CVE Vulnerabilities - 18 February 2026

A security flaw in the Graylog Web Interface console allows an attacker to inject malicious code into the interface, potentially allowing them to take control of a user's session and manipulate their ...

A security issue in Graylog version 2.2.3 can allow hackers to inject malicious code into your browser if you visit a specially crafted URL. This could potentially let them take control of your sessio...

A flaw in the Graylog Web Interface console allows attackers to inject malicious scripts into a user's browser. This can lead to unauthorized actions being taken on the user's account. To fix this, up...

The Graylog Web Interface console version 2.2.3 has a security flaw that lets attackers inject code into a user's browser. This could allow the attacker to manipulate the user's session and potentiall...

The Graylog Web Interface console version 2.2.3 does not properly protect against malicious code injected into URLs. This could allow an attacker to trick a user into executing malicious JavaScript in...

A security issue in the Download Manager plugin for WordPress allows attackers to inject malicious scripts into pages if a user clicks on a link. This can happen if the user clicks on a link from an u...

The Frontend Post Submission Manager Lite plugin for WordPress is affected by a bug that could allow attackers to trick users into visiting fake websites. This happens when an attacker sends a specifi...

Using OpenClaw Chutes with manual OAuth login, attackers could trick users into entering fake login data. This could allow an attacker to access a user's Chutes account instead of the intended one. Up...

The Trivy Action in GitHub Actions can execute arbitrary commands in the CI environment if an attacker injects malicious code into the action's inputs. This can happen if you pass untrusted data into ...

If you use OpenClaw with Telegram, be aware that usernames can be changed, potentially allowing an unauthorized user to access your bot. To fix this, update to the latest version of OpenClaw, which no...

## Summary Stored XSS in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `<script>` tag without script-context-safe escaping. A crafted value containing `</scrip...

A low-privileged user can bypass security controls and run sensitive commands in Splunk by creating a Data Model with a malicious query. This can happen in older versions of Splunk Enterprise and Clou...

A security issue has been found in the Intel EDK II firmware used in some Red Hat systems. This could allow an attacker to potentially execute arbitrary code on affected systems. To mitigate this, use...

A security update has been released for the EDK2 firmware, which is used in some Red Hat servers. This update addresses multiple security risks that could allow an attacker to take control of the firm...

## Vulnerability In some shared-agent deployments, OpenClaw session tools (`sessions_list`, `sessions_history`, `sessions_send`) allowed broader session targeting than some operators intended. This i...

OpenClaw, a library used in some applications, previously logged sensitive Telegram bot tokens in error messages. This could have allowed attackers to steal the tokens and take control of the bot. To ...

A flaw in ipPulse 1.92 allows a local attacker to crash the application by entering more data than it can handle in the Enter Key field. This could cause the application to stop working, but it does n...

A security flaw in QEMU's virtio-crypto device can allow a malicious guest operating system to cause the QEMU process to crash, resulting in a denial of service for the host system. This is a serious ...

FFmpeg, a popular media processing tool, has a flaw that can cause it to crash when processing certain types of artificial intelligence models. This is not a security risk, but it can make FFmpeg stop...

The Firequalizer filter in FFmpeg can crash if it processes a specially crafted media file, potentially causing the application to stop working. This could allow an attacker to disrupt operations by f...

A security issue in Wren's error message handling could allow an attacker to cause a Wren program to crash. This issue affects Wren versions up to 0.4.0. To protect yourself, update Wren to a version ...

OpenClaw versions prior to 2026.2.12 contain a security flaw that allows an attacker to access unauthorized files by manipulating session IDs. This only affects systems where the OpenClaw gateway is e...

A bug in the Tanium Enforce Recovery Key Portal could allow unauthorized access to sensitive data. This means that someone who shouldn't have access could potentially see confidential information. Tan...

An attacker can inject malicious code that executes when users view invoices or the main dashboard. This can lead to unauthorized access or actions. Update to version 1.7.1 to fix the issue.

IPFire's update 127 has a security flaw that allows hackers to inject malicious code into a user's web browser if they visit a specially crafted website. This could lead to unauthorized access or data...