Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 25 February 2026
RSS235 vulnerabilities published on 25 February 2026
Severity:
OpenEMR: HTTPS connections to healthcare APIs are vulnerable to interception
CVE-2025-67752
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client...
8.1
Cisco Catalyst SD-WAN Manager: Low-Privilege User Can Become Root
CVE-2026-20126
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the under...
7.8
Libvips: Malicious CSV File Can Cause Data Corruption
CVE-2026-3147
A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The ma...
4.8
libvips: Local attackers can corrupt system memory with malicious files
CVE-2026-3145
A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header...
4.8
CyberArk Endpoint Privilege Manager Agent: Unauthorized Privilege Elevation Risk
CVE-2026-2914
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation di...
8.5
CodeAstro Food Ordering System 1.0 Allows Local Data Tampering
CVE-2026-3137
A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such...
4.8
Cisco SD-WAN Unrestricted Access to Sensitive Commands
CVE-2022-20775
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper acc...
7.8
KEV
Sliver Server Crashes from Malicious Compressed Data
GHSA-2phg-qgmm-r638
### Summary
GzipEncoder does not limit output size when processing compressed data. This allows unauthenticated remote attackers to crash sliver serv...
7.7
Plane Project Management Tool: Data Theft Risk Through Malicious Links
CVE-2026-27706
Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been iden...
7.7
Cisco Nexus 9000 Series Switches in ACI mode: Denial of Service via SNMP
CVE-2026-20048
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authe...
7.7
Mautic: Malicious SQL Code Can Be Injected through Contact Activity API
CVE-2026-3105
GHSA-r5j5-q42h-fc93
### Summary
This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists i...
7.6
OpenKruise PodProbeMarker allows attackers to scan network from nodes
CVE-2026-24005
GHSA-9fj4-3849-rv9g
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining cust...
7.6
FreeRDP Remote Desktop Protocol May Freeze 32-Bit Systems
CVE-2026-27951
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless b...
7.5
FreeRDP Remote Desktop Protocol: data corruption and crash
CVE-2026-27950
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24...
5.5
FreeRDP Remote Desktop Protocol Implementation: Pointer Dangling on Disconnect
CVE-2026-26986
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointe...
5.5
FreeRDP Remote Desktop Protocol Implementation Out-of-Bounds Read
CVE-2026-25942
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_co...
5.5
GitLab CE/EE Versions 18.9 Before 18.9.1: Unauthorized Access to CI Jobs API May Cause Service Disruption
CVE-2026-1725
GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthe...
7.5
GitLab CE/EE: Unauthenticated users can crash the Jira integration
CVE-2026-1662
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could h...
7.5
GitLab: Unauthenticated User Can Crash Merge Request Endpoint
CVE-2026-1388
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could ha...
7.5
GitLab Container Registry Denial of Service Vulnerability
CVE-2025-14511
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could h...
7.5
Parse Dashboard: Unauthenticated Access to AI Agent Endpoint
CVE-2026-27595
GHSA-qwc3-h9mg-4582
### Impact
The AI Agent API endpoint (POST `/apps/:appId/agent`) lacks authentication. Unauthenticated remote attackers can send requests to the endp...
9.9
Router lets in unauthorized connections from the internet
CVE-2026-27850
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services ...
7.5
Cisco Catalyst SD-WAN Manager allows unauthorized access to sensitive system info
CVE-2026-20133
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
...
7.5
Cisco Catalyst SD-WAN Manager DCA Credentials Exposed, Local Privilege Escalation
CVE-2026-20128
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA u...
7.5
Dart and Flutter SDKs allow malicious packages to write outside their directory
CVE-2026-27704
The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flu...
6.6