Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 23 February 2026

RSS

107 vulnerabilities published on 23 February 2026

Severity:
D-Link DWR-M960 Allows Remote Attack via Malformed URL
CVE-2026-2959
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule...
7.4
D-Link DWR-M960: Remote Code Execution through Buffer Overflow
CVE-2026-2958
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulat...
7.4
Traccar GPS Tracking System: Authenticated Users Can Steal OAuth 2.0 Codes
CVE-2026-25649
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 a...
8.7
Traccar GPS Tracking System Allows Malicious SVG Files to Execute JavaScript
CVE-2026-25648
Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaS...
8.7
Astro Server Leaks Internal Pages via Host Header Manipulation
CVE-2026-25545 GHSA-qq67-mvv5-fw3g
### Summary Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to S...
6.9
Valkey: Malicious Data Injection via Lua Scripting
CVE-2025-67733 GHSA-p876-p7q5-hv2m
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject a...
8.5
ManageEngine ADSelfService Plus search function can be exploited by attackers
CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option....
8.3
GCOM EPON 1GE ONU version C00R371V00B01 allows session hijacking
CVE-2025-71056
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP addr...
8.1
TOTOLink X5000R: Attacker can run unauthorized system commands
CVE-2025-70329
TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable....
8.0
Dell Repository Manager versions prior to 3.4.8 allows attackers to run malicious code
CVE-2026-21420
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with loc...
7.8
eAI Technologies ERP Program Can Run Malicious Code
CVE-2026-2998
ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same di...
8.5
Fiserv Originate Loans Peripherals allows remote code execution from untrusted networks
CVE-2026-21665
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) u...
7.7
Playground API's MarkdownRenderer Allows Unwanted Browser Actions
CVE-2026-25802 GHSA-299v-8pq9-5gjq
### Summary A potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs it...
7.6
free5GC AMF Service Crashed by Malicious 5G Network Request
CVE-2025-69248
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buf...
6.6
5G Network Component Fails Due to Malicious Data
CVE-2025-69247
free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Hea...
2.7
free5GC 5G Network Core Disrupted by Malicious Message
CVE-2025-69232
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to fr...
2.7
Valkey database crashes if attacked over the network
CVE-2026-27623
Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can ...
7.5
Valkey: Malicious packet can crash database, expose internal network
CVE-2026-21863
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus ...
7.5
Valkey Key-Value Database Crashes from Malicious Network Attack
CVE-2026-21863 GHSA-c677-q3wr-gggq
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus ...
7.5
Tenda Router: Unapproved Input Can Crash Device
CVE-2025-69700
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetC...
7.5
Grafana PCP Plugin Allows Data Exposure
RHSA-2026:3040
7.5
Grafana PCP Plugin Allows Unauthorized Data Access
RHSA-2026:3035
7.5
Red Hat MicroShift 4.17.49 Security Update Allows Unauthorized Access
RHSA-2026:2746
7.5
Tencent PC Manager on Windows lets a local user run powerful programs
CVE-2025-63946
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute progra...
7.4
Tencent iOA app: Local Users Can Run Elevated Programs on Windows
CVE-2025-63945
A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs w...
7.4
22 Feb 2026 All days 24 Feb 2026