Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,707
Quick preset (or use dates below)
Clear Filters
Showing 11,601 - 11,620 of 14,604 CVEs
CVE-2025-12074 MEDIUM - 5.3

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data fr...

Vendor: postmagthemes
Product: Context Blog
Published: Feb 18, 2026
Source: NVD
CVE-2025-12071 MEDIUM - 4.3

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, ...

Vendor: absikandar
Product: Frontend User Notes
Published: Feb 18, 2026
Source: NVD
CVE-2025-12037 MEDIUM - 4.4

The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator...

Vendor: hwk-fr
Product: WP 404 Auto Redirect to Similar Post
Published: Feb 18, 2026
Source: NVD

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary int...

Vendor: go
Product: github.com/abhinavxd/libredesk
Published: Feb 18, 2026
Source: GitHub
CVE-2026-26328 MEDIUM - 6.5

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue.

Vendor: npm
Product: openclaw
Published: Feb 18, 2026
Source: GitHub
CVE-2026-1344 MEDIUM - 6.5

Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.

Published: Feb 18, 2026
Source: NVD
CVE-2025-13333 MEDIUM - 4.4

IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.

Vendor: IBM
Product: WebSphere Application Server
Published: Feb 17, 2026
Source: NVD
CVE-2026-2623 MEDIUM - 6.3

A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely. T...

Vendor: wangyunf
Product: blossom
Published: Feb 17, 2026
Source: NVD
CVE-2025-36348 MEDIUM - 4.9

IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacke...

Vendor: IBM
Product: Sterling B2B Integrator, Sterling File Gateway
Published: Feb 17, 2026
Source: NVD
CVE-2025-33135 MEDIUM - 6.1

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to em...

Vendor: IBM
Product: Financial Transaction Manager for ACH Services and Check Services for Multi-Platform
Published: Feb 17, 2026
Source: NVD
CVE-2023-38005 MEDIUM - 4.3

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.

Vendor: IBM
Product: Cloud Pak System
Published: Feb 17, 2026
Source: NVD
CVE-2026-26326 MEDIUM - 4.3

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, `skills.status` could disclose secrets to `operator.read` clients by returning raw resolved config values in `configChecks` for skill `requires.config` paths. Version 2026.2.14 stops including raw resolved config values in requirement ...

Vendor: npm
Product: openclaw
Published: Feb 17, 2026
Source: GitHub
CVE-2026-23598 MEDIUM - 6.5

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well a...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Private 5G Core
Published: Feb 17, 2026
Source: NVD
CVE-2026-23597 MEDIUM - 6.5

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well a...

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Private 5G Core
Published: Feb 17, 2026
Source: NVD
CVE-2026-23596 MEDIUM - 6.5

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking Private 5G Core
Published: Feb 17, 2026
Source: NVD
CVE-2025-36379 MEDIUM - 5.9

IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Vendor: IBM
Product: Security QRadar EDR
Published: Feb 17, 2026
Source: NVD
CVE-2025-36377 MEDIUM - 6.3

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.

Vendor: IBM
Product: Security QRadar EDR
Published: Feb 17, 2026
Source: NVD
CVE-2025-36376 MEDIUM - 6.3

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.

Vendor: IBM
Product: Security QRadar EDR
Published: Feb 17, 2026
Source: NVD
CVE-2025-14289 MEDIUM - 5.4

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Vendor: IBM
Product: webMethods Integration Server
Published: Feb 17, 2026
Source: NVD
CVE-2026-26357 MEDIUM - 5.4

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of maliciou...

Vendor: Dell
Product: Unisphere for PowerMax 9.2.4.18, Unisphere for PowerMax Virtual Appliance 9.2.4.17
Published: Feb 17, 2026
Source: NVD