CVE Vulnerabilities - 19 February 2026

NanaZip, an open source file archive tool, has a bug in versions 5.0.1252.0 to 6.0.1630.0 that can cause it to loop endlessly or crash if it encounters a specific type of file structure. This can happ...

A security bug in URL Shortify allows hackers to send fake requests to internal servers, potentially exposing sensitive data. This affects all versions of URL Shortify up to version 1.12.3. To stay se...

A bug in xlnt-community's xlnt library allows an attacker with local access to manipulate data in a way that can cause data corruption. This could potentially be exploited by attackers who have obtain...

Pi-hole versions 6.0 and above have a security flaw that allows an attacker to inject malicious code into the web interface. This can happen when an attacker sends a special request to the Pi-hole adm...

Versions of Pi-hole below 6.4 are vulnerable to a security flaw that allows an attacker to inject malicious code into the DNS records table. This could potentially allow an attacker to perform actions...

OpenText's Web Site Management Server has a security issue that lets hackers inject malicious code into websites, which could steal user information or take control of user sessions. If you use this s...

A security issue in OpenText's Web Site Management Server could allow attackers to inject malicious code into web pages, which could be executed by users' browsers. This could lead to unauthorized acc...

A security issue in DirectoryPress could allow an attacker to access sensitive data or features they shouldn't be able to access. This affects DirectoryPress versions up to 3.6.26, so update to a newe...

A security issue in Open WebUI's chat history feature allows hackers to create a malicious link that can be shared with other users, potentially leading to cross-site scripting (XSS) attacks. This aff...

Open WebUI, a self-hosted AI platform, had a security issue where malicious code could be injected into chat history. This allowed attackers to execute code on users' devices when viewing shared chats...

Versions of OpenClaw <= 2026.2.14 use a deprecated and insecure hash algorithm, potentially allowing unauthorized access to sandboxed containers. This has been fixed in version 2026.2.15. Update to th...

An authenticated user with group editing permissions can inject malicious JavaScript code into ChurchCRM, which executes when they view a group. This could potentially allow the attacker to steal sens...

A malicious user with an account can inject malicious code into the settings page of GFI MailEssentials, potentially allowing them to take control of the system or view sensitive information. This aff...

An attacker can execute malicious scripts in GFI MailEssentials AI's Spam Keyword Checking interface if they have an account. This could allow them to access sensitive information or take control of t...

GFI MailEssentials AI versions before 22.4 have a security weakness that allows an attacker to inject malicious code into the management interface. This could let an attacker take control of a logged-...

If you use GFI MailEssentials AI version 22.4 or earlier, an attacker who logs in to your system can inject malicious code into the Anti-Spoofing configuration page. This allows them to execute unauth...

GFI MailEssentials versions prior to 22.4 have a security issue that allows an authenticated user to execute malicious scripts when accessing the Email Exceptions interface. This could potentially lea...

An attacker with a GFI MailEssentials AI account can inject malicious JavaScript code into the management interface, potentially allowing them to steal sensitive information or take control of the sys...

GFI MailEssentials AI versions before 22.4 have a security flaw that allows an attacker to inject malicious code into the system's configuration page. An authenticated user can enter and store malicio...

GFI MailEssentials versions before 22.4 have a security flaw that lets an authorized user inject malicious code onto the management interface. This could be used to steal sensitive information or take...

GFI MailEssentials AI versions prior to 22.4 contain a security flaw that allows an authenticated user to inject malicious code that can execute in the context of a logged-in user. This could potentia...

GFI MailEssentials versions before 22.4 have a security flaw that allows an attacker to inject malicious code into the email security settings. An attacker with a user account can exploit this vulnera...

Authenticated users can inject malicious code into the GFI MailEssentials management interface, potentially allowing them to access sensitive information or take control of the system. This issue affe...

Authenticated users can inject malicious code into the GFI MailEssentials interface, potentially allowing them to take control of user sessions or steal sensitive information. This issue affects all v...

A security flaw in older versions of GFI MailEssentials AI allows a malicious user to inject code into the admin interface, potentially allowing them to take control of the system. This issue affects ...