Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 27 February 2026
RSS217 vulnerabilities published on 27 February 2026
Severity:
Centreon Open Tickets on Linux Central Server: Unvalidated User Input
CVE-2026-2750
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affect...
9.1
Weak SSH Cipher Suites Expose Encrypted Data to Attackers
CVE-2026-1626
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypte...
9.1
OpenStack Vitrage: Unauthorized Access to Host via API
CVE-2026-28370
GHSA-8xwf-cr4r-856r
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code executio...
9.1
XWEB Pro: Unauthenticated Access to Sensitive System Files
CVE-2026-22877
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling unauthenticated attackers to read arbitrary files on
the ...
9.1
openDCIM: Authenticated users can execute arbitrary database queries
CVE-2026-28516
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-inst...
9.3
Statmatic CMS: Elevated Privileges for Control Panel Users
CVE-2026-27939
GHSA-rw9x-pxqx-q789
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Pa...
8.8
Group-Office: Malicious Files Can Be Executed Remotely
CVE-2026-27947
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticate...
9.4
Group-Office: Passwords Exposed via SQL Injection in Older Versions
CVE-2026-27832
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection...
7.1
Vitess users with backup access can write files to any location on restore
CVE-2026-27969
GHSA-r492-hjgh-c9gw
### Impact
Anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the...
9.3
jizhiCMS SQL Injection Risk in Batch Interface Function
CVE-2026-3292
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the compone...
5.3
Tenda F453 Router: Remote Attack via Overflow
CVE-2026-3275
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. ...
7.4
Tenda F453 Router: Remote Code Execution via Malicious Input
CVE-2026-3274
A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the comp...
7.4
XWEB Pro: Authenticated Remote Code Execution via Malicious Input
CVE-2026-3037
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker to achieve remote code
executi...
8.8
XWEB Pro 1.12.1 and prior: Malicious Commands Can Be Injected
CVE-2026-25721
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code executi...
8.8
XWEB Pro versions 1.12.1 and prior allow attackers to take control of your system
CVE-2026-25196
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code executi...
8.8
XWEB Pro: Remote Code Execution through Malicious Input
CVE-2026-25105
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code ex...
8.8
XWEB Pro versions 1.12.1 and prior allow attackers to control the system
CVE-2026-25037
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execut...
8.8
XWEB Pro allows hackers to execute commands on your system
CVE-2026-24452
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execut...
8.8
XWEB Pro 1.12.1 and prior allows hackers to execute system commands
CVE-2026-23702
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code executi...
8.8
XWEB Pro: Malicious Input Can Run System Commands
CVE-2026-20764
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code executi...
8.8
Tenda F453 Router Remote Buffer Overflow Risk: Unauthorised Access
CVE-2026-3273
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafes...
7.4
XWEB Pro versions 1.12.1 and prior: Untrusted Input Can Execute System Commands
CVE-2026-25111
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code executi...
8.8
XWEB Pro allows attackers to run malicious commands on your server
CVE-2026-25109
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execu...
8.8
XWEB Pro Command Injection Allows Malicious Code Execution
CVE-2026-24695
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code exe...
8.8
XWEB Pro: Malicious Firmware Update Allows Remote Code Execution
CVE-2026-24689
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execut...
8.8