CVE Vulnerabilities - 17 February 2026

The Rocket TRUfusion Enterprise software allows authenticated users to upload files to any location on the system, which could allow hackers to install malicious code. This is a serious security risk ...

Authenticated users can inject malicious code into Datart's template engine, potentially allowing them to access sensitive data or take control of the system. This affects users who have authorized ac...

Certain versions of [Software Name] have an exposed API endpoint that could let hackers change a user's password reset email address without needing a password or login credentials. This could allow a...

A hacker can pretend to be a trusted user by changing their display name, potentially bypassing security settings and accessing restricted conversations. Nextcloud Talk users should update to version ...

IBM Concert, a software component, contains hardcoded user credentials that could be exploited by an attacker to access sensitive information or take unauthorized actions. This means that anyone with ...

Gogs, a web-based Git platform, allows anyone to upload files anonymously to the server, potentially leading to disk space issues, malware delivery, or unauthorized content hosting. This can happen if...

The Glory RBG-100 system, which uses the ISPK-08 software, stores its login information in plain text, allowing anyone with network access to log in as an administrator without a password. This puts t...

If you're using OpenClaw on Windows and have enabled exec allowlist/approval gating, a malicious command can trick Windows into running additional actions beyond what's approved. This can happen if a ...

A recent security update fixes a flaw that allowed unauthorized access to OpenClaw's gateway by connecting without proper authentication. If your OpenClaw gateway is exposed to the public internet, yo...

A security flaw in Beetel 777VR1's Web Management Interface allows hackers to access the device without needing a password, which can be done from within the same local network. This means that anyone...

The opentofu-fips package has a configuration error that allows attackers to access sensitive information. This could lead to unauthorized access to your system. We recommend checking the package's do...

If you're using Zimbra Collaboration Suite and have the WebEx zimlet installed, a malicious threat actor could potentially trick the system into accessing unauthorized websites. This could lead to sec...

An attacker can embed malicious code in an S-100 file, which can then execute with administrator-level access when opened in OpenS100. This can lead to data theft, system compromise, or other maliciou...

An attacker can send malicious data to the LightLLM server and run arbitrary code without needing a password or permission. This could allow them to access or modify sensitive information, or even tak...

A security issue exists in certain versions of Apache Tomcat that allows an attacker to bypass required client certificate checks. This can be exploited by an attacker to gain unauthorized access to t...

An attacker with authorized access to Windows Admin Center can potentially gain elevated network privileges, allowing them to access sensitive areas of the network. This affects Windows Admin Center u...

An authenticated user can upload files without restrictions, potentially allowing them to execute arbitrary system commands and access sensitive data. This could lead to unauthorized access and data b...

The Blossom file upload function has a security issue that allows attackers to access files they shouldn't be able to reach. This could potentially allow them to view or modify sensitive data. We reco...

A weakness in the application's API allows an attacker to create administrative accounts without permission. This could lead to sensitive data being accessed or modified, and system configurations bei...

IBM Security QRadar EDR's session management is flawed, allowing an attacker to impersonate a legitimate user after their session expires. This can lead to unauthorized access to sensitive data and ac...

IBM QRadar EDR has a security issue that allows an authenticated user to pretend to be another user on the system after their session has expired. This could give the attacker access to sensitive info...

An attacker can execute unauthorized commands on the server hosting Tenable Security Center if they are authenticated and remote. This allows the attacker to potentially access sensitive data or disru...

The TOTOLINK A3002RU_V3 router's IPv6 setup feature has a security flaw that could allow hackers to potentially crash the device or execute malicious code. This affects the device's stability and secu...

A security issue in the TOTOLINK A3002RU router can be exploited remotely, potentially allowing an attacker to gain unauthorized access to the device. This could lead to malicious activity or the exec...

The TOTOLINK A3002RU router's DNS function has a bug that could allow an attacker to crash the device. This could cause the router to stop working, making your internet connection unavailable. You sho...