| CVE-2025-63409 |
|
24.02.2026 |
|
| CVE-2025-69985 |
|
24.02.2026 |
|
| CVE-2026-23678 |
Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection |
24.02.2026 |
|
| CVE-2026-27507 |
Binardat 10G08-0800GSM Network Switch Hard-coded Credentials |
24.02.2026 |
|
| CVE-2026-27515 |
Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers |
24.02.2026 |
|
| CVE-2026-27516 |
Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure |
24.02.2026 |
|
| CVE-2026-27517 |
Binardat 10G08-0800GSM Network Switch XSS |
24.02.2026 |
|
| CVE-2026-27518 |
Binardat 10G08-0800GSM Network Switch CSRF |
24.02.2026 |
|
| CVE-2026-27519 |
Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key |
24.02.2026 |
|
| CVE-2026-27520 |
Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie |
24.02.2026 |
|
| CVE-2026-27521 |
Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting |
24.02.2026 |
|
| CVE-2025-67445 |
|
24.02.2026 |
|
| CVE-2026-0399 |
|
24.02.2026 |
|
| CVE-2026-0400 |
|
24.02.2026 |
|
| CVE-2026-0401 |
|
24.02.2026 |
|
| CVE-2026-0402 |
|
24.02.2026 |
|
| CVE-2026-27568 |
AVideo has Stored Cross-Site Scripting via Markdown Comment Injection |
24.02.2026 |
|
| CVE-2026-27584 |
ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints |
24.02.2026 |
|
| CVE-2026-27732 |
AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php |
24.02.2026 |
|
| CVE-2026-27567 |
Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads |
24.02.2026 |
6.5 |
| CVE-2026-3101 |
Intelbras TIP 635G Ping os command injection |
24.02.2026 |
|
| CVE-2026-3102 |
exiftool PNG File MacOS.pm SetMacOSTags os command injection |
24.02.2026 |
|
| CVE-2025-10010 |
Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker |
24.02.2026 |
|
| CVE-2026-27208 |
api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution |
24.02.2026 |
9.2 |
| CVE-2026-27483 |
MindsDB has Path Traversal in /api/files Leading to Remote Code Execution |
24.02.2026 |
8.8 |
| CVE-2025-14577 |
PHP Function Injection in Slican NPC/IPL/IPM/IPU |
24.02.2026 |
|
| CVE-2026-2459 |
|
24.02.2026 |
|
| CVE-2026-2460 |
|
24.02.2026 |
|
| CVE-2026-2634 |
Spoofed web content presented under trusted domains using scripted navigation on Firefox iOS |
24.02.2026 |
|
| CVE-2026-2757 |
Incorrect boundary conditions in the WebRTC: Audio/Video component |
24.02.2026 |
|
| CVE-2026-2758 |
Use-after-free in the JavaScript: GC component |
24.02.2026 |
|
| CVE-2026-2759 |
Incorrect boundary conditions in the Graphics: ImageLib component |
24.02.2026 |
|
| CVE-2026-2760 |
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component |
24.02.2026 |
|
| CVE-2026-2761 |
Sandbox escape in the Graphics: WebRender component |
24.02.2026 |
|
| CVE-2026-2762 |
Integer overflow in the JavaScript: Standard Library component |
24.02.2026 |
|
| CVE-2026-2763 |
Use-after-free in the JavaScript Engine component |
24.02.2026 |
|
| CVE-2026-2764 |
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component |
24.02.2026 |
|
| CVE-2026-2765 |
Use-after-free in the JavaScript Engine component |
24.02.2026 |
|
| CVE-2026-2766 |
Use-after-free in the JavaScript Engine: JIT component |
24.02.2026 |
|
| CVE-2026-2767 |
Use-after-free in the JavaScript: WebAssembly component |
24.02.2026 |
|
| CVE-2026-2768 |
Sandbox escape in the Storage: IndexedDB component |
24.02.2026 |
|
| CVE-2026-2769 |
Use-after-free in the Storage: IndexedDB component |
24.02.2026 |
|
| CVE-2026-2770 |
Use-after-free in the DOM: Bindings (WebIDL) component |
24.02.2026 |
|
| CVE-2026-2771 |
Undefined behavior in the DOM: Core & HTML component |
24.02.2026 |
|
| CVE-2026-2772 |
Use-after-free in the Audio/Video: Playback component |
24.02.2026 |
|
| CVE-2026-2773 |
Incorrect boundary conditions in the Web Audio component |
24.02.2026 |
|
| CVE-2026-2774 |
Integer overflow in the Audio/Video component |
24.02.2026 |
|
| CVE-2026-2775 |
Mitigation bypass in the DOM: HTML Parser component |
24.02.2026 |
|
| CVE-2026-2776 |
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software |
24.02.2026 |
|
| CVE-2026-2777 |
Privilege escalation in the Messaging System component |
24.02.2026 |
|
| CVE-2026-2778 |
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component |
24.02.2026 |
|
| CVE-2026-2779 |
Incorrect boundary conditions in the Networking: JAR component |
24.02.2026 |
|
| CVE-2026-2780 |
Privilege escalation in the Netmonitor component |
24.02.2026 |
|
| CVE-2026-2781 |
Integer overflow in the Libraries component in NSS |
24.02.2026 |
|
| CVE-2026-2782 |
Privilege escalation in the Netmonitor component |
24.02.2026 |
|
| CVE-2026-2783 |
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component |
24.02.2026 |
|
| CVE-2026-2784 |
Mitigation bypass in the DOM: Security component |
24.02.2026 |
|
| CVE-2026-2785 |
Invalid pointer in the JavaScript Engine component |
24.02.2026 |
|
| CVE-2026-2786 |
Use-after-free in the JavaScript Engine component |
24.02.2026 |
|
| CVE-2026-2787 |
Use-after-free in the DOM: Window and Location component |
24.02.2026 |
|
| CVE-2026-2788 |
Incorrect boundary conditions in the Audio/Video: GMP component |
24.02.2026 |
|
| CVE-2026-2789 |
Use-after-free in the Graphics: ImageLib component |
24.02.2026 |
|
| CVE-2026-2790 |
Same-origin policy bypass in the Networking: JAR component |
24.02.2026 |
|
| CVE-2026-2791 |
Mitigation bypass in the Networking: Cache component |
24.02.2026 |
|
| CVE-2026-2792 |
Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 |
24.02.2026 |
|
| CVE-2026-2793 |
Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 |
24.02.2026 |
|
| CVE-2026-2794 |
Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android |
24.02.2026 |
|
| CVE-2026-2795 |
Use-after-free in the JavaScript: GC component |
24.02.2026 |
|
| CVE-2026-2796 |
JIT miscompilation in the JavaScript: WebAssembly component |
24.02.2026 |
|
| CVE-2026-2797 |
Use-after-free in the JavaScript: GC component |
24.02.2026 |
|
| CVE-2026-2798 |
Use-after-free in the DOM: Core & HTML component |
24.02.2026 |
|
| CVE-2026-2799 |
Use-after-free in the DOM: Core & HTML component |
24.02.2026 |
|
| CVE-2026-2800 |
Spoofing issue in the WebAuthn component in Firefox for Android |
24.02.2026 |
|
| CVE-2026-2801 |
Incorrect boundary conditions in the JavaScript: WebAssembly component |
24.02.2026 |
|
| CVE-2026-2802 |
Race condition in the JavaScript: GC component |
24.02.2026 |
|
| CVE-2026-2803 |
Information disclosure, mitigation bypass in the Settings UI component |
24.02.2026 |
|
| CVE-2026-2804 |
Use-after-free in the JavaScript: WebAssembly component |
24.02.2026 |
|
| CVE-2026-2805 |
Invalid pointer in the DOM: Core & HTML component |
24.02.2026 |
|
| CVE-2026-2806 |
Uninitialized memory in the Graphics: Text component |
24.02.2026 |
|
| CVE-2026-2807 |
Memory safety bugs fixed in Firefox 148 and Thunderbird 148 |
24.02.2026 |
|
| CVE-2026-1772 |
|
24.02.2026 |
|
| CVE-2026-1773 |
|
24.02.2026 |
|
| CVE-2026-23969 |
Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering |
24.02.2026 |
|
| CVE-2026-23980 |
Apache Superset: Improper Neutralization of Special Elements used in a SQL Command |
24.02.2026 |
|
| CVE-2026-23982 |
Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass |
24.02.2026 |
|
| CVE-2026-23983 |
Apache Superset: Sensitive Data Exposure via REST API (disabled by default) |
24.02.2026 |
|
| CVE-2026-23984 |
Apache Superset: SQLLab Read-Only Bypass on PostgreSQL |
24.02.2026 |
|
| CVE-2024-56373 |
Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information |
24.02.2026 |
|
| CVE-2025-27555 |
Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli |
24.02.2026 |
|
| CVE-2026-2664 |
Out of bounds read vulnerability in grpcfuse kernel module |
24.02.2026 |
|
| CVE-2024-1524 |
A local user can be impersonated when using federated authentication with Silent JIT Provisioning. |
24.02.2026 |
7.7 |
| CVE-2025-11165 |
|
24.02.2026 |
|
| CVE-2025-40541 |
SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability |
24.02.2026 |
9.1 |
| CVE-2026-1229 |
Incorrect calculation in CIRCL secp384r1 CombinedMult |
24.02.2026 |
|
| CVE-2025-40538 |
SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability |
24.02.2026 |
9.1 |
| CVE-2025-40539 |
SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability |
24.02.2026 |
9.1 |
| CVE-2025-40540 |
SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability |
24.02.2026 |
9.1 |
| CVE-2025-15386 |
Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS |
24.02.2026 |
|
| CVE-2025-15589 |
MuYuCMS Template Management Template.php delete_dir_file path traversal |
24.02.2026 |
|
| CVE-2026-24314 |
Information Disclosure vulnerability in S/4HANA (Manage Payment Media) |
24.02.2026 |
4.3 |
| CVE-2026-3070 |
SourceCodester Modern Image Gallery App upload.php cross site scripting |
24.02.2026 |
|
| CVE-2026-3069 |
itsourcecode Document Management System edtlbls.php sql injection |
24.02.2026 |
|
| CVE-2026-27461 |
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause |
24.02.2026 |
|
| CVE-2026-3066 |
HummerRisk Cloud Compliance Scanning PlatformUtils.java fixedCommand command injection |
24.02.2026 |
|
| CVE-2026-3067 |
HummerRisk Archive Extraction CommandUtils.java extractZip path traversal |
24.02.2026 |
|
| CVE-2026-3068 |
itsourcecode Document Management System deluser.php sql injection |
24.02.2026 |
|
| CVE-2025-11847 |
|
24.02.2026 |
4.9 |
| CVE-2025-11848 |
|
24.02.2026 |
4.9 |
| CVE-2025-13942 |
|
24.02.2026 |
9.8 |
| CVE-2025-13943 |
|
24.02.2026 |
8.8 |
| CVE-2026-1459 |
|
24.02.2026 |
7.2 |
| CVE-2026-25989 |
ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder |
24.02.2026 |
7.5 |
| CVE-2026-26066 |
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile |
24.02.2026 |
6.2 |
| CVE-2026-26198 |
ormar is vulnerable to SQL Injection through aggregate functions min() and max() |
24.02.2026 |
9.8 |
| CVE-2026-26283 |
ImageMagick has possible infinite loop in JPEG encoder when using `jpeg:extent` |
24.02.2026 |
6.2 |
| CVE-2026-26284 |
ImageMagick has heap overflow in pcd decoder that leads to out of bounds read. |
24.02.2026 |
6.5 |
| CVE-2026-26331 |
yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option |
24.02.2026 |
8.8 |
| CVE-2026-26981 |
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp |
24.02.2026 |
6.5 |
| CVE-2026-26983 |
ImageMagick: Invalid MSL <map> can result in a use after free |
24.02.2026 |
5.3 |
| CVE-2026-27126 |
Craft CMS has Stored XSS in Table Field via "HTML" Column Type |
24.02.2026 |
|
| CVE-2026-27127 |
Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding |
24.02.2026 |
|
| CVE-2026-27128 |
Craft CMS's race condition in Token Service potentially allows for token usage greater than the token limit |
24.02.2026 |
|
| CVE-2026-27129 |
Cloud Metadata SSRF Protection Bypass via IPv6 Resolution |
24.02.2026 |
|
| CVE-2026-3054 |
Alinto SOGo cross site scripting |
24.02.2026 |
|
| CVE-2026-3057 |
a54552239 pearProjectApi Backend Task.php dateTotalForProject sql injection |
24.02.2026 |
|
| CVE-2026-3064 |
HummerRisk Cloud Task Scheduler ResourceCreateService.java command injection |
24.02.2026 |
|
| CVE-2026-3065 |
HummerRisk Cloud Task Dry-run CloudTaskService.java CommandUtils.commonExecCmdWithResult command injection |
24.02.2026 |
|
| CVE-2026-3091 |
|
24.02.2026 |
6.7 |
| CVE-2025-11845 |
|
24.02.2026 |
4.9 |
| CVE-2025-11846 |
|
24.02.2026 |
4.9 |
| CVE-2026-25897 |
ImageMagick has heap overflow in sun decoder on 32-bit systems that can result in out of bounds write |
24.02.2026 |
6.5 |
| CVE-2026-25898 |
Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer |
24.02.2026 |
6.5 |
| CVE-2026-25965 |
ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy |
24.02.2026 |
8.6 |
| CVE-2026-25966 |
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access |
24.02.2026 |
5.9 |
| CVE-2026-25967 |
ImageMagick has stack buffer overflow in FTXT reader via oversized integer field |
24.02.2026 |
7.4 |
| CVE-2026-25968 |
ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write. |
24.02.2026 |
7.4 |
| CVE-2026-25969 |
ImageMagick has Memory Leak in coders/ashlar.c |
24.02.2026 |
5.3 |
| CVE-2026-25970 |
ImageMagick SIXEL Decoder Has Signed Integer Overflow, Leading to Memory Corruption |
24.02.2026 |
5.3 |
| CVE-2026-25971 |
ImageMagick's MSL: Stack overflow in ProcessMSLScript |
24.02.2026 |
6.2 |
| CVE-2026-25982 |
ImageMagick Has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage) |
24.02.2026 |
6.5 |
| CVE-2026-25983 |
ImageMagick has Use After Free in MSLStartElement in "coders/msl.c" |
24.02.2026 |
5.3 |
| CVE-2026-25985 |
Memory allocation with excessive without limits in the internal SVG decoder |
24.02.2026 |
7.5 |
| CVE-2026-25986 |
ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder |
24.02.2026 |
5.3 |
| CVE-2026-25987 |
ImageMagick has heap buffer over-read in MAP image decoder |
24.02.2026 |
5.3 |
| CVE-2026-25988 |
ImageMagick's MSL image stack index not refreshed, leading to leaked images. |
24.02.2026 |
5.3 |
| CVE-2026-3052 |
DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery |
24.02.2026 |
|
| CVE-2026-3053 |
DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication |
24.02.2026 |
|
| CVE-2026-25591 |
New API has an SQL LIKE Wildcard Injection DoS via Token Search |
24.02.2026 |
|
| CVE-2026-25637 |
ImageMagick: Possible memory leak in ASHLAR encoder |
24.02.2026 |
5.3 |
| CVE-2026-25638 |
ImageMagick has memory leak in msl encoder |
24.02.2026 |
5.3 |
| CVE-2026-25794 |
ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions |
24.02.2026 |
8.2 |
| CVE-2026-25795 |
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) |
24.02.2026 |
5.3 |
| CVE-2026-25796 |
ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths |
24.02.2026 |
5.3 |
| CVE-2026-25797 |
ImageMagick vulnerable to Code injection via PostScript header in ps coders |
24.02.2026 |
5.7 |
| CVE-2026-25798 |
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image |
24.02.2026 |
5.3 |
| CVE-2026-25799 |
ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash |
24.02.2026 |
5.3 |
| CVE-2026-25802 |
New API has Potential XSS in its MarkdownRenderer component |
24.02.2026 |
7.6 |
| CVE-2026-27729 |
Astro has memory exhaustion DoS due to missing request body size limit in Server Actions |
24.02.2026 |
5.9 |
| CVE-2026-3050 |
horilla-opensource horilla Leads global.js cross site scripting |
24.02.2026 |
|
| CVE-2026-3051 |
DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal |
24.02.2026 |
|
| CVE-2025-69253 |
free5GC vulnerable to improper error handling in NEF with information exposure |
24.02.2026 |
|
| CVE-2025-9120 |
RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup. |
24.02.2026 |
|
| CVE-2026-21864 |
Remote DoS from malformed RESTORE command |
24.02.2026 |
6.5 |
| CVE-2026-24481 |
ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression |
24.02.2026 |
7.5 |
| CVE-2026-24484 |
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS |
24.02.2026 |
5.3 |
| CVE-2026-24485 |
ImageMagick: Infinite loop vulnerability when parsing a PCD file |
24.02.2026 |
7.5 |
| CVE-2026-25501 |
free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is set but DownlinkDataReport IE is missing |
24.02.2026 |
|
| CVE-2026-25545 |
Astro has Full-Read SSRF in error rendering via Host: header injection |
24.02.2026 |
|
| CVE-2026-25576 |
ImageMagick: Out of bounds read in multiple coders read raw pixel data |
24.02.2026 |
5.1 |
| CVE-2026-26024 |
free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE  |
24.02.2026 |
|
| CVE-2026-26025 |
free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE  |
24.02.2026 |
|
| CVE-2026-27642 |
free5GC has Improper Input Validation in UDM UEAU Service |
24.02.2026 |
|
| CVE-2026-27643 |
free5GC has improper error handling in NEF with information exposure |
24.02.2026 |
|
| CVE-2026-3046 |
itsourcecode E-Logbook with Health Monitoring System for COVID-19 check_profile_old.php sql injection |
24.02.2026 |
|
| CVE-2026-3049 |
horilla-opensource horilla Query Parameter global_search.py get redirect |
24.02.2026 |
|
| CVE-2024-58041 |
Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions |
23.02.2026 |
|
| CVE-2025-69251 |
free5GC has Improper Input Validation in UDM, Leading to Information Exposure |
24.02.2026 |
|
| CVE-2025-69252 |
free5GC has Null Pointer Dereference in UDM, Leading to Service Panic |
23.02.2026 |
|
| CVE-2025-69250 |
free5GC has Improper Error Handling in UDM, Leading to Information Exposure |
23.02.2026 |
|
| CVE-2026-3044 |
Tenda AC8 Httpd Service UploadCfg webCgiGetUploadFile stack-based overflow |
23.02.2026 |
|
| CVE-2026-3042 |
itsourcecode Event Management System index.php sql injection |
23.02.2026 |
|
| CVE-2026-3043 |
itsourcecode Event Management System navbar.php cross site scripting |
23.02.2026 |
|
| CVE-2026-21665 |
|
23.02.2026 |
|
| CVE-2026-3061 |
|
23.02.2026 |
|
| CVE-2026-3062 |
|
23.02.2026 |
|
| CVE-2026-3063 |
|
23.02.2026 |
|
| CVE-2026-27741 |
Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints |
23.02.2026 |
|
| CVE-2026-27742 |
Bludit <= 3.16.2 Stored XSS in Post Content |
23.02.2026 |
|
| CVE-2026-3040 |
DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection |
23.02.2026 |
|
| CVE-2026-3041 |
xingfuggz BaykeShop Article Sidebar custom.html cross site scripting |
23.02.2026 |
|
| CVE-2025-69232 |
free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption |
23.02.2026 |
|
| CVE-2025-69247 |
free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service |
23.02.2026 |
|
| CVE-2025-69248 |
free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service |
23.02.2026 |
|
| CVE-2026-27163 |
|
23.02.2026 |
|
| CVE-2026-3028 |
erzhongxmu JEEWMS JeecgListDemoController.java doAdd cross site scripting |
23.02.2026 |
|
| CVE-2025-69208 |
free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request |
23.02.2026 |
|
| CVE-2026-25649 |
Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints |
23.02.2026 |
7.3 |
| CVE-2026-25984 |
|
23.02.2026 |
|
| CVE-2026-23521 |
Traccar vulnerable to Path Traversal and External Control of File Name or Path |
23.02.2026 |
6.5 |
| CVE-2026-25648 |
Traccar Vulnerable to Stored Cross-Site Scripting (XSS) via Malicious SVG File Upload |
23.02.2026 |
8.7 |
| CVE-2026-3027 |
erzhongxmu JEEWMS UEditor getContent.jsp cross site scripting |
23.02.2026 |
|