CVE Vulnerabilities - 18 February 2026

If you use Orthanc version 1.12.10 or earlier, an attacker could gain full control of your system by exploiting a weakness in the way users are checked for permission. This is a serious issue, as it c...

A security issue in mingSoft MCMS 6.1.1 allows attackers to upload files without restriction, potentially allowing them to inject malicious code. This could lead to unauthorized access to sensitive da...

The URL Shortify plugin for WordPress has a security flaw that allows attackers to trick users into visiting fake websites. This can happen when a user clicks on a suspicious link. Update the plugin t...

A security issue in InvoicePlane lets an authorized user with invoice management access execute malicious code in other users' browsers, potentially stealing their data or taking control of their sess...

The Video Share VOD plugin for WordPress, used to build video sharing sites, contains a security flaw. If an attacker with sufficient permissions edits the plugin settings, they can inject malicious c...

An attacker with administrator access can inject malicious code into your site that will run when users visit specific pages. This can lead to a range of issues, including data theft and unauthorized ...

A security issue in the YayMail plugin for WordPress can allow attackers to inject malicious code into certain pages on your website. This can happen if you have a multi-site installation and have res...

The Private Comment plugin for WordPress has a security flaw that allows attackers to inject malicious code into certain pages. This could happen if an administrator with high-level access adds a mali...

The Membership Plugin for WordPress is at risk of being compromised by malicious scripts in the invoice settings. If an attacker gains admin access, they can inject scripts that will run when users vi...

A security flaw in the WP 404 Auto Redirect to Similar Post plugin for WordPress could allow hackers to inject malicious code into websites. This only affects WordPress sites with multi-site installat...

The Tsinghua Unigroup Electronic Archives System has a security flaw that allows an attacker to access files they shouldn't be able to. This could happen if someone with malicious intentions can trick...

A security issue exists in LibreNMS that allows an attacker with admin access to inject malicious JavaScript into the Alert Rules page, which can be executed when viewed. This could allow an attacker ...

A security flaw in newbee-mall's Multiple Endpoints component could allow hackers to trick users into performing unintended actions. This means that attackers can potentially trick users into doing so...

A low-privileged user can intentionally slow down or shut down Splunk Web by changing their password with a specially crafted request. This can cause performance issues or make Splunk Web unresponsive...

Attackers with certain permissions can change the booking calendar settings for other users, disrupting their booking functionality. This can happen in versions up to 10.14.14 of the Booking Calendar ...

Old versions of Jenkins allow unauthorized users to see information about builds they shouldn't have access to, including job and build existence. This could be a security risk if your Jenkins instanc...

An attacker with Author-level access and above can create posts they shouldn't be able to. This can lead to unauthorized changes to your website. Update to version 6.4.8 or later to fix the issue.

The Dam Spam plugin for WordPress has a security flaw that allows attackers to delete all pending comments without permission. This is a concern for sites using the plugin, as it can lead to comment d...

The Kali Forms plugin for WordPress has a security issue that allows users with Contributor-level access to access and view form data that belongs to other users, including administrators. This could ...

An attacker with a WordPress account can modify posts created by administrators by manipulating a specific parameter. This is a risk for sites using the EventPrime plugin, especially if administrators...

The Kadence WP plugin for WordPress has a flaw that lets Contributors upload files from the internet to the WordPress Media Library. This is a security risk because Contributors shouldn't be able to d...

The Kadence WP plugin for WordPress allows attackers with Contributor-level access and above to make unauthorized server requests, potentially exposing sensitive data like contacts, campaigns, and mai...

The Taskbuilder plugin for WordPress has a security flaw that lets someone with a subscriber-level account or higher create comments on any project or task, even if they shouldn't be able to access it...

The WP Plugin Info Card plugin for WordPress is at risk because it doesn't properly check if requests are coming from a trusted source. This could allow attackers to trick an admin into creating or mo...

A security issue in the PDF Invoices & Packing Slips for WooCommerce plugin allows an attacker with a low-level account to change sensitive customer information. This could disrupt payments and lead t...