CVE Vulnerabilities - 27 February 2026

SODOLA SL902-SWTGW124AS: Unlimited Login Attempts

CVE-2026-27753

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unli...

6.9

OpenEMR versions 8.0.0 and below: Unauthorized Files Sent via Fax

CVE-2026-24488

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arb...

6.5

OVRI Payment Plugin for WordPress Allows Malicious Files to Run

CVE-2024-10938

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of ce...

6.5

Perl's Net::CIDR before 0.24 mishandles leading zeros in IP addresses

CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` an...

6.5

Calibre e-book manager: Authentication Bypass via Malicious Links

CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header I...

6.4

Electric Enquiries Plugin for WordPress Allows Malicious Scripts on Your Site

CVE-2025-14142

The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode ...

6.4

Simple Download Monitor plugin for WordPress: Stored XSS via Custom Field

CVE-2026-2383

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4...

6.4

WP Accessibility plugin for WordPress: Stored Script Injection via Image Alt Text

CVE-2026-2362

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "L...

6.4

Xpro Addons for Elementor plugin: Malicious scripts can be injected into WordPress sites

CVE-2025-14149

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget ...

6.4

Stored Cross-Site Scripting in Automotive Car Dealership Theme

CVE-2025-14040

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fiel...

6.4

OpenClaw 2026.2.19-2 Allows Remote Code Injection

GHSA-82g8-464f-2mv7

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill En...

5.3

npm Package Installation Can Install Malicious Code

CVE-2025-13327 GHSA-v653-r55g-hcmg

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafte...

6.3

Malicious Code Execution in ZIP Archives on UV Software

GHSA-pqhf-p39g-3x64 CVE-2025-13327

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafte...

6.8

PSI Probe vulnerable to Server-Side Request Forgery

CVE-2026-3270 GHSA-429m-9874-rx9w

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/...

2.1

SODOLA SL902-SWTGW124AS Management Interface Allows Malicious Scripts

CVE-2026-27756

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where us...

5.1

Angular i18n Exposes Users to Malicious Translations

CVE-2026-27970 GHSA-prjf-86w9-mfqv

A [Cross-site Scripting (XSS)](https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS) vulnerability has been identified in the Angular int...

7.0

EduAsist: Malicious Web Pages Can Steal User Data

CVE-2025-11950

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. C...

6.1

Omega-PSIR: Malicious URLs Can Execute Arbitrary JavaScript

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript...

5.1

SourceCodester Doctor Appointment System allows remote code execution via email input

CVE-2026-3302

A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /regi...

5.3

OpenClaw ACP Client Fails to Verify Tool Permissions

GHSA-7jx5-9fjg-hp4m

## Vulnerability Summary The OpenClaw ACP client could auto-approve tool calls based on untrusted metadata and permissive name heuristics. A maliciou...

6.0

EFM-Networks IpTIME Devices Leak Sensitive Data to Unauthorized Users

CVE-2026-24498

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Ne...

6.0

Junrar Allows Attackers to Write Files Anywhere on Linux/Unix

GHSA-j273-m5qq-6825 CVE-2026-28208

### Summary A backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled c...

5.9

SODOLA SL902 Gateway: Unencrypted Password Transmission Exposes Credentials

CVE-2026-27752

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture cr...

8.2

AWS CLI: Other users can read command history on Unix systems

GHSA-747p-wmpv-9c78

**Summary** AWS CLI is a command line tool for interacting with AWS services. When the cli_history feature is enabled, the history database file is cr...

5.9

Vim before 9.2.0074 allows reading sensitive data

CVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-styl...

5.5