CVE Vulnerabilities - 17 February 2026

The Kadence Blocks plugin for WordPress is missing a security check, allowing users with Contributor-level access and above to perform actions they shouldn't. This could be exploited by attackers to g...

IBM MQ Operator and certain container images have a flaw that could allow someone with the wrong access to inject malicious data into log records. This could cause misleading or incorrect logs, which ...

Apache Tomcat versions 11.0.0-M1 to 11.0.14, 10.1.0-M1 to 10.1.49, and 9.0.0.M1 to 9.0.112 allow users to bypass security settings by sending old HTTP requests. This could potentially allow unauthoriz...

If you use Slack with OpenClaw, an attacker could inject malicious code that could execute unintended commands or expose sensitive data. To fix this, upgrade to the latest version of OpenClaw (2026.2....

Attackers can manipulate user profiles by tricking users into performing unintended actions on the phpgurukul Gym Management System. This can lead to unauthorized changes to user information. Update t...

OpenClaw, a gateway software, has a problem with how it logs certain data from WebSocket connections. This could allow an attacker to inject malicious data into the logs, which could then be used to t...

If a user interacts with a malicious website in Google Chrome under specific circumstances, their stored autofill data like addresses, email, or phone numbers may be revealed without their consent. Th...

A privileged user can upload malicious files to IBM Watsonx.data Lakehouse, which could allow them to modify certain files or data on the server. This could potentially lead to unauthorized changes or...

A security weakness in Gogs allows a repository administrator to delete comments from other repositories. This is a concern for Gogs users who rely on comment moderation and repository security. To pr...

OpenClaw, a Google Chat integration, has a flaw that allows attackers with high-level access to Google Workspace to pretend to be a legitimate sender. This means that even if you've set up allowlists ...

A mistake caused incorrect information to be released about a vulnerability. This means that any references or descriptions related to it are no longer valid. No action is required by users, but it's ...

A mistake was made in the vulnerability reporting system, and all information related to this issue has been removed. This means the report is not valid and should not be used. No action is required f...

A security issue in Juniper ScreenOS affects VPN connections, allowing unauthorized access to encrypted traffic. This means that hackers could potentially intercept sensitive data being transmitted be...

Adobe Acrobat and Reader may crash or unexpectedly behave when processing certain PDF files, potentially allowing attackers to execute code on a victim's system. This can happen if a user opens a mali...

Apache HTTP Server contains a vulnerability that could allow an attacker to execute malicious code on a server by manipulating certain HTTP requests. This could allow unauthorized access to sensitive ...