Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 21 February 2026

RSS

58 vulnerabilities published on 21 February 2026

Severity:
Cloud Hypervisor allows sensitive host files to be accessed by VM guests
CVE-2026-27211
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (const...
9.1
itsourcecode Vehicle Management System SQL Injection Risk
CVE-2026-2867
A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a...
6.9
SQL Injection in itsourcecode Agri-Trading Online Shopping System 1.0
CVE-2026-2865
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontrolle...
6.9
SAIL Library: Arbitrary Code Execution through Malicious Image Files
CVE-2026-27168
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to ...
9.8
ERP Enterprise Resource Planning lacks access controls for some endpoints
CVE-2026-27471
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacke...
9.3
Sentry SAML SSO allows attackers to take over any user account
CVE-2026-27197
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML ...
9.1
OpenSift: Untrusted Content Executes in Browser on Earlier Versions
CVE-2026-27169
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untruste...
8.9
Tenda A21 Router Allows Remote Attackers to Crash Device
CVE-2026-2886
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation...
7.4
D-Link DWR-M960 IPv6 Setup Function Allows Remote Code Execution
CVE-2026-2885
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The...
7.4
D-Link DWR-M960 Router WAN Interface Setting Handler Code Execution
CVE-2026-2884
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of t...
7.4
D-Link DWR-M960: Unsecured Input Can Cause System Crash
CVE-2026-2883
A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation...
7.4
D-Link DWR-M960 Router Can Be Hacked Remotely
CVE-2026-2882
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipula...
7.4
D-Link DWR-M960: Remote code execution through firewall config
CVE-2026-2881
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of t...
7.4
Tenda A18 15.13.07.13: Unsecured Data Transfer Exposes System to Remote Attack
CVE-2026-2877
A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Serv...
7.4
Tenda A18 15.13.07.13: Remote Code Execution Possible
CVE-2026-2876
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipul...
7.4
Tenda A21 1.0.0.0 WiFi Setting Function Allows Remote Attack
CVE-2026-2874
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a...
7.4
Tenda A21 Router Allows Remote Code Execution
CVE-2026-2873
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipu...
7.4
Tenda Router Allows Remote Attack via Malicious Device Name
CVE-2026-2872
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackR...
7.4
Tenda A21 Router: Uncontrolled Data Can Crash the Device
CVE-2026-2871
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of...
7.4
Tenda A21 Router: Unsecured Remote Code Execution Risk
CVE-2026-2870
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. T...
7.4
ZoneMinder: Unauthorized Access to Database Records
CVE-2026-27470
ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a...
8.8
BigBlueButton: Unsecured Ports Make Server Prone to Denial of Service
CVE-2026-27466
BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ...
8.2
Strimzi: Incorrect mTLS Configuration with Multistage CA Chain
CVE-2026-27134
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.5...
8.1
Wallos 4.6.0 and below: Malicious Redirects Expose Internal Resources
CVE-2026-27479
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerabi...
7.7
GetSimple CMS: Unsecured File Access through Uploaded Files
CVE-2026-27202
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file r...
8.8
20 Feb 2026 All days 22 Feb 2026