CVE Vulnerabilities - 20 February 2026

The Survey Maker plugin for WordPress has a security flaw that could allow an attacker to run malicious code on your website and potentially harm your users. If you're using an affected version, updat...

The RoundCube Webmail application contains a security weakness that could allow an attacker to inject malicious code into a user's webmail session. This could lead to unauthorized access to sensitive ...

Strimzi's Kafka clusters may accept fake server certificates if a chain of trusted certificates is used. This means an attacker could pretend to be a trusted server and connect to the cluster. Update ...

Ray dashboard's HTTP server has an issue that allows anyone to remotely shut down the server or delete jobs without a password. This is a problem because it means an attacker could make your server un...

A security issue in JobBoard Job listing versions up to 1.2.8 could allow attackers to extract sensitive information from job postings. This means that data that was meant to be private could be acces...

A security issue exists in Silencesoft's RSS Reader that could allow hackers to inject malicious code into your website. This could potentially allow them to steal information, disrupt your site, or t...

The Master Addons for Elementor plugin has a security flaw that allows an attacker to inject malicious code into a website, potentially leading to unauthorized actions or data exposure. This affects v...

If you use the web interface to manage your router, sensitive passwords are displayed in plain text, making it easy for others to see them. This could lead to unauthorized access to your network. Upda...

The RustDesk Client for Windows may leak sensitive information if an attacker can run low-privileged code on the system. This can happen when a user uploads a special type of file link. To fix this, u...

If you use pypdf, an attacker could create a PDF that would take a long time to process. This could potentially cause delays or slow down your system. Update to version 6.7.1 or later to fix this issu...

The pypdf library may take a long time or use a lot of memory when processing certain large PDF files. This could cause delays or crashes. Update to the latest version, pypdf 6.7.1, to prevent this is...

An attacker can create a malicious PDF that causes pypdf to run indefinitely. This could lead to a denial-of-service (DoS) situation. Update to version 6.7.1 or later to fix this issue.

A bug in Owl opds version 2.2.0.4 allows an attacker to manipulate files on the server. This could allow an attacker to delete or modify important files, potentially disrupting the normal operation of...

A software update for Owl opds version 2.2.0.4 contains a security issue that could allow an attacker to access files on your system by sending a specially crafted network request. This means that a h...

A security issue in Owl opds 2.2.0.4 allows an attacker to trick the software into loading malicious files, which could lead to unauthorized actions on your system. This could happen if you use a comp...

An attacker can send a specific network request to the Owl opds server, potentially allowing them to modify the configuration files. This could lead to unauthorized changes to the system's behavior. Y...

A security issue in Owl opds 2.2.0.4 could allow an attacker to access and potentially modify files on the server. This could happen if an attacker sends a specially crafted request to the server. To ...

A vulnerability in Owl opds version 2.2.0.4 allows an attacker to access sensitive files on the server by sending a specially crafted network request. This could potentially lead to unauthorized data ...

If you use SVXportal, an attacker can trick an admin into viewing a user's profile by embedding malicious code in the user's name, email, or profile picture. This could allow the attacker to take cont...

A security flaw in Detronetdip E-commerce 1.0.0 makes it possible for hackers to inject malicious code into your website. This could allow them to steal sensitive information, display unwanted message...

An attacker can access restricted areas of the Pet Shop and Veterinary WordPress Theme if the administrator incorrectly configures access levels. This could allow an attacker to view or modify sensiti...

A security issue in Booked allows attackers to potentially access the system without a valid login. This affects Booked versions up to 3.0.0. It's essential to update to the latest version to prevent ...

Flare versions 1.7.0 and below allow attackers to embed malicious code in uploaded files, which can steal user data when viewed in a special mode. This issue has been fixed in version 1.7.1. To protec...

Photobooth versions before 1.0.1 are vulnerable to a security risk where hackers can inject malicious code into user input fields. This could allow them to take control of your website or steal user d...

A vulnerability in Yeqifu Warehouse's data handling system could allow unauthorized access to sensitive information. This means someone with the right tools could potentially view or alter data they s...