CVE-2025-59819 - Authenticated Arbitrary File Read via filepath parameter
CVE ID : CVE-2025-59819
Published : Feb. 20, 2026, 7:58 a.m. | 30 minutes ago
Description : This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59819
Published : Feb. 20, 2026, 7:58 a.m. | 30 minutes ago
Description : This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26050 - RICOH Joblog Analysis Tool DLL Search Path Loading Vulnerability
CVE ID : CVE-2026-26050
Published : Feb. 20, 2026, 9:15 a.m. | 3 hours, 14 minutes ago
Description : The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26050
Published : Feb. 20, 2026, 9:15 a.m. | 3 hours, 14 minutes ago
Description : The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21620 - TFTP Path Traversal
CVE ID : CVE-2026-21620
Published : Feb. 20, 2026, 11:15 a.m. | 1 hour, 14 minutes ago
Description : Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.Erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21620
Published : Feb. 20, 2026, 11:15 a.m. | 1 hour, 14 minutes ago
Description : Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.Erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2486 - Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text'
CVE ID : CVE-2026-2486
Published : Feb. 20, 2026, 11:26 a.m. | 1 hour, 3 minutes ago
Description : The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2486
Published : Feb. 20, 2026, 11:26 a.m. | 1 hour, 3 minutes ago
Description : The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10970 - SQLi in Kolay Software's Talentics
CVE ID : CVE-2025-10970
Published : Feb. 20, 2026, 11:27 a.m. | 1 hour, 2 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10970
Published : Feb. 20, 2026, 11:27 a.m. | 1 hour, 2 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22374 - WordPress Zio Alberto theme <= 1.2.2 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22374
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through <= 1.2.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22374
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through <= 1.2.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22375 - WordPress Impacto Patronus theme <= 1.2.3 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22375
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through <= 1.2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22375
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through <= 1.2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22376 - WordPress Parkivia theme <= 1.1.9 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22376
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affects Parkivia: from n/a through <= 1.1.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22376
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affects Parkivia: from n/a through <= 1.1.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22377 - WordPress Saveo theme <= 1.1.2 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22377
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22377
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22378 - WordPress Blabber theme <= 1.7.0 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22378
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22378
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22379 - WordPress Netmix theme <= 1.0.10 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22379
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects Netmix: from n/a through <= 1.0.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22379
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects Netmix: from n/a through <= 1.0.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22380 - WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22380
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through <= 1.2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22380
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through <= 1.2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22381 - WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability
CVE ID : CVE-2026-22381
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22381
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22383 - WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
CVE ID : CVE-2026-22383
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22383
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22384 - WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability
CVE ID : CVE-2026-22384
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22384
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22885 - EnOcean SmartServer IoT Out-of-bounds Read
CVE ID : CVE-2026-22885
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22885
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24941 - WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability
CVE ID : CVE-2026-24941
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24941
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24943 - WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2026-24943
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through <= 5.3.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24943
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through <= 5.3.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24944 - WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability
CVE ID : CVE-2026-24944
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24944
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24946 - WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability
CVE ID : CVE-2026-24946
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24946
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24948 - WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2026-24948
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through <= 1.2.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24948
Published : Feb. 20, 2026, 4:22 p.m. | 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through <= 1.2.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...