CVE Vulnerabilities - 19 February 2026

GFI MailEssentials versions before 22.4 have a security flaw that lets a malicious user inject harmful code into the system. This could allow them to take control of the system or steal sensitive info...

GFI MailEssentials AI versions before 22.4 have a security flaw in the rule creation process. An attacker with a login can add malicious code to the rule name, which is then executed when an administr...

If an attacker has an account on the system, they can inject malicious code into the management interface, which could let them take control of the system or steal sensitive information. This affects ...

SPIP, a content management system, contains a vulnerability that lets hackers inject malicious code into the system. This can allow them to take actions in the system as if they were other users, incl...

If you use SPIP version 4.2.14 or earlier, a hacker could inject malicious code into your website that runs in visitors' browsers, potentially stealing data or taking control of their sessions. To fix...

Svelte's server-side rendering feature does not properly check user-inputted HTML tag names, which can allow attackers to inject malicious code into the web page. This is a concern only when using ser...

Old versions of Svelte, a popular web development framework, can let attackers inject malicious code in web pages. This can happen if an application uses user data as HTML attributes, allowing hackers...

The Svelte framework's server-side rendering can inject malicious code into the HTML output of an option element. This could allow an attacker to manipulate pages and steal user data. Update to the la...

Comodo Dome Firewall 2.7.0 has a security issue that allows hackers to inject malicious code into administrators' web browsers when they access the firewall's schedule page. This could lead to unautho...

The Comodo Dome Firewall has a security flaw that lets attackers inject malicious code into administrators' browsers. This can happen when an attacker sends a special type of request to the firewall's...

Authenticated attackers can inject malicious scripts into Comodo Dome Firewall's admin interface, potentially taking control of the system. This can happen when a user submits special input through th...

Comodo Dome Firewall version 2.7.0 has a security flaw that lets hackers inject malicious code into the system. If an attacker submits specially crafted input to the system, they can execute their cod...

An attacker can inject malicious code into OpenCms blog posts, potentially allowing them to steal user data or take control of the site. This happens when user input is not checked properly. To fix th...

The RealPress plugin in WordPress has a security issue that could allow an attacker to trick users into performing an unintended action on their website. If exploited, this could lead to unauthorized ...

A security issue exists in WZone versions up to 14.0.31, allowing an attacker to access areas they shouldn't. This is a concern because it could lead to unauthorized actions within the application. Up...

A security issue in the Popularis Extra plugin for WordPress allows hackers to trick users into performing unintended actions on their website. This affects all versions up to 1.2.10. To fix the issue...

WP Wand, a plugin used in WordPress sites, has a security issue that allows unauthorized users to access sensitive content. This could lead to sensitive information being compromised, which could harm...

The Ads Pro plugin for WordPress is missing proper security checks, allowing an attacker to access unauthorized areas of a website. This can lead to data theft, modification, or other malicious activi...

A security flaw in Coachify allows an attacker to trick users into performing unintended actions. This issue affects users of Coachify versions 1.1.5 and earlier. To protect your site, update to the l...

A security weakness in PublishPress Revisions makes it possible for hackers to trick users into making changes they didn't intend to make. This affects all versions of PublishPress Revisions up to 3.7...

A security issue in Autoshare for Twitter means that if not configured correctly, sensitive information can be accessed by unauthorized users. This affects versions of the plugin up to 2.3.1, so it's ...

A security issue in Better Business Reviews plugins allows unauthorized access to sensitive data if the access control security levels are not properly set. This affects versions of Better Business Re...

An attacker with a WordPress account can delete important database tables and files, causing permanent data loss. This can happen because the plugin doesn't properly check if a user has permission to ...

A security issue in OpenText Directory Services could allow hackers to trick users by displaying manipulated text in the application. This affects versions 20.4.1 through 25.2. To stay secure, update ...

A security flaw in OpenText XM Fax could let an attacker secretly access other systems on the same network as the server, potentially allowing them to steal information or disrupt services. This affec...