CVE Vulnerabilities - 20 February 2026

LabCollector 5.423 has a security weakness that allows hackers to access sensitive information without a login. This is a serious issue because it lets attackers extract confidential data. To protect ...

An attacker can cause SpotAuditor to crash by entering a very long name during registration. This can happen without needing a password or login. To protect your system, update to a fixed version of S...

An attacker can submit a specific character to the login form to gain unauthorized access to Part-DB 0.4. This is a serious issue because it allows anyone to access the application without a legitimat...

Versions 5.3.1 and below of openITCOCKPIT contain a security flaw that allows an attacker to inject malicious data into the tool's monitoring system. This could lead to unauthorized access or disrupti...

Your Wi-Fi router doesn't protect against fake disconnect messages, which means a bad actor can send fake signals to disconnect you from the internet, causing outages and disruptions. This is a seriou...

The device's web interface sends user passwords in plain text over the network, making them easily accessible to anyone on the same network. This means that hackers can intercept and steal user creden...

An error in Authorsy's security settings can allow unauthorized users to access certain features. This issue affects Authorsy versions up to 1.0.6. To fix the issue, update to a newer version of Autho...

An issue with WP Job Portal allows unauthorized access to job posts if access control settings are not properly configured. This can lead to sensitive information being viewed or modified by unapprove...

A vulnerability in Jetpack CRM allows unauthorized access to sensitive files on the server, which could lead to data exposure or other security issues. This affects Jetpack CRM versions up to 6.7.0. U...

WooODT Lite, a plugin for WooCommerce, has a security weakness that lets attackers pretend to be any user, which can lead to unauthorized changes to orders or other sensitive information. This issue a...

A mistake in the way Cnvrse controls user access can allow an attacker to access sensitive information or features they shouldn't have permission to. This issue affects all versions of Cnvrse up to 2....

Exzo, a website builder, has a security issue that could allow unauthorized access to sensitive information if access control settings are not properly configured. This affects Exzo versions up to 1.2...

A security issue in Simple Retail Menus allows an attacker to make the system run unauthorized PHP files, potentially allowing them to access sensitive data or take control of the system. This affects...

The Agence web Eoxia WP shop has a security flaw that lets attackers access sensitive files on the server where it's installed. This means they could potentially steal or modify important data. To fix...

A security issue in Upload Files Anywhere plugin allows hackers to upload files to unintended locations on your website. This could lead to unauthorized access or data exposure. Update to version 2.9 ...

A security weakness in VidoRev, a PHP-based video review software, allows hackers to access and potentially read sensitive local files on the server. This creates a risk of data exposure and unauthori...

An outdated version of the ModelTheme Framework has a security weakness that lets users access areas they shouldn't. This is a concern because it could allow unauthorized changes or data exposure. Upd...

A security issue in GhostPool Gauge makes it possible for unauthorized users to access data or perform actions they shouldn't be able to. This affects versions of GhostPool Gauge from its initial rele...

An outdated version of the Aardvark Plugin for GhostPool may allow unauthorized access to sensitive data. This is because the plugin doesn't properly control who can access certain features. Upgrade t...

Themepul TopperPack, a plugin for Elementor, has a security flaw that allows hackers to access sensitive files on your website. This could lead to data theft or disruption of your site's functionality...

NextMove Lite plugins may allow unauthorized access to sensitive settings. This could potentially allow an attacker to make changes to the plugin's settings, which could compromise the security of the...

A security issue exists in YayCurrency versions 3.3 and earlier. This allows unauthorized users to access sensitive areas of the application, potentially leading to data theft or tampering. Update to ...

If not configured correctly, WPLegalPages may allow unauthorized access to sensitive pages and information. This could lead to unauthorized users viewing confidential data. Update to version 3.5.5 or ...

Incorrect access control settings in Shiprocket allow unauthorized access to sensitive information. This can happen when an attacker configures access controls incorrectly, potentially putting user da...

PDF-XChange Editor has a security flaw that could allow a malicious local user to gain administrator access on a computer. This means a hacker with some basic access could potentially take control of ...