Latest CVE Feed
-
8.7
HIGHCVE-2026-26093
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Injection
-
5.7
MEDIUMCVE-2026-26049
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via should... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2026-26048
The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to ... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2026-25715
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effec... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
5.9
MEDIUMCVE-2026-25362
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.... Read more
Affected Products : foogallery- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2026-25343
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.... Read more
Affected Products : wp_sms- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2026-25330
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-25326
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Conte... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-25324
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a throu... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-25322
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2026-25315
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-25313
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-25307
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.... Read more
Affected Products : xstore_core- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2026-25008
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Information Disclosure
-
8.2
HIGHCVE-2026-24790
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2026-24455
The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
6.2
MEDIUMCVE-2026-1842
HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer li... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
0.0
NACVE-2025-70833
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permiss... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a use... Read more
Affected Products : go- Published: Feb. 05, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cryptography
-
5.1
MEDIUMCVE-2025-15583
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting