Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 25 February 2026

RSS

235 vulnerabilities published on 25 February 2026

Severity:
ENS Domain Owners at Risk of Fake Domain Takeovers
CVE-2026-22866 GHSA-c6rr-7pmc-73wc
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `R...
2.7
Wireshark: RF4CE Protocol Handling Causes Application Crash
CVE-2026-3203
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...
7.5
Wireshark crashes when analyzing NTS-KE protocol packets
CVE-2026-3202
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service...
7.5
Wireshark Denial-of-Service Vulnerability in USB HID Dissector
CVE-2026-3201
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...
7.5
esm.sh Allows Access to Internal Websites
CVE-2025-50180 GHSA-3c9r-837r-qqm4
### Summary esh.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerabili...
8.7
Unauthenticated code execution in buildah, affecting Linux systems
RHSA-2026:3297
7.5
buildah: Unprivileged users can escalate their privileges
RHSA-2026:3298
7.5
Opentelemetry Collector on Red Hat Systems Exposes Data
RHSA-2026:3288
7.5
Opentelemetry Collector for Linux: Unauthenticated Access Risk
RHSA-2026:3287
7.5
Red Hat Linux Kernel Security Update Exposes Systems to Unauthorized Access
RHSA-2026:3267
7.5
Go Programming Language Updated to Fix Security Flaw
RHSA-2026:3193
7.5
Go Language Vulnerability in Red Hat Products
RHSA-2026:3192
7.5
Grafana PCP Data Exposure on Red Hat Systems
RHSA-2026:3187
7.5
Grafana: Unauthenticated remote code execution
RHSA-2026:3188
7.5
Geo Mashup Plugin for WordPress: Attackers Can Steal Sensitive Data
CVE-2026-2416
The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due...
7.5
WPGSI: Spreadsheet Integration plugin exposes sensitive data to unauthorized access
CVE-2026-1916
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks a...
7.5
SourceCodester Website Link Extractor 1.0 Allows Remote Attack
CVE-2026-3163
A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the componen...
5.3
Hitachi Ops Center API and Hitachi Configuration Manager Expose Sensitive Data
CVE-2025-0976
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Cente...
7.5
Terraform Plan Converter Exposes Sensitive Data in Reports
CVE-2026-27640
tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affec...
8.5
pypdf: Infinite Loop When Loading Malicious PDFs
GHSA-2rw7-x74f-jg35 CVE-2026-27628
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an inf...
7.8
Cisco Switches: Unauthenticated Denial of Service Through Layer 2 Loop
CVE-2026-20051
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Swi...
7.4
Cisco Nexus 9000 Switches in ACI mode at risk of sudden reboot
CVE-2026-20033
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service ...
7.4
Cisco NX-OS Software LLDP Restart Vulnerability: Unexpected Device Reload
CVE-2026-20010
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause...
7.4
Vikunja: Malicious SVG Files Can Steal User Tokens
CVE-2026-27616 GHSA-7jp5-298q-jg98
**Details** The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution throug...
7.3
z-9527 Admin 1.0/2.0 Exposes User Data to Malicious SQL Queries
CVE-2026-3200
A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /se...
6.9
24 Feb 2026 All days 26 Feb 2026