CVE ID : CVE-2025-65791 Published : Feb. 18, 2026, 4:22 p.m. | 1 hour, 40 minutes ago Description : ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input…
CVE-2026-2329 – Grandstream GXP1600 VoIP Phones – Unauthenticated stack buffer overflow
CVE ID : CVE-2026-2329 Published : Feb. 18, 2026, 3:18 p.m. | 44 minutes ago Description : An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker…
CVE-2026-1426 – Advanced AJAX Product Filters <= 3.1.9.6 – Authenticated (Author+) PHP Object Injection via Live Composer Compatibility
CVE ID : CVE-2026-1426 Published : Feb. 18, 2026, 3:18 p.m. | 44 minutes ago Description : The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all…
CVE-2025-15579 – An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
CVE ID : CVE-2025-15579 Published : Feb. 18, 2026, 2:57 p.m. | 1 hour, 5 minutes ago Description : Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could…
CVE-2026-2464 – Directory Traversal in AMR Printer Management by AMR
CVE ID : CVE-2026-2464 Published : Feb. 18, 2026, 2:16 p.m. | 1 hour, 46 minutes ago Description : Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote…
CVE-2025-59920 – SQL injection in time@work from systems@work
CVE ID : CVE-2025-59920 Published : Feb. 18, 2026, 1:41 p.m. | 21 minutes ago Description : When hours are entered in time@work, version 7.0.5, it performs a query to display the projects…
CVE-2026-1435 – Incorrect management of session invalidation vulnerability in Graylog Web Interface
CVE ID : CVE-2026-1435 Published : Feb. 18, 2026, 1:08 p.m. | 54 minutes ago Description : Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of…
CVE-2026-1937 – YayMail <= 4.3.2 – Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action
CVE ID : CVE-2026-1937 Published : Feb. 18, 2026, 7:16 a.m. | 46 minutes ago Description : The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data…
CVE-2026-1714 – ShopLentor <= 3.3.2 – Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action
CVE ID : CVE-2026-1714 Published : Feb. 18, 2026, 5:16 a.m. | 46 minutes ago Description : The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution…
CVE-2026-26119 – Windows Admin Center Elevation of Privilege Vulnerability
CVE ID : CVE-2026-26119 Published : Feb. 17, 2026, 11:16 p.m. | 46 minutes ago Description : Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network….