Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 25 February 2026
RSS235 vulnerabilities published on 25 February 2026
Severity:
OpenEMR: Malicious form answers can harm other users
CVE-2026-25743
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms...
7.2
OpenFUN Richie allows attackers to bypass authentication
CVE-2026-26717
GHSA-xjhr-fm27-4hmx
An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verifica...
4.8
Cisco FXOS and UCS Manager Interface Allows Malicious Script Code Execution
CVE-2026-20091
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attac...
4.8
Patrick Mvuma Queue Management System Allows Remote Code Injection
CVE-2026-3170
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the...
4.8
wcurl allows saving files outside the intended directory
CVE-2025-11563
URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into
saving the output file outside of the current directory without the user
exp...
4.6
OpenEMR versions before 8.0.0 leak sensitive patient and staff info
CVE-2026-25135
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information d...
4.5
Cisco UCS Manager Software: Unauthorized Access to Files by Read-Only Users
CVE-2026-20037
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges...
4.4
Amazon DynamoDB Partition Overload Causes Service Downtime
CVE-2026-27695
GHSA-76rv-2r9v-c5m6
## Summary
All rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exce...
4.3
GitLab EE: Insufficient Privileges Could Allow Unauthorized Package Changes
CVE-2026-1747
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under ce...
4.3
Unauthorized access to pipeline variables in GitLab
CVE-2025-14103
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could h...
4.3
Feiyuchuixue sz-boot-parent API Download Templates Exposes Path Traversal Risk
CVE-2026-3188
A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/downlo...
5.3
Feiyuchuixue sz-boot-parent: Unauthorized password resets via remote attack
CVE-2026-3186
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file...
5.3
Unauthorized access to TeamCity build configurations
CVE-2026-28195
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...
4.3
Disable Admin Notices Plugin Allows Attackers to Redirect Admins
CVE-2026-2410
The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and i...
4.3
WordPress Post Duplicator Plugin Allows Attackers to Steal Sensitive Data
CVE-2026-2301
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3...
4.3
WP Recipe Maker Plugin Allows Access to Sensitive Recipe Data
CVE-2025-14742
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' a...
4.3
LangChain Community: Malicious Redirects Can Access Internal Servers
CVE-2026-27795
GHSA-mphv-75cg-56wg
## Summary
A redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates t...
4.1
ImageMagick fails to handle DJVU images correctly, leading to data exposure
CVE-2026-27799
GHSA-r99p-5442-q2x2
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer...
4.0
ImageMagick: Small Images Can Cause Data Disclosure
CVE-2026-27798
GHSA-qpgx-jfcq-r59f
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer...
4.0
ImageMagick: Memory Leak in Image Processing Can Cause System Slowdown
GHSA-wfx3-6g53-9fgc
A memory leak vulnerability exists in multiple coders that write raw pixel data where an object is not freed.
```
Direct leak of 160 byte(s) in 1 ob...
3.7
ImageMagick: Malicious PCD Files Can Crash Your Server
GHSA-wgxp-q8xq-wpp9
The PCD coder’s DecodeImage loop allows a crafted PCD file to trigger a 1‑byte heap out-of-bounds read when decoding an image (Denial of service) and ...
3.7
mageMagick's PDB decoder crashes or corrupts data
GHSA-3j4x-rwrx-xxj9
A use-after-free vulnerability exists in the PDB decoder that will use a stale pointer when a memory allocation fails and that could result in a crash...
3.7
ImageMagick can crash or be exploited if image processing fails
GHSA-2gq3-ww97-wfjm
A heap Use After Free vulnerability exists in the meta coder when an allocation fails and a single byte is written to a stale pointer.
```
==535852==...
3.7
ImageMagick: Malicious Images Can Cause Data Exposure or Crashes
CVE-2026-25984
GHSA-273h-m46v-96q4
An integer overflow in the PSB (PSD v2) RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure o...
3.7
ImageMagick: Data Leak in GetPixelIndex with Failed Memory Allocation
GHSA-gq5v-qf8q-fp77
`OpenPixelCache` updates image channel metadata **before** attempting pixel cache memory allocation. When both memory and disk allocation fail a heap...
3.3