Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 23 February 2026

RSS

107 vulnerabilities published on 23 February 2026

Severity:
ZIE for Web Transmits Sensitive User Session Info in URLs
CVE-2025-59873
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and au...
5.9
Libtiff: Uncontrolled Memory Access Can Cause Program Crash
CVE-2025-61143
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c....
5.5
Google Chrome: Malicious Extension Can Inject Code into Trusted Sites
CVE-2026-3063
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious exte...
5.4
Bludit posts can contain malicious code that harms users
CVE-2026-27742
Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-si...
5.1
Smart-SSO: Cross-Site Scripting in Role Edit Page
CVE-2026-2972
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/...
4.8
Tronclass: Unauthorized access to courses through course invitation code
CVE-2026-2997
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers ...
6.5
free5GC UDR Leaks Server Information to Remote Clients
CVE-2025-69208
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Versions prior to 1...
2.7
Simple Ajax Chat leaks sensitive system data to unauthorized users
CVE-2026-3075
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrie...
5.3
FastApiAdmin 2.2.0: Malicious Code Can Access Sensitive Info
CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/ap...
5.5
Aruba HiSpeed Cache WordPress plugin: Unauthorized Admin Actions
CVE-2026-23694
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting...
5.1
PideTuCita: Malicious Links Can Steal User Data
CVE-2025-40986
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's bro...
5.1
SOTESHOP 8.3.4 allows malicious URLs to steal user info
CVE-2025-40701
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's...
5.1
libtiff May Cause Data Loss Due to Double Free Error
CVE-2025-61145
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c....
5.0
Craft CMS Token Exploit: Unauthorized Multiple Uses
CVE-2026-27128 GHSA-6fx5-5cw5-4897
A Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The...
6.9
Craft CMS Can Execute Malicious Code When Editing Tables
CVE-2026-27126 GHSA-3jh3-prx3-w6wc
A stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` component when using the `html` column type. The application fail...
5.9
Datapizza-ai Server-Side Template Injection via ChatPromptTemplate
CVE-2026-2969 GHSA-q5xx-fxv3-xxqf
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/module...
2.0
datapizza-ai allows attackers to execute code via network access
CVE-2026-2970 GHSA-hg58-x52p-859c
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.7. Affected by this vulnerability is the function RedisCache of the file datapizza-a...
1.2
Bludit 3.16.1 fails to prevent malicious admin actions
CVE-2026-27741
Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. ...
5.1
Tenda F3 Wireless Router Firmware: Admin Interface Hack Risk
CVE-2026-27513
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrati...
5.1
Tenda F3 Wireless Router Can Be Tricked into Unwanted Configuration Changes
CVE-2026-27511
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The int...
5.1
Libsixel Memory Leak in Malloc Stub Component
CVE-2025-61146
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c....
4.0
Akamai CDN edge servers process custom HTTP headers incorrectly
CVE-2026-26365
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containin...
4.0
Cesanta Mongoose allows attackers to bypass encryption, read sensitive data
CVE-2026-2968
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of...
6.3
Cesanta Mongoose 7.20 TCP Sequence Number Handler Remote Verification Bypass
CVE-2026-2967
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the com...
6.3
Cesanta Mongoose DNS Handler Can Produce Predictable Random Numbers
CVE-2026-2966
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the compone...
6.3
22 Feb 2026 All days 24 Feb 2026