Common Vulnerabilities and Exposures (CVE)

CVE-2026-2716

Feb 19, 2026 09:26:35 UTC

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escap...

CVE-2026-1461

Feb 19, 2026 09:26:34 UTC

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when th...

CVE-2026-22267

Feb 19, 2026 09:16:54 UTC

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privil...

CVE-2026-22268

Feb 19, 2026 09:12:08 UTC

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service o...

CVE-2026-22266

Feb 19, 2026 09:06:21 UTC

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this ...

CVE-2026-22269

Feb 19, 2026 09:00:56 UTC

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this ...

CVE-2026-2337

Feb 19, 2026 08:59:12 UTC

A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.

CVE-2025-41023

Feb 19, 2026 08:50:36 UTC

An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of ...

CVE-2026-26358

Feb 19, 2026 08:47:24 UTC

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVE-2025-40697

Feb 19, 2026 08:44:16 UTC

Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, s...

CVE-2026-26360

Feb 19, 2026 08:41:00 UTC

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

CVE-2026-2736

Feb 19, 2026 08:39:46 UTC

Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vu...

CVE-2026-2735

Feb 19, 2026 08:38:31 UTC

Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter.

CVE-2025-0752

Feb 19, 2026 08:34:02 UTC

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.

CVE-2026-26359

Feb 19, 2026 08:34:01 UTC

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite ...