CVE Vulnerabilities - 20 February 2026

A security issue in Samsung MultiXpress multifunction printers could allow unauthorized access to sensitive information, including your address book and printer settings. This could happen if a hacker...

A security issue in Static Web Server's Basic Authentication could allow attackers to figure out valid usernames by measuring how long it takes the server to respond, making it easier for them to try ...

OpenSourcePOS version 3.4.1 has a security weakness that allows attackers to manipulate data in the system. This could lead to unauthorized access or data tampering. To protect your business, update t...

Primer MyData for Woocommerce has a security issue that allows an attacker to access and potentially manipulate sensitive files on the server. This can lead to unauthorized data exposure or even syste...

A security flaw in Schedula's appointment booking system allows hackers to access sensitive data even if they shouldn't have permission. This means that someone with the wrong level of access could se...

An unauthorized user can access sensitive settings in SecuPress Free, potentially compromising the security of your WordPress site. This issue affects all versions of SecuPress Free up to and includin...

A security weakness in Anssi Laitila Shared Files means that some users may be able to access files they shouldn't be able to see. This is a concern because sensitive information could be exposed. Upd...

Versions of bn.js before 4.12.3 and 5.2.3 are vulnerable to a bug that causes processes to hang indefinitely. This can happen when certain methods are called on a BN instance with a specific input. Up...

If you're using Frappe LMS versions 2.44.0 or earlier, unauthorized users can view details of unpublished courses. This is a security risk because sensitive information about your courses could be acc...

If an attacker sends malicious video data, it could potentially cause a critical security issue. This affects applications that use PJSIP to play H.264 video. A fix is available, and users should upda...

A vulnerability in Tanium's TanOS operating system allows sensitive information to be accidentally written to log files. This could potentially expose confidential data, such as user credentials or ot...

A hacker could inject malicious code into the HCL Digital Experience admin interface, potentially taking control of the system or stealing sensitive information. This requires an attacker to have elev...

If you reuse a Lettermint client instance to send multiple emails, some email details may accidentally be sent to the wrong people. To fix this, upgrade to Lettermint version 1.5.1 or later. If an upg...

The Tanium Cloud Workloads Enforce client extension has a flaw that could allow attackers to potentially execute malicious code. This issue is fixed in a recent update, so it's essential for administr...

A vulnerability in the OpenClaw skill packaging script allows an attacker to include unintended files in a skill archive when a user packages the skill locally. This could potentially expose sensitive...

A security issue in the OpenClaw Discord moderation tool allows a non-admin user to fake moderation actions, such as kicking or banning users, by manipulating the request. This was fixed in a recent u...

A weakness in Seraphinite Accelerator's security lets unauthorized users access sensitive information stored in the application. This means that attackers could potentially view confidential data that...

A bug in OpenClaw's local conversation system can cause it to slow down or become unresponsive when very large inputs are sent. This issue affects local ACP clients, such as IDE integrations, and can ...

A security issue affects older versions of EnOcean SmartServer IoT, allowing hackers to remotely send malicious messages that can cause the system to run out of memory. This could lead to the server c...

Attackers can trick users into performing actions they shouldn't by crafting fake requests to certain endpoints. This could let them create or delete databases, change settings, or even add new functi...

HCL Connections, a collaboration platform, is vulnerable to a situation where a user can accidentally view internal details that shouldn't be publicly visible. This can happen when a specific navigati...

A security issue in WeRSS we-mp-rss 1.4.8 and earlier allows attackers to inject malicious code into web pages, potentially allowing them to take control of user sessions. This could lead to unauthori...

Non-admin users on Windmill versions 1.634.6 and below can access Slack OAuth client secrets. This allows unauthorized users to potentially access sensitive information. Update to version 1.635.0 to f...

An integer underflow error in the Silicon Labs Secure NCP host implementation can be exploited by a hacker to crash the system. This could lead to a denial-of-service, making the system unavailable. F...

Fickling, a tool used to check Python code for security vulnerabilities, has a bug that can lead to it incorrectly rating some safe code as vulnerable. This happens when the code uses certain standard...