{
"Source": "CVE FEED",
"Title": "CVE-2026-27571 - nats-server websockets are vulnerable to pre-auth memory DoS",
"Content": "CVE ID : CVE-2026-27571
Published : Feb. 24, 2026, 5:29 p.m. | 1 hour, 3 minutes ago
Description : NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. An attacker can use a compression bomb to cause excessive memory consumption, often resulting in the operating system terminating the server process. The use of compression is negotiated before authentication, so this does not require valid NATS credentials to exploit. The fix, present in versions 2.11.2 and 2.12.3, was to bounds the decompression to fail once the message was too large, instead of continuing on. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27571 - nats-server websockets are vulnerable to pre-auth memory DoS",
"Content": "CVE ID : CVE-2026-27571
Published : Feb. 24, 2026, 5:29 p.m. | 1 hour, 3 minutes ago
Description : NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. An attacker can use a compression bomb to cause excessive memory consumption, often resulting in the operating system terminating the server process. The use of compression is negotiated before authentication, so this does not require valid NATS credentials to exploit. The fix, present in versions 2.11.2 and 2.12.3, was to bounds the decompression to fail once the message was too large, instead of continuing on. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-13776 - Hard-coded database credentials in Finka software",
"Content": "CVE ID : CVE-2025-13776
Published : Feb. 24, 2026, 5:29 p.m. | 1 hour, 3 minutes ago
Description : Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.
This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-PÅ‚ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-13776 - Hard-coded database credentials in Finka software",
"Content": "CVE ID : CVE-2025-13776
Published : Feb. 24, 2026, 5:29 p.m. | 1 hour, 3 minutes ago
Description : Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.
This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-PÅ‚ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-48928 - Piwigo's secret key can be brute forced",
"Content": "CVE ID : CVE-2024-48928
Published : Feb. 24, 2026, 5:29 p.m. | 1 hour, 3 minutes ago
Description : Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is constructed partially from the secret key, and this can be used to check if the brute force succeeded. Trying all possible values takes approximately one hour. The impact of this is limited. The auto login key uses the user's password on top of the secret key. The pwg token uses the user's session identifier on top of the secret key. It seems that values for get_ephemeral_key can be generated when one knows the secret key. Version 15.0.0 contains a fix for the issue.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-48928 - Piwigo's secret key can be brute forced",
"Content": "CVE ID : CVE-2024-48928
Published : Feb. 24, 2026, 5:29 p.m. | 1 hour, 3 minutes ago
Description : Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. However, RAND() only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is constructed partially from the secret key, and this can be used to check if the brute force succeeded. Trying all possible values takes approximately one hour. The impact of this is limited. The auto login key uses the user's password on top of the secret key. The pwg token uses the user's session identifier on top of the secret key. It seems that values for get_ephemeral_key can be generated when one knows the secret key. Version 15.0.0 contains a fix for the issue.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-27477 - Mastodon has SSRF via unvalidated FASP Provider base_url",
"Content": "CVE ID : CVE-2026-27477
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen `base_url` that includes or resolves to a local / internal address, leading to the Mastodon server making requests to that address. This only affects Mastodon servers that have opted in to testing the experimental FASP feature by setting the environment variable `EXPERIMENTAL_FEATURES` to a value including `fasp`. An attacker can force the Mastodon server to make http(s) requests to internal systems. While they cannot control the full URL that is being requested (only the prefix) and cannot see the result of those requests, vulnerabilities or other undesired behavior could be triggered in those systems. The fix is included in the 4.4.14 and 4.5.7 releases. Admins that are actively testing the experimental "fasp" feature should update their systems. Servers not using the experimental feature flag `fasp` are not affected.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27477 - Mastodon has SSRF via unvalidated FASP Provider base_url",
"Content": "CVE ID : CVE-2026-27477
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen `base_url` that includes or resolves to a local / internal address, leading to the Mastodon server making requests to that address. This only affects Mastodon servers that have opted in to testing the experimental FASP feature by setting the environment variable `EXPERIMENTAL_FEATURES` to a value including `fasp`. An attacker can force the Mastodon server to make http(s) requests to internal systems. While they cannot control the full URL that is being requested (only the prefix) and cannot see the result of those requests, vulnerabilities or other undesired behavior could be triggered in those systems. The fix is included in the 4.4.14 and 4.5.7 releases. Admins that are actively testing the experimental "fasp" feature should update their systems. Servers not using the experimental feature flag `fasp` are not affected.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3105 - SQL Injection in Contact Activity API Sorting",
"Content": "CVE ID : CVE-2026-3105
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.
MitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later.
WorkaroundsNone.
ReferencesIf you have any questions or comments about this advisory:
Email us at security@mautic.org
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3105 - SQL Injection in Contact Activity API Sorting",
"Content": "CVE ID : CVE-2026-3105
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.
MitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later.
WorkaroundsNone.
ReferencesIf you have any questions or comments about this advisory:
Email us at security@mautic.org
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3131 - Devolutions Server Unauthenticated Access Control Bypass",
"Content": "CVE ID : CVE-2026-3131
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Improper
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3131 - Devolutions Server Unauthenticated Access Control Bypass",
"Content": "CVE ID : CVE-2026-3131
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Improper
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-26341 - Tattile Smart+ / Vega / Basic <= 1.181.5 default credentials",
"Content": "CVE ID : CVE-2026-26341
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-26341 - Tattile Smart+ / Vega / Basic <= 1.181.5 default credentials",
"Content": "CVE ID : CVE-2026-26341
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-26342 - Tattile Smart+ / Vega / Basic <= 1.181.5 insufficient session token expiration",
"Content": "CVE ID : CVE-2026-26342
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-26342 - Tattile Smart+ / Vega / Basic <= 1.181.5 insufficient session token expiration",
"Content": "CVE ID : CVE-2026-26342
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-23858 - Dell Wyse Management Suite Cross-site Scripting Vulnerability",
"Content": "CVE ID : CVE-2026-23858
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-23858 - Dell Wyse Management Suite Cross-site Scripting Vulnerability",
"Content": "CVE ID : CVE-2026-23858
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-23859 - Dell Wyse Management Suite Client-Side Enforcement Bypass Vulnerability",
"Content": "CVE ID : CVE-2026-23859
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-23859 - Dell Wyse Management Suite Client-Side Enforcement Bypass Vulnerability",
"Content": "CVE ID : CVE-2026-23859
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24241 - NVIDIA Delegated Licensing Service Authentication Bypass",
"Content": "CVE ID : CVE-2026-24241
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24241 - NVIDIA Delegated Licensing Service Authentication Bypass",
"Content": "CVE ID : CVE-2026-24241
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-26340 - Tattile Smart+ / Vega / Basic <= 1.181.5 unauthenticated rtsp stream disclosure",
"Content": "CVE ID : CVE-2026-26340
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-26340 - Tattile Smart+ / Vega / Basic <= 1.181.5 unauthenticated rtsp stream disclosure",
"Content": "CVE ID : CVE-2026-26340
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillance data.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-1768 - Devolutions Server Permission Cache Poisoning Vulnerability",
"Content": "CVE ID : CVE-2026-1768
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-1768 - Devolutions Server Permission Cache Poisoning Vulnerability",
"Content": "CVE ID : CVE-2026-1768
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22765 - Dell Wyse Management Suite Elevation of Privileges Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2026-22765
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22765 - Dell Wyse Management Suite Elevation of Privileges Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2026-22765
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22766 - Dell Wyse Management Suite Unrestricted File Upload Vulnerability",
"Content": "CVE ID : CVE-2026-22766
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22766 - Dell Wyse Management Suite Unrestricted File Upload Vulnerability",
"Content": "CVE ID : CVE-2026-22766
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-33181 - NVIDIA Cumulus Linux and NVOS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-33181
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-33181 - NVIDIA Cumulus Linux and NVOS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-33181
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-1787 - Genetec Update Service Privilege Escalation",
"Content": "CVE ID : CVE-2025-1787
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-1787 - Genetec Update Service Privilege Escalation",
"Content": "CVE ID : CVE-2025-1787
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-1789 - Genetec Update Service Privilege Escalation",
"Content": "CVE ID : CVE-2025-1789
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-1789 - Genetec Update Service Privilege Escalation",
"Content": "CVE ID : CVE-2025-1789
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-33179 - NVIDIA Cumulus Linux and NVOS Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-33179
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-33179 - NVIDIA Cumulus Linux and NVOS Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-33179
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-33180 - NVIDIA Cumulus Linux and NVOS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-33180
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-33180 - NVIDIA Cumulus Linux and NVOS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-33180
Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago
Description : NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24443 - EventSentry < 6.0.1.20 Web Reports Unverified Password Change",
"Content": "CVE ID : CVE-2026-24443
Published : Feb. 24, 2026, 8:14 p.m. | 18 minutes ago
Description : EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24443 - EventSentry < 6.0.1.20 Web Reports Unverified Password Change",
"Content": "CVE ID : CVE-2026-24443
Published : Feb. 24, 2026, 8:14 p.m. | 18 minutes ago
Description : EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Feb 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹