Common Vulnerabilities and Exposures (CVE)

CVE-2026-0106

Feb 19, 2026 17:32:24 UTC

In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...

CVE-2025-70397

Feb 19, 2026 17:24:23 UTC

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

CVE-2025-15585

Feb 19, 2026 17:20:20 UTC

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in priv...

CVE-2026-2817

Feb 19, 2026 17:18:09 UTC

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracte...

CVE-2026-2684

Feb 19, 2026 17:18:01 UTC

A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument...

CVE-2026-24126

Feb 19, 2026 17:13:53 UTC

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. A...

CVE-2026-26339

Feb 19, 2026 17:04:46 UTC

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.

CVE-2026-25428

Feb 19, 2026 17:04:22 UTC

Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.

CVE-2026-26338

Feb 19, 2026 17:03:23 UTC

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.

CVE-2026-26337

Feb 19, 2026 17:01:25 UTC

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.

CVE-2026-25441

Feb 19, 2026 17:00:22 UTC

Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.

CVE-2026-25473

Feb 19, 2026 16:56:05 UTC

Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.

CVE-2026-27066

Feb 19, 2026 16:53:52 UTC

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales no...

CVE-2026-27092

Feb 19, 2026 16:48:25 UTC

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2.11.

CVE-2026-26281

Feb 19, 2026 16:47:43 UTC

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting (XSS) vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management ...