CVE Vulnerabilities - 19 February 2026

When using Svelte's server-side rendering, malicious code can inject unwanted attributes into web pages. This is because Svelte doesn't prevent inherited properties from being used. To fix this, ensur...

Fileflows versions before 25.05.2 have a security flaw in their search function that can be exploited by authorized users to access sensitive data or gain more privileges when using MySQL. This means ...

NanaZip, an open-source file archive software, has a bug that causes it to crash or leak sensitive information when opening specially crafted files. This bug affects versions of NanaZip released befor...

A vulnerability in OpenText Web Site Management Server allows an attacker to trick a user into making unwanted changes to the site by clicking on a malicious link. This can happen when a user with an ...

A security issue in myCred versions up to 2.9.7.6 allows hackers to inject malicious code into user pages, putting sensitive data at risk. This could lead to unauthorized actions or data theft. Update...

The Stalwart Mail Server versions 0.13.0 to 0.15.4 can crash or freeze if an attacker sends a special type of email. This can happen when using IMAP or JMAP to access emails. Update to version 0.15.5 ...

Versions of PJSIP prior to 2.17 are at risk of a serious memory error that could allow an attacker to access sensitive data or disrupt a system. This issue is fixed in version 2.17, which is recommend...

SPIP before certain versions allows authenticated users to access private content by exploiting a flaw in how content is displayed. This could lead to sensitive information being exposed. Update to a ...

A remote attacker with limited privileges can shut down Dell's support connection to Dell PowerProtect Data Manager, which is used by Dell's Enterprise Support team to assist with issues. This could d...

The Simple Membership plugin for WordPress has a security flaw that allows unauthorized access to membership subscriptions. Without proper configuration, an attacker can manipulate subscription status...

CoBlocks, a plugin for creating custom WordPress blocks, contains a security flaw that allows hackers to inject malicious code into websites using the plugin. This means that if a hacker can trick a w...

An issue in WPAdverts allows attackers to access sensitive data if access control settings are not properly configured. This affects WPAdverts versions up to 2.2.11. To protect your site, update to th...

The Shortcoder plugin for WordPress is vulnerable to a security risk that allows attackers to inject malicious code into your website. This could lead to your website being compromised or visitors bei...

A security issue in Soledad allows attackers to inject malicious scripts into web pages, potentially allowing them to steal user data or take control of user sessions. This affects all versions of Sol...

Penci Recipe versions up to 4.1 contain a security weakness that allows hackers to inject malicious code into website pages. This could potentially allow attackers to steal user information or take co...

A security weakness in Penci Podcast allows hackers to inject malicious code into web pages visited by users. This could potentially allow an attacker to steal sensitive information or take control of...

Penci Filter Everything, a plugin used to filter content on websites, contains a security flaw that allows hackers to inject malicious code onto a website. This could potentially lead to unauthorized ...

A low-privilege attacker with remote access can exploit a weakness in Dell Unisphere for PowerMax 10.2, potentially exposing sensitive information. This issue affects the security of your data. Update...

Fusion Builder, a website building tool, has a security flaw that allows hackers to inject malicious code into its pages. This can happen when a user enters a specially crafted input, and the code is ...

Wpresidence Core has a security flaw that allows hackers to inject malicious code into your website, which can harm your users or steal their personal information. This issue affects Wpresidence Core ...

Advanced iFrame's web page generation doesn't properly filter user input, which can allow attackers to inject malicious code into web pages. This can lead to unauthorized access to sensitive data or a...

The Bold Page Builder has a security flaw that allows attackers to inject malicious code into a website. This could lead to unauthorized access to sensitive information or other malicious activities. ...

The Omnipress software has a security flaw that allows attackers to inject malicious code into web pages. This can happen when a user enters certain types of input, which is then stored and displayed ...

A configuration error in Academy LMS allows unauthorized users to access sensitive information. This issue affects versions of Academy LMS from an unknown version to 3.5.3. To fix this, update to a pa...

A security flaw in Calculated Fields Form allows unauthorized access to sensitive data. This affects versions 1 through 5.4.4.1 of the software. Users should update to a fixed version to prevent unaut...