CVE Vulnerabilities - 20 February 2026

An attacker can inject malicious code into websites that use Nexter Blocks, allowing them to steal user data or take control of the site. This affects all versions of Nexter Blocks up to 3.3.3, which ...

A security issue in WordPress allows hackers who have logged in to your site to view any file on your server. This means they can access sensitive information, such as configuration files or user data...

Tanium's Interact and TDS software may write sensitive information to log files, potentially exposing it to unauthorized access. This could happen if attackers gain access to the log files, compromisi...

Tanium Trends stores sensitive information in log files without adequate protection. This could allow unauthorized access to confidential data. Update to the latest version of Trends to fix this issue...

Authenticated attackers can inject malicious scripts by creating users with special characters in their names. This can happen when a user views the application. To fix, update to the latest version o...

A security flaw in the Master Addons For Elementor plugin for WordPress allows attackers with contributor access to inject malicious scripts into your website's pages. This can happen when a user with...

The Quiz Maker plugin for WordPress can be used to inject malicious code into pages, potentially allowing attackers to take control of a site. This is a concern if your site uses the Quiz Maker plugin...

Liquid Prompt, a tool for Bash and Zsh, is vulnerable to code execution if a user enters a specially crafted directory name in a Git repository. This requires specific configuration settings to be ena...

A security issue in Yeqifu Warehouse's sales data management function allows unauthorized access and potentially malicious changes to sales data. This could happen remotely and affects the security of...

A security issue has been found in Yeqifu Warehouse that allows an attacker to manipulate the cache, potentially leading to unauthorized access. This means that an attacker could potentially access or...

An attacker can access and read any file on your server by tricking the plugin into including it. This is a security risk because sensitive data might be exposed. Update to version 5.1 or later to fix...

A security weakness in the WooCommerce BlueX plugin allows hackers to access restricted areas of the website if access controls are misconfigured. This affects versions of the plugin up to 3.1.6. To f...

An unauthorized access risk exists in the workflow module of Dromara RuoYi-Vue-Plus versions 5.5.3 and earlier. This means that an attacker could potentially access sensitive information or perform ac...

The Foscam Video Management System is prone to crashing if a user enters an extremely long username when trying to add a new device. This can allow an attacker to disrupt the system's functionality. T...

HyperCloud versions 2.3.5 through 2.6.8 contain a security issue that allows users to access resources with expired or invalid tokens. This could lead to unauthorized access if a token is leaked or co...

An attacker can inject malicious scripts in users' web browsers, potentially allowing them to steal sensitive information or take control of users' accounts, by manipulating a parameter in a web reque...

A security issue in phpMoAdmin allows attackers to inject malicious scripts into users' browsers if they visit a specially crafted link. This can happen without needing a password, making it a risk fo...

OrientDB 3.0.17 has a security flaw that lets hackers inject malicious code into websites. This can happen if a user visits a website that sends a specially crafted request to OrientDB. To stay safe, ...

AVideo's video comment feature allows a malicious user to inject code that can steal user sessions, take over admin accounts, and steal data when another user clicks on a link. This is a serious secur...

An attacker can inject malicious code into the Fiverr Clone Script by manipulating a specific parameter in a URL, potentially allowing them to execute unauthorized actions on a user's browser. This co...

An attacker can upload a malicious SVG file to Sync-in Server, allowing them to steal sensitive user data, including login cookies. This can happen when a victim opens a manipulated SVG file from the ...

SVXportal versions 2.5 and earlier store user-input data in the database without proper protection, allowing an attacker to inject malicious code that can run in an administrator's browser. This could...

A security issue in SVXportal's admin area allows an attacker to inject malicious code into an authenticated administrator's browser. This could allow the attacker to take control of the admin session...

A weakness in SVXportal allows an attacker to trick an administrator into executing malicious code in their browser, potentially allowing them to steal sensitive information or take control of the adm...

SVXportal versions 2.5 and earlier have a security flaw. An attacker can trick a user into visiting a malicious URL, allowing the attacker to execute arbitrary JavaScript code in the user's browser. T...