Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 23 February 2026
RSS107 vulnerabilities published on 23 February 2026
Severity:
YAPI Disables SSL Certificate Verification for Axios Requests
CVE-2025-70058
GHSA-663h-2vr3-ghrj
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate vali...
7.4
jxcore jxm: Unsecured HTTPS Connections Possible with Invalid Certificates
CVE-2025-70045
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate vali...
7.4
UEditor getRemoteImage.jsp in erzhongxmu JEEWMS 3.7 allows remote code execution
CVE-2026-3026
A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemo...
6.9
LibTiff: Uncontrolled data can cause program crash
CVE-2025-61144
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function....
7.3
DrayTek Vigor 300B Web Interface Allows Unauthenticated OS Command Injection
CVE-2026-3040
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadl...
5.1
389-ds-base Server: Remote Attackers Can Crash Service or Steal Data
CVE-2025-14905
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema...
7.2
UTT HiPER 810G Allows Remote Password Overflow Attack
CVE-2026-2980
A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of ...
7.3
Valkey Database: Malicious Scripting Can Corrupt Data
CVE-2025-67733
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject a...
7.1
WordPress API Allows Attackers to Crash Server with Bad Search Requests
CVE-2026-25591
GHSA-w6x6-9fp7-fqm4
### Summary
A SQL LIKE wildcard injection vulnerability in the `/api/token/search` endpoint allows authenticated users to cause Denial of Service thro...
7.1
Traccar GPS Tracking System: Unauthorized File Uploads Possible
CVE-2026-23521
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edi...
6.5
Traccar GPS Tracking System: Unauthorized Access via WebSocket
CVE-2025-68930
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in t...
6.5
Adobe Acrobat Reader allows unauthorized access to sensitive areas
CVE-2026-2698
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope....
5.7
Tenda F3 Router Leaks Sensitive Passwords in Downloaded Config
CVE-2026-27514
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download fu...
7.1
uTools-quickcommand 5.0.3 Does Not Validate Certificates Correctly
CVE-2025-70044
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3....
6.5
SourceCodester Student Result Management System 1.0: Remote DoS via Manipulated User ID
CVE-2026-2984
A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_u...
6.9
FastApiAdmin: Malicious File Download via Manipulated Path
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1...
5.3
Craft CMS Exposes Blocked IPs via DNS Rebinding Attack
CVE-2026-27127
GHSA-gp2f-7wcm-5fhx
## Summary
The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution **separately** from the HTTP request. This Time-of-Check...
7.0
Tiandy Video Surveillance System allows hackers to steal images
CVE-2026-2985
A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy...
5.3
Jinher OA C6 allows remote code execution via OfficeSupplyTypeRight.aspx
CVE-2026-2963
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/Offi...
5.3
libde265 Decoding Error Can Crash Software
CVE-2025-61147
strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table()....
6.2
erzhongxmu JEEWMS: Malicious Code Can Be Injected Through User Input
CVE-2026-3028
A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/...
5.3
UEditor in JEEWMS 3.7 can lead to Cross-Site Scripting attacks
CVE-2026-3027
A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp ...
5.3
Society Management System Portal V1.0 allows malicious scripts to be injected via user input
CVE-2026-26464
Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers t...
6.1
Tenda F3 Wireless Router Firmware Allows Malicious Script Execution
CVE-2026-27512
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Respons...
5.1
Smart-SSO: Malicious Code Injection Through Login Page
CVE-2026-2971
A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/m...
5.3