CVE Vulnerabilities - 18 February 2026

The Keybase.io Verification plugin for WordPress has a security flaw that lets attackers trick site administrators into making unwanted changes to the plugin settings. This could lead to unauthorized ...

The Tickera plugin for WordPress doesn't properly check who can change event statuses. This means a hacker with a subscriber-level account or higher can change event statuses without permission. Updat...

A security issue in the EmailKit plugin for WordPress allows attackers to modify post titles, including posts, pages, and custom post types, without permission. This could lead to unauthorized changes...

Authenticated users with Subscriber-level access and above can view information about other users' orders. This is due to a mistake in the plugin's code, specifically on the 'wos_troubleshooting' endp...

The Frontend User Notes plugin for WordPress is at risk. An attacker with a Subscriber-level account or above can modify notes that belong to other users. To fix this, update the plugin to version 2.1...

The WP All Export plugin for WordPress is vulnerable to unauthorized access to sensitive data files. This means that attackers can download sensitive information, such as personal data or business rec...

OpenClaw, a sandboxing tool, has a bug where it mistakenly treats order changes in configuration arrays as no changes. This can lead to old sandbox containers being reused, which can cause issues. To ...

A flaw in QEMU's UEFI virtual device can leak sensitive information from the guest operating system, compromising its security. This occurs when the guest writes to a certain register, causing the dev...

A bug in The Silver Searcher, a code search tool, can cause it to crash if it's given certain types of input. This could potentially allow an attacker to make the tool malfunction, but it requires the...

A flaw in the universal-ctags ctags tool allows an attacker to cause the tool to enter an infinite loop on the local system. This could potentially be exploited by a malicious actor. Users should upda...

The WP-DownloadManager plugin for WordPress is vulnerable to a security risk that allows attackers to access sensitive files on the server if they have an administrator account. This is due to a mista...

The YayMail plugin for WooCommerce is insecure, allowing an attacker with manager-level access to install and activate a different email plugin without permission. This could lead to malicious email s...

A security flaw in ChaiScript, a JavaScript-like scripting language, can allow an attacker with local access to access data that has already been deleted. This could lead to unpredictable behavior or ...

A security issue in Chrome 120 allows websites to potentially identify users by their browser configuration. This affects users who have a non-default browser fingerprint. To protect user data, update...

The filippo.io/edwards25519 library has a bug in its MultiScalarMult function. If you use this function with a point that's not the default or zero value, it might produce incorrect results. This is a...

This is a duplicate report of a known vulnerability, so there's no new information to worry about. You should use the original report instead. If you've already taken steps to address the original iss...

This vulnerability was marked as a duplicate of CVE-2025-12500. To avoid confusion, do not use this number and instead reference CVE-2025-12500. All information related to this duplicate number has be...

This report was mistakenly sent and has no actual security issue. It has been removed to prevent confusion. No action is needed.

A bug in the Linux kernel's SMB client could cause data corruption. This happens when multiple threads access and change the same data simultaneously, potentially leading to incorrect results. To fix ...

A Linux kernel issue causes OpenSSL benchmark tests with multiple processes to hang when using the virtio-crypto device. This has been fixed in the latest kernel update. If you're using the virtio-cry...

A fix has been made to prevent a rare situation where a Linux server's count of active network connections could become incorrect. This could potentially lead to issues with connection tracking and ma...

A bug in the Exynos Virtual Display driver for Linux could have caused problems with memory allocation and deallocation. This could lead to unexpected behavior or crashes, especially in situations wit...

A Linux kernel bug could cause data corruption when a task exits, potentially leading to system instability. This issue has been fixed in a recent update. Upgrade your Linux kernel to the latest versi...

A bug in the Linux kernel's file system could cause it to access memory that hasn't been properly initialized. This can happen when using a specific option to mount a file system directly. To fix this...

A security issue has been fixed in the Linux kernel's xfs file system. This issue could have caused a crash if the system was handling certain file operations. The fix ensures the correct order of ope...