CVE Vulnerabilities - 18 February 2026

A security issue in OpenClaw allows attackers who are already authenticated to access and read files on the server by uploading malicious file paths. This could compromise sensitive data. To fix this ...

A vulnerability in OpenClaw's iMessage group authorization allows a sender approved via direct message pairing to access group conversations even if they're not explicitly allowed. This could lead to ...

A vulnerability in OpenClaw allows an attacker on a shared network to trick devices into connecting to a fake endpoint and accepting a fake certificate, potentially stealing login credentials. This is...

Attackers can inject malicious scripts into the IPFire web interface, potentially taking control of administrator sessions. This could allow unauthorized access to sensitive settings. Update to the la...

The Complianz Cookie Consent plugin for WordPress has a security flaw that allows attackers with some access rights to inject malicious code into website pages, which can be executed when users visit ...

An attacker with contributor access can inject malicious code into event pages. Users should update to a patched version of the plugin to prevent unauthorized scripts from running on their site.

The InteractiveCalculator plugin for WordPress fails to properly check user input, allowing attackers with contributor-level access to inject malicious scripts into pages that can be executed when use...

The Popup Box WordPress plugin has a security flaw that allows attackers to inject malicious code on your site if they have contributor-level access. This means they can run unauthorized scripts on yo...

An attacker with Contributor-level access can inject malicious scripts into WordPress pages, which can execute when users visit those pages. This can lead to unauthorized actions, data theft, or other...

The Display During Conditional Shortcode plugin for WordPress has a security flaw that lets attackers inject malicious code into pages, which can run when users visit those pages. This can happen if a...

The Filestack plugin for WordPress allows attackers to inject malicious code into pages that users can access, potentially harming your site and its users. This affects all versions up to 2.0.8. Updat...

A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component A...

An attacker can exploit a weakness in the live555 fork's code, causing the program to crash or behave erratically, potentially leading to data loss or security breaches. This affects users of the rgau...

A security issue in the huanzi-qch base-admin system allows attackers to upload any type of file without restrictions, potentially leading to malicious code execution. This is a risk because it allows...

Alixhan xh-admin-backend versions up to 1.7.0 are at risk of a SQL injection attack, which could allow an attacker to manipulate database queries. This could lead to unauthorized access to sensitive d...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Throu...

The MajorDoMo shoutbox is vulnerable to a security threat that allows attackers to steal sensitive information from administrators. This can happen when an attacker injects malicious code into the sho...

The MajorDoMo system has a security flaw that could allow an attacker to inject malicious code into the system. This could potentially allow an attacker to access sensitive information or take control...

The MajorDoMo software contains a security flaw that lets attackers inject malicious code onto web pages. This could allow hackers to take control of user sessions or steal sensitive information. Upda...

IPFire VPN configuration parameters can be exploited to inject malicious scripts into administrator browsers, potentially allowing attackers to take control of the system. This affects the ovpnmain.cg...

IPFire's hosts.cgi script is vulnerable to an attack where an attacker can inject malicious code into a user's browser, potentially allowing the attacker to steal sensitive information or take control...

Attackers can inject malicious scripts into IPFire's update process, potentially harming users' computers. This could happen if a user visits a malicious website or opens a malicious email that contai...

If an attacker knows your login credentials, they can inject malicious code into your printer's settings page, allowing them to access sensitive data or take control of your printer. This risk exists ...

A security flaw in LibreNMS allows an attacker to trick you into revealing your login credentials. This can happen when you visit a malicious website or open a phishing email that includes a link to t...

The Ultimate Member plugin for WordPress is vulnerable to a type of cyber attack that can inject malicious code into websites. This can happen if a user clicks on a link that has been designed to tric...