Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 24 February 2026
RSS259 vulnerabilities published on 24 February 2026
Severity:
ImageMagick Can Crash or Leak Sensitive Data
DEBIAN-CVE-2026-25898
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and X...
9.1
Smolder 1.51 and earlier for Perl uses weak random number generator
CVE-2024-58041
Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions.
Smolder 1.51 and earlier for Perl uses the rand() f...
9.1
EventSentry Web Reports Password Change Allows Unauthorized Access
CVE-2026-24443
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports ...
8.6
Dell Wyse Management Suite: Unauthorized Access to Admin Tools
CVE-2026-22765
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access cou...
8.8
NVIDIA Cumulus Linux and NVOS: Unprivileged User Escalation of Privileges
CVE-2025-33181
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful...
8.8
NVIDIA Cumulus Linux and NVOS products: Escalation of Privileges via Command Injection
CVE-2025-33180
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful...
8.8
NVIDIA Cumulus Linux and NVOS: Privilege Escalation via Unauthorized Command
CVE-2025-33179
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A...
8.8
MindsDB: Hackers Can Upload Malicious Files
CVE-2026-27483
GHSA-4894-xqv6-vrfq
### Summary
There is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote ...
8.8
Binardat Switch Web Interface Allows Hacker Access
CVE-2026-23678
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic...
8.7
GCOM EPON 1GE C00R371V00B01: Remote Access to Sensitive Settings
CVE-2025-63409
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only setting...
8.8
Exiftool on macOS allows attackers to run malicious commands
CVE-2026-3102
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm ...
5.3
Intelbras TIP 635G: Unsecured Ping Handler Allows Remote Command Execution
CVE-2026-3101
A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation resu...
5.3
Firefox & Thunderbird: Data Leak from Old Memory
CVE-2026-2798
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148....
8.8
Firefox, Thunderbird: Data Loss from Crashed Web Browsers
CVE-2026-2769
Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird <...
8.8
WordPress Responsive Lightbox & Gallery Plugin Allows Malicious Comments
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement ...
8.8
HummerRisk 1.5.0: Malicious File Extraction Risk
CVE-2026-3067
A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-com...
5.3
HummerRisk 1.5.0: Malicious Commands Can Be Injected Remotely
CVE-2026-3066
A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src...
5.3
HummerRisk 1.5.0 Allows Untrusted Input to Run Commands on Server
CVE-2026-3065
A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.ja...
5.3
HummerRisk 1.5.0 allows attackers to inject malicious commands
CVE-2026-3064
A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateS...
5.3
Zyxel EX3301-T0: Malware Can Run on Affected Devices
CVE-2025-13943
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C...
8.8
Tenda AC8 Router Upload Function Crashes from Malicious File
CVE-2026-3044
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component...
7.4
FileZen OS Command Injection Risk: Unauthorized Access
CVE-2026-25108
Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted ...
8.7
KEV
Fickling: Fickling Fails to Detect Dangerous Code in Pickle Files
GHSA-mxhj-88fx-4pcv
# Assessment
The interpreter so it behaves closer to CPython when dealing with `OBJ`, `NEWOBJ`, and `NEWOBJ_EX` opcodes (https://github.com/trailofbi...
8.6
ImageMagick allows unauthorized access to sensitive files
CVE-2026-25965
GHSA-8jvj-p28h-9gm7
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s...
8.6
OpenText Carbonite Safe Server Backup: Unauthorized Access Through Open Port
CVE-2025-9120
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection.
The vulnera...
8.6