CVE ID : CVE-2025-13943 Published : Feb. 24, 2026, 3:16 a.m. | 1 hour, 31 minutes ago Description : A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0…
CVE-2025-13942 – Zyxel EX3510-B0 UPnP Command Injection
CVE ID : CVE-2025-13942 Published : Feb. 24, 2026, 3:16 a.m. | 1 hour, 31 minutes ago Description : A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through…
CVE-2026-25965 – ImageMagick’s policy bypass through path traversal allows reading restricted content despite secured policy
CVE ID : CVE-2026-25965 Published : Feb. 24, 2026, 2:16 a.m. | 31 minutes ago Description : ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions…
CVE-2026-25794 – ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions
CVE ID : CVE-2026-25794 Published : Feb. 24, 2026, 1:16 a.m. | 1 hour, 31 minutes ago Description : ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in…
CVE-2026-3044 – Tenda AC8 Httpd Service UploadCfg webCgiGetUploadFile stack-based overflow
CVE ID : CVE-2026-3044 Published : Feb. 24, 2026, 12:16 a.m. | 31 minutes ago Description : A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the…
CVE-2025-9120 – RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.
CVE ID : CVE-2025-9120 Published : Feb. 24, 2026, 12:03 a.m. | 44 minutes ago Description : Improper Control of Generation of Code (‘Code Injection’) vulnerability in OpenText™ Carbonite Safe Server Backup allows…
CVE-2026-25648 – Traccar Vulnerable to Stored Cross-Site Scripting (XSS) via Malicious SVG File Upload
CVE ID : CVE-2026-25648 Published : Feb. 23, 2026, 9:19 p.m. | 1 hour, 28 minutes ago Description : Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in…
CVE-2026-23693 – ElementsKit Lite < 3.7.9 Unauthenticated Mailchimp REST Endpoint
CVE ID : CVE-2026-23693 Published : Feb. 23, 2026, 9:19 p.m. | 1 hour, 28 minutes ago Description : ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without…
CVE-2025-70329 – TOTOLink X5000R OS Command Injection Vulnerability
CVE ID : CVE-2025-70329 Published : Feb. 23, 2026, 8:28 p.m. | 18 minutes ago Description : TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd…
CVE-2025-67733 – Valkey Affected by RESP Protocol Injection via Lua error_reply
CVE ID : CVE-2025-67733 Published : Feb. 23, 2026, 8:28 p.m. | 18 minutes ago Description : Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious…