CVE Vulnerabilities - 19 February 2026

A security flaw in Microsoft's Semantic Kernel Python SDK allows hackers to potentially take control of your server if you're using a specific feature. To fix this, update to version 1.39.4 or later o...

DynamicWeb versions 8 and 9, up to certain patches, have a security flaw that allows anyone to execute unauthorized code on the system. This means an attacker can potentially take control of the serve...

If exploited, a security flaw in older versions of OGP-Website could allow an attacker to access your account without needing your password. This is a serious issue, as it means sensitive information ...

Kargo's API has a bug that lets attackers create resources in a project without permission. This can lead to more serious security problems, such as taking control of the project or even stealing sens...

Dagu's default settings leave it open to remote code execution by anyone who can connect to the system. This means an attacker can access and control the system without needing a password. To protect ...

RustFly's remote control feature accepts commands without checking them for safety. This allows hackers to send commands that can harm the system. Update RustFly to a fixed version to prevent this.

A security risk exists in older versions of RUCKUS Network Director, where the same SSH key is hardcoded in all installations. This allows an attacker with network access to gain access to the databas...

D-Tale users hosting their sites publicly may be at risk if they haven't updated to the latest version. This could allow attackers to run malicious code on the server. To protect your site, update to ...

The Ruckus Network Director uses a default database username and password that can be accessed remotely, potentially allowing an attacker to gain full control of the database and the web interface. Th...

An attacker can execute malicious code on the server without needing a password. This can happen when processing certain documents. Update the software to the latest version to fix the issue.

The Alfresco Transformation Service may allow attackers to trick the system into making unauthorized requests to external servers. This could lead to sensitive data being exposed or compromised. Updat...

If you're using the Saisies plugin with SPIP versions 5.4.0 to 5.11.0, an attacker can potentially run malicious code on your server. This is a serious security threat. To protect yourself, update SPI...

The Databank Accreditation Software from DATABASE Software Training Consulting Ltd. has a security flaw that allows unauthorized access to sensitive data. This is a serious issue because attackers can...

An issue in certain versions of BiEticaret CMS makes it possible for an attacker to bypass the login process and access sensitive areas of the website without a password. This could lead to unauthoriz...

An attacker can access sensitive data or take control of the server by exploiting a security weakness in the WorkTime API. This is a serious issue that allows a malicious person to execute commands on...

An attacker can inject malicious code into the WpEvently plugin on your WordPress site, potentially allowing them to access or modify sensitive data. This issue affects versions of WpEvently up to 5.1...

The Grand Restaurant software is vulnerable to a data injection risk. This means that an attacker could potentially inject malicious data into the system, which could lead to unauthorized actions or d...

A security flaw in itsourcecode Event Management System 1.0 allows an attacker to manipulate data in the system by exploiting a weakness in a file called /admin/manage_register.php. This could lead to...

A security flaw in itsourcecode Event Management System's Admin Login feature allows hackers to inject malicious code, potentially giving them access to sensitive information. This could happen if an ...

The itsourcecode Event Management System 1.0 has a security flaw in its admin manage_booking.php feature. This means a hacker could potentially inject malicious data, which could lead to unauthorized ...

The s2Member plugin for WordPress has a security flaw that allows attackers to change any user's password, including administrators, without knowing their current password. This could lead to unauthor...

The Slider Future plugin for WordPress fails to check the type of files that can be uploaded, making it possible for attackers to upload any file to your server. This could allow an attacker to take c...

The Prodigy Commerce plugin for WordPress, in versions up to 3.2.9, has a security flaw that allows attackers to access and potentially execute any file on the server. This can lead to unauthorized ac...

The Buyent Classified plugin for WordPress, included with the Buyent theme, has a security flaw that lets hackers create administrator accounts without a password. This means an attacker can take cont...

The Lizza LMS Pro plugin for WordPress, used in some websites, has a security flaw that lets attackers gain administrator access to the site without a password. This can happen when a user registers f...