CVE Vulnerabilities - 19 February 2026

The Clasifico Listing plugin for WordPress allows anyone to create an account and gain administrator privileges without proper authorization, which could lead to unauthorized access to your website's ...

A remote attacker can inject malicious system commands through the 'User' input in the /cgi-bin/session_login.cgi file, potentially allowing unauthorized access and control of the system. This makes i...

A vulnerability in the Electronic Archives System allows an attacker to upload any file without restriction, potentially allowing them to upload malicious files. This could lead to data breaches or sy...

A security issue in Delinea Cloud Suite before version 25.2 HF1 allows attackers to inject malicious data into the database, which could potentially allow them to access or modify sensitive informatio...

Carbon API Manager's file upload feature can be exploited by an attacker with admin privileges, potentially leading to code execution on your server. This means an attacker could potentially take cont...

The PDF converter in older versions of SoftVision webPDF doesn't check what files it's being asked to use. This means an attacker can upload a special file that lets them scan your internal servers an...

Older versions of OpenClaw allow attackers to access and delete files in unintended areas of the system. This can happen if the system is set up to allow applying patches without proper security contr...

A security flaw in Formwork allows an authenticated user with the 'editor' role to create new accounts with admin privileges, giving them full control over the CMS and its data. This could lead to sen...

A vulnerability in Kata Containers allows an attacker to gain root access to a Guest VM, potentially compromising its security. This issue affects Kata Containers running on certain platforms, particu...

A vulnerability in the WorkTime server's 'widget' API allows an authenticated user with limited permissions to access sensitive data. If the Firebird database is used, attackers can see all data. If t...

A remote attacker with basic access can gain full control over Dell PowerProtect Data Manager, allowing them to make changes to the system and sensitive data. This could lead to unauthorized access, d...

A high-risk vulnerability in the Dell PowerProtect Data Manager's REST API allows a malicious user with remote access to potentially bypass security protections. This means an attacker could potential...

A low-privilege attacker with remote access to your Dell Unisphere for PowerMax 10.2 system could potentially delete or change any file, which could disrupt your storage management and data security. ...

A low-privilege attacker with remote access can potentially access parts of Dell Unisphere for PowerMax 10.2 without permission. This could allow them to view sensitive data or make unauthorized chang...

A security flaw in Valenti software allows hackers to inject malicious code by manipulating data. This can lead to unauthorized access to sensitive information and system compromise. Update to Valenti...

The Orderable WordPress plugin for restaurants allows attackers with a basic account to install any plugin, potentially giving them control over your site. This could let them do bad things to your si...

The Toret Manager plugin for WordPress is not secure. Attackers with Subscriber-level access can change important settings and gain administrative user access to a site. Update to the latest version o...

The IDonate plugin for WordPress has a security issue that lets attackers take over any account on a website. This can happen if an attacker with a simple login can change the email address of another...

The WP AUDIO GALLERY plugin for WordPress is outdated and vulnerable to attack. This means that someone with a user account, even a basic one, could potentially read sensitive files on your server. If...

A security issue in the Tablesome Table plugin for WordPress allows attackers with Subscriber-level access or higher to access sensitive data, including email logs and password reset keys. This could ...

The NewsBlogger theme for WordPress has a security issue that lets attackers upload malicious files if they trick a site administrator into clicking on a link. This can allow the attacker to run code ...

A security issue in SillyTavern versions prior to 1.16.0 allows malicious users to access internal services, cloud metadata, and private network resources by making unauthorized requests. This is a ri...

A security issue in Google AppSheet (before November 23, 2022) allowed an attacker with a user account to read sensitive files and access internal network resources. However, this issue has been fixed...

A security flaw in the eBay API MCP server allows an attacker to inject malicious environment variables into the configuration file, which could lead to configuration overwrites, denial of service, or...

The Alfresco Transformation Service has a security issue that allows anyone to read any file on the server without needing a password. This is a security risk because sensitive information could be ac...