CVE Vulnerabilities - 13 February 2026

MojoPortal CMS v2.9.0.1 has a security issue where attackers can upload a special zip file to the /DesignTools/SkinList.aspx endpoint, allowing them to execute commands on the server. This could lead ...

Hyland OnBase's Workflow Timer Service may allow an attacker to access and modify sensitive files on the server. This could potentially lead to unauthorized data exposure or even allow an attacker to ...

Old versions of Cursor Code Editor had a security weakness that could allow an attacker to run malicious code in the editor's environment. This could happen if a malicious user was able to write to th...

Caido, a web security tool, previously allowed unauthorized access to its internal network by accepting fake information about the user's connection. This could let attackers bypass security checks. U...

A security flaw in Known software version 1.6.2 allows anyone to steal a password reset token, giving them access to any account. This can happen if the email address of the account owner is known. To...

An unauthenticated attacker can access and manipulate data in the PrestaShop store by injecting malicious SQL code into the Advanced Popup Creator module. This module is used in PrestaShop versions 1....

Calero VeraSMART versions before 2022 R1 store sensitive configuration data in a predictable location, allowing an attacker who gains access to the server to execute malicious code. This creates a ris...

Old versions of Calero VeraSMART are leaving a critical port open to the internet, allowing anyone to read and write files, including sensitive data like passwords and encryption keys. This could be u...

Attackers can access and control your computer without a password. This can lead to unauthorized data theft or system crashes. Update your BeyondTrust software to fix this issue.

A security flaw in LavaLite CMS 10.1.0 lets users with limited permissions log in to the admin area without proper authorization. This could allow them to make changes to the site's settings or data. ...

The Starfish Review Generation & Marketing plugin for WordPress is vulnerable to unauthorized changes. An attacker with a basic account can update settings to allow anyone to create an administrator a...

A vulnerability in FlexCity/Kiosk allows an attacker to bypass security checks and potentially access areas of the system that should only be accessible by authorized users. This could allow an attack...

A security issue in FlexCity/Kiosk software allows users to access sensitive features without proper authorization. This could lead to unauthorized changes or data manipulation. Update to version 1.0....

rPGP versions before 0.19.0 can crash if it receives a message with many nested layers. This could allow an attacker to make rPGP applications crash. Update to rPGP 0.19.0 to fix this issue.

The rPGP software can crash if it receives a specially crafted PGP key. This can happen if an attacker sends a malicious key to the application. To fix this, update to the latest version of rPGP, whic...

A security issue in FlexCity/Kiosk software allows an attacker to gain access to sensitive information that they shouldn't have access to. This affects all versions of FlexCity/Kiosk prior to 1.0.36. ...

A security issue has been discovered in Yokogawa's Vnet/IP Interface Package, which could allow an attacker to send a malicious packet and disrupt communication or run unauthorized programs on affecte...

The Wildfly Elytron integration does not limit failed login attempts, making it easier for attackers to try multiple login combinations. This can lead to unauthorized access to your system. To protect...

A flaw in the BACnet Stack library for embedded systems can cause a system crash if it receives a specially crafted network message. This can happen when a device receives a malformed message that inc...

Authenticated users can read and write files in other namespaces or sibling directories due to vulnerabilities in the local block adapter. This means sensitive information can be accessed or modified ...

Calero VeraSMART versions before 2026 R1 store passwords in a way that makes them easily accessible to anyone with local access to the system. This allows an attacker to get the passwords and use them...

ADB Explorer, a tool for interacting with Android devices on Windows, contains a security flaw that lets hackers run code on your computer from a distance. This means an attacker could potentially tak...

A security issue in Tandoor Recipes before version 2.5.1 allows anyone who uses the Cookmate import feature to potentially access internal or external websites without permission, which could reveal s...

Apache HTTP Server may not properly verify the identity of servers during secure connections. This can allow an attacker to intercept or modify sensitive information if they can intercept the connecti...

A bug in the TON Lite Server before version 2024.09 can cause it to use up all its processing power, making it unavailable to legitimate users. This can happen when the server is given a special type ...