CVE Vulnerabilities - 21 February 2026

All versions of the GetSimple CMS have a flaw that lets attackers read any file on the server. This is a serious issue because it can allow unauthorized access to sensitive data. Update to the latest ...

All versions of GetSimple CMS are affected. If you use a shared hosting environment or have Apache AllowOverride disabled, sensitive files like authorization data and API keys can be accessed without ...

CollabPlatform's collaboration platform allows a malicious website to access user account information, including email address, account identifiers, and MFA status. This is due to a misconfiguration i...

Moodle's backup and restore feature has a security flaw that could allow an attacker to execute malicious code on the server. This requires a malicious user to have access to restore capabilities, whi...

The TeX filter in Moodle, when used with ImageMagick, can be manipulated by an administrator to execute unintended system commands. This requires administrative access, but could allow an attacker to ...

A bug in OpenSift versions 1.1.2-alpha and earlier lets attackers access private networks from the OpenSift server. This can happen if the server is configured to ingest URLs from untrusted sources. T...

The weMail plugin for WordPress allows an attacker to delete all email forms without permission. This is a serious issue because it lets anyone with some technical knowledge delete sensitive marketing...

Some Metabase users can access database login information, which could be misused. This is fixed in version 0.57.13 and 0.58.7. To protect your database, update to one of these versions or disable ema...

Moodle's TeX formula editor is at risk of being overwhelmed by malicious input, potentially causing the server to become slow or unresponsive. This could happen when a user enters a specially crafted ...

A bug in Apache Airflow's error reporting could expose sensitive information in the UI. If you use Airflow, consider upgrading to 3.1.5rc1 or 2.11.1 to prevent any potential data breaches. If you're n...

A security issue in the EmployeeController of SSM-ERP allows unauthorized users to access the system remotely. This vulnerability has been publicly disclosed, so it's possible that attackers may use i...

Using OpenSift versions 1.1.2-alpha or earlier can lead to data loss or corruption, especially when multiple people access and update the same data at the same time. This is because the tool doesn't p...

A bug in Aardappel Lobster version 2025.4 can cause a software loop that uses up too much computer resources. This only happens when an attacker has direct access to the affected computer. To fix this...

A security issue exists in janet up to version 1.40.1 that could allow an attacker on the same computer to access sensitive data they shouldn't. This issue can be fixed by updating to version 1.41.0. ...

The SSM-ERP system has a security flaw in its picture deletion function, which allows attackers to access files on the server. This means that a hacker could potentially access sensitive files on your...

LinkAce versions 2.4.2 and below have a security issue that allows an attacker to inject malicious code into the web page when a user visits a specially crafted link. This could potentially allow an a...

The SSM-ERP system has a flaw that allows attackers to delete any file on the server. This could lead to data loss and disruption of the system. Users should check with the vendor for an update and ap...

GetSimple CMS versions all have a security issue with uploaded SVG files. This means an authenticated user can upload a malicious file that can harm your website. Update to a fixed version of the soft...

The ASN.1 TypeScript library, used for encoding and decoding data, has a bug in versions 11.0.5 and below. If certain INTEGER data is decoded, sensitive data could be accidentally exposed. Update to v...

A weakness in older versions of Foswiki may allow unauthorized access to sensitive information. This vulnerability is now being exploited, so upgrading to the latest version (2.1.11) is recommended to...

A security flaw in the LearnPress Export Import plugin for WordPress allows unauthorized users to delete courses that have been migrated from Tutor LMS. This could lead to loss of important course dat...

GetSimple CMS, a content management system, does not protect against unauthorized file uploads. This means an attacker can trick a logged-in user into uploading malicious files without their knowledge...

Flask versions 3.1.2 and earlier may leak sensitive user information to caches, potentially compromising user data. This issue occurs when a caching proxy doesn't ignore responses with cookies and doe...

A security issue in CCExtractor versions up to 0.96.5 allows an attacker with local access to potentially cause system instability. To fix this, update CCExtractor to version 0.96.6 as soon as possibl...

BigBlueButton versions 3.0.19 and below send audio to the server when joining a muted session. This could potentially allow malicious server operators to access audio data. Update to version 3.0.20 or...