Security Advisories

Showing 110 advisories

CVE-2026-2385 | The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress AJAX email_data Remote Code Execution

A vulnerability categorized as critical has been discovered in The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress. The affected element is an unknown function of the component AJAX Handler. Executing a manipulation of the argument email_data can lead to Remote Code Execution. This vulnera

Feb 21, 2026

Global

VulDBCritical

CVE-2026-2954 | Dromara UJCMS 10.0.2 ImportDataController import-channel importChanel driverClassName/url injection

A vulnerability was found in Dromara UJCMS 10.0.2. It has been rated as critical. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. T

Feb 21, 2026

Global

VulDBCritical

CVE-2026-2953 | Dromara UJCMS 101.2 Template WebFileTemplateController.delete deleteDirectory path traversal

A vulnerability was found in Dromara UJCMS 101.2. It has been declared as critical. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-2953

Feb 21, 2026

Global

VulDBCritical

CVE-2026-2952 | Vaelsys 4.1.0 HTTP POST Request /tree/tree_server.php xajaxargs os command injection

A vulnerability was found in Vaelsys 4.1.0. It has been classified as critical. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. This vulnerability is tracked

Feb 21, 2026

Global

VulDBLow

CVE-2026-2947 | rymcu forest up to 0.0.5 User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was found in rymcu forest up to 0.0.5 and classified as problematic. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. Thi

Feb 21, 2026

Global

VulDBLow

CVE-2026-2946 | rymcu forest up to 0.0.5 Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting

A vulnerability has been found in rymcu forest up to 0.0.5 and classified as problematic. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross

Feb 21, 2026

Global

VulDBCritical

CVE-2026-2945 | JeecgBoot 3.9.0 uploadImgByHttp fileUrl server-side request forgery

A vulnerability, which was classified as critical, was found in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The identification of this vu

Feb 21, 2026

Global

VulDBCritical

CVE-2026-2944 | Tosei Online Store Management System ネット店舗管理システム HTTP POST Request /cgi-bin/monitor.php system os command injection

A vulnerability, which was classified as critical, has been found in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os comma

Feb 21, 2026

Global

VulDBLow

CVE-2026-2943 | SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318 index.php Error cross site scripting

A vulnerability classified as problematic was found in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. This vulnerability is uniquely i

Feb 21, 2026

Global

VulDBCritical

CVE-2026-2940 | Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b URL tiny_web_server/tiny.c out-of-bounds write

A vulnerability classified as critical has been found in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. This vuln

Feb 21, 2026

Global

VulDBLow

CVE-2026-2939 | itsourcecode Student Management System 1.0 Add Student /add_student/ cross site scripting

A vulnerability described as problematic has been identified in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. This vulnerability is known as CVE-

Feb 21, 2026

Global

VulDBCritical

CVE-2026-2938 | SourceCodester Student Result Management System 1.0 update_smtp.php access control

A vulnerability marked as critical has been reported in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-2

Feb 21, 2026

Global

VulDBLow

CVE-2026-27576 | OpenClaw up to 2026.2.18 ACP Bridge resource consumption (GHSA-cxpw-2g23-2vgw)

A vulnerability labeled as problematic has been found in OpenClaw up to 2026.2.18. Impacted is an unknown function of the component ACP Bridge. Executing a manipulation can lead to resource consumption. This vulnerability appears as CVE-2026-27576. The attack requires local access. There is no avail

Feb 21, 2026

Global

VulDBHigh

CVE-2026-27479 | ellite Wallos up to 4.6.0 getLogoFromUrl server-side request forgery (GHSA-fgmf-7g5v-jmjg)

A vulnerability identified as critical has been detected in ellite Wallos up to 4.6.0. This issue affects the function getLogoFromUrl. Performing a manipulation results in server-side request forgery. This vulnerability is reported as CVE-2026-27479. The attack is possible to be carried out remotely

Feb 21, 2026

Global

VulDBCritical

CVE-2026-27574 | oneuptime up to 10.0.4 code injection (GHSA-v264-xqh4-9xmm)

A vulnerability categorized as critical has been discovered in oneuptime up to 10.0.4. This vulnerability affects unknown code. Such manipulation leads to code injection. This vulnerability is documented as CVE-2026-27574. The attack can be executed remotely. There is not any exploit available. It i

Feb 21, 2026

Global

VulDBMedium

CVE-2026-27492 | lettermint lettermint-node up to 1.5.0 Password Reset send wrong session (GHSA-49pc-8936-wvfp)

A vulnerability was found in lettermint lettermint-node up to 1.5.0. It has been rated as problematic. This affects the function send of the component Password Reset Handler. This manipulation causes exposure of data element to wrong session. This vulnerability is registered as CVE-2026-27492. The a

Feb 21, 2026

Global

VulDBHigh

CVE-2026-27487 | OpenClaw up to 2026.2.13 on macOS Claude CLI Keychain Credential Refresh Path os command injection (GHSA-4564-pvr2-qq4h)

A vulnerability was found in OpenClaw up to 2026.2.13 on macOS. It has been declared as critical. Affected by this issue is some unknown functionality of the component Claude CLI Keychain Credential Refresh Path Handler. The manipulation results in os command injection. This vulnerability is catalog

Feb 21, 2026

Global

VulDBLow

CVE-2026-27486 | OpenClaw up to 2026.2.13 CLI unverified ownership (GHSA-jfv4-h8mc-jcp8)

A vulnerability was found in OpenClaw up to 2026.2.13. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component CLI. The manipulation leads to unverified ownership. This vulnerability is listed as CVE-2026-27486. The attack must be carried ou

Feb 21, 2026

Global

VulDBCritical

CVE-2026-27488 | OpenClaw up to 2026.2.18 server-cron.ts fetch server-side request forgery (GHSA-w45g-5746-x9fp)

A vulnerability was found in OpenClaw up to 2026.2.18 and classified as critical. Affected is the function fetch of the file src/gateway/server-cron.ts. Executing a manipulation can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-27488. The attack can be launched remot

Feb 21, 2026

Global

VulDBMedium

CVE-2026-27482 | ray-project ray up to 2.53.x DELETE Endpoint generic exception (GHSA-q5fh-2hc8-f6rq)

A vulnerability has been found in ray-project ray up to 2.53.x and classified as problematic. This impacts an unknown function of the component DELETE Endpoint. Performing a manipulation results in declaration of catch for generic exception. This vulnerability is identified as CVE-2026-27482. The at

Feb 21, 2026

Global

CCCSLow

Roundcube security advisory (AV25-309) - Update 1

Serial number: AV25-309Date: June 2, 2025Updated: February 20, 2026 On June 1, 2025, Roundcube published security advisories to address vulnerabilities in the following products: Webmail – versions prior to 1.5.10 Webmail – versions prior to 1.6.11 Update 1 On February 20, 2026, Cybersecurity and In

Feb 20, 2026

Canada

CISA

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability These types of v

Feb 20, 2026

United States

HKCERTCritical

Google Chrome Multiple Vulnerabilities

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and sensitive information disclosure on the targeted system. Impact Remote Code Execution Information Disclosure Deni

Feb 20, 2026

Hong Kong

HKCERT

Apache Tomcat Security Restriction Bypass Vulnerability

A vulnerability has been identified in Apache Tomcat. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Impact Security Restriction Bypass System / Technologies affected Apache Tomcat version 9.0.83 to 9.0.114 Apache Tomcat version 10.1

Feb 20, 2026

Hong Kong

HKCERTMedium

F5 BIG-IP Denial of Service Vulnerability

A vulnerability was identified in F5 BIG-IP. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system. Impact Denial of Service System / Technologies affected BIG-IP AFM and DDoS Hybrid Defender 17.5.1.4 Solutions Before installation of the sof

Feb 20, 2026

Hong Kong

HKCERTCritical

Microsoft Edge Multiple Vulnerabilities

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, denial of service condition, security restriction bypass and remote code execution on the targeted system. Note: CVE-2026-2441 is bei

Feb 20, 2026

Hong Kong

HKCERTCritical

Mozilla Products Remote Code Execution Vulnerability

A vulnerability was identified in Mozilla Products. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system. Impact Denial of Service Remote Code Execution System / Technologies affected Versions prior to: Firefox 147

Feb 20, 2026

Hong Kong

CCCSLow

HPE security advisory (AV26-150)

Serial number: AV26-150Date: February 19, 2026 On February 19, 2026, HPE published security advisories to address vulnerabilities in the following products: HPE Telco Service Activator – versions prior to 10.5.0 HPE SimpliVity 380 servers – versions prior to SimpliVity Support Pack (SVTSP) Gen10 and

Feb 19, 2026

Canada

CCCSCritical

Tenable security advisory (AV26-149)

Serial number: AV26-149Date: February 19, 2026 On February 18, 2026, Tenable published a security advisory to address vulnerabilities in the following product. Included was a critical update for the following: Tenable Security Center – version 6.7.2 w/ Patch SC-202602.1 and Patch SC-202602.2 and pri

Feb 19, 2026

Canada

CCCSCritical

IceWarp security advisory (AV26-148)

Serial number: AV26-148Date: February 19, 2026 On February 19, 2026, IceWarp published security advisories to address vulnerabilities in multiple products. Included was a critical vulnerability affecting the following products: IceWarp Epos Update 2 – versions prior to 14.2.0.12 IceWarp Epos Update

Feb 19, 2026

Canada

CCCSLow

Splunk security advisory (AV26-147)

Serial number: AV26-147Date: February 19, 2026 On February 18, 2026, Splunk published security advisories to address vulnerabilities in the following products: Splunk Enterprise – multiple versions Splunk Cloud Platform – multiple versions Splunk Universal Forwarder – multiple versions Splunk DB Con

Feb 19, 2026

Canada

CCCSLow

GitHub security advisory (AV26-146)

Serial number: AV26-146Date: February 19, 2026 On February 10, 2026, GitHub published security advisories to address vulnerabilities in the following products: GitHub Enterprise Server – versions 3.19.x prior to 3.19.2 GitHub Enterprise Server – versions 3.18.x prior to 3.18.5 GitHub Enterprise Serv

Feb 19, 2026

Canada

CCCSLow

Google Chrome security advisory (AV26-145)

Serial number: AV26-145Date: February 19, 2026 On February 18, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to 145.0.7632.109/110 (Windows/Mac) and 144.0.7559.109 (Linux) The Cyber Centre encourages

Feb 19, 2026

Canada

CISACritical

Valmet DNA Engineering Web Tools

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. The following versions of Valmet DNA Engineering Web Tools are affected: Valmet DNA Engineering Web Tools <=C2

Feb 19, 2026

United States

CISACritical

Jinan USR IOT Technology Limited (PUSR) USR-W610

View CSAF Summary Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials. The following versions of Jinan USR IOT Technology Limited (PUSR) USR-

Feb 19, 2026

United States

CISACritical

EnOcean SmartServer IoT

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR. The following versions of EnOcean SmartServer IoT are affected: SmartServer IoT <=4.60.009 (CVE-2026-20761, CVE-2026-22885) CVSS Vendor Equipment Vulnerabili

Feb 19, 2026

United States

CISACritical

Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller

View CSAF Summary Successful exploitation of this vulnerability could result in an over- or under-odorization event. The following versions of Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller are affected: OdorEyes EcoSystem Pulse Bypass System with XL4 Controller vers:all/* (CVE-20

Feb 19, 2026

United States

CCCSLow

F5 security advisory (AV26-144)

Serial number: AV26-144Date: February 18, 2026 On February 18, 2026, F5 published a security advisory to address a vulnerability in the following product: BIG-IP AFM and DDoS Hybrid Defender 17.x – version 17.5.1.4 The Cyber Centre encourages users and administrators to review the provided web link

Feb 18, 2026

Canada

CCCSCritical

Dell security advisory (AV26-138) – Update 1

Serial number: AV26-138Date: February 18, 2026Updated: February 18, 2026 On February 17, 2026, Dell published security advisories to address vulnerabilities in multiple products. Included was a critical update for the following: RecoverPoint for Virtual Machines – versions prior to 5.3 SP4 P1 Recove

Feb 18, 2026

Canada

CCCSLow

Microsoft Edge security advisory (AV26-143)

Serial number: AV26-143Date: February 18, 2026 On February 14, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel – versions prior to 145.0.3800.58 Microsoft has indicated that CVE-2026-2441 has an available exploit. The Cyb

Feb 18, 2026

Canada

CCCSLow

Jenkins security advisory (AV26-142)

Serial number: AV26-142Date: February 18, 2026 On February 18, 2026, Jenkins published a security advisory to address vulnerabilities in the following products: Jenkins weekly – version 2.550 and prior Jenkins LTS – versions 2.541.1 and prior The Cyber Centre encourages users and administrators to r

Feb 18, 2026

Canada

CCCSLow

Atlassian security advisory (AV26-141)

Serial number: AV26-141Date: February 18, 2026 On February 17, 2026, Atlassian published a security advisory to address vulnerabilities in the following products: Bamboo Data Center and Server – multiple versions Confluence Data Center and Server – multiple versions Crowd Data Center and Server – mu

Feb 18, 2026

Canada

CCCSLow

[Control systems] ABB security advisory (AV26-140)

Serial number: AV26-140 Date: February 18, 2026 On February 18, 2026, ABB published a security advisory to address vulnerabilities in the following product: B&R Automation Studio – versions prior to 6.5 The Cyber Centre encourages users and administrators to review the provided web links and perform

Feb 18, 2026

Canada

CCCSLow

HPE security advisory (AV26-139)

Serial number: AV26-139Date: February 18, 2026 On February 17, 2026, HPE published a security advisory to address a vulnerability in the following product: HPE Aruba Networking ClearPass Policy Manager 6.12.x – version 6.12.7 and prior HPE Aruba Networking ClearPass Policy Manager 6.11.x – version 6

Feb 18, 2026

Canada

CISA

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials V

Feb 18, 2026

United States

CCCSLow

Google Chrome security advisory (AV26-130) - Update 1

Serial number: AV26-130Date: February 16, 2026Updated: February 17, 2026 On February 13, 2026, Google published a security advisory to address a vulnerability in the following product: Stable Channel Chrome for Desktop – versions prior to 145.0.7632.75/76 (Windows/Mac) and 144.0.7559.75 (Linux) Goog

Feb 17, 2026

Canada

CCCSCritical

Tenable security advisory (AV26-137)

Serial number: AV26-137Date: February 17, 2026 On February 17, 2026, Tenable published a security advisory to address vulnerabilities in the following product. Included was a critical update for the following: Tenable Security Center – version 6.7.2 and prior The Cyber Centre encourages users and ad

Feb 17, 2026

Canada

CCCSLow

Mozilla security advisory (AV26-136)

Serial number: AV26-136Date: February 17, 2026 On February 16, 2026, Mozilla published security advisories to address vulnerabilities in the following products: Thunderbird – versions prior to 147.0.2 and 140.7.2 Firefox – versions prior to 147.0.4 Firefox ESR – versions prior to 115.32.1 Firefox ES

Feb 17, 2026

Canada

CCCSLow

Red Hat security advisory (AV26-135)

Serial number: AV26-135Date: February 17, 2026 Between February 9 and 15, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products: Red Hat CodeReady Linux Builder – mu

Feb 17, 2026

Canada

CCCSLow

[Control systems] CISA ICS security advisories (AV26-134)

Serial number: AV26-134Date: February 17, 2026 Between February 9 and 15, 2026, CISA published ICS advisories to address vulnerabilities in the following products: AVEVA PI Data Archive PI Server – multiple versions AVEVA PI to CONNECT Agent – versions prior to v2.4.2520 Airleader GmbH Airleader Mas

Feb 17, 2026

Canada

CCCSLow

Ubuntu security advisory (AV26-133)

Serial number: AV26-133Date: February 17, 2026 Between February 9 and 15, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products: Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 25.10 The Cyb

Feb 17, 2026

Canada

CISACritical

Honeywell CCTV Products

View CSAF Summary Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. The following versions of Honeywell CCTV Prod

Feb 17, 2026

United States

CISACritical

GE Vernova Enervista UR Setup

View CSAF Summary Successful exploitation of these vulnerabilities may allow code execution with elevated privileges. The following versions of GE Vernova Enervista UR Setup are affected: Enervista UR Setup <8.70 (CVE-2026-1762, CVE-2026-1763) CVSS Vendor Equipment Vulnerabilities v3 7.8 GE Vernova

Feb 17, 2026

United States

CISACritical

Delta Electronics ASDA-Soft

View CSAF Summary Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler (SEH). The following versions of Delta Electronics ASDA-Soft are affected: ASDA-Sof

Feb 17, 2026

United States

CISACritical

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2008-0015 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability CVE-2020-7796 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request

Feb 17, 2026

United States

CISACritical

Siemens Simcenter Femap and Nastran

View CSAF Summary Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application

Feb 17, 2026

United States

CERT-FR

Vulnérabilité dans Mattermost Server (17 février 2026)

Une vulnérabilité a été découverte dans Mattermost Server. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

CVE-2026-2385 | The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress AJAX email_data Remote Code Execution

CVE-2026-2954 | Dromara UJCMS 10.0.2 ImportDataController import-channel importChanel driverClassName/url injection

CVE-2026-2953 | Dromara UJCMS 101.2 Template WebFileTemplateController.delete deleteDirectory path traversal

CVE-2026-2952 | Vaelsys 4.1.0 HTTP POST Request /tree/tree_server.php xajaxargs os command injection

CVE-2026-2947 | rymcu forest up to 0.0.5 User Profile UserInfoController.java updateUserInfo cross site scripting

CVE-2026-2946 | rymcu forest up to 0.0.5 Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting

CVE-2026-2945 | JeecgBoot 3.9.0 uploadImgByHttp fileUrl server-side request forgery

CVE-2026-2944 | Tosei Online Store Management System ネット店舗管理システム HTTP POST Request /cgi-bin/monitor.php system os command injection

CVE-2026-2943 | SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318 index.php Error cross site scripting

CVE-2026-2940 | Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b URL tiny_web_server/tiny.c out-of-bounds write

CVE-2026-2939 | itsourcecode Student Management System 1.0 Add Student /add_student/ cross site scripting

CVE-2026-2938 | SourceCodester Student Result Management System 1.0 update_smtp.php access control

CVE-2026-27576 | OpenClaw up to 2026.2.18 ACP Bridge resource consumption (GHSA-cxpw-2g23-2vgw)

CVE-2026-27479 | ellite Wallos up to 4.6.0 getLogoFromUrl server-side request forgery (GHSA-fgmf-7g5v-jmjg)

CVE-2026-27574 | oneuptime up to 10.0.4 code injection (GHSA-v264-xqh4-9xmm)

CVE-2026-27492 | lettermint lettermint-node up to 1.5.0 Password Reset send wrong session (GHSA-49pc-8936-wvfp)

CVE-2026-27487 | OpenClaw up to 2026.2.13 on macOS Claude CLI Keychain Credential Refresh Path os command injection (GHSA-4564-pvr2-qq4h)

CVE-2026-27486 | OpenClaw up to 2026.2.13 CLI unverified ownership (GHSA-jfv4-h8mc-jcp8)

CVE-2026-27488 | OpenClaw up to 2026.2.18 server-cron.ts fetch server-side request forgery (GHSA-w45g-5746-x9fp)

CVE-2026-27482 | ray-project ray up to 2.53.x DELETE Endpoint generic exception (GHSA-q5fh-2hc8-f6rq)

Roundcube security advisory (AV25-309) - Update 1

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Google Chrome Multiple Vulnerabilities

Apache Tomcat Security Restriction Bypass Vulnerability

F5 BIG-IP Denial of Service Vulnerability

Microsoft Edge Multiple Vulnerabilities

Mozilla Products Remote Code Execution Vulnerability

HPE security advisory (AV26-150)

Tenable security advisory (AV26-149)

IceWarp security advisory (AV26-148)

Splunk security advisory (AV26-147)

GitHub security advisory (AV26-146)

Google Chrome security advisory (AV26-145)

Valmet DNA Engineering Web Tools

Jinan USR IOT Technology Limited (PUSR) USR-W610

EnOcean SmartServer IoT

Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller

F5 security advisory (AV26-144)

Dell security advisory (AV26-138) – Update 1

Microsoft Edge security advisory (AV26-143)

Jenkins security advisory (AV26-142)

Atlassian security advisory (AV26-141)

[Control systems] ABB security advisory (AV26-140)

HPE security advisory (AV26-139)

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Google Chrome security advisory (AV26-130) - Update 1

Tenable security advisory (AV26-137)

Mozilla security advisory (AV26-136)

Red Hat security advisory (AV26-135)

[Control systems] CISA ICS security advisories (AV26-134)

Ubuntu security advisory (AV26-133)

Honeywell CCTV Products

GE Vernova Enervista UR Setup

Delta Electronics ASDA-Soft

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Siemens Simcenter Femap and Nastran

Vulnérabilité dans Mattermost Server (17 février 2026)

Multiples vulnérabilités dans LibreNMS (17 février 2026)

Multiples vulnérabilités dans Moodle (17 février 2026)

Google Chrome Remote Code Execution Vulnerability

PostgreSQL Multiple Vulnerabilities

Bulletin d'actualité CERTFR-2026-ACT-007 (16 février 2026)

Multiples vulnérabilités dans les produits Mattermost (16 février 2026)

Vulnérabilité dans Google Chrome (16 février 2026)

CISA Adds One Known Exploited Vulnerability to Catalog

Apple Products Multiple Vulnerabilities

MongoDB Multiple Vulnerabilities

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (13 février 2026)

Multiples vulnérabilités dans le noyau Linux de SUSE (13 février 2026)

Vulnérabilité dans Tenable Nessus Agent (13 février 2026)

Multiples vulnérabilités dans le noyau Linux de Red Hat (13 février 2026)

Multiples vulnérabilités dans le noyau Linux de Debian LTS (13 février 2026)

Vulnérabilité dans Mattermost Server (13 février 2026)

Multiples vulnérabilités dans Juniper Networks Secure Analytics (13 février 2026)

Multiples vulnérabilités dans PostgreSQL (13 février 2026)

Multiples vulnérabilités dans les produits IBM (13 février 2026)

Multiples vulnérabilités dans HAProxy (13 février 2026)

Multiples vulnérabilités dans le noyau Linux de Debian (13 février 2026)

Siemens Polarion