Overview
- valkey-io
- valkey
23 Feb 2026
Published
25 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV
Description
Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking state after processing an empty request. A malicious actor can then send a request that the server incorrectly identifies as breaking server side invariants, which results in the server shutting down. Version 9.0.3 fixes the issue. As an additional mitigation, properly isolate Valkey deployments so that only trusted users have access.
Statistics
- 1 Post
- 1 Interaction
Last activity: 2 hours ago
Overview
- Dell
- Wyse Management Suite
24 Feb 2026
Published
24 Feb 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.21%
KEV
Description
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Statistics
- 1 Post
Last activity: Last hour
Overview
Description
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
Statistics
- 1 Post
Last activity: 21 hours ago
Overview
- ImageMagick
- ImageMagick
24 Feb 2026
Published
24 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- itsourcecode
- News Portal Project
24 Feb 2026
Published
24 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
- langflow-ai
- langflow
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue.
Statistics
- 1 Post
Last activity: Last hour
Fediverse
🚨 CVE-2026-27966 (CRITICAL): langflow-ai langflow (<1.8.0) allows unauthenticated RCE via prompt injection due to hardcoded allow_dangerous_code=True. Patch to 1.8.0+ now! https://radar.offseq.com/threat/cve-2026-27966-cwe-94-improper-control-of-generati-8ac7c0b0 #OffSeq #Vulnerability #Langflow #RCE
Overview
- Binardat Ltd.
- 10G08-0800GSM Network Switch
24 Feb 2026
Published
24 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.02%
KEV
Description
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 2 Posts
Last activity: 11 hours ago
Overview
- itsourcecode
- College Management System
25 Feb 2026
Published
25 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript that executes when other users view the form. This enables session hijacking, account takeover, and privilege escalation from clinician to administrator. Version 8.0.0 fixes the issue.
Statistics
- 1 Post
Last activity: 5 hours ago