Common Vulnerabilities and Exposures (CVE)

CVE-2025-7195

Feb 17, 2026 11:44:05 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2025-7631

Feb 17, 2026 11:36:50 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva News Software allows SQL Injec...

CVE-2026-2247

Feb 17, 2026 11:35:50 UTC

SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's r...

CVE-2026-2608

Feb 17, 2026 11:20:37 UTC

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible fo...

CVE-2026-24532

Feb 17, 2026 10:49:48 UTC

Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Lo...

CVE-2026-25903

Feb 17, 2026 10:19:57 UTC

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additio...

CVE-2025-14104

Feb 17, 2026 09:27:00 UTC

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password d...

CVE-2026-1216

Feb 17, 2026 09:26:22 UTC

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied at...

CVE-2025-63065

Feb 17, 2026 09:23:50 UTC

Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through 3.2...

CVE-2025-69055

Feb 17, 2026 08:43:40 UTC

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3.

CVE-2025-3576

Feb 17, 2026 07:33:07 UTC

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit...

CVE-2024-11831

Feb 17, 2026 07:13:12 UTC

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicio...

CVE-2026-0829

Feb 17, 2026 06:00:06 UTC

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails...

CVE-2026-1657

Feb 17, 2026 05:29:53 UTC

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enable...

CVE-2026-2592

Feb 17, 2026 04:35:45 UTC

The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'Return_from_ZarinPal_Gatewa...