CVE Vulnerabilities - 24 February 2026

The Zyxel VMG3625-T50B's certificate download feature has a security flaw that could let someone with administrator access on the device use it to run unauthorized commands on the device. This could a...

Multiple Finka programs share the same database password, making it easy for an attacker on the same network to access and edit sensitive data. This is a concern because it allows an unauthorized pers...

A security update is available for the Linux kernel on Red Hat systems. This update fixes a vulnerability that could allow an attacker with elevated privileges to gain even higher-level access to the ...

A security update is available for the kernel software that powers many Linux systems, which could allow an attacker to take control of the system if they can upload malicious code to it. This update ...

A security issue in Synology Presto Client versions prior to 2.1.3-0672 allows a local user to access and modify files on the system by placing a malicious file in the same directory as the installer....

The CryptoPro Secure Disk application has a security flaw that allows an attacker with access to the hard disk to change the Linux operating system's configuration files. This could give the attacker ...

If a malicious USB drive is plugged into a Linksys MR9600 or MX4200 router, an attacker could potentially execute malicious scripts with full system privileges, potentially compromising the router's s...

An attacker can create a DAG with a specially crafted name to write arbitrary YAML files outside of the DAGs directory. This can lead to unauthorized data exposure or modification. To fix this, update...

Wasmtime, a tool for running WebAssembly code, has a security issue that allows malicious code to exhaust the host's resources, potentially causing the host to crash or slow down. This can happen if t...

A security issue in Caddy allows attackers to change the server's configuration by tricking users into visiting a malicious website. This can happen if the server's admin API is enabled without proper...

Devolusions Server's REST API has a security issue that allows users with limited permissions to access sensitive information about connections. This could potentially let someone see private data the...

Caddy's file matcher does not properly sanitize glob characters, allowing attackers to bypass security protections. This could allow malicious files to be accessed. To mitigate this issue, update to t...

If you're using a version of Payload earlier than 3.75.0, an attacker with permission to upload files could potentially access your internal network. This is a security risk because it allows an attac...

A security fix in Craft CMS has been bypassed, allowing attackers to access assets without permission. This issue affects users with GraphQL schema permissions to edit or create assets in a specific v...

Authenticated users with low privileges can see sensitive user information, including passwords and email addresses, in Apache Superset. This is a security risk because it allows unauthorized access t...

A security hole in Apache Superset lets users with SQL editing access bypass read-only settings in PostgreSQL connections. This is a risk for any organization using Apache Superset with a PostgreSQL d...

Apache Superset's ClickHouse engine had a missing restriction on certain SQL functions, which could have allowed unauthorized access to sensitive data. This affected versions of Apache Superset before...

A security issue in Apache Superset, a business intelligence platform, allows authorized users to potentially access sensitive data. This issue affects Apache Superset versions before 6.0.0. To fix it...

A security weakness in Apache Superset version 6.0.0 and earlier allows a user with limited permissions to access data they shouldn't have access to. This is a concern because sensitive information mi...

If you use Airflow versions before 2.11.1, users with audit log access may see sensitive connection information they shouldn't see. This is a concern because sensitive data could be exposed. To fix th...

A faulty file parsing error in OpenEXR versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4 could crash the application if it tries to open a manipulated image file. This is a security risk, especiall...

ImageMagick software, used for image editing, has a bug that can cause it to crash or leak sensitive information when processing specific types of medical image files. This affects earlier versions of...

ImageMagick, a software used for image editing, has a flaw that can cause sensitive data to be leaked or the program to crash if it is given a specially crafted image. This affects older versions of I...

If you're using ImageMagick on a 32-bit system, be aware that a hacker could potentially use a specially crafted image to make your system write data to the wrong location in memory. This could lead t...

ImageMagick, a popular image editing software, may get stuck and consume 100% CPU with a malicious image file. This can cause the program to freeze, also known as a Denial of Service. Update to versio...