CVE Vulnerabilities - 13 February 2026

Cloudflare Agents has a security flaw that lets attackers steal user chat history and take control of connected servers if users click on a malicious link. To fix this, update to [email protected] or ensu...

The Nessus Agent directory on Windows hosts has weak file permissions, which could allow unauthorized access and potentially lead to Denial of Service (DoS) attacks. This affects organizations that us...

An attacker with access to a virtual machine can disrupt the host system, causing it to become unavailable. This could lead to downtime and lost productivity. To mitigate this risk, ensure that access...

An attacker who already has a Genetec Sipelia Plugin user account can use this vulnerability to gain more powerful access on the Windows system where the plugin is installed. This could allow them to ...

Renovate versions 42.68.1 and later have a security issue where child processes can access environment variables that Renovate has access to. This could allow attackers to steal sensitive information....

The BACnet Protocol Stack library, used for building automation and control systems, has a bug that causes it to crash when processing long strings. This can lead to system instability and potentially...

Beautiful Mermaid diagrams can be used to inject malicious code into web pages, which can allow an attacker to execute scripts on your site. This is a concern if you're using Beautiful Mermaid to rend...

A bug in the HTTP library used by GNOME-based systems can allow a remote attacker to access sensitive information from a server's memory. This requires a specific server configuration and access to th...

Using an outdated version of the HP App on Android devices may put users at risk of seeing fake or malicious websites. This is a concern because these sites could trick users into revealing sensitive ...

Authenticated users with import permissions can read sensitive files on the server, potentially leading to system compromise. This is due to a weakness in how the application handles user input. Updat...

Kanboard software versions prior to 1.2.50 allow authenticated users to copy tasks into projects they shouldn't have access to. This can lead to unauthorized access to sensitive project information. U...

When creating Jira issues from Mattermost posts, users with authorized access to the Jira plugin can read content and attachments from channels they shouldn't have access to. This applies to users who...

The RegistrationMagic WordPress plugin has a security issue that allows users with certain permissions to see information they shouldn't. This affects plugin versions before 6.0.7.2. To fix this, upda...

Mattermost versions 10.11.x through 10.11.9 don't check if a user is active when showing team names. This means a deactivated user might see team names they shouldn't have access to. Update to a fixed...

A security weakness in SafeNet Agent for Windows Logon means a hacker could potentially trick the software into accepting a fake digital certificate, which could lead to unauthorized access to sensiti...

A misconfigured security setting in the Omada Cloud Controller may allow hackers to access sensitive information if they have already found a way to inject malicious code into the system. This can onl...

Adobe Acrobat Reader has a security flaw that could allow attackers to execute malicious code on a victim's computer when they open a specially crafted PDF file. This means that if you use Adobe Acrob...

Some WordPress plugins have a feature that allows administrators to assign permissions to users even if the users don't need them. An attacker could exploit this by creating an account with the requir...

Some Java-based web applications may leak user data when handling user login attempts. This is due to a configuration issue that can allow unauthorized access to sensitive information. To fix this, up...

Apache Struts does not properly validate rejected reasons in certain situations, potentially allowing an attacker to bypass authentication and gain unauthorized access to sensitive data. This issue af...

The WordPress plugin allows user input to be used in a way that could lead to security issues. This could potentially allow an attacker to inject malicious code into the website. To fix this issue, up...

Apache HTTP Server may allow unauthorized access to sensitive files if a user is able to guess a specific, reserved but unused URL. This could potentially allow an attacker to access sensitive data or...

A security issue in WordPress allows attackers to view unpublished posts that are not supposed to be accessible. This could allow unauthorized individuals to read sensitive information. WordPress has ...

The WordPress Plugin WP User Manager has a security issue that lets attackers access user accounts even if they are rejected. This is a serious problem because it could allow hackers to gain control o...