Common Vulnerabilities and Exposures (CVE)

CVE-2026-2820

Feb 20, 2026 02:02:08 UTC

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument...

CVE-2026-26065

Feb 20, 2026 01:54:03 UTC

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbit...

CVE-2026-26064

Feb 20, 2026 01:44:34 UTC

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. ...

CVE-2026-27016

Feb 20, 2026 01:34:11 UTC

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization wh...

CVE-2026-2819

Feb 20, 2026 01:32:06 UTC

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to mis...

CVE-2026-26990

Feb 20, 2026 01:29:33 UTC

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix i...

CVE-2026-26989

Feb 20, 2026 01:25:31 UTC

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileg...

CVE-2026-26988

Feb 20, 2026 01:17:15 UTC

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user ...

CVE-2026-26987

Feb 20, 2026 01:11:13 UTC

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.

CVE-2026-26960

Feb 20, 2026 01:07:52 UTC

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, ena...

CVE-2026-26980

Feb 20, 2026 01:00:51 UTC

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

CVE-2026-26977

Feb 20, 2026 00:56:42 UTC

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this ...

CVE-2026-26975

Feb 20, 2026 00:49:03 UTC

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installation...

CVE-2026-26974

Feb 20, 2026 00:34:37 UTC

Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports **/*.plugin.{js,mjs} files including those from node_modules, so any malicious package with a .plugin.js file can ex...

CVE-2025-30416

Feb 20, 2026 00:31:27 UTC

Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.