CVE Vulnerabilities - 18 February 2026

LibreNMS's Custom OID feature is vulnerable to a type of cyber attack called Stored Cross-Site Scripting. This means that a malicious script can be injected into the system, potentially allowing an at...

A security flaw in the SiteOrigin Widgets Bundle plugin for WordPress allows attackers to execute unauthorized code on sites using the plugin, potentially leading to data theft or site compromise. To ...

Delinea's Cloud Suite and Privileged Access Service contain a security weakness that could allow an attacker to inject malicious SQL code. This could lead to unauthorized access to sensitive data or s...

A bug in Chrome's behavior within uTLS can reveal a user's browser type to attackers, even when they're trying to hide it. This happens when using a specific encryption method called GREASE ECH. To pr...

A security flaw in the Tsinghua Unigroup Archives System lets hackers access and download sensitive files on your system from anywhere. This is a serious issue because it allows attackers to access an...

Nokogiri, a popular XML parsing library, has a bug that can cause it to accept invalid XML, which can allow attackers to bypass security checks in some systems. This can lead to security issues in cer...

A security issue in Rongzhitong Visual Integrated Command and Dispatch Platform could allow hackers to access sensitive data remotely. This means that someone could potentially gain unauthorized acces...

The OpenClaw CLI process cleanup feature can accidentally kill other processes on a shared host if their names match a pattern. This could cause unexpected downtime or data loss. To fix this, the Open...

A flaw in Wispotter allows hackers to guess passwords multiple times, potentially giving them access to sensitive information. This affects all versions of Wispotter up to v2025.10.08.1, so you should...

The RegistrationMagic plugin for WordPress does not properly verify payment information, allowing attackers to complete paid registrations without actually paying. This could allow unauthorized users ...

The User Submitted Posts plugin for WordPress has a flaw that lets attackers change the category of a post without permission. This could allow attackers to put posts in restricted categories. Update ...

The Business Directory Plugin for WordPress, used by many sites, has a security flaw that lets anyone modify listing information without needing a password. This could lead to fake or incorrect busine...

If an attacker with Shop Manager-level access gets the necessary code, they can delete the plugin's license key, which could cause the plugin to stop working. This affects the YayMail – WooCommerce Em...

The Context Blog theme for WordPress, versions 1.2.5 and earlier, allows unauthorized users to view sensitive posts, including password-protected, private, or draft content. This means that sensitive ...

Splunk Enterprise users with certain permissions may be able to see sensitive SAML configuration details in log files. This could allow an attacker to gain unauthorized access to your system. Update t...

A user with certain access rights in a Splunk Search Head Cluster deployment can view sensitive RSA access keys in plain text. This is a concern because it could allow unauthorized access to your syst...

Some users with access to a specific Splunk index can view sensitive Duo authentication keys, which could be misused to access accounts. This affects specific versions of Splunk Enterprise. To protect...

The Bookster WordPress plugin contains a security flaw that allows attackers to extract sensitive data from the database if they have Administrator access. This is a concern for businesses that rely o...

A hacker can inject malicious code into InvoicePlane's admin panel, stealing sensitive information or taking control of the system when an admin views an invoice with the malicious code. This only aff...

A security flaw in InvoicePlane 1.7.0 allows attackers to inject malicious code into invoices, which can be executed by other administrators. This could lead to unauthorized access or data theft. Upda...

A security issue in InvoicePlane 1.7.0 lets attackers inject malicious code into the application, which can affect administrators. This can happen when an administrator creates a new family with a spe...

LibreNMS has a security issue that allows attackers with admin privileges to inject malicious code into the system. This can happen when an attacker creates a port group with a specially crafted name....

LibreNMS users with admin privileges can be tricked into deleting a device group by clicking on a malicious link in the group's name. This can happen when a user with admin privileges views a device g...

The getrandom and arc4random functions in glibc may produce predictable random numbers if used after a process is forked, which can lead to security issues. This affects systems using these functions ...

A vulnerability in OpenClaw Slack allows any user who can direct message the bot to run sensitive commands. This could happen if the bot's DMs are set to allow open access. To fix this, update your Op...