CVE Vulnerabilities - 20 February 2026

A security issue in Modal Popup Box for WordPress allows hackers to inject malicious code. This affects all versions of the plugin up to and including 1.6.1. Update to a newer version to fix the issue...

A security issue in Miraculous Elementor allows attackers to bypass its security checks and gain unauthorized access. This could let hackers access sensitive data or perform actions on your website wi...

A bug in Comfast CF-E7 firmware 2.6.0.9 allows an attacker to remotely execute malicious commands on the router, potentially giving them control over the device. This is a serious security risk becaus...

A security flaw in the Comfast CF-E7's web interface allows an attacker to execute arbitrary commands remotely. This vulnerability is publicly known and can be exploited. It's essential to update the ...

A security flaw in JeecgBoot versions up to 3.9.1 allows an attacker to inject malicious SQL code, potentially accessing or modifying sensitive data. This can happen remotely, and a public exploit is ...

Versions 9.2.1 and below of calibre allow attackers to write unauthorized files to your computer, potentially leading to data corruption or code execution. This issue has been fixed in version 9.3.0, ...

Old versions of calibre can allow attackers to write files to any location on your computer, potentially leading to malware installation on Windows. This is a security risk because attackers can use t...

Unauthenticated hackers can access and control connected speakers and execute code on the system. This is a serious issue because it can allow unauthorized access to your music library and potentially...

A vulnerability in Tanium Asset allows an attacker to inject malicious SQL code, potentially exposing sensitive data. This issue affects Tanium Asset users, who should update to the latest version to ...

Google Cloud Vertex AI SDK versions 1.98.0 to 1.131.0 are vulnerable to a security risk where an attacker can inject malicious code into model evaluation results or dataset data, allowing them to take...

An attacker can upload files to any location on the server, potentially allowing them to steal sensitive data or take control of the server. This affects Upload Files Anywhere versions up to 2.8. Upda...

A security issue in Vanquish User Extra Fields plugin for WordPress allows an attacker to access files outside the intended directory, potentially leading to sensitive information exposure or maliciou...

A security weakness in Saad Iqbal New User Approve affects versions up to 3.2.0. If not configured correctly, this could allow unauthorized access to user accounts. To stay safe, update to a fixed ver...

A security weakness in JS Help Desk software can allow hackers to access and steal sensitive information from your database. This is a serious issue that affects all versions of JS Help Desk up to 3.0...

A security issue in ExpressTech Systems Quiz And Survey Master allows hackers to manipulate the database, potentially exposing sensitive information. This affects all versions up to 10.3.1. To stay se...

An attacker can send a special kind of code to the Blue-Smiley-Organizer's database, allowing them to potentially access or steal sensitive information, or even write files to the server. This can hap...

An attacker can exploit a vulnerability in Spring Data Geode's snapshot import feature to write files in unintended locations on Windows systems. This could allow attackers to create or modify sensiti...

A vulnerability in the Key Systems Global Facilities Management Software allows a remote attacker to execute malicious code on a system. This could lead to unauthorized access or data theft. Update th...

The control system of a device can be taken over by an attacker, allowing them to potentially disrupt or compromise operations. This is a concern for businesses that rely on these devices for critical...

A security issue in HAPPY Help Desk System allows guests to access areas they shouldn't be able to, such as admin areas. This is because the system doesn't properly control who can access what. To fix...

Affected: MLflow Tracking Server. Risk: attackers can execute code on your server without a login. To fix: update to the latest version of MLflow Tracking Server or apply patches as recommended by the...

A security flaw in the product management module of detronetdip E-commerce 1.0.0 allows an attacker to delete or update products without permission. This could be exploited by anyone with knowledge of...

An issue in the PawFriends theme for WordPress allows attackers to access files on your website. This could let hackers steal sensitive information or cause other security problems. Update the theme t...

A security issue in UnlimHost allows hackers to access and view files on the server. This could potentially lead to sensitive information being exposed. To fix this, update UnlimHost to the latest ver...

An issue in AncoraThemes Netmix allows an attacker to access and potentially read sensitive files on the server. This could lead to unauthorized access to confidential data. Update to version 1.0.11 o...