CVE Vulnerabilities - 18 February 2026

### Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. ### Vulnerable Versions This vulnerability ...

An attacker can exploit this flaw to create, delete, or modify customer data without permission. This could lead to sensitive information being altered or deleted, compromising the integrity of the sy...

InvoicePlane users should update to version 1.7.1 to prevent an attacker with administrator access from taking control of your server and executing malicious code. By updating, you'll ensure the secur...

A security issue exists in LibreNMS's IPv6 address search feature. If not addressed, an attacker could potentially access unauthorized data or manipulate the database. To protect your data, update Lib...

A security issue in ProjectWorlds Online Time Table Generator 1.0 allows unauthorized users to access administrative features, such as adding or deleting records, without proper authentication. This m...

A security flaw in GitHub Enterprise Server allows attackers to steal sensitive login tokens when users visit a malicious website. This vulnerability affects all versions of GitHub Enterprise Server u...

The systeminformation package for Linux allows an attacker to execute malicious files on the system when detecting the PostgreSQL version. This is a medium-risk issue that affects systeminformation us...

LibreNMS, a network monitoring tool, has a security weakness that lets attackers guess information about the database by manipulating search queries. This issue affects any logged-in user. To stay saf...

A security issue in Google Chrome's media component could allow a website to potentially cause the browser to crash or behave unexpectedly. This affects Chrome versions prior to 145.0.7632.109. Update...

A security issue in Google Chrome could allow an attacker to crash the browser or possibly execute malicious code. This affects users who visit a specially crafted website. To stay safe, keep your Goo...

A security issue in older versions of Google Chrome allows a hacker to create a malicious PDF file that could crash the browser. This could potentially happen if you visit a website that includes this...

An attacker who has already logged in to a Centova Cast server can use a special request to download sensitive system files, such as password files, potentially revealing confidential information. Thi...

A user can access sensitive areas of the system without permission, allowing them to view confidential information and make unintended changes. This is a concern for patient data and system security. ...

An attacker who is logged in to the Scholars Tracking System can upload any type of file, including malicious PHP code. This can allow them to take control of the server and execute their own code. To...

A security flaw in the Advanced AJAX Product Filters plugin for WordPress, used in conjunction with the Live Composer plugin, allows attackers with Author-level access to delete files or steal sensiti...

A flaw in Rexroth IndraWorks can let an attacker take control of your computer if you open a specially crafted file. This can happen if a user unintentionally opens a malicious file, which can then ru...

A critical security issue affects Rexroth IndraWorks. If you open a specially crafted file, an attacker could gain control of your system. Update your software to the latest version to prevent this fr...

The Rexroth IndraWorks software has a flaw that lets hackers take control of your system if you open a specially crafted file. This can happen if you use the program's test client tool. To stay safe, ...

A security flaw in the OPC.Testclient tool, part of Rexroth IndraWorks, lets hackers run malicious code on your system by tricking you into opening a specially crafted file. All versions of IndraWorks...

A bug in the OpenClaw updater script for contributors and maintainers allows a malicious actor to run arbitrary commands on your system. This happens when you run the updater in a source code reposito...

The AMR Printer Management 1.01 Beta web service on Windows allows attackers to access sensitive files on the system without permission. This is a concern because the service doesn't require a login a...

A security issue in the OpenClaw Feishu extension could allow an attacker to access and potentially steal sensitive internal data by tricking the extension into making unauthorized requests. To fix th...

A security issue in time@work version 7.0.5 allows unauthorized users to see sensitive information about other users' projects. This can happen if someone copies a link from time@work and opens it in ...

A security issue in the ShopLentor plugin for WordPress allows unauthenticated attackers to send emails to any recipient using the plugin's functionality. This could be used for spam or phishing campa...

An attacker on the same network can send a special type of packet to the Saturn Remote Mouse Server, which can then run any command on the server. This means an attacker can potentially take control o...