CVE Vulnerabilities - 17 February 2026

Any repository collaborator with write permissions can delete protected branches, including the default branch, by sending a direct POST request through the web interface. This allows a low-privilege ...

The Phpgurukul Student Management System's search function is not secure, allowing an attacker to access or modify sensitive data. This could lead to unauthorized changes or theft of student informati...

The Telnet and SSH services on Beetel 777VR1 devices are not properly configured, which means they may not be secure by default. This could allow an attacker on the same local network to exploit this ...

An attacker can inject malicious code into the Datart application by manipulating the url parameter in the JDBC configuration. This could allow them to take control of the system or steal sensitive da...

The WP Maps plugin for WordPress has a security flaw that allows hackers with a basic account to access and run files on the server, potentially stealing sensitive data or taking control of the site. ...

A security flaw in the Microsoft Windows Video ActiveX Control could allow hackers to take control of a user's computer if they visit a malicious website. This could let the hacker do anything the use...

If a hacker creates a specific web page, it could cause your browser to crash or behave unexpectedly, potentially allowing them to take control of your computer. This issue affects multiple popular we...

Non-admin users can delete important system files on Malwarebytes AdwCleaner versions before 8.7.0. This is a security risk because it could allow an attacker to delete critical system files, potentia...

Critical Apache NiFi installations are at risk of unauthorized changes to sensitive flow components. This can happen when a user with limited permissions is allowed to update configuration settings fo...

Tumeva Prime News Software versions 1.0.1 and earlier are at risk of being hacked if malicious code is injected through user input. This could allow an attacker to access sensitive user information. U...

A security issue in Clicldeu SaaS allows an attacker who has already logged in to access sensitive information by manipulating the URL of a downloaded report. This could happen if an attacker can tric...

IBM Db2 databases version 11.5 and 12.1 are at risk of being exploited by an attacker who can access sensitive information or crash the system by sending a malicious XML file. This is a serious securi...

A security issue affects older versions of OpenClaw, where a malicious plugin can write files in the wrong directory if installed by an administrator. This could potentially allow an attacker to acces...

A security flaw in Pterodactyl Panel allows unauthorized access to server configurations and data. This means that a malicious user with a secret token can view and manipulate other servers, potential...

FBackup 9.9 has a security issue that allows attackers to access sensitive data on the same computer. This means that an attacker with local access can potentially exploit this weakness. We recommend ...

The ISPK-08 software on some Glory RBG-100 recyclers has weak file permissions, allowing a local attacker to replace or modify critical system files and gain root access. This means an unauthorized pe...

The Zarinpal Gateway for WooCommerce plugin on your WordPress site may let anyone mark orders as paid without actually paying for them. This can happen if someone gets a secret payment code from a dif...

Trusted users with special access to the OpenClaw Gateway tool can accidentally or maliciously make the tool connect to unauthorized websites. This can happen when users have more access than they nee...

A security issue in Jorani's all-day offs feature allows an authorized user to execute unintended database commands, potentially leading to data tampering or unauthorized access. This vulnerability af...

OpenClaw's Image tool can be tricked into fetching images from unauthorized internal network targets, potentially exposing sensitive information. This issue is fixed in version 2026.2.2 and later. Upd...

OpenClaw's built-in security feature to block certain types of internet requests can be tricked into allowing malicious access. This could allow hackers to access internal systems or networks that sho...

If an attacker can trick the OpenClaw Feishu extension into loading a malicious file, they may be able to access and steal sensitive files from your computer. This issue is fixed in version 2026.2.14 ...

If you use the OpenClaw Telnyx plugin, you may be at risk of accepting fake requests from unknown sources. This happens when the plugin is installed, enabled, and exposed to the public internet withou...

If you use the BlueBubbles plugin with OpenClaw, an attacker could potentially send fake messages as if they came from you, by exploiting a weakness in the way the plugin checks for authentication. To...

A maliciously crafted XML file can cause the fast-xml-parser library to take a long time to process, potentially freezing the application. This is due to a flaw in the way the library handles certain ...