CVE Vulnerabilities - 17 February 2026

The Weblate management console doesn't check user input properly, allowing a malicious user to inject commands that could let them access SSH keys. This could be a security risk if the management cons...

The OpenClaw macOS desktop client can display a misleading confirmation message when a user is asked to run a deep link. This could trick users into approving a different message than the one that is ...

An attacker can access sensitive user information and system settings without needing a login. This could lead to unauthorized access and misuse of the system. Update your HPE Aruba 5G Core server API...

An attacker can access user accounts, roles, and system settings on an HPE Aruba 5G Core server without permission. This could lead to unauthorized access and potential privilege escalation if combine...

An attacker can remotely restart critical services on the affected product without a password, causing disruptions to services and impacting system availability. This could be exploited if the product...

IBM DataStage on Cloud Pak for Data allows an attacker to obtain sensitive user information, potentially allowing them to pretend to be another user. This issue affects versions 5.1.2 to 5.3.0. Update...

Old versions of Dell Avamar Server and Avamar Virtual Edition have a security weakness that allows a skilled attacker to delete important files on the server. This could happen if an attacker has perm...

Dell Avamar versions before 19.12 with patch 338905 have a security flaw that could allow an attacker with remote access to upload malicious files. This could lead to security issues and potentially h...

A security issue in IBM DB2 Merge Backup for Windows, Linux, and UNIX could allow an attacker to crash the program if they have valid login credentials. This could lead to a denial-of-service, making ...

IBM DB2 Merge Backup software on Linux, UNIX, and Windows may crash if a user enters incorrect data. This could lead to data loss or system instability. If you use this software, update it to the late...

IBM DB2 Recovery Expert for Linux, UNIX, and Windows may allow an attacker to trick a trusted user into performing malicious actions on the system. This could lead to unauthorized changes or data brea...

IBM DB2 Recovery Expert on Windows, Linux, and UNIX can be tricked into doing something it shouldn't by a maliciously crafted input. This could allow an attacker to steal sensitive information or take...

IBM Concert, versions 1.0.0 to 2.1.0, has a security weakness that allows an attacker to trick a trusted user into performing malicious actions on the system. This could lead to unauthorized changes o...

A security flaw in Skill-Scanner's API server allows attackers to potentially crash the system or upload unauthorized files. This affects Skill-Scanner version 1.0.1 and earlier, and only applies if t...

Gogs has a security problem that allows users with write access to any repository to modify labels in other repositories. This can lead to unauthorized changes to labels in sensitive repositories. To ...

IBM Db2 users may be at risk if their High Availability Disaster Recovery (HADR) setup is not properly configured. An attacker with a valid login could potentially access sensitive information if they...

IBM's Db2 database software has a security issue that could crash the server if an attacker sends a specific query. This could make the database unavailable to users. It's recommended to upgrade to a ...

A security issue in IBM Db2 for Linux, UNIX, and Windows could allow an authenticated user to crash the system. This could happen when a user sends a specially crafted query, which could cause the sys...

An issue in Smartypants Document Manager allows unauthorized access to sensitive files if access control is not properly set up. This means that someone with the wrong settings could view or edit docu...

The Custom Content by Country plugin by Shield Security does not properly check user permissions, allowing unauthorized users to access and edit sensitive settings. This means that users who shouldn't...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Dop...

IBM DB2 Recovery Expert for LUW 5.5 requires an update to prevent an authenticated user from taking on another user's identity after their session has timed out. This could potentially allow unauthori...

Attackers can inject malicious code into the system's web interface, potentially stealing sensitive information from a trusted session. This means that an attacker doesn't need to log in to access con...

A flaw in IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow hackers to trick users into visiting fake websites that look like trusted ones, potentially leading to sensitive information t...

IBM Concert versions 1.0.0 to 2.1.0 for the Z hub framework are open to a security risk where an unauthenticated attacker can inject malicious code into the web interface. This could allow them to pot...