Latest CVE Feed
-
5.0
MEDIUMCVE-2026-27900
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2026-25191
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be execut... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2026-23703
The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege.... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-1311
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upl... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-2356
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register_member' function, due to missi... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authorization
-
8.1
HIGHCVE-2026-27975
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.... Read more
Affected Products : ajenti- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authentication
-
4.8
MEDIUMCVE-2026-27974
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library ... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.0
MEDIUMCVE-2026-27973
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious l... Read more
Affected Products : audiobookshelf- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-27963
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library m... Read more
Affected Products : audiobookshelf- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
1.3
LOWCVE-2026-27465
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorize... Read more
Affected Products : fleet- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Information Disclosure
-
1.2
LOWCVE-2026-25963
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the sa... Read more
Affected Products : fleet- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authorization
-
1.7
LOWCVE-2026-24004
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of in... Read more
Affected Products : fleet- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authentication
-
0.6
LOWCVE-2026-23999
Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the res... Read more
Affected Products : fleet- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2026-1779
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated a... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-15583
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been... Read more
Affected Products : e-commerce- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-15582
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploi... Read more
Affected Products : e-commerce- Published: Feb. 20, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2026-2861
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now ... Read more
Affected Products : foswiki- Published: Feb. 21, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through Cst... Read more
- Published: Feb. 23, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-70327
TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without ... Read more
- Published: Feb. 23, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2026-3028
A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripti... Read more
- Published: Feb. 23, 2026
- Modified: Feb. 26, 2026
- Vuln Type: Cross-Site Scripting