Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 24 February 2026
RSS259 vulnerabilities published on 24 February 2026
Severity:
Firefox and Thunderbird Image Processing Can Crash or Leak Memory
CVE-2026-2759
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8...
9.8
Firefox and Thunderbird: Memory Corruption Risk in JavaScript Engine
CVE-2026-2758
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148...
9.8
Firefox and Thunderbird Audio/Video Data Exposure in Older Versions
CVE-2026-2757
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140....
9.8
Malicious scripts can show fake pages in Firefox iOS address bar
CVE-2026-2634
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacke...
9.8
Slican NCP/IPL/IPM/IPU devices allow unauthorized PHP code execution.
CVE-2025-14577
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands ...
9.3
itsourcecode Document Management System Exposes Data to Malicious Code
CVE-2026-3069
A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. T...
6.9
itsourcecode Document Management System allows attackers to manipulate user data
CVE-2026-3068
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a ...
6.9
Pear Project API 2.8.10 SQL Injection Risk: Unsecured Project Data Exposed
CVE-2026-3057
A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/com...
5.3
Zyxel EX3510-B0: Remote attacker can run commands on your router
CVE-2025-13942
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacke...
9.8
DataLinkDC Dinky Authentication Bypass via OpenAPI Endpoint
CVE-2026-3053
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/di...
6.9
ImageMagick: Malicious images can crash or harm your system.
DEBIAN-CVE-2026-25986
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer...
9.8
ImageMagick: Malicious Script Can Crash or Steal Data
DEBIAN-CVE-2026-25983
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL...
9.8
ImageMagick fails to prevent image editing crashes
DEBIAN-CVE-2026-25971
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails ...
9.8
ImageMagick image processing can cause system crashes
DEBIAN-CVE-2026-25968
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffe...
9.8
ImageMagick allows malicious images to crash or harm systems
DEBIAN-CVE-2026-25897
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Ov...
9.8
E-Logbook Health Monitoring System for COVID-19 SQL Injection Risk
CVE-2026-3046
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknow...
6.9
itsourcecode Event Management System SQL Injection Flaw Exposes Admin Data
CVE-2026-3042
A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Pe...
6.9
Statamic Password Reset Link Can Be Hijacked
CVE-2026-27593
GHSA-jxq9-79vj-rgvw
## Impact
An attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf.
T...
9.3
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
CVE-2026-27588
GHSA-x76f-jf84-rqj8
### Summary
Caddy's HTTP `host` request matcher is documented as case-insensitive, but when configured with a large host list (>100 entries) it become...
7.7
Caddy: Attackers can bypass route and auth controls using special characters
CVE-2026-27587
GHSA-g7pc-pc7g-h8jh
### Summary
Caddy's HTTP `path` request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences (`%xx...
7.7
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed
CVE-2026-27586
GHSA-hffm-g8v7-wrv7
### Summary
Two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA c...
8.8
Binardat 10G08-0800GSM Switch Predictable Session IDs Allow Session Hijacking
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management...
9.3
Firefox and Thunderbird: Graphics Text Memory Leak
CVE-2026-2806
Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148....
9.1
Old ImageMagick versions can leak sensitive image data
DEBIAN-CVE-2026-26284
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick l...
9.1
ImageMagick Crashes or Leaks Data from Malformed Image Files
DEBIAN-CVE-2026-25987
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer...
9.1