CVE ID : CVE-2025-32058 Published : Feb. 15, 2026, 11:15 a.m. | 46 minutes ago Description : The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected…
CVE-2026-1750 – Ecwid by Lightspeed Ecommerce Shopping Cart <= 7.0.7 – Authenticated (Subscriber+) Privilege Escalation via ec_store_admin_access
CVE ID : CVE-2026-1750 Published : Feb. 15, 2026, 4:15 a.m. | 1 hour, 46 minutes ago Description : The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation…
CVE-2026-1490 – Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 – Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation
CVE ID : CVE-2026-1490 Published : Feb. 15, 2026, 4:15 a.m. | 1 hour, 46 minutes ago Description : The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary…
CVE-2025-8572 – Truelysell Core <= 1.8.7 – Unauthenticated Privilege Escalation via Registration
CVE ID : CVE-2025-8572 Published : Feb. 14, 2026, 9:16 a.m. | 46 minutes ago Description : The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or…
CVE-2026-1306 – midi-Synth <= 1.1.0 – Unauthenticated Arbitrary File Upload via 'export' AJAX Action
CVE ID : CVE-2026-1306 Published : Feb. 14, 2026, 7:16 a.m. | 46 minutes ago Description : The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2026-2144 – Magic Login Mail or QR Code <= 2.05 – Unauthenticated Privilege Escalation via Insecure QR Code File Storage
CVE ID : CVE-2026-2144 Published : Feb. 14, 2026, 5:16 a.m. | 45 minutes ago Description : The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in…
CVE-2026-24853 – Caido has an insufficient patch for DNS rebind leading to RCE
CVE ID : CVE-2026-24853 Published : Feb. 13, 2026, 11:16 p.m. | 46 minutes ago Description : Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to…
CVE-2026-26273 – Known affected by Account Takeover via Password Reset Token Leakage
CVE ID : CVE-2026-26273 Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 46 minutes ago Description : Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists…
CVE-2025-15157 – Starfish Review Generation & Marketing for WordPress <= 3.1.19 – Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults
CVE ID : CVE-2025-15157 Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 46 minutes ago Description : The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized…
CVE-2026-26335 – Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE
CVE ID : CVE-2026-26335 Published : Feb. 13, 2026, 9:16 p.m. | 45 minutes ago Description : Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web…