| CVE-2025-52603 |
HCL Connections is vulnerable to information disclosure |
20.02.2026 |
3.5 |
| CVE-2025-67438 |
|
20.02.2026 |
|
| CVE-2026-20761 |
EnOcean SmartServer IoT Command Injection |
20.02.2026 |
8.1 |
| CVE-2026-22885 |
EnOcean SmartServer IoT Out-of-bounds Read |
20.02.2026 |
3.7 |
| CVE-2026-2846 |
UTT HiPER 520 Web Management formPdbUpConfig sub_44D264 os command injection |
20.02.2026 |
|
| CVE-2026-2847 |
UTT HiPER 520 Web Management formReleaseConnect sub_44EFB4 os command injection |
20.02.2026 |
|
| CVE-2025-14055 |
Integer underflow in Secure NCP host |
20.02.2026 |
|
| CVE-2025-14547 |
ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs |
20.02.2026 |
|
| CVE-2026-21627 |
Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla |
20.02.2026 |
|
| CVE-2025-10970 |
SQLi in Kolay Software's Talentics |
20.02.2026 |
9.8 |
| CVE-2026-2486 |
Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' |
20.02.2026 |
6.4 |
| CVE-2026-21620 |
TFTP Path Traversal |
20.02.2026 |
|
| CVE-2026-26050 |
|
20.02.2026 |
|
| CVE-2025-59819 |
Authenticated Arbitrary File Read via filepath parameter |
20.02.2026 |
6.5 |
| CVE-2026-26370 |
|
20.02.2026 |
|
| CVE-2026-2825 |
rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting |
20.02.2026 |
|
| CVE-2026-2824 |
Comfast CF-E7 webmggnt mbox-config sub_441CF4 command injection |
20.02.2026 |
|
| CVE-2026-2739 |
|
20.02.2026 |
5.3 |
| CVE-2026-2823 |
Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection |
20.02.2026 |
|
| CVE-2026-2822 |
JeecgBoot Backend airag_app,1,create_by sql injection |
20.02.2026 |
|
| CVE-2026-27317 |
|
20.02.2026 |
|
| CVE-2026-27318 |
|
20.02.2026 |
|
| CVE-2026-27319 |
|
20.02.2026 |
|
| CVE-2026-27320 |
|
20.02.2026 |
|
| CVE-2026-27321 |
|
20.02.2026 |
|
| CVE-2026-27322 |
|
20.02.2026 |
|
| CVE-2026-27323 |
|
20.02.2026 |
|
| CVE-2026-27324 |
|
20.02.2026 |
|
| CVE-2026-27325 |
|
20.02.2026 |
|
| CVE-2026-26991 |
LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name |
20.02.2026 |
|
| CVE-2026-26992 |
LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name |
20.02.2026 |
|
| CVE-2026-26993 |
Flare has XSS vulnerability in Raw File Preview |
20.02.2026 |
4.6 |
| CVE-2026-26994 |
uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries |
20.02.2026 |
6.5 |
| CVE-2026-26995 |
|
20.02.2026 |
|
| CVE-2026-26996 |
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern |
20.02.2026 |
|
| CVE-2026-27017 |
uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch |
20.02.2026 |
|
| CVE-2026-2384 |
Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
20.02.2026 |
6.4 |
| CVE-2026-2821 |
Fujian Smart Integrated Management Platform System XCamera.ashx sql injection |
20.02.2026 |
|
| CVE-2026-26064 |
calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution |
20.02.2026 |
|
| CVE-2026-26065 |
calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution |
20.02.2026 |
|
| CVE-2026-26989 |
LibreNMS has Stored XSS in Alert Rule |
20.02.2026 |
4.3 |
| CVE-2026-26990 |
LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php |
20.02.2026 |
8.8 |
| CVE-2026-27016 |
LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags() |
20.02.2026 |
5.4 |
| CVE-2026-2819 |
Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization |
20.02.2026 |
|
| CVE-2026-2820 |
Fujian Smart Integrated Management Platform System XAccessPermissionPlus.ashx sql injection |
20.02.2026 |
|
| CVE-2026-26960 |
node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction |
20.02.2026 |
7.1 |
| CVE-2026-26977 |
Frappe Learning Management System exposes details of unpublished courses to unauthorized users |
20.02.2026 |
|
| CVE-2026-26980 |
Ghost has a SQL Injection in its Content API |
20.02.2026 |
9.4 |
| CVE-2026-26987 |
LibreNMS affected by reflected XSS via email field |
20.02.2026 |
|
| CVE-2026-26988 |
LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream |
20.02.2026 |
|
| CVE-2025-30410 |
|
20.02.2026 |
|
| CVE-2025-30411 |
|
20.02.2026 |
|
| CVE-2025-30412 |
|
20.02.2026 |
|
| CVE-2025-30416 |
|
20.02.2026 |
|
| CVE-2026-26967 |
PJSIP has a Heap-based Buffer Overflow vulnerability in its H.264 unpacketizer |
20.02.2026 |
|
| CVE-2026-26974 |
Sylde has Improper Control of Generation of Code |
20.02.2026 |
|
| CVE-2026-26975 |
Music Assistant Server Path Traversal in Playlist Update API Allows Remote Code Execution |
20.02.2026 |
8.8 |
| CVE-2026-26964 |
Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members |
20.02.2026 |
2.7 |
| CVE-2026-26957 |
Libredesk has an SSRF Vulnerability via Webhooks |
20.02.2026 |
|
| CVE-2026-26963 |
Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled |
20.02.2026 |
6.1 |
| CVE-2026-26959 |
ADB Explorer Vulnerable to RCE via Insufficient Input Validation |
20.02.2026 |
7.8 |
| CVE-2026-27004 |
OpenClaw session tool visibility hardening and Telegram webhook secret fallback |
20.02.2026 |
|
| CVE-2026-27007 |
OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation |
20.02.2026 |
|
| CVE-2026-27008 |
OpenClaw hardened the skill download target directory validation |
20.02.2026 |
|
| CVE-2026-27009 |
OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection |
20.02.2026 |
5.8 |
| CVE-2026-1292 |
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. |
19.02.2026 |
6.5 |
| CVE-2026-26328 |
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities |
19.02.2026 |
6.5 |
| CVE-2026-26329 |
OpenClaw has a path traversal in browser upload allows local file read |
19.02.2026 |
|
| CVE-2026-26972 |
OpenClaw has a Path Traversal in Browser Download Functionality |
19.02.2026 |
6.7 |
| CVE-2026-27001 |
OpenClaw: Unsanitized CWD path injection into LLM prompts |
19.02.2026 |
|
| CVE-2026-27002 |
OpenClaw: Docker container escape via unvalidated bind mount config injection |
20.02.2026 |
|
| CVE-2026-27003 |
OpenClaw: Telegram bot token exposure via logs |
20.02.2026 |
|
| CVE-2026-2350 |
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS. |
19.02.2026 |
6.5 |
| CVE-2026-2408 |
Use-after-free in Cloud Workloads |
19.02.2026 |
4.7 |
| CVE-2026-2435 |
ASSET-7706 |
19.02.2026 |
6.3 |
| CVE-2026-2605 |
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. |
19.02.2026 |
5.3 |
| CVE-2026-26324 |
OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable) |
19.02.2026 |
7.5 |
| CVE-2026-26325 |
OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals |
19.02.2026 |
7.2 |
| CVE-2026-26326 |
OpenClaw skills.status could leak secrets to operator.read clients |
19.02.2026 |
|
| CVE-2026-26327 |
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning |
19.02.2026 |
|
| CVE-2026-26953 |
Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table |
19.02.2026 |
5.4 |
| CVE-2026-26958 |
filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity |
19.02.2026 |
|
| CVE-2025-13671 |
Cross Site request forgery vulnerability discovered in OpenText WSM Management Server. |
19.02.2026 |
|
| CVE-2025-13672 |
Reflected Cross-Site Scripting discovered in OpenText WSM Management Server. |
19.02.2026 |
|
| CVE-2025-9208 |
Stored-XSS vulnerability discovered in OpenText WSM Management Server. |
19.02.2026 |
|
| CVE-2026-1658 |
Content spoofing vulnerability discovered in OpenText™ Directory Services |
19.02.2026 |
|
| CVE-2026-26322 |
OpenClaw Gateway tool allowed unrestricted gatewayUrl override |
19.02.2026 |
7.6 |
| CVE-2026-26323 |
OpenClaw has a command injection in maintainer clawtributors updater |
19.02.2026 |
|
| CVE-2026-26952 |
Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute |
19.02.2026 |
5.4 |
| CVE-2025-8054 |
Path Traversal vulnerability have been discovered in OpenText™ XM Fax. |
19.02.2026 |
|
| CVE-2025-8055 |
SSRF vulnerability have been discovered in OpenText™ XM Fax |
19.02.2026 |
|
| CVE-2026-24122 |
Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked |
19.02.2026 |
3.7 |
| CVE-2026-26320 |
OpenClaw macOS deep link confirmation truncation can conceal executed agent message |
19.02.2026 |
|
| CVE-2026-26321 |
OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension |
19.02.2026 |
7.5 |
| CVE-2026-21535 |
Microsoft Teams Information Disclosure Vulnerability |
19.02.2026 |
8.2 |
| CVE-2026-26319 |
OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests |
19.02.2026 |
7.5 |
| CVE-2026-26275 |
httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass |
19.02.2026 |
7.5 |
| CVE-2026-26316 |
OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust |
19.02.2026 |
7.5 |
| CVE-2026-26317 |
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints |
19.02.2026 |
7.1 |
| CVE-2026-26314 |
Go Ethereum affected by DoS via malicious p2p message |
19.02.2026 |
|
| CVE-2026-26315 |
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake |
19.02.2026 |
|
| CVE-2026-26744 |
|
19.02.2026 |
|
| CVE-2026-26286 |
SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services |
19.02.2026 |
|
| CVE-2026-26312 |
Stalwart Mail Server has Out-of-Memory Denial of Service via Malformed Nested MIME Messages |
19.02.2026 |
6.5 |
| CVE-2026-26313 |
Go Ethereum affected by DoS via malicious p2p message |
19.02.2026 |
|
| CVE-2026-27114 |
NanaZip has ROMFS Archive Infinite Loop |
19.02.2026 |
|