CVE-2023-45291 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2023-45291
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-45291
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-34154 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2024-34154
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-34154
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-34157 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2024-34157
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-34157
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47915 - QNAP NAS Unauthenticated Command Injection
CVE ID : CVE-2025-47915
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47915
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58182 - Cisco WebEx Meeting Server Authentication Bypass
CVE ID : CVE-2025-58182
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58182
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58184 - Apache HTTP Server Reserved but Not Needed Information Disclosure
CVE ID : CVE-2025-58184
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58184
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68124 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2025-68124
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68124
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68125 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-68125
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68125
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68126 - Cisco ASA HTTP Request Smuggling
CVE ID : CVE-2025-68126
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68126
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68127 - Apache HTTP Server HTTP Request Splitting Vulnerability
CVE ID : CVE-2025-68127
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68127
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68128 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-68128
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68128
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Rejected reason: reserved but not needed
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26333 - Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE
CVE ID : CVE-2026-26333
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileReceiver.rem) and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An unauthenticated remote attacker can invoke the exposed remoting endpoints to perform arbitrary file read and write operations via the WebClient class. This allows retrieval of sensitive files such as WebRoot\\web.config, which may disclose IIS machineKey validation and decryption keys. An attacker can use these keys to generate a malicious ASP.NET ViewState payload and achieve remote code execution within the IIS application context. Additionally, supplying a UNC path can trigger outbound SMB authentication from the service account, potentially exposing NTLMv2 hashes for relay or offline cracking.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26333
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileReceiver.rem) and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An unauthenticated remote attacker can invoke the exposed remoting endpoints to perform arbitrary file read and write operations via the WebClient class. This allows retrieval of sensitive files such as WebRoot\\web.config, which may disclose IIS machineKey validation and decryption keys. An attacker can use these keys to generate a malicious ASP.NET ViewState payload and achieve remote code execution within the IIS application context. Additionally, supplying a UNC path can trigger outbound SMB authentication from the service account, potentially exposing NTLMv2 hashes for relay or offline cracking.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26334 - Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
CVE ID : CVE-2026-26334
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the system can extract the hardcoded keys from the Veramark.Framework.dll module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially resulting in local privilege escalation depending on the privileges of the configured service account.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26334
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the system can extract the hardcoded keys from the Veramark.Framework.dll module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially resulting in local privilege escalation depending on the privileges of the configured service account.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26335 - Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE
CVE ID : CVE-2026-26335
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26335
Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago
Description : Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15157 - Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults
CVE ID : CVE-2025-15157
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 20 minutes ago
Description : The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15157
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 20 minutes ago
Description : The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69633 - PrestaShop Advanced Popup Creator SQL Injection
CVE ID : CVE-2025-69633
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 20 minutes ago
Description : A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69633
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 20 minutes ago
Description : A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70866 - LavaLite CMS Authentication Bypass
CVE ID : CVE-2025-70866
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 20 minutes ago
Description : LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70866
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 20 minutes ago
Description : LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70954 - TON Virtual Machine (TVM) Null Pointer Dereference Denial of Service
CVE ID : CVE-2025-70954
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70954
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70955 - TON Virtual Machine (TVM) Stack Overflow Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-70955
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70955
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70956 - TON Virtual Machine (TVM) State Pollution Denial of Service
CVE ID : CVE-2025-70956
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70956
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70957 - TON Lite Server CPU Exhaustion DoS Vulnerability
CVE ID : CVE-2025-70957
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70957
Published : Feb. 13, 2026, 10:16 p.m. | 1 hour, 19 minutes ago
Description : A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...