Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 25 February 2026

RSS

235 vulnerabilities published on 25 February 2026

Severity:
Rucio WebUI allows attackers to steal user sessions
GHSA-rwj9-7j48-9f7q CVE-2026-25733
### Summary A stored Cross-site Scripting (XSS) vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input...
7.3
Red Hat Linux Kernel Update Fixes Security Flaw
RHSA-2026:3275
7.3
VMware Aria Operations: Malicious Access to Administrative Privileges
CVE-2026-22721
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may lever...
7.2
HexChat Crate Can Crash Your Application
GHSA-x43w-ph7m-pfjx
All versions of this crate have function `deregister_command` which can result in use after free. This is unsound. In addition, all versions since 0....
7.2
Coturn: IPv4-mapped IPv6 bypasses blocked IP restrictions
CVE-2026-27624
Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied...
7.2
OpenEMR DICOM Viewer State API Allows Unauthorized Access
CVE-2026-25927
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer sta...
7.1
iccDEV Crashes When Parsing ICC Profile XML
CVE-2026-27692
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-over...
7.1
LUKS Encryption Data Loss via Unprivileged Access to udisks Daemon
CVE-2026-26103
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper auth...
7.1
Red Hat Linux Kernel Update Fixes Security Flaw
RHSA-2026:3268
7.1
Chia Blockchain 2.1.0: Local Authentication Bypass through RPC Server
CVE-2026-3194
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Mast...
2.0
openSUSE sdbootutil allows local users to access sensitive data
CVE-2026-25701
An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gai...
7.0
Angular Server-Side Rendering allows attackers to redirect users to malicious sites
GHSA-xh43-g2fq-wjrj CVE-2026-27738
An Open Redirect vulnerability exists in the internal URL processing logic in Angular SSR. The logic normalizes URL segments by stripping leading slas...
6.9
Cisco FXOS and UCS Manager interface allows attackers to gain root access
CVE-2026-20099
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local a...
6.7
LangGraph: Untrusted Data Can Execute Malicious Code Remotely
CVE-2026-27794 GHSA-mhr3-j7m5-c7c9
## Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseC...
6.6
LORIS: Hardcoded Credentials Exposed Through Vulnerable Configuration Files
CVE-2026-26985
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...
6.5
GitLab: Attacker can crash your server with big responses
CVE-2026-2845
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could hav...
6.5
GitLab: Authentication Bypass via Malicious CI Triggers
CVE-2025-3525
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could ha...
6.5
OpenEMR allows unauthorized access to patient medical records
CVE-2026-25930
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form...
6.5
OpenEMR: Unauthorized access to patient photos
CVE-2026-25929
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controll...
6.5
OpenEMR FHIR CareTeam data exposed to unauthorized users
CVE-2026-24487
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypa...
5.7
Parse Dashboard: Unsecured Agent Endpoint Allows Session Hijacking
CVE-2026-27609 GHSA-3534-xp88-25rc
### Impact The AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by ...
8.3
OpenSIPS 3.1 before 3.6.4: Impersonation via Malicious JWT
CVE-2026-25554
OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_author...
8.3
Plane Project Management Tool Asset Access Weakness
CVE-2026-27705
Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/ass...
4.9
Cisco UCS Manager Software Allows Malicious Admins to Run Any Command
CVE-2026-20036
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid a...
6.5
FileBrowser Quantum: Password Protected Files Can Be Downloaded Without Password
GHSA-8vrh-3pm2-v4v6 CVE-2026-27611
### Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. ### Details This...
7.1
24 Feb 2026 All days 26 Feb 2026