CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2025-15579	An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.	18.02.2026	9.5
CVE-2026-2329	Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow	18.02.2026	9.3
CVE-2026-1435	Incorrect management of session invalidation vulnerability in Graylog Web Interface	18.02.2026	9.3
CVE-2026-1937	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action	18.02.2026	9.8
CVE-2026-1670	Honeywell CCTV Products Missing Authentication for Critical Function	17.02.2026	9.3
CVE-2026-22769		18.02.2026	10
CVE-2026-23647	Glory RBG-100 Recycler System Hard-coded OS Credentials	17.02.2026	9.3
CVE-2026-22208	OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access	17.02.2026	9.4
CVE-2026-26220	LightLLM <= 1.1.0 PD Mode Unsafe Deserialization RCE	17.02.2026	9.3
CVE-2026-2564	Intelbras VIP 3260 Z IA OutsideCmd password recovery	17.02.2026	9.2
CVE-2026-2550	EFM iptime A6004MX timepro.cgi commit_vpncli_file_upload unrestricted upload	17.02.2026	9.3
CVE-2026-2577	Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge	17.02.2026	10
CVE-2026-26366	JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials	17.02.2026	9.3
CVE-2026-26369	JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup	17.02.2026	9.3
CVE-2025-32058	Stack Overflow in processing requests over INC interface on RH850 side of Infotainment ECU	17.02.2026	9.3
CVE-2026-1490	Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation	17.02.2026	9.8
CVE-2025-8572	Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration	17.02.2026	9.8
CVE-2026-1306	midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action	14.02.2026	9.8
CVE-2026-26273	Known affected by Account Takeover via Password Reset Token Leakage	17.02.2026	9.8
CVE-2026-26333	Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE	13.02.2026	10
CVE-2026-26335	Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE	13.02.2026	9.3
CVE-2026-26190	Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise	18.02.2026	9.8
CVE-2026-26221	Hyland OnBase Timer Services Unauthenticated .NET Remoting RCE	13.02.2026	10
CVE-2019-25322	Heatmiser Netmonitor 3.03 - Hardcoded Credentials	13.02.2026	9.3
CVE-2026-26068	emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)	13.02.2026	9.3
CVE-2026-1358	Airleader Master Unrestricted Upload of File with Dangerous Type	17.02.2026	9.8
CVE-2026-26069	Scraparr Readarr Integration exposes sensitive values as metric labels.	13.02.2026	9.1
CVE-2026-26011	Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution	13.02.2026	9.3
CVE-2026-26020	AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)	12.02.2026	9.4
CVE-2026-25227	authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint	17.02.2026	9.1
CVE-2026-24044	ESS Community Helm Chart has a weak server key generation method	12.02.2026	9.2
CVE-2026-26218	newbee-mall Default Seeded Administrator Credentials Allow Account Takeover	12.02.2026	9.3
CVE-2026-26219	newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking	12.02.2026	9.3
CVE-2026-26216	Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Parameter	12.02.2026	10
CVE-2026-26217	Crawl4AI < 0.8.0 Docker API Local File Inclusion via file URL Handling	12.02.2026	9.2
CVE-2026-26214	Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM	12.02.2026	9.1
CVE-2025-14014	Insecure File Upload in NTN Informatics' Smart Panel	12.02.2026	9.8
CVE-2025-10969	SQLi in Farktor Software's E-Commerce Package	12.02.2026	9.8
CVE-2026-1729	AdForest <= 6.0.12 - Authentication Bypass	12.02.2026	9.8
CVE-2026-26215	manga-image-translator Shared API Unsafe Deserialization RCE	12.02.2026	9.3
CVE-2026-26021	Prototype pollution in set-in	12.02.2026	9.4

Latest Updates

CVE	Title	Updated	Score
CVE-2025-15579	An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.	18.02.2026
CVE-2025-70998		18.02.2026
CVE-2025-71229	wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()	18.02.2026
CVE-2025-71230	hfs: ensure sb->s_fs_info is always cleaned up	18.02.2026
CVE-2025-71231	crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode	18.02.2026
CVE-2025-71232	scsi: qla2xxx: Free sp in error path to fix system crash	18.02.2026
CVE-2025-71233	PCI: endpoint: Avoid creating sub-groups asynchronously	18.02.2026
CVE-2025-71234	wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add	18.02.2026
CVE-2025-71235	scsi: qla2xxx: Delay module unload while fabric scan in progress	18.02.2026
CVE-2025-71236	scsi: qla2xxx: Validate sp before freeing associated memory	18.02.2026
CVE-2025-71237	nilfs2: Fix potential block overflow that cause system hang	18.02.2026
CVE-2026-23220	ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths	18.02.2026
CVE-2026-23221	bus: fsl-mc: fix use-after-free in driver_override_show()	18.02.2026
CVE-2026-23222	crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly	18.02.2026
CVE-2026-23223	xfs: fix UAF in xchk_btree_check_block_owner	18.02.2026
CVE-2026-23224	erofs: fix UAF issue for file-backed mounts w/ directio option	18.02.2026
CVE-2026-23225	sched/mmcid: Don't assume CID is CPU owned on mode switch	18.02.2026
CVE-2026-23226	ksmbd: add chann_lock to protect ksmbd_chann_list xarray	18.02.2026
CVE-2026-23227	drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free	18.02.2026
CVE-2026-23228	smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()	18.02.2026
CVE-2026-23229	crypto: virtio - Add spinlock protection with virtqueue notification	18.02.2026
CVE-2026-23230	smb: client: split cached_fid bitfields to avoid shared-byte RMW races	18.02.2026
CVE-2025-61982		18.02.2026	7.8
CVE-2026-2656	ChaiScript type_info.hpp bare_equal use after free	18.02.2026
CVE-2025-71225	md: suspend array while updating raid_disks via sysfs	18.02.2026
CVE-2025-71226	wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP	18.02.2026
CVE-2025-71227	wifi: mac80211: don't WARN for connections on invalid channels	18.02.2026
CVE-2025-71228	LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED	18.02.2026
CVE-2026-1404	Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters	18.02.2026	6.1
CVE-2026-1426	Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility	18.02.2026	8.8
CVE-2026-23211	mm, swap: restore swap_space attr aviod kernel panic	18.02.2026
CVE-2026-23212	bonding: annotate data-races around slave->last_rx	18.02.2026
CVE-2026-23213	drm/amd/pm: Disable MMIO access during SMU Mode 1 reset	18.02.2026
CVE-2026-23214	btrfs: reject new transactions if the fs is fully read-only	18.02.2026
CVE-2026-23215	x86/vmware: Fix hypercall clobbers	18.02.2026
CVE-2026-23216	scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()	18.02.2026
CVE-2026-23217	riscv: trace: fix snapshot deadlock with sbi ecall	18.02.2026
CVE-2026-23218	gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()	18.02.2026
CVE-2026-23219	mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single	18.02.2026
CVE-2026-27099		18.02.2026
CVE-2026-27100		18.02.2026
CVE-2026-2329	Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow	18.02.2026
CVE-2025-33236		18.02.2026	7.8
CVE-2025-33239		18.02.2026	7.8
CVE-2025-33240		18.02.2026	7.8
CVE-2025-33241		18.02.2026	7.8
CVE-2025-33243		18.02.2026	7.8
CVE-2025-33245		18.02.2026	8
CVE-2025-33246		18.02.2026	7.8
CVE-2025-33249		18.02.2026	7.8
CVE-2025-33250		18.02.2026	7.8
CVE-2025-33251		18.02.2026	7.8
CVE-2025-33252		18.02.2026	7.8
CVE-2025-33253		18.02.2026	7.8
CVE-2025-60035		18.02.2026	7.8
CVE-2025-60036		18.02.2026	7.8
CVE-2025-60037		18.02.2026	7.8
CVE-2025-60038		18.02.2026	7.8
CVE-2026-2464	Directory Traversal in AMR Printer Management by AMR	18.02.2026
CVE-2026-2655	ChaiScript chaiscript_defines.hpp operator use after free	18.02.2026
CVE-2025-14340	Admin Account Takeover via malicious URL payload	18.02.2026
CVE-2025-59920	SQL injection in time@work from systems@work	18.02.2026
CVE-2025-8308	Reflected XSS in Key Software's INFOREX	18.02.2026	6.3
CVE-2026-1435	Incorrect management of session invalidation vulnerability in Graylog Web Interface	18.02.2026
CVE-2026-1436	Improper Access Control (IDOR) vulnerability in Graylog Web Interface	18.02.2026
CVE-2026-1437	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface	18.02.2026
CVE-2026-1438	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface	18.02.2026
CVE-2026-1439	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface	18.02.2026
CVE-2026-1440	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface	18.02.2026
CVE-2026-1441	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface	18.02.2026
CVE-2026-2654	huggingface smolagents LocalPythonExecutor requests.post server-side request forgery	18.02.2026
CVE-2025-8781	Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw'	18.02.2026	4.9
CVE-2026-1317	WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name	18.02.2026	6.5
CVE-2026-1582	WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling	18.02.2026	3.7
CVE-2026-2386	The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type'	18.02.2026	4.3
CVE-2025-7630	OTP Password Brute Forcing in DorukNet's Wispotter	18.02.2026	5.3
CVE-2025-14799	Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling	18.02.2026	6.5
CVE-2026-2653	admesh normals.c stl_check_normal_vector heap-based overflow	18.02.2026
CVE-2025-14444	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment	18.02.2026	5.3
CVE-2026-1942	Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification	18.02.2026	6.5
CVE-2026-2426	WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter	18.02.2026	6.5
CVE-2025-11185	Complianz \| GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	18.02.2026	6.4
CVE-2025-13727	Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values	18.02.2026	4.4
CVE-2026-2126	User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter	18.02.2026	5.3
CVE-2026-1649	Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter	18.02.2026	4.4
CVE-2026-1656	Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification	18.02.2026	5.3
CVE-2026-1941	WP Event Aggregator <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	18.02.2026	6.4
CVE-2026-2127	SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution	18.02.2026	5.4
CVE-2026-2495	WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter	18.02.2026	7.5
CVE-2026-25421		18.02.2026
CVE-2026-1655	EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter	18.02.2026	4.3
CVE-2026-1831	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation	18.02.2026	2.7
CVE-2026-1860	Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure	18.02.2026	4.3
CVE-2026-1938	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint	18.02.2026	5.3
CVE-2026-1943	YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements	18.02.2026	4.4
CVE-2026-2112	Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion	18.02.2026	4.3
CVE-2026-2419	WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter	18.02.2026	2.7
CVE-2026-1640	Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation	18.02.2026	4.3
CVE-2026-1666	Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter	18.02.2026	6.1
CVE-2026-1807	InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	18.02.2026	6.4
CVE-2026-1857	Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter	18.02.2026	4.3
CVE-2026-1937	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action	18.02.2026	9.8
CVE-2026-2019	Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting	18.02.2026	7.2
CVE-2026-2281	Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting	18.02.2026	4.4
CVE-2026-2296	Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter	18.02.2026	7.2
CVE-2026-2633	Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload	18.02.2026	4.3
CVE-2026-2644	niklasso minisat DIMACS File SolverTypes.h value out-of-bounds	18.02.2026
CVE-2026-2642	ggreer the_silver_searcher search.c search_stream null pointer dereference	18.02.2026
CVE-2026-1368	Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation	18.02.2026
CVE-2025-11737	VK All in One Expansion Unit <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title	18.02.2026	6.4
CVE-2025-12122	Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	18.02.2026	6.4
CVE-2025-12356	Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update	18.02.2026	4.3
CVE-2026-1072	Keybase.io Verification <= 1.4.5 - Cross-Site Request Forgery to Settings Update	18.02.2026	4.3
CVE-2026-1304	Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings	18.02.2026	4.4
CVE-2026-1639	Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters	18.02.2026	6.5
CVE-2026-1906	PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification	18.02.2026	4.3
CVE-2026-2023	WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation	18.02.2026	4.3
CVE-2026-2641	universal-ctags V Language v.c parseExprList recursion	18.02.2026
CVE-2025-12037	WP 404 Auto Redirect <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting	18.02.2026	4.4
CVE-2025-12071	Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification	18.02.2026	4.3
CVE-2025-12074	Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure	18.02.2026	5.3
CVE-2025-12075	Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure	18.02.2026	4.3
CVE-2025-13959	Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	18.02.2026	6.4
CVE-2025-6460	Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter	18.02.2026	6.4
CVE-2026-1277	URL Shortify <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter	18.02.2026	4.7
CVE-2026-1296	Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter	18.02.2026	6.1
CVE-2026-1714	ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action	18.02.2026	8.6
CVE-2026-1925	EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification	18.02.2026	4.3
CVE-2026-1931	Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter	18.02.2026	7.2
CVE-2026-2576	Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter	18.02.2026	7.5
CVE-2026-27031		18.02.2026
CVE-2026-27032		18.02.2026
CVE-2026-27033		18.02.2026
CVE-2026-27034		18.02.2026
CVE-2026-27035		18.02.2026
CVE-2026-27036		18.02.2026
CVE-2026-27037		18.02.2026
CVE-2026-27038		18.02.2026
CVE-2026-27171		18.02.2026	2.9
CVE-2026-1344	Insecure file permissions in Enforce Recovery Key Portal	18.02.2026	6.5
CVE-2026-22048		18.02.2026	7.1
CVE-2026-23599	Local Privilege Escalation Vulnerability in HPE Aruba Networking Clear Pass Policy Manager OnGuard for Linux	18.02.2026	7.8
CVE-2025-62183	Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.	17.02.2026
CVE-2026-1670	Honeywell CCTV Products Missing Authentication for Critical Function	17.02.2026
CVE-2026-26119	Windows Admin Center Elevation of Privilege Vulnerability	18.02.2026	8.8
CVE-2026-2570		17.02.2026
CVE-2025-13333	IBM WebSphere Application Server could provide weaker than expected security	17.02.2026	4.4
CVE-2025-13689	DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment	17.02.2026	8.8
CVE-2026-2629	jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection	17.02.2026
CVE-2023-38005	Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]	17.02.2026	4.3
CVE-2025-33088	Multiple Vulnerabilities in IBM Concert Software.	18.02.2026	7.4
CVE-2025-33135	IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities	17.02.2026	6.1
CVE-2025-36183	Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data	17.02.2026	3.8
CVE-2025-36348	The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure	17.02.2026	4.9
CVE-2026-2627	Softland FBackup Backup/Restore HID.dll link following	17.02.2026