February 2026

218 security articles published this month.

141
critical
75
high
1
medium
0
low
1
Advisory
203
Breaches
12
News
2
Intel
0
Learn
1
Research
0
Malware
0

Advisory

(203)
high Feb 28

Wordpress SQL Injection (CVE-2025-13673)

high Feb 28

Wordpress Deserialization (CVE-2026-2471)

high Feb 28

CVE-2026-28562: SQLi — Patch Guide

high Feb 28

CVE-2026-3376:

critical Feb 27

CVE-2025-11251: Improper Neutralization RCE

critical Feb 27

Signumtte Windesk.Fm SQL Injection (CVE-2025-11252)

critical Feb 27

Wordpress Privilege Escalation (CVE-2025-12981)

critical Feb 27

CVE-2026-20781: WebSocket

critical Feb 27

Software Authentication Bypass (CVE-2026-21718) - Patch Now

critical Feb 27

CVE-2026-2251: Improper RCE — Critical — Patch Now

critical Feb 27

CVE-2026-24352: PluXml CMS

critical Feb 27

CVE-2026-24731: WebSocket

critical Feb 27

CVE-2026-25851: WebSocket

critical Feb 27

Linux Vulnerability (CVE-2026-2749) [PoC]

critical Feb 27

CVE-2026-27751: SODOLA SL902

critical Feb 27

CVE-2026-27755: SODOLA SL902

critical Feb 27

CVE-2026-27767: WebSocket

critical Feb 27

CVE-2026-27772: WebSocket

critical Feb 27

CVE-2026-28268: Vikunja RCE — Critical — Patch Now

critical Feb 27

CVE-2026-28363: In OpenClaw

critical Feb 27

CVE-2026-28409: WeGIA RCE — Critical — Patch Now

critical Feb 27

CVE-2026-3301:

critical Feb 26

CVE-2025-50857: Php Path Traversal — Critical — Patch Now

critical Feb 26

CVE-2026-27941: OpenLIT RCE — Critical — Patch Now

critical Feb 26

CVE-2026-27966: Langflow [PoC]

critical Feb 26

CVE-2026-28213: EverShop RCE — Critical — Patch Now

critical Feb 25

CVE-2025-62878: [PoC]

critical Feb 25

Cisco Vulnerability (CVE-2026-20127) [PoC]

critical Feb 25

Cisco Vulnerability (CVE-2026-20129)

critical Feb 25

Juniper RCE Vulnerability (CVE-2026-21902) [PoC]

critical Feb 25

Php RCE Vulnerability (CVE-2026-24849)

critical Feb 25

CVE-2026-24908: OpenEMR RCE — High Exploit Risk

critical Feb 25

Software Path Traversal Flaw (CVE-2026-25785) - Patch Now

critical Feb 25

Software Authentication Bypass (CVE-2026-2624) - Patch Now

critical Feb 25

CVE-2026-27597: Enclave

critical Feb 25

CVE-2026-27626: OliveTin

critical Feb 25

CVE-2026-27637: Php

critical Feb 25

Flask Path Traversal (CVE-2026-27641)

critical Feb 25

CVE-2026-27702: Budibase

critical Feb 25

OneUptime Command Injection (CVE-2026-27728)

critical Feb 24

Zyxel Command Injection (CVE-2025-13942)

critical Feb 24

CVE-2025-40538:

critical Feb 24

CVE-2025-40539:

critical Feb 24

CVE-2025-40540:

critical Feb 24

CVE-2025-40541:

critical Feb 24

CVE-2026-21410: InSAT MasterSCADA BUK RCE

critical Feb 24

Software Command Injection Flaw (CVE-2026-22553) - Patch Now

critical Feb 24

CVE-2026-26198: Python

critical Feb 24

CVE-2026-27507: Binardat

critical Feb 24

CVE-2026-27593: Statmatic

critical Feb 23

CVE-2025-70043:

critical Feb 23

Wordpress Vulnerability (CVE-2026-23693)

critical Feb 23

Software SQL Injection Flaw (CVE-2026-24494) - Patch Now

high Feb 23

D-Link Vulnerability (CVE-2026-2958)

high Feb 23

D-Link Vulnerability (CVE-2026-2959)

high Feb 23

D-Link Vulnerability (CVE-2026-2960)

high Feb 23

D-Link Vulnerability (CVE-2026-2961)

high Feb 23

D-Link Vulnerability (CVE-2026-2962)

high Feb 23

CVE-2026-3015:

high Feb 23

CVE-2026-3016:

high Feb 22

CVE-2019-25366: SQLi — Patch Guide

high Feb 22

CVE-2019-25391: Ashop Shopping Cart SQLi — Patch Guide

high Feb 22

CVE-2019-25433: XOOPS CMS SQLi — Patch Guide

high Feb 22

CVE-2019-25439: NoviSmart CMS SQLi — Patch Guide

high Feb 21

CVE-2026-27169: OpenSift

critical Feb 21

CVE-2026-27197: Sentry

high Feb 21

ZoneMinder SQL Injection Exposes Data (CVE-2026-27470) [PoC]

critical Feb 21

CVE-2026-27574: OneUptime [PoC]

high Feb 21

CVE-2026-2870:

high Feb 21

CVE-2026-2871:

high Feb 21

CVE-2026-2872:

high Feb 21

CVE-2026-2873:

high Feb 21

CVE-2026-2874:

high Feb 21

CVE-2026-2876:

high Feb 21

CVE-2026-2877:

high Feb 21

D-Link Vulnerability (CVE-2026-2881)

critical Feb 20

Software Command Injection Flaw (CVE-2019-25441) - Patch Now

critical Feb 20

Software Command Injection Flaw (CVE-2021-35402) - Patch Now

critical Feb 20

Software SQL Injection Flaw (CVE-2025-10970) - Patch Now

critical Feb 20

Linux Vulnerability (CVE-2025-30411)

critical Feb 20

Linux Vulnerability (CVE-2025-30412)

critical Feb 20

Linux Vulnerability (CVE-2025-30416)

critical Feb 20

CVE-2026-25715:

critical Feb 20

CVE-2026-25896:

critical Feb 20

Software Authentication Bypass (CVE-2026-2635) - Patch Now

high Feb 20

D-Link Vulnerability (CVE-2026-2853)

high Feb 20

D-Link Vulnerability (CVE-2026-2854)

critical Feb 19

CVE-2025-12107: Due

critical Feb 19

Wordpress Privilege Escalation (CVE-2025-12882)

critical Feb 19

Wordpress Privilege Escalation (CVE-2025-13563)

critical Feb 19

Wordpress Privilege Escalation (CVE-2025-13851)

critical Feb 19

Wordpress RCE Vulnerability (CVE-2026-0926)

critical Feb 19

Wordpress Vulnerability (CVE-2026-1405) [PoC]

critical Feb 19

Wordpress Privilege Escalation (CVE-2026-1994)

critical Feb 19

Software Deserialization Flaw (CVE-2026-23542) - Patch Now

critical Feb 19

CVE-2026-25242: Gogs RCE — Critical — Patch Now [PoC]

critical Feb 19

Microsoft RCE Vulnerability (CVE-2026-26030)

critical Feb 19

CVE-2026-2686:

critical Feb 18

Aida64 Engineer Buffer Overflow (CVE-2019-25360)

critical Feb 18

NFTP client Buffer Overflow (CVE-2019-25361)

critical Feb 18

Software Buffer Overflow (CVE-2019-25362) - Patch Now

critical Feb 18

MailCarrier Buffer Overflow (CVE-2019-25364)

critical Feb 18

ChaosPro Buffer Overflow (CVE-2019-25365)

critical Feb 18

CVE-2025-14009:

critical Feb 18

Php Command Injection (CVE-2025-65791) [PoC]

critical Feb 18

Php SQL Injection (CVE-2025-70149)

critical Feb 18

CVE-2025-70150: Php

critical Feb 18

Php SQL Injection (CVE-2025-70152)

critical Feb 18

CVE-2025-70998: UTT HiPER

critical Feb 18

CVE-2026-1435: Not

critical Feb 18

Wordpress RCE Vulnerability (CVE-2026-1937)

critical Feb 18

Php RCE Vulnerability (CVE-2026-27174) [PoC]

critical Feb 18

Php Command Injection (CVE-2026-27175)

critical Feb 18

CVE-2026-27180: MajorDoMo RCE — High Exploit Risk

high Feb 17

CVE-2024-55270: Php SQLi — Patch Guide [PoC]

high Feb 17

Wordpress Vulnerability (CVE-2025-12062)

critical Feb 17

CVE-2025-65753:

high Feb 17

CVE-2025-70397: SQLi — Patch Guide

high Feb 17

CVE-2025-70828: [PoC]

critical Feb 17

CVE-2025-70830: [PoC]

high Feb 17

CVE-2025-7631: Improper Neutralization SQLi — Patch Guide

high Feb 17

Wordpress XSS (CVE-2026-1216)

critical Feb 17

CVE-2026-1670:

critical Feb 17

CVE-2026-22208: OpenS100 RCE — Critical — Patch Now

critical Feb 17

CVE-2026-22769: Dell — Actively Exploited

critical Feb 17

Linux Vulnerability (CVE-2026-23647)

high Feb 17

Wordpress RCE (CVE-2026-2592)

high Feb 17

CVE-2026-2615:

high Feb 17

CVE-2026-2616:

high Feb 16

CVE-2019-25379: Smoothwall Express XSS — Patch Guide

high Feb 16

CVE-2019-25394: Smoothwall Express XSS — Patch Guide

high Feb 16

CVE-2019-25395: Smoothwall Express XSS — Patch Guide

critical Feb 16

CVE-2025-15578: Maypole

critical Feb 16

CVE-2025-65717: [PoC]

high Feb 16

CVE-2026-1046: Mattermost Desktop App

high Feb 16

CVE-2026-1333:

high Feb 16

CVE-2026-1334:

high Feb 16

CVE-2026-1335: Buffer Overflow — Patch Guide

high Feb 16

Wordpress Vulnerability (CVE-2026-2001)

high Feb 16

CVE-2026-2101: XSS — Patch Guide

critical Feb 16

CVE-2026-2439: Concierge

high Feb 16

CVE-2026-2533: Php

high Feb 16

CVE-2026-2538:

high Feb 16

Windows Vulnerability (CVE-2026-2542)

high Feb 16

CVE-2026-2544: Command Injection — Patch Guide

high Feb 16

CVE-2026-2549:

critical Feb 16

CVE-2026-2550:

high Feb 16

CVE-2026-2564:

high Feb 16

CVE-2026-2566:

high Feb 16

CVE-2026-2567:

critical Feb 16

Sap Vulnerability (CVE-2026-2577)

high Feb 16

CVE-2026-26930: SmarterTools SmarterMail XSS — Patch Guide

critical Feb 15

CVE-2025-32058:

high Feb 15

CVE-2025-32059:

high Feb 15

CVE-2025-32061:

high Feb 15

CVE-2025-32062:

critical Feb 15

Wordpress Vulnerability (CVE-2026-1490)

high Feb 15

Wordpress RCE (CVE-2026-1750)

high Feb 15

CVE-2026-2516:

critical Feb 15

CVE-2026-26366:

high Feb 15

CVE-2026-26368:

critical Feb 15

Software Privilege Escalation (CVE-2026-26369) - Patch Now

critical Feb 14

Wordpress Privilege Escalation (CVE-2025-8572)

high Feb 14

Wordpress Vulnerability (CVE-2026-0745)

high Feb 14

Wordpress XSS (CVE-2026-0753)

critical Feb 14

Wordpress Vulnerability (CVE-2026-1306)

high Feb 14

Wordpress XSS (CVE-2026-1843)

high Feb 14

Wordpress RCE (CVE-2026-1988)

high Feb 14

Wordpress SQL Injection (CVE-2026-2024)

critical Feb 13

Software SQL Injection Flaw (CVE-2025-69633) - Patch Now

critical Feb 13

CVE-2025-69770:

critical Feb 13

CVE-2026-26190: Milvus RCE — Critical — Patch Now

critical Feb 13

CVE-2026-26273: Known

critical Feb 12

Quester Pro Stack Overflow (CVE-2019-25319)

critical Feb 12

FTP Navigator Stack Overflow (CVE-2019-25321)

critical Feb 12

Software Buffer Overflow (CVE-2019-25327) - Patch Now

critical Feb 12

CVE-2019-25337: Php

critical Feb 12

CVE-2020-37167: ClamAV ClamBC

critical Feb 12

CVE-2025-10969: Improper Neutralization RCE

critical Feb 12

CVE-2025-14014: Unrestricted Upload

high Feb 12

iOS RCE Vulnerability (CVE-2025-61880)

critical Feb 12

CVE-2025-69634: Php

critical Feb 12

Software Buffer Overflow (CVE-2025-70314) - Patch Now

critical Feb 12

CordysCRM SQL Injection (CVE-2025-70981)

critical Feb 12

CVE-2026-1358: Airleader Master

critical Feb 12

CVE-2026-25227: RCE — Critical — Patch Now

high Feb 12

CVE-2026-25922: RCE — Patch Guide

high Feb 12

CVE-2026-26056: Yoke

critical Feb 12

Docker RCE Vulnerability (CVE-2026-26216)

critical Feb 12

CVE-2026-26218:

critical Feb 12

CVE-2026-26219:

critical Feb 11

Software Path Traversal Flaw (CVE-2025-64075) - Patch Now

critical Feb 11

Qnap Vulnerability (CVE-2025-66277)

critical Feb 11

CVE-2025-8025: Missing Authentication

critical Feb 11

Wordpress Vulnerability (CVE-2026-1357) [PoC]

critical Feb 10

Sap Vulnerability (CVE-2026-0488)

critical Feb 10

CVE-2026-26009: Catalyst

critical Feb 9

CVE-2026-1615: All Command Injection — Critical — Patch Now

critical Feb 9

Gitlab Vulnerability (CVE-2026-1868)

critical Feb 9

remote attacker Buffer Overflow (CVE-2026-22903)

critical Feb 9

Software Buffer Overflow (CVE-2026-22904) - Patch Now

critical Feb 9

CVE-2026-22906: User

critical Feb 8

Wordpress Privilege Escalation (CVE-2025-15027)

Breaches

(12)
high Feb 26

Odido Breach: 688K Accounts Exposed

critical Feb 25

Canadian Tire Breach: 38.3M Accounts — Passwords Exposed

critical Feb 21

CarGurus Breach: 12.5M Accounts Exposed

high Feb 20

CarMax Breach: 431K Accounts Exposed

high Feb 18

Figure Breach: 967K Accounts Exposed

critical Feb 17

Canada Goose Breach: 582K Accounts Exposed

high Feb 16

APOIA.se Breach: 451K Accounts Exposed

high Feb 16

University of Pennsylvania Breach - 623K Accounts Exposed

critical Feb 10

Association Nationale des Premiers Secours Breach — 6K Accou

high Feb 10

Toy Battles Breach: 1K Accounts Exposed

high Feb 6

Substack Breach: 663K Accounts Exposed

critical Feb 5

Betterment Breach: 1.4M Accounts — Passwords Exposed

News

(2)
critical Feb 20

BeyondTrust Used for Web Shells, Backdoors, and

medium Feb 16

Infostealer Steals OpenClaw AI Agent Configuration

Learn

(1)
Feb 19

How to Build an Effective Vulnerability Management Program

January 2026 All Threats March 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.