CVE Vulnerabilities - 19 February 2026

The Lewe WebMeasure application has a security weakness that can allow an attacker to inject malicious code into a user's browser. This could potentially allow the attacker to steal sensitive informat...

Kargo's REST API has three endpoints that don't properly verify user permissions, allowing unauthorized users to approve or promote freight to certain stages. This can lead to unauthorized access to s...

A vulnerability in Alobaidi Extend Link allows an attacker to trick the software into making unintended requests to any server on the internet, potentially revealing sensitive information or taking co...

The CM Business Directory plugin is vulnerable to a stored cross-site scripting (XSS) attack. This means that if an attacker injects malicious code into a directory listing, it can be executed by othe...

The go-chi/chi library has a security issue that could allow attackers to trick users into visiting fake websites by manipulating URLs. This could potentially lead to phishing or other types of malici...

A security issue in the WordPress Update URLs plugin can redirect users to untrusted websites, potentially allowing phishing attacks. This affects the plugin 'Update URLs – Quick and Easy way to searc...

Prior to version 19.22, Dell PowerProtect Data Manager's REST API fails to properly verify the source of incoming requests. This means a highly privileged attacker with remote access could potentially...

If you're using SvelteKit's experimental remote forms, a malicious form submission could crash your server. This only affects projects using both remote functions and forms, and can be fixed by updati...

When using Spring Data Geode to import snapshots, sensitive files are stored in a predictable location on a shared host, making it possible for other users to access them. This could lead to exposure ...

A security flaw in the Client Testimonial Slider plugin for WordPress can let attackers inject malicious scripts into pages viewed by other users. This only affects WordPress sites with this plugin in...

An attacker can trick the TS Poll plugin into making requests to any server on the internet. This could allow an attacker to steal sensitive data or disrupt your website. Update to version 2.5.6 or la...

The Slidorion plugin for WordPress has a security flaw that lets attackers with admin access inject malicious scripts into pages. This can affect multi-site WordPress installations or those with speci...

Attackers with admin permissions can inject malicious code into WordPress pages, potentially compromising site security. This affects multi-site installations and sites where HTML input is restricted....

The Salavat Counter WordPress plugin contains a security flaw that allows hackers with administrator access to inject malicious code into website pages. This can happen when a hacker with admin access...

The Tennis Court Bookings plugin for WordPress has a security flaw that allows an attacker with admin permissions to inject malicious code on WordPress sites with multi-site installations or where cer...

The PostmarkApp Email Integrator plugin for WordPress may allow an attacker with Administrator access to inject malicious code on the plugin settings page, potentially affecting any user who views the...

The YayMail plugin for WooCommerce email customization has a security weakness that could allow an attacker to access or modify email settings without permission. This is a concern for online store ow...

A security flaw in SPIP versions 4.4.8 and earlier allows an attacker who has access to the private area to make the server access unauthorized destinations. This could potentially allow the attacker ...

GFI MailEssentials versions before 22.4 allow an attacker to determine if certain directories exist on the server by submitting a specially crafted path. This could help an attacker gather information...

GFI MailEssentials AI versions before 22.4 have a security flaw that allows an attacker to see if specific files exist on your server. This could potentially reveal sensitive information about your se...

A security weakness in Kenta Companion allows an attacker to trick users into performing unintended actions on their account. This affects versions 1.3.3 and earlier of Kenta Companion. Update to a fi...

The iThemes Sync plugin has a security flaw that could allow an attacker to access sensitive data without permission. This issue affects versions of iThemes Sync from an unknown version up to 3.2.8. U...

An issue in Penci AI SmartContent Creator allows unauthorized users to access and potentially modify sensitive settings. This affects all versions up to 2.0. To fix, update to the latest version or ad...

A security issue exists in Sober themes where users with incorrect security settings can access settings they shouldn't. This affects Sober themes version 3.5.12 and earlier. To stay secure, update to...

MailerLite's sign-up forms may be vulnerable to unauthorized access if not properly configured. This means that an attacker could potentially access or modify your sign-up forms if they have incorrect...