7.1

CVSS3.1

CVE-2025-68930 - Traccar Missing Origin Validation in WebSockets

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails to validate the `Origin` header during the WebSocket handshake. This allows a remote attacker to bypโ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 8:44 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 8:44 p.m.

9.3

CVSS4.0

CVE-2026-23693 - ElementsKit Lite < 3.7.9 Unauthenticated Mailchimp REST Endpoint

ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including โ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 8:33 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 8:33 p.m.

5.1

CVSS4.0

CVE-2026-23694 - Aruba HiSpeed Cache < 3.0.5 CSRF in Multiple Administrative AJAX Actions

Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_options, ahsc_debug_status, and ahsc_enable_purge perform authentication and capabโ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 8:29 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 8:34 p.m.

6.9

CVSS4.0

CVE-2026-3026 - erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated remotโ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 8:02 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 8:02 p.m.

6.9

CVSS4.0

CVE-2026-3025 - ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible tโ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 8:02 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 8:02 p.m.

7.5

CVSS3.1

CVE-2026-27623 - Valkey has Pre-Authentication DOS from malformed RESP request

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking staโ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 7:43 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 7:43 p.m.

7.5

CVSS3.1

CVE-2026-21863 - Malformed Valkey Cluster bus message can lead to Remote DoS

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, which might result in the system crashing. The Valkey clusterbus packet processing โ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 7:41 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 7:41 p.m.

8.5

CVSS3.1

CVE-2025-67733 - Valkey Affected by RESP Protocol Injection via Lua error_reply

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connโ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 7:39 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 7:39 p.m.

5.7

CVSS4.0

CVE-2026-2698 - Improper Access Control

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

๐Ÿ“… Published: Feb. 23, 2026, 4:28 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 4:28 p.m.

7.1

CVSS4.0

CVE-2026-27514 - Tenda F3 Plaintext Credential Exposure in Configuration Download

Shenzhen Tenda F3 Wireless Routerย firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits approโ€ฆ

๐Ÿ“… Published: Feb. 23, 2026, 4:27 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 4:27 p.m.
Total resulsts: 334333
Page 2 of 33,434
ยซ previous page ยป next page
Filters