CVE-2026-3287 - youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sql injection
CVE ID : CVE-2026-3287
Published : Feb. 27, 2026, 4:02 a.m. | 1 hour, 3 minutes ago
Description : A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3287
Published : Feb. 27, 2026, 4:02 a.m. | 1 hour, 3 minutes ago
Description : A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28363 - OpenClaw Safe Bin Validation Bypass Vulnerability
CVE ID : CVE-2026-28363
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28363
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28364 - OCaml Marshal Deserialization Buffer Over-Read Remote Code Execution
CVE ID : CVE-2026-28364
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
Severity: 7.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28364
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
Severity: 7.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2428 - Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification
CVE ID : CVE-2026-2428
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN (Instant Payment Notification) verification being disabled by default (`disable_ipn_verification` defaults to `'yes'` in `PayPalSettings.php`). This makes it possible for unauthenticated attackers to send forged PayPal IPN notifications to the publicly accessible IPN endpoint, marking unpaid form submissions as "paid" and triggering post-payment automation (emails, access grants, digital product delivery).
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2428
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN (Instant Payment Notification) verification being disabled by default (`disable_ipn_verification` defaults to `'yes'` in `PayPalSettings.php`). This makes it possible for unauthenticated attackers to send forged PayPal IPN notifications to the publicly accessible IPN endpoint, marking unpaid form submissions as "paid" and triggering post-payment automation (emails, access grants, digital product delivery).
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3286 - itwanger paicoding Image Save Endpoint ImageRestController.java save server-side request forgery
CVE ID : CVE-2026-3286
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the argument img leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3286
Published : Feb. 27, 2026, 4:16 a.m. | 50 minutes ago
Description : A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the argument img leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1442 - Unitree UPK files Hard-Coded Key
CVE ID : CVE-2026-1442
Published : Feb. 27, 2026, 4:28 a.m. | 37 minutes ago
Description : Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1442
Published : Feb. 27, 2026, 4:28 a.m. | 37 minutes ago
Description : Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3289 - Sanluan PublicCMS Template Cache Generation TemplateCacheComponent.java saveMetadata path traversal
CVE ID : CVE-2026-3289
Published : Feb. 27, 2026, 4:32 a.m. | 34 minutes ago
Description : A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3289
Published : Feb. 27, 2026, 4:32 a.m. | 34 minutes ago
Description : A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1558 - WP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter
CVE ID : CVE-2026-1558
Published : Feb. 27, 2026, 4:33 a.m. | 33 minutes ago
Description : The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to, and including, 10.3.2. This is due to the /wp-json/wp-recipe-maker/v1/integrations/instacart REST API endpoint's permission_callback being set to __return_true and a lack of subsequent authorization or ownership checks on the user-supplied recipeId. This makes it possible for unauthenticated attackers to overwrite arbitrary post metadata (wprm_instacart_combinations) for any post ID on the site via the recipeId parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1558
Published : Feb. 27, 2026, 4:33 a.m. | 33 minutes ago
Description : The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to, and including, 10.3.2. This is due to the /wp-json/wp-recipe-maker/v1/integrations/instacart REST API endpoint's permission_callback being set to __return_true and a lack of subsequent authorization or ownership checks on the user-supplied recipeId. This makes it possible for unauthenticated attackers to overwrite arbitrary post metadata (wprm_instacart_combinations) for any post ID on the site via the recipeId parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3292 - jizhiCMS Batch Model.php findAll sql injection
CVE ID : CVE-2026-3292
Published : Feb. 27, 2026, 5:18 a.m. | 3 hours, 50 minutes ago
Description : A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3292
Published : Feb. 27, 2026, 5:18 a.m. | 3 hours, 50 minutes ago
Description : A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27653 - Soliton Systems K.K. Installer Default Permission Vulnerability (Elevation of Privilege)
CVE ID : CVE-2026-27653
Published : Feb. 27, 2026, 6:17 a.m. | 2 hours, 50 minutes ago
Description : The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27653
Published : Feb. 27, 2026, 6:17 a.m. | 2 hours, 50 minutes ago
Description : The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28372 - Telnetd in GNU inetutils Privilege Escalation Vulnerability
CVE ID : CVE-2026-28372
Published : Feb. 27, 2026, 6:18 a.m. | 2 hours, 50 minutes ago
Description : telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28372
Published : Feb. 27, 2026, 6:18 a.m. | 2 hours, 50 minutes ago
Description : telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3293 - snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos
CVE ID : CVE-2026-3293
Published : Feb. 27, 2026, 6:18 a.m. | 2 hours, 50 minutes ago
Description : A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052. A patch should be applied to remediate this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3293
Published : Feb. 27, 2026, 6:18 a.m. | 2 hours, 50 minutes ago
Description : A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052. A patch should be applied to remediate this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3301 - Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection
CVE ID : CVE-2026-3301
Published : Feb. 27, 2026, 6:18 a.m. | 2 hours, 50 minutes ago
Description : A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3301
Published : Feb. 27, 2026, 6:18 a.m. | 2 hours, 50 minutes ago
Description : A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12981 - Listee <= 1.1.6 - Unauthenticated Privilege Escalation
CVE ID : CVE-2025-12981
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12981
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14040 - Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields
CVE ID : CVE-2025-14040
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the 'action_text', 'action_button_text', 'action_link', and 'action_class' custom fields. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14040
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the 'action_text', 'action_button_text', 'action_link', and 'action_class' custom fields. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14149 - Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link
CVE ID : CVE-2025-14149
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14149
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15509 - Apache SmartRemote URL Loading Information Leak Vulnerability
CVE ID : CVE-2025-15509
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15509
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15567 - Apache OpenAM Information Disclosure
CVE ID : CVE-2025-15567
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15567
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3302 - SourceCodester Doctor Appointment System Sign Up register.php cross site scripting
CVE ID : CVE-2026-3302
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3302
Published : Feb. 27, 2026, 7:17 a.m. | 1 hour, 51 minutes ago
Description : A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2251 - Path Traversal leading to Remote Code Execution (RCE)
CVE ID : CVE-2026-2251
Published : Feb. 27, 2026, 8:08 a.m. | 59 minutes ago
Description : Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2251
Published : Feb. 27, 2026, 8:08 a.m. | 59 minutes ago
Description : Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12150 - Org.keycloak/keycloak-services: webauthn attestation statement verification bypass
CVE ID : CVE-2025-12150
Published : Feb. 27, 2026, 8:10 a.m. | 58 minutes ago
Description : A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12150
Published : Feb. 27, 2026, 8:10 a.m. | 58 minutes ago
Description : A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...