - D-Link DI-7100G C1 start_proxy_client_email command injection",
"Content": "CVE ID : CVE-2026-2194
Published : Feb. 8, 2026, 11:32 p.m. | 28 minutes ago
Description : A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2191 - Tenda AC9 formGetDdosDefenceList stack-based overflow",
"Content": "CVE ID : CVE-2026-2191
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2191 - Tenda AC9 formGetDdosDefenceList stack-based overflow",
"Content": "CVE ID : CVE-2026-2191
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2192 - Tenda AC9 formGetRebootTimer stack-based overflow",
"Content": "CVE ID : CVE-2026-2192
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2192 - Tenda AC9 formGetRebootTimer stack-based overflow",
"Content": "CVE ID : CVE-2026-2192
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2193 - D-Link DI-7100G C1 set_jhttpd_info command injection",
"Content": "CVE ID : CVE-2026-2193
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2193 - D-Link DI-7100G C1 set_jhttpd_info command injection",
"Content": "CVE ID : CVE-2026-2193
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2190 - itsourcecode School Management System controller.php sql injection",
"Content": "CVE ID : CVE-2026-2190
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2190 - itsourcecode School Management System controller.php sql injection",
"Content": "CVE ID : CVE-2026-2190
Published : Feb. 8, 2026, 11:15 p.m. | 44 minutes ago
Description : A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2189 - itsourcecode School Management System index.php sql injection",
"Content": "CVE ID : CVE-2026-2189
Published : Feb. 8, 2026, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2189 - itsourcecode School Management System index.php sql injection",
"Content": "CVE ID : CVE-2026-2189
Published : Feb. 8, 2026, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2198 - code-projects Online Reviewer System loaddata.php sql injection",
"Content": "CVE ID : CVE-2026-2198
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2198 - code-projects Online Reviewer System loaddata.php sql injection",
"Content": "CVE ID : CVE-2026-2198
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2199 - code-projects Online Reviewer System user-delete.php sql injection",
"Content": "CVE ID : CVE-2026-2199
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2199 - code-projects Online Reviewer System user-delete.php sql injection",
"Content": "CVE ID : CVE-2026-2199
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2196 - code-projects Online Reviewer System exam-update.php sql injection",
"Content": "CVE ID : CVE-2026-2196
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2196 - code-projects Online Reviewer System exam-update.php sql injection",
"Content": "CVE ID : CVE-2026-2196
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2197 - code-projects Online Reviewer System exam-delete.php sql injection",
"Content": "CVE ID : CVE-2026-2197
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2197 - code-projects Online Reviewer System exam-delete.php sql injection",
"Content": "CVE ID : CVE-2026-2197
Published : Feb. 9, 2026, 1:16 a.m. | 45 minutes ago
Description : A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2201 - ZeroWdd studentmanager LeaveController.java addLeave cross site scripting",
"Content": "CVE ID : CVE-2026-2201
Published : Feb. 9, 2026, 1:02 a.m. | 59 minutes ago
Description : A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The code repository of the project has not been active for many years.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2201 - ZeroWdd studentmanager LeaveController.java addLeave cross site scripting",
"Content": "CVE ID : CVE-2026-2201
Published : Feb. 9, 2026, 1:02 a.m. | 59 minutes ago
Description : A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The code repository of the project has not been active for many years.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2200 - heyewei JFinalCMS API Endpoint save cross site scripting",
"Content": "CVE ID : CVE-2026-2200
Published : Feb. 9, 2026, 1:02 a.m. | 59 minutes ago
Description : A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2200 - heyewei JFinalCMS API Endpoint save cross site scripting",
"Content": "CVE ID : CVE-2026-2200
Published : Feb. 9, 2026, 1:02 a.m. | 59 minutes ago
Description : A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-66599 - Yokogawa Electric Corporation FAST/TOOLS Path Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-66599
Published : Feb. 9, 2026, 3:25 a.m. | 37 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Physical paths could
be displayed on web pages. This information could be exploited by an attacker
for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-66599 - Yokogawa Electric Corporation FAST/TOOLS Path Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-66599
Published : Feb. 9, 2026, 3:25 a.m. | 37 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Physical paths could
be displayed on web pages. This information could be exploited by an attacker
for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-66600 - Yokogawa Electric Corporation FAST/TOOLS HTTP Strict Transport Security (HSTS) Misconfiguration Vulnerability",
"Content": "CVE ID : CVE-2025-66600
Published : Feb. 9, 2026, 3:24 a.m. | 38 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product lacks
HSTS (HTTP Strict Transport Security) configuration. When an attacker performs
a Man in the middle (MITM) attack, communications with the web server could be
sniffed.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-66600 - Yokogawa Electric Corporation FAST/TOOLS HTTP Strict Transport Security (HSTS) Misconfiguration Vulnerability",
"Content": "CVE ID : CVE-2025-66600
Published : Feb. 9, 2026, 3:24 a.m. | 38 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product lacks
HSTS (HTTP Strict Transport Security) configuration. When an attacker performs
a Man in the middle (MITM) attack, communications with the web server could be
sniffed.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-66601 - Yokogawa Electric Corporation FAST/TOOLS MIME Type Vulnerability (Remote Code Execution)",
"Content": "CVE ID : CVE-2025-66601
Published : Feb. 9, 2026, 3:17 a.m. | 44 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
specify MIME types. When an attacker performs a content sniffing attack,
malicious scripts could be executed.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-66601 - Yokogawa Electric Corporation FAST/TOOLS MIME Type Vulnerability (Remote Code Execution)",
"Content": "CVE ID : CVE-2025-66601
Published : Feb. 9, 2026, 3:17 a.m. | 44 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
specify MIME types. When an attacker performs a content sniffing attack,
malicious scripts could be executed.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-66602 - Yokogawa Electric Corporation FAST/TOOLS Remote IP Address Guessing Vulnerability",
"Content": "CVE ID : CVE-2025-66602
Published : Feb. 9, 2026, 3:16 a.m. | 46 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
access by IP address. When a worm that randomly searches for IP addresses
intrudes into the network, it could potentially be attacked by the worm.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-66602 - Yokogawa Electric Corporation FAST/TOOLS Remote IP Address Guessing Vulnerability",
"Content": "CVE ID : CVE-2025-66602
Published : Feb. 9, 2026, 3:16 a.m. | 46 minutes ago
Description : A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
access by IP address. When a worm that randomly searches for IP addresses
intrudes into the network, it could potentially be attacked by the worm.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2202 - Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow",
"Content": "CVE ID : CVE-2026-2202
Published : Feb. 9, 2026, 3:16 a.m. | 46 minutes ago
Description : A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2202 - Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow",
"Content": "CVE ID : CVE-2026-2202
Published : Feb. 9, 2026, 3:16 a.m. | 46 minutes ago
Description : A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2203 - Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow",
"Content": "CVE ID : CVE-2026-2203
Published : Feb. 9, 2026, 3:16 a.m. | 46 minutes ago
Description : A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2203 - Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow",
"Content": "CVE ID : CVE-2026-2203
Published : Feb. 9, 2026, 3:16 a.m. | 46 minutes ago
Description : A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹