CVE Vulnerabilities - 18 February 2026

Attackers can crash the Foscam Video Management System by sending a very long username, potentially causing downtime. This can happen when a user attempts to log in with a maliciously crafted username...

A flaw in the Crystal Live HTTP Server 6.01 allows an attacker to trick the server into showing sensitive system files by manipulating the URL. This could allow an attacker to access files they should...

XMedia Recode, a media converter, can crash if you open a specially crafted playlist file. This could be used by an attacker to disrupt your work. To avoid this, update to the latest version of XMedia...

An oversized field in the ScadaApp login process can cause the app to crash on iOS devices. This can allow attackers to temporarily disrupt the app's functionality. Update to the latest version of Sca...

InvoicePlane's self-hosted application for managing invoices has a security flaw that allows an attacker with administrator access to inject malicious scripts. This could lead to unauthorized changes ...

InvoicePlane's file management system has a weakness that lets attackers read sensitive files on the server without permission. This could lead to the exposure of important information like database p...

BIG-IP Traffic Manager (TMM) may terminate unexpectedly when receiving certain types of traffic. This issue affects BIG-IP AFM and BIG-IP DDoS systems, which could cause downtime. F5 recommends keepin...

If you use ProjectWorlds Online Time Table Generator, an attacker can access sensitive information, such as passwords, by simply visiting certain web pages. This is a serious issue because it allows u...

The WPNakama plugin for WordPress contains a security flaw that could allow an attacker to access sensitive user information. This issue affects all versions of the plugin up to 0.6.5. To protect your...

The Zoom plugin for WordPress allows attackers to access sensitive meeting IDs and API keys without a password, putting users' video conferencing sessions at risk. This means that attackers could pote...

The Business Directory Plugin for WordPress has a security flaw that allows hackers to access sensitive information without a password. This is because the plugin doesn't properly protect user input, ...

Some OpenClaw webhooks can be crashed by very large or slow uploads, causing the server to become unresponsive. This can happen when an attacker sends a huge amount of data to the webhook, causing the...

A security flaw in Rongzhitong's Visual Integrated Command and Dispatch Platform may allow an attacker to access user data without permission. This affects users of the platform, as their sensitive in...

Payara Server versions before 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 have a security flaw that could let hackers trick administrators into changing their password by clicking on a specially crafte...

An update is available for the Red Hat kernel for real-time systems. This update addresses a security issue that could allow an attacker to gain root access to the system. To protect your system, appl...

An unknown function in the Background Management component of the Advantech WISE-6610 can be exploited by an attacker to execute unauthorized commands on the system. This can happen if an attacker sen...

The Product Addons for Woocommerce plugin for WordPress allows attackers with Shop Manager access to inject and run malicious code on the server. This can lead to unauthorized changes to the website o...

The Cart All In One For WooCommerce plugin for WordPress is insecure, allowing attackers with administrator access to execute malicious code on the server. This means an attacker could gain full contr...

The Rent Fetch plugin for WordPress contains a security flaw that allows unauthorized users to inject malicious code into web pages. This could potentially allow an attacker to take control of a websi...

Keras, a popular machine learning library, can load model weights from any file on your computer if you use a specially crafted file. This means an attacker can trick you into loading a malicious file...

A vulnerability in PyTorch allows an attacker to bypass a security check in Picklescan, a tool used to detect malicious pickled files. This could potentially allow an attacker to hide malicious code i...

A security issue in how opa-envoy-plugin handles certain URLs allows attackers to bypass access controls. This means that attackers can craft URLs that bypass security checks, potentially allowing the...

An update is available for Python 3.12 packages in Red Hat Enterprise Linux. This update fixes a security issue that could allow an attacker to run arbitrary code on your system. You should update you...

A security issue has been identified in the Python Wheel package, which is used by Apache HTTP Server. This issue can allow an attacker to execute malicious code on a system, potentially leading to un...

The Discovery CLI RPM for Red Hat has been updated to version 2.4.3 to address a security issue that could allow an attacker to execute arbitrary code on a system. This affects Red Hat users who have ...