CVE Vulnerabilities - 19 February 2026

The WooCommerce Product Table and List Builder plugin for WordPress allows unauthorized access to sensitive information in its database. This means that attackers can potentially steal sensitive data ...

An attacker can access sensitive files in protected directories without logging in. This could lead to the disclosure of confidential configuration settings. Hyland Alfresco users should update to the...

The strongSwan management interface stores sensitive data like passwords and encryption keys in a database without proper protection. This makes it easy for an attacker with access to the database to ...

The wpForo Forum plugin for WordPress has a security flaw that allows an attacker to access sensitive information from the database without needing a password. This happens when a user interacts with ...

A malicious GIF image can crash the jspdf library, causing a denial of service. This can happen if you're not careful when adding images to a PDF. To fix this, update jspdf to version 4.2.0 or later, ...

The Python S3 transfer tool for Linux has a security issue that could allow an attacker to potentially execute code on your system. This issue affects Linux systems running certain versions of the Pyt...

OpenShift Container Platform users may be at risk of data exposure due to an unaddressed security flaw. If not patched, an attacker could potentially access sensitive user data. Red Hat has released a...

The Apache HTTP Server in OpenShift Container Platform has been updated to fix a security issue that could allow an attacker to bypass security restrictions. This update is crucial for all users of Op...

A vulnerability in the Sales Countdown Timer plugin for WooCommerce and WordPress allows attackers to access and potentially read sensitive files on the website. This could potentially allow unauthori...

A flaw in CMSMasters Content Composer allows attackers to access sensitive files on your website. This could happen if an attacker tricks the system into including a file that shouldn't be loaded, pot...

A security issue in Patient Record Management System 1.0 allows hackers to access sensitive patient information by manipulating the 'comp_id' field. This could result in unauthorized access to patient...

The Library Management System plugin for WordPress can expose sensitive database information if an attacker sends malicious input. This could allow an attacker to access confidential data without need...

An attacker without WordPress login can access sensitive settings, including API tokens and email addresses, in the GDPR Cookie Consent plugin. This affects all versions up to 4.1.2. Update the plugin...

A security issue in Envanty versions before 1.0.6 allows attackers to bypass security checks and access data they shouldn't have access to. This is a serious concern, as it could lead to sensitive inf...

Using Notepad++ versions prior to 8.9.2 may allow an attacker to run malicious code on your computer if you open Windows Explorer from within the program. This is fixed in version 8.9.2, which you sho...

PyO3, a Rust library for creating Python extensions, has a bug that allows an attacker to corrupt memory when accessing data from subclasses of certain native types. This bug was fixed in version 0.28...

Adobe Experience Manager users with admin access may be able to inject malicious code on the server, potentially leading to remote code execution, data theft, or unauthorized access. To protect yourse...

The CartFlows plugin for WordPress doesn't properly validate user input, which means an attacker could potentially inject malicious code. This could lead to unauthorized actions or data modifications....

The YITH WooCommerce Compare plugin allows hackers to inject malicious code into your website. This can happen if you're using an older version of the plugin (3.6.0 or earlier). To protect your site, ...

The BackWPup plugin for WordPress contains a security flaw that lets attackers with some level of access change important settings on your site. This could allow them to make all new users on the site...

The WP Customer Reviews plugin for WordPress contains a bug that allows attackers to inject malicious scripts into websites using it. This can happen if a user clicks on a link sent by the attacker. T...

The CTX Feed plugin for WordPress can be used by authorized Shop Managers to install any plugin they want, which could let attackers take control of your site. This issue affects all versions up to 6....

The CMSMasters Content Composer software has a security flaw that could allow unauthorized access to its content management system. This means that attackers may be able to access and modify sensitive...

If you use SvelteKit and remote forms with the experimental feature enabled, an attacker can send malicious data that makes your server become unresponsive. This can happen when processing a form subm...

A security flaw in Thesamur's AutoGPT lets attackers log in without a password. This allows them to use any part of the web application, even if they shouldn't be able to. Update to the latest version...