CVE Vulnerabilities - 16 February 2026

Mattermost versions 11.1 through 11.1.2, 10.11 through 10.11.9, and 11.2 through 11.2.1 have a security issue that could allow an authenticated user to log in without going through Single Sign-On (SSO...

The Backup Handler in ZenTao versions up to 21.7.8 allows an attacker to delete files on the server by manipulating the file path. This could lead to data loss or disruption of service. Update to the ...

A vulnerability in Kubysoft allows attackers to inject malicious code into the system, which can be executed when other users access the affected resource. This could potentially allow an attacker to ...

Kubysoft is vulnerable to a security threat where attackers can embed malicious code in SVG images. This means that if you upload an infected SVG, it can harm visitors to your website. To stay safe, e...

An issue in Visual Studio Code's Live Server extension allows an attacker to steal files from your computer if you open a specially crafted web page. This could happen if you use the extension and ope...

Authenticated users can discover the existence of teams and their URLs by posting a link to a channel and checking the API response. This affects Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11...

A security flaw in Firefox for iOS allows attackers to trick users into seeing fake web pages that appear to be from a trusted source. This could lead to users being misled into providing sensitive in...

The Mattermost and Zoom Plugin may allow unauthorized users to start Zoom meetings and modify posts in certain versions. This can be exploited through direct API calls. Mattermost and Zoom Plugin user...

Mattermost Plugin Zoom for versions 10.11 and 11.1, and all versions of the Zoom plugin up to 1.11, have a security flaw that allows any logged-in user to change Zoom meeting settings for any channel....

A security issue in the TR7 Web Application Firewall allows attackers to trick users into visiting fake websites, potentially leading to phishing scams. This issue affects versions of the software fro...

If you use the RegistrationMagic WordPress plugin, a security issue exists that could allow unauthorized users to create forms on your site. This could lead to malicious activity, such as spam or data...

Mattermost versions 10.11 through 10.11.9 have a security issue that allows team administrators to add users to a team without proper permission, even if restrictions are in place. This could lead to ...

A security issue in Vichan versions up to 5.1.5 allows an attacker to change the password of a user without verifying the old password. This can be done from a remote location. We recommend updating t...

This vulnerability report was mistakenly issued and is not valid. We've removed all details to prevent accidental use. Consider this vulnerability non-existent and not applicable to your software.