CVE Vulnerabilities - 21 February 2026

Old versions of Cloud Hypervisor (34.0 to 50.0) can be tricked into sharing sensitive host files with virtual machines. This can happen if the virtual machine is given permission to write to its disk ...

A security flaw in itsourcecode Vehicle Management System 1.0 makes it possible for hackers to inject malicious code into the system. This could allow them to access sensitive data or take control of ...

A security flaw in itsourcecode Agri-Trading Online Shopping System 1.0 allows hackers to inject malicious SQL code, potentially stealing or altering sensitive data. This puts customer information and...

The SAIL library is susceptible to a serious security flaw when handling certain types of image files. An attacker can exploit this weakness by creating a specially crafted image file, potentially all...

Versions of the free ERP software up to 15.98.0 and 16.0.0-rc.1 through 16.6.0 have a security weakness that allows unauthorized users to view sensitive documents. This issue has been fixed in later v...

Versions 21.12.0 through 26.1.0 of Sentry's error tracking and performance monitoring tool have a critical security weakness in its SAML single sign-on feature. This could allow an attacker to gain co...

OpenSift versions 1.1.2-alpha and below allow attackers to inject malicious code into the chat tool, which can execute in a user's browser when they view a compromised study or quiz. This could lead t...

A vulnerability in the Tenda A21 router's set_device_name function allows a remote attacker to crash the device. This could happen if a malicious user sends a specially crafted input to the device. To...

A security flaw in the D-Link DWR-M960's IPv6 setup function can allow an attacker to execute malicious code on the device remotely. This means an attacker could potentially take control of the device...

A security flaw in the D-Link DWR-M960 router's WAN interface setting handler allows a remote attacker to execute code on the device. This could potentially allow an attacker to take control of the ro...

A flaw in the D-Link DWR-M960's software allows an attacker to potentially crash the system by manipulating certain input. This could be done remotely and has already been publicly disclosed, making i...

A bug in the D-Link DWR-M960 router can allow an attacker to take control of the device remotely. This can happen if a hacker sends a specific type of data to the router. To protect your network, upda...

A security flaw in the D-Link DWR-M960's advanced firewall settings can be exploited by an attacker to run malicious code on the device. This can happen if a hacker sends a specially crafted message t...

A security weakness in Tenda A18's software allows hackers to send malicious data to the system, potentially leading to unauthorized access. This weakness can be exploited remotely, and an exploit is ...

A security flaw in the Tenda A18 router's settings page allows an attacker to potentially take control of the device. This can happen if a hacker sends a specially crafted request to the router's sett...

The Tenda A21 WiFi router's WiFi setting function has a security flaw that could allow an attacker to take control of the device remotely if they send a specially crafted message. This means that a ha...

A security flaw in the Tenda A21 router's scheduling feature can be exploited by an attacker to execute malicious code remotely. This could potentially allow an attacker to take control of the router....

A vulnerability in the Tenda A21 router's MAC Filtering Configuration allows an attacker to potentially cause the router to crash or behave unexpectedly by sending a specially crafted device name. Thi...

An attacker can send a specially crafted request to a Tenda A21 router, potentially causing it to crash. This could lead to loss of control over the device and make it unavailable for use. Users shoul...

A security flaw in the Tenda A21 router's Quality of Service settings can allow an attacker to remotely execute malicious code, potentially taking control of the device. This could lead to unauthorize...

ZoneMinder, a software for monitoring CCTV cameras, has a security flaw. If an authorized user edits a camera event, they can access unauthorized data. To fix this, update to a safe version of ZoneMin...

The BigBlueButton virtual classroom software has a security issue in versions 3.0.21 and earlier that could allow an attacker to overload the server with large or complex documents, causing it to slow...

Strimzi incorrectly configures mTLS authentication when using a custom certificate chain. This allows some users to authenticate even if their certificate isn't valid. To fix this, update to version 0...

A security issue in Wallos' logo upload feature allows attackers to access sensitive internal resources. This could potentially lead to unauthorized access and data exposure. Update to version 4.6.1 t...

Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase inst...