2026-02-19
2026-02-19 07:17Z
HIGH

CVE-2026-0974 — Orderable: The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0974

The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins, which can lead to Remote Code Execution. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDOrderableTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-19
2026-02-19 07:17Z
CRIT

CVE-2026-0926 — Prodigy: The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0926

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and othe CVSSv3.1 9.8 (CRITICAL)

CWECWE 98VNDProdigyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-19
2026-02-19 07:17Z
HIGH

CVE-2026-0912 — Toret: The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0912

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for regi CVSSv3.1 8.8 (HIGH)

CWECWE 269VNDToretTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-18
2026-02-18 18:24Z
HIGH

CVE-2026-24708 — OpenStack: An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected CVSSv3.1 8.2 (HIGH)

CWECWE 73CWECWE 669VNDOpenstackTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-02-18
2026-02-18 18:24Z
HIGH

CVE-2025-14009 — Nltk Nltk: This allows attackers to craft malicious zip packages that, when downloaded and extracted by

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDNltkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-18
2026-02-18 16:22Z
HIGH

CVE-2026-23230 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23230

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleavi CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-18
2026-02-18 12:00Z
CRIT

Carelessness versus craftsmanship in cryptography

Trail of Bits·blog.trailofbits.com

Trail of Bits disclosed widespread key/IV reuse vulnerabilities in popular AES libraries aes-js (850+ npm dependents, 700k+ repos) and pyaes (23k+ repos) caused by default IV of 0x00000000_00000000_00000000_00000001 in CTR mode. The vulnerability affects downstream projects including strongMan VPN Manager, where attackers with database access could recover RSA private keys and X.509 certificates in seconds, enabling impersonation and MITM attacks. strongSwan maintainer Tobias Brunner responded with immediate patching and migration tools; aes-js maintainer has ignored the issue since 2022.

SRFApplicationTACTA0006VNDStrongswanVNDAes JsVNDPyaesVNDStrongmanTYPResearchTYPAdvisory
87
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-02-18
2026-02-18 09:15Z
CRIT

CVE-2025-33073 — PoC Exploit for the NTLM reflection SMB flaw.

GitHub · recent CVE PoCs·github.comGITHUB POCCVE-2025-33073in the wild

Public PoC exploit released for CVE-2025-33073, an NTLM reflection vulnerability in SMB that enables relay attacks against Windows systems. The exploit chains NTLM reflection with DNS coercion or LLMNR poisoning to achieve RCE as SYSTEM, with variants supporting LDAPS relay even when SMB signing is enabled through MIC bypass techniques.

SRFOsSRFNetworkTACTA0006TACTA0008TACTA0009VNDMicrosoftTYPWriteupTYPExploit
92
Edit Score
2026-02-17
2026-02-17 17:05Z
HIGH

STOP THE CAP: Making Entra ID Conditional Access Make Sense Offline

SpecterOps·specterops.io

SpecterOps released CAPSlock, an offline Conditional Access policy (CAP) analysis tool for Microsoft Entra ID that enables red teamers and defenders to reason about policy enforcement without triggering sign-in artifacts. Built on ROADrecon exports, CAPSlock simulates sign-in scenarios, identifies policy gaps, and distinguishes between definitive and signal-dependent policy application to surface potential bypass paths.

TACTA0005TACTA0001SRFIdentitySRFCloudVNDMicrosoftVNDSpecteropsTYPResearchTYPTool
82
Edit Score
2026-02-17
2026-02-17 15:16Z
HIGH

CVE-2026-2616 — Beetel 777vr1_firmware: The manipulation leads to hard-coded credentials.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2616

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is advisable to modify the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH) · EPSS 55th percentile

CWECWE 798CWECWE 259VNDBeetelTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-17
2026-02-17 15:16Z
CRIT

CVE-2026-22208 — OpenS100: (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22208

OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the pr CVSSv3.1 9.6 (CRITICAL) · EPSS 46th percentile

CWECWE 829CWECWE 749VNDOpens100TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-02-17
2026-02-17 12:16Z
HIGH

CVE-2025-7631 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-7631

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection. This issue affects Tumeva Prime News Software: from v.1.0.1 before v1.0.2. CVSSv3.1 8.6 (HIGH) · EPSS 2th percentile

CWECWE 89TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-02-17
2026-02-17 00:00Z
HIGH

Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities

Trend Micro Research·trendmicro.com

Trend Micro disclosed a spam campaign (December 2025–January 2026) that abused Atlassian Jira Cloud's trusted infrastructure and email systems to deliver targeted phishing and spam to government, corporate, and language-specific audiences. Attackers created disposable trial Jira instances, leveraged Jira Automation rules to send crafted emails from legitimate atlassian.net domains, and bypassed email security controls by exploiting SPF/DKIM compliance and inherent trust in SaaS notifications, ultimately redirecting victims to investment scams and online casinos via Keitaro TDS.

SRFApplicationTACTA0001SRFCloudVNDAtlassianTYPResearchTYPThreat IntelSTGExecutionSTGInitial Access
72
Edit Score
2026-02-16
2026-02-16 15:18Z
HIGH

CVE-2026-2447 — Mozilla Firefox: Heap buffer overflow in libvpx.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2447

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2. CVSSv3.1 8.8 (HIGH)

CWECWE 122VNDMozillaVNDHeapTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-16
2026-02-16 09:27Z
CRIT

Nuclei Templates v10.3.9 – Release Notes

Nuclei Templates v10.3.9 release adds 182 new detection templates covering 116 CVEs, including critical RCE vulnerabilities in n8n, Laravel Livewire, BeyondTrust Remote Support, SolarWinds Web Help Desk, and multiple authentication bypass/SQL injection flaws. The release includes templates for both recent 2026 CVEs and historical vulnerabilities with public exploits, alongside bug fixes reducing false positives and negatives in existing detection logic.

SRFApplicationTACTA0001TACTA0002SRFNetwork ApplianceSRFWebTACTA0003VNDProjectdiscoveryTYPTool
9.8
CVSS v3.1
78
Edit Score
2026-02-15
2026-02-15 04:02Z
CRIT

PSFree — PSFree WebKit Exploit & Lapse Kernel Exploit For PS4 9.00 [WIP] By abc

GitHub · kernel exploits·github.comGITHUB POC

PSFree is a public exploit toolkit combining a WebKit vulnerability chain with the Lapse kernel exploit for PS4 firmware 9.00, achieving ~80% stability. The repository includes payload delivery mechanisms, ROP gadgets, and kernel patches to bypass security controls and achieve code execution.

TACTA0004TACTA0002SRFHardwareVNDSonyTYPToolTYPExploitSTGPrivescSTGExecution
78
Edit Score
2026-02-14
2026-02-14 07:16Z
CRIT

CVE-2026-1306 — Synth: The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1306

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible CVSSv3.1 9.8 (CRITICAL)

CWECWE 434VNDSynthTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-14
2026-02-14 05:16Z
HIGH

CVE-2026-2144 — Magic: The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2144

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename (QR_Code.png) in the publicly accessible WordPress uploads directory during the email sending process. The file is only deleted after wp_mail() completes, creating an exploitable race condition window. This makes it possible for unauthenticated CVSSv3.1 8.1 (HIGH)

CWECWE 269VNDMagicTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-02-13
2026-02-13 18:25Z
INFO

v2.9.2

AzureHound releases·github.com

AzureHound v2.9.2 released with a bug fix addressing unmarshalling of wrapper structs. The update resolves a technical issue in the custom unmarshaller that was causing deserialization failures.

SRFIdentitySRFCloudVNDSpecteropsVNDMicrosoft AzureTYPTool
35
Edit Score
2026-02-13
2026-02-13 16:16Z
CRIT

CVE-2026-26221 — Hyland: An attacker who can reach the service can send crafted .NET Remoting requests to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26221

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem for Workflow) to trigger unsafe object unmarshalling, enabling arbitrary file read/write. By writing attacker-controlled content into web-accessible locations or CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDHylandTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-13
2026-02-13 14:16Z
CRIT

CVE-2026-23112 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23112

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile

CWECWE 787TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-13
2026-02-13 14:16Z
HIGH

CVE-2026-1619 — Uni-yaz Flexcity: Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1619

Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. CVSSv3.1 8.3 (HIGH) · EPSS 6th percentile

CWECWE 639VNDUni YazTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-02-13
2026-02-13 14:16Z
HIGH

CVE-2026-1618 — Uni-yaz Flexcity: Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1618

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile

CWECWE 288VNDUni YazTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-13
2026-02-13 14:16Z
HIGH

CVE-2025-14349 — Uni-yaz Flexcity: Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. CVSSv3.1 8.8 (HIGH) · EPSS 11th percentile

CWECWE 306CWECWE 267VNDUni YazTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-12
2026-02-12 15:16Z
CRIT

CVE-2025-14014 — Upload: Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14014

Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Smart Panel: before 20251215. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile

CWECWE 434TYPVulnerability
9.8
CVSS v3.1
99
Edit Score