CVE Vulnerabilities - 17 February 2026

A security issue affects the Liderahenk software, allowing hackers to run unauthorized code from a remote location. This could potentially allow an attacker to access sensitive data or take control of...

IBM Concert versions 1.0.0 to 2.1.0 may leak sensitive information if an attacker intercepts communication between a user and the application. This could potentially allow attackers to access sensitiv...

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensi...

An outdated version of the Frontend File Manager Plugin for WordPress lets attackers send spam emails and access sensitive files without permission. This can be exploited by anyone who knows the file ...

Authenticated users can potentially access confidential information stored in Datart's database. This is a concern because sensitive data could be viewed by people who shouldn't have access to it. To ...

An attacker can inject malicious code into Blossom's article titles, potentially allowing them to trick users into revealing sensitive information or taking unwanted actions. This issue is serious bec...

IBM webMethods Integration Server 12.0 has a security flaw that allows an attacker to inject code into web pages viewed by users. This could lead to unauthorized actions being taken within the victim'...

Dell Unisphere for PowerMax versions 9.2.4.x contain a security flaw that could allow an attacker to inject malicious code into your web browser, potentially stealing sensitive information or taking c...

A security issue allows hackers to upload malicious files to Indico, potentially harming users. Updates are available to fix the problem. To ensure security, update Indico to the latest version and re...

Rack::Directory can display files with malicious names that, when clicked, run code in the hosting application. This can happen if an attacker uploads a file with a name starting with 'javascript:'. U...

A mistake in the BSV Blockchain SDK's authentication system can cause incorrect signatures, which may lead to unauthorized access. This issue affects users of the TypeScript SDK and may compromise the...

A security weakness in Dell Unisphere for PowerMax could allow an attacker to run malicious code in a user's web browser, potentially stealing information or taking control of user sessions. This vuln...

A security issue with IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 exposes sensitive system information, which could help attackers target the system. This means that an attacker could use this...

IBM Cloud Pak System versions 2.3.3.6 to 2.3.5.0 may reveal sensitive folder locations to unauthorized individuals, potentially helping them launch further attacks on the system. This could compromise...

A security issue in Echo's static file serving on Windows allows an attacker to access files outside the intended public directory. This can happen when using the default file system and serving files...

The EventPrime plugin for WordPress is open to a security risk that allows hackers to upload any image file to your website without needing a password. This can lead to malicious images being displaye...

Some IBM WebSphere Application Server versions may not properly secure security settings, potentially allowing unauthorized system administration. This could lead to security weaknesses and unauthoriz...

IBM Sterling B2B Integrator and File Gateway software may expose sensitive information to unauthorized users, potentially allowing attackers to gain insight into system configuration and functionality...

Administrators with access to the Pega Platform interface may be able to execute malicious code, potentially stealing sensitive information or disrupting the system. This issue affects Pega Platform v...

Dell Avamar versions before 19.12 with patch 338905 have a security weakness that could allow an attacker with high privileges and remote access to access sensitive information they shouldn't be able ...

The Forminator plugin for WordPress has a security flaw that lets someone with admin access insert malicious code into website pages. This could cause problems for users when they visit the affected p...

IBM Cloud Pak versions 2.3.3.6 through 2.3.5.0 have a security issue that allows a logged-in user to perform actions they shouldn't be able to. This could lead to unauthorized changes or access to sen...

A software component called OpenClaw has a flaw that allows unauthorized users to access sensitive information, such as Discord bot tokens, by making a specific request. This is a concern because it a...

IBM Concert versions 1.0.0 through 2.1.0 are vulnerable to a security risk that allows an attacker with permission to send fake requests from your system. This could be used to discover sensitive info...

Indico makes requests to URLs provided by users, which could potentially be used to access sensitive data. However, the risk is limited to event organizers and organizations that host Indico on AWS or...