Live Latest activity →

February 2026

221 security articles published this month.

141
critical
76
high
3
medium
0
low
1
Advisory
206
Breaches
12
News
2
Intel
0
Learn
1
Research
0
Malware
0

Advisory

(206)
high Feb 28

Wordpress SQL Injection (CVE-2025-13673)

high Feb 28

Wordpress Deserialization (CVE-2026-2471)

high Feb 28

wpForo unauthenticated SQLi (CVE-2026-28562)

high Feb 28

Tenda F453 stack overflow (CVE-2026-3376)

critical Feb 27

CVE-2025-11251: Improper Neutralization RCE

critical Feb 27

Signumtte Windesk.Fm SQL Injection (CVE-2025-11252)

critical Feb 27

Wordpress Privilege Escalation (CVE-2025-12981)

critical Feb 27

WebSocket endpoints unauthenticated access

critical Feb 27

Software Authentication Bypass (CVE-2026-21718) - Patch Now

critical Feb 27

CVE-2026-2251: Improper RCE — Critical — Patch Now

critical Feb 27

CVE-2026-24352: PluXml CMS

critical Feb 27

WebSocket endpoints unauthenticated access

critical Feb 27

WebSocket App unauthenticated hijack (CVE-2026-25851)

critical Feb 27

Linux Vulnerability (CVE-2026-2749) [PoC]

critical Feb 27

CVE-2026-27751: SODOLA SL902

critical Feb 27

CVE-2026-27755: SODOLA SL902

critical Feb 27

WebSocket lacks auth – unauthenticated access

critical Feb 27

WebSocket endpoint lacks auth (CVE-2026-27772)

critical Feb 27

CVE-2026-28268: Vikunja RCE — Critical — Patch Now

critical Feb 27

CVE-2026-28363: In OpenClaw

critical Feb 27

CVE-2026-28409: WeGIA RCE — Critical — Patch Now

critical Feb 27

Totolink N300RH unauthenticated RCE (CVE-2026-3301)

critical Feb 26

CVE-2025-50857: Php Path Traversal — Critical — Patch Now

critical Feb 26

CVE-2026-27941: OpenLIT RCE — Critical — Patch Now

critical Feb 26

CVE-2026-27966: Langflow [PoC]

critical Feb 26

CVE-2026-28213: EverShop RCE — Critical — Patch Now

critical Feb 25

Kubernetes creates PersistentVolumes anywhere

medium Feb 25

Cisco Catalyst SD-WAN Manager file overwrite exploited in the wild (CVE-2026-20122)

critical Feb 25

Cisco Vulnerability (CVE-2026-20127) [PoC]

high Feb 25

Cisco Catalyst SD-WAN Manager credential leak exploited in the wild (CVE-2026-20128)

critical Feb 25

Cisco Vulnerability (CVE-2026-20129)

medium Feb 25

Catalyst SD-WAN Manager leaks OS data, exploited (CVE-2026-20133)

critical Feb 25

Juniper RCE Vulnerability (CVE-2026-21902) [PoC]

critical Feb 25

Php RCE Vulnerability (CVE-2026-24849)

critical Feb 25

CVE-2026-24908: OpenEMR RCE — High Exploit Risk

critical Feb 25

Software Path Traversal Flaw (CVE-2026-25785) - Patch Now

critical Feb 25

Software Authentication Bypass (CVE-2026-2624) - Patch Now

critical Feb 25

Enclave sandbox escape lets attackers run code

critical Feb 25

OliveTin bypasses shell safety check (CVE-2026-27626)

critical Feb 25

CVE-2026-27637: Php

critical Feb 25

Flask Path Traversal (CVE-2026-27641)

critical Feb 25

Budibase unsafe eval RCE (CVE-2026-27702)

critical Feb 25

OneUptime Command Injection (CVE-2026-27728)

critical Feb 24

Zyxel Command Injection (CVE-2025-13942)

critical Feb 24

Serv-U Broken Access Control RCE (CVE-2025-40538)

critical Feb 24

Serv-U Type Confusion RCE Vulnerability (CVE-2025-40539)

critical Feb 24

Serv-U Type Confusion RCE Vulnerability (CVE-2025-40540)

critical Feb 24

Serv-U IDOR lets attackers execute code

critical Feb 24

CVE-2026-21410: InSAT MasterSCADA BUK RCE

critical Feb 24

Software Command Injection Flaw (CVE-2026-22553) - Patch Now

critical Feb 24

Python Ormar ORM unauthenticated SQLi (CVE-2026-26198)

critical Feb 24

Binardat 10G08 switch leaks admin credentials

critical Feb 24

Statmatic password reset hijacks user accounts

critical Feb 23

Ayms node-To master exposes TLS traffic

critical Feb 23

Wordpress Vulnerability (CVE-2026-23693)

critical Feb 23

Software SQL Injection Flaw (CVE-2026-24494) - Patch Now

high Feb 23

D-Link Vulnerability (CVE-2026-2958)

high Feb 23

D-Link Vulnerability (CVE-2026-2959)

high Feb 23

D-Link Vulnerability (CVE-2026-2960)

high Feb 23

D-Link Vulnerability (CVE-2026-2961)

high Feb 23

D-Link Vulnerability (CVE-2026-2962)

high Feb 23

UTT HiPER 810G Buffer Overflow RCE (CVE-2026-3015)

high Feb 23

UTT HiPER 810G Buffer Overflow RCE (CVE-2026-3016)

high Feb 22

Portal+ CMS SQLi leaks databases (CVE-2019-25366)

high Feb 22

CVE-2019-25391: Ashop Shopping Cart SQLi — Patch Guide

high Feb 22

CVE-2019-25433: XOOPS CMS SQLi — Patch Guide

high Feb 22

CVE-2019-25439: NoviSmart CMS SQLi — Patch Guide

high Feb 21

OpenSift stored XSS in chat UI (CVE-2026-27169)

critical Feb 21

Sentry SAML SSO hijacks accounts (CVE-2026-27197)

high Feb 21

ZoneMinder SQL Injection Exposes Data (CVE-2026-27470) [PoC]

critical Feb 21

CVE-2026-27574: OneUptime [PoC]

high Feb 21

Tenda A21 stack overflow (CVE-2026-2870)

high Feb 21

Tenda A21 stack overflow lets attackers crash

high Feb 21

Tenda A21 lets attackers block valid devices

high Feb 21

Tenda A21 Buffer Overflow RCE (CVE-2026-2873)

high Feb 21

Tenda A21 Wi-Fi Stack Buffer Overflow RCE (CVE-2026-2874)

high Feb 21

Tenda A18 stack overflow leads to RCE (CVE-2026-2876)

high Feb 21

Tenda A18 stack overflow lets attackers crash

high Feb 21

D-Link Vulnerability (CVE-2026-2881)

critical Feb 20

Software Command Injection Flaw (CVE-2019-25441) - Patch Now

critical Feb 20

Software Command Injection Flaw (CVE-2021-35402) - Patch Now

critical Feb 20

Software SQL Injection Flaw (CVE-2025-10970) - Patch Now

critical Feb 20

Linux Vulnerability (CVE-2025-30411)

critical Feb 20

Linux Vulnerability (CVE-2025-30412)

critical Feb 20

Linux Vulnerability (CVE-2025-30416)

critical Feb 20

Management interface unauthenticated RCE

critical Feb 20

fast-xml-parser DOCTYPE Injection RCE (CVE-2026-25896)

critical Feb 20

Software Authentication Bypass (CVE-2026-2635) - Patch Now

high Feb 20

D-Link Vulnerability (CVE-2026-2853)

high Feb 20

D-Link Vulnerability (CVE-2026-2854)

critical Feb 19

WSO2 Identity Server: admin RCE (CVE-2025-12107)

critical Feb 19

Wordpress Privilege Escalation (CVE-2025-12882)

critical Feb 19

Wordpress Privilege Escalation (CVE-2025-13563)

critical Feb 19

Wordpress Privilege Escalation (CVE-2025-13851)

critical Feb 19

Wordpress RCE Vulnerability (CVE-2026-0926)

critical Feb 19

WordPress plugin lets attackers upload files

critical Feb 19

Wordpress Privilege Escalation (CVE-2026-1994)

critical Feb 19

Software Deserialization Flaw (CVE-2026-23542) - Patch Now

critical Feb 19

CVE-2026-25242: Gogs RCE — Critical — Patch Now [PoC]

critical Feb 19

Microsoft RCE Vulnerability (CVE-2026-26030)

critical Feb 19

Dingcheng G10 unauthenticated RCE (CVE-2026-2686)

critical Feb 18

Aida64 Engineer Buffer Overflow (CVE-2019-25360)

critical Feb 18

NFTP client Buffer Overflow (CVE-2019-25361)

critical Feb 18

Software Buffer Overflow (CVE-2019-25362) - Patch Now

critical Feb 18

MailCarrier Buffer Overflow (CVE-2019-25364)

critical Feb 18

ChaosPro Buffer Overflow (CVE-2019-25365)

critical Feb 18

NLTK Downloader Zip Slip RCE (CVE-2025-14009)

critical Feb 18

Php Command Injection (CVE-2025-65791) [PoC]

critical Feb 18

Php SQL Injection (CVE-2025-70149)

critical Feb 18

CVE-2025-70150: Php

critical Feb 18

Php SQL Injection (CVE-2025-70152)

critical Feb 18

CVE-2025-70998: UTT HiPER

critical Feb 18

CVE-2026-1435: Not

critical Feb 18

Wordpress RCE Vulnerability (CVE-2026-1937)

critical Feb 18

Php RCE Vulnerability (CVE-2026-27174) [PoC]

critical Feb 18

Php Command Injection (CVE-2026-27175)

critical Feb 18

CVE-2026-27180: MajorDoMo RCE — High Exploit Risk

high Feb 17

CVE-2024-55270: Php SQLi — Patch Guide [PoC]

high Feb 17

Wordpress Vulnerability (CVE-2025-12062)

critical Feb 17

Guardian Gryphon TLS Flaw Allows Root RCE (CVE-2025-65753)

high Feb 17

jizhicms SQLi deletes data (CVE-2025-70397)

high Feb 17

Datart unauthenticated RCE (CVE-2025-70828)

critical Feb 17

Datart authenticated RCE (CVE-2025-70830)

high Feb 17

CVE-2025-7631: Improper Neutralization SQLi — Patch Guide

high Feb 17

Wordpress XSS (CVE-2026-1216)

critical Feb 17

Critical RCE Flaw in Popular Software (CVE-2026-1670)

critical Feb 17

CVE-2026-22208: OpenS100 RCE — Critical — Patch Now

critical Feb 17

CVE-2026-22769: Dell — Actively Exploited

critical Feb 17

Linux Vulnerability (CVE-2026-23647)

high Feb 17

Wordpress RCE (CVE-2026-2592)

high Feb 17

CVE-2026-2615:

high Feb 17

Beetel 777VR1 Hard-Coded Credentials (CVE-2026-2616)

high Feb 16

CVE-2019-25379: Smoothwall Express XSS — Patch Guide

high Feb 16

CVE-2019-25394: Smoothwall Express XSS — Patch Guide

high Feb 16

CVE-2019-25395: Smoothwall Express XSS — Patch Guide

critical Feb 16

Maypole insecure session IDs (CVE-2025-15578)

critical Feb 16

Live Server v5.7.9 leaks files (CVE-2025-65717)

high Feb 16

CVE-2026-1046: Mattermost Desktop App

high Feb 16

eDrawings uninitialized memory read (CVE-2026-1333)

high Feb 16

SOLIDWORKS eDrawings OOB Read Vulnerability (CVE-2026-1334)

high Feb 16

CVE-2026-1335: Buffer Overflow — Patch Guide

high Feb 16

Wordpress Vulnerability (CVE-2026-2001)

high Feb 16

CVE-2026-2101: XSS — Patch Guide

critical Feb 16

Concierge::Sessions generates insecure session IDs

high Feb 16

CVE-2026-2533: Php

high Feb 16

Flos Notepad2 Msimg32.dll Crash Bug (CVE-2026-2538)

high Feb 16

Windows Vulnerability (CVE-2026-2542)

high Feb 16

CVE-2026-2544: Command Injection — Patch Guide

high Feb 16

LibrarySystem improper access control (CVE-2026-2549)

critical Feb 16

A6004MX unrestricted file upload (CVE-2026-2550)

high Feb 16

Intelbras VIP 3260 Z IA weak password reset

high Feb 16

Wavlink WL-NU516U1 Firmware Injection RCE (CVE-2026-2566)

high Feb 16

Wavlink WL-NU516U1 Buffer Overflow RCE (CVE-2026-2567)

critical Feb 16

Sap Vulnerability (CVE-2026-2577)

high Feb 16

CVE-2026-26930: SmarterTools SmarterMail XSS — Patch Guide

critical Feb 15

Bosch Infotainment ECU lets attacker control CAN

high Feb 15

CVE-2025-32059:

high Feb 15

CVE-2025-32061:

high Feb 15

Bosch Infotainment ECU Bluetooth stack overflow

critical Feb 15

Wordpress Vulnerability (CVE-2026-1490)

high Feb 15

Wordpress RCE (CVE-2026-1750)

high Feb 15

CVE-2026-2516:

critical Feb 15

eNet SMART HOME Default Credentials RCE (CVE-2026-26366)

high Feb 15

eNet SMART HOME server lets users reset admin

critical Feb 15

Software Privilege Escalation (CVE-2026-26369) - Patch Now

critical Feb 14

Wordpress Privilege Escalation (CVE-2025-8572)

high Feb 14

WordPress SSRF reads internal data (CVE-2026-0745)

high Feb 14

Wordpress XSS (CVE-2026-0753)

critical Feb 14

WordPress plugin lets attackers upload files

high Feb 14

Wordpress XSS (CVE-2026-1843)

high Feb 14

Wordpress RCE (CVE-2026-1988)

high Feb 14

Wordpress SQL Injection (CVE-2026-2024)

critical Feb 13

Software SQL Injection Flaw (CVE-2025-69633) - Patch Now

critical Feb 13

MojoPortal CMS zip slip RCE (CVE-2025-69770)

critical Feb 13

CVE-2026-26190: Milvus RCE — Critical — Patch Now

critical Feb 13

Known leaks password reset tokens (CVE-2026-26273)

critical Feb 12

Quester Pro Stack Overflow (CVE-2019-25319)

critical Feb 12

FTP Navigator Stack Overflow (CVE-2019-25321)

critical Feb 12

Prime95 buffer overflow leads to RCE (CVE-2019-25327)

critical Feb 12

CVE-2019-25337: Php

critical Feb 12

CVE-2020-37167: ClamAV ClamBC

critical Feb 12

CVE-2025-10969: Improper Neutralization RCE

critical Feb 12

CVE-2025-14014: Unrestricted Upload

high Feb 12

iOS RCE Vulnerability (CVE-2025-61880)

critical Feb 12

CVE-2025-69634: Php

critical Feb 12

webfsd buffer overflow allows RCE (CVE-2025-70314)

critical Feb 12

CordysCRM SQL Injection (CVE-2025-70981)

critical Feb 12

CVE-2026-1358: Airleader Master

critical Feb 12

authentik lets users escalate privileges

high Feb 12

authentik SAML bypasses assertion checks

high Feb 12

Yoke ATC lets attackers deploy malicious packages

critical Feb 12

Docker RCE Vulnerability (CVE-2026-26216)

critical Feb 12

newbee-mall Hardcoded Admin Accounts (CVE-2026-26218)

critical Feb 12

newbee-mall Unsalted MD5 Password Storage (CVE-2026-26219)

critical Feb 11

ZBT WE2001 unauth path traversal (CVE-2025-64075)

critical Feb 11

Qnap Vulnerability (CVE-2025-66277)

critical Feb 11

CVE-2025-8025: Missing Authentication

critical Feb 11

Wordpress Vulnerability (CVE-2026-1357) [PoC]

critical Feb 10

Sap Vulnerability (CVE-2026-0488)

critical Feb 10

Catalyst unauthenticated RCE (CVE-2026-26009)

critical Feb 9

CVE-2026-1615: All Command Injection — Critical — Patch Now

critical Feb 9

Gitlab Vulnerability (CVE-2026-1868)

critical Feb 9

remote attacker Buffer Overflow (CVE-2026-22903)

critical Feb 9

Software Buffer Overflow (CVE-2026-22904) - Patch Now

critical Feb 9

Unconfigured product leaks credentials (CVE-2026-22906)

critical Feb 8

Wordpress Privilege Escalation (CVE-2025-15027)

Breaches

(12)
high Feb 26

Odido Breach: 688K Accounts Exposed

critical Feb 25

Canadian Tire Breach: 38.3M Accounts — Passwords Exposed

critical Feb 21

CarGurus Breach: 12.5M Accounts Exposed

high Feb 20

CarMax Breach: 431K Accounts Exposed

high Feb 18

Figure Breach: 967K Accounts Exposed

critical Feb 17

Canada Goose Breach: 582K Accounts Exposed

high Feb 16

APOIA.se Breach: 451K Accounts Exposed

high Feb 16

University of Pennsylvania Breach - 623K Accounts Exposed

critical Feb 10

Association Nationale des Premiers Secours Breach — 6K Accou

high Feb 10

Toy Battles Breach: 1K Accounts Exposed

high Feb 6

Substack Breach: 663K Accounts Exposed

critical Feb 5

Betterment Breach: 1.4M Accounts — Passwords Exposed

News

(2)
critical Feb 20

BeyondTrust Used for Web Shells, Backdoors, and

medium Feb 16

Infostealer Steals OpenClaw AI Agent Configuration

Learn

(1)
Feb 19

How to Build an Effective Vulnerability Management Program

January 2026 All Threats March 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.