cyber·news

CRITICAL

CVE-2026-3960 (CVSS 9.8) — A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I...

NVD CVE-2026-3960 43d ago

CRITICAL

CVE-2026-41179 (CVSS 9.8) — Rclone is a command-line program to sync files and directories to and from different cloud storage p...

NVD CVE-2026-41179 44d ago

CRITICAL

CVE-2026-5965 (CVSS 9.8) — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l...

NVD CVE-2026-5965 46d ago

CRITICAL

CVE-2026-32311 (CVSS 9.8) — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr...

NVD CVE-2026-32311 46d ago

CRITICAL

CVE-2026-29013 (CVSS 9.8) — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher...

NVD CVE-2026-29013 49d ago

CRITICAL

CVE-2025-15625 (CVSS 9.8) — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in...

NVD CVE-2025-15625 49d ago

CRITICAL

CVE-2026-27820 (CVSS 9.8) — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3...

NVD CVE-2026-27820 50d ago

CRITICAL

CVE-2026-6350 (CVSS 9.8) — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing ...

NVD CVE-2026-6350 51d ago

CRITICAL

CVE-2026-6349 (CVSS 9.8) — The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticat...

NVD CVE-2026-6349 51d ago

CRITICAL

CVE-2026-33808 (CVSS 9.1) — Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express mid...

NVD CVE-2026-33808 51d ago

CRITICAL

CVE-2026-6068 (CVSS 9.6) — NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling ...

NVD CVE-2026-6068 56d ago

CRITICAL

CVE-2026-5194 (CVSS 9.1) — Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA cert...

NVD CVE-2026-5194 57d ago

CRITICAL

CVE-2025-62718 (CVSS 9.9) — Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios ...

NVD CVE-2025-62718 57d ago

CRITICAL

CVE-2026-33728 (CVSS 9.8) — dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to...

NVD CVE-2026-33728 71d ago

CRITICAL

CVE-2026-26213 (CVSS 9.8) — thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os comm...

NVD CVE-2026-26213 71d ago

CRITICAL

CVE-2026-4698 (CVSS 9.8) — JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox ...

NVD CVE-2026-4698 73d ago

CRITICAL

CVE-2026-33017 (CVSS 9.8) — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to ...

NVD CVE-2026-33017CVE-2025-3248 77d ago

CRITICAL

CVE-2026-4312 (CVSS 9.8) — GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing u...

NVD CVE-2026-4312 80d ago

CRITICAL

CVE-2026-23941 (CVSS 9.4) — Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP ...

NVD CVE-2026-23941 84d ago

CRITICAL

CVE-2026-3611 (CVSS 10) — The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentica...

NVD CVE-2026-3611 85d ago

CRITICAL

CVE-2025-13462 (CVSS 9.8) — The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even whil...

NVD CVE-2025-13462 85d ago

CRITICAL

CVE-2026-1524 (CVSS 0) — An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can ...

NVD CVE-2026-1524 86d ago

CRITICAL

CVE-2026-2743 (CVSS 9.8) — Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interfa...

NVD CVE-2026-2743 92d ago

CRITICAL

CVE-2026-24352 (CVSS 9.8) — PluXml CMS allows a user's session identifier to be set before authentication. The value of this ses...

NVD CVE-2026-24352 98d ago

CRITICAL

CVE-2026-26980 (CVSS 9.4) — Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a...

NVD CVE-2026-26980 +2 106d ago

INFO

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

BleepingComputer 12d ago

INFO

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

The Hacker News 11d ago

CRITICAL

CVE-2026-23112 (CVSS 9.8) — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in...

NVD CVE-2026-23112 112d ago

CRITICAL

CVE-2026-22189 (CVSS 9.8) — The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer...

NVD CVE-2026-22189 149d ago

CRITICAL

CVE-2025-9588 (CVSS 10) — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi...

NVD CVE-2025-9588 255d ago

CRITICAL

CVE-2025-34186 (CVSS 9.8) — Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mecha...

NVD CVE-2025-34186 262d ago

CRITICAL

CVE-2025-34523 (CVSS 9.8) — A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of A...

NVD CVE-2025-34523CVE-2025-34522 282d ago

CRITICAL

CVE-2012-10060 (CVSS 9.8) — Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. ...

NVD CVE-2012-10060 296d ago

CRITICAL

CVE-2025-1782 (CVSS 9.9) — In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitize...

NVD CVE-2025-1782 417d ago

CRITICAL

CVE-2024-10534 (CVSS 9.8) — Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (...

NVD CVE-2024-10534 567d ago

CRITICAL

CVE-2024-10035 (CVSS 9.8) — Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elemen...

NVD CVE-2024-10035 578d ago

CRITICAL

CVE-2024-8643 (CVSS 9.8) — Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking. T...

NVD CVE-2024-8643 616d ago

CRITICAL

CVE-2024-8607 (CVSS 9.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...

NVD CVE-2024-8607 616d ago

CRITICAL

CVE-2024-7108 (CVSS 9.8) — Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Acce...

NVD CVE-2024-7108 617d ago

CRITICAL

CVE-2024-7104 (CVSS 9.8) — Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure...

NVD CVE-2024-7104 627d ago

CRITICAL

CVE-2024-7098 (CVSS 9.8) — Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure all...

NVD CVE-2024-7098 627d ago

CRITICAL

CVE-2024-6401 (CVSS 9.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...

NVD CVE-2024-6401 627d ago

CRITICAL

CVE-2024-6656 (CVSS 9.8) — Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sen...

NVD CVE-2024-6656 630d ago

CRITICAL

CVE-2024-7015 (CVSS 9.8) — Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting Pa...

NVD CVE-2024-7015 634d ago

CRITICAL

CVE-2024-45159 (CVSS 9.8) — An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional a...

NVD CVE-2024-45159 638d ago

CRITICAL

CVE-2024-7078 (CVSS 9.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...

NVD CVE-2024-7078 639d ago

CRITICAL

CVE-2024-7076 (CVSS 9.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...

NVD CVE-2024-7076 639d ago

CRITICAL

CVE-2024-4259 (CVSS 9.8) — Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding ...

NVD CVE-2024-4259 640d ago

CRITICAL

CVE-2024-6919 (CVSS 9.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...

NVD CVE-2024-6919 641d ago

CRITICAL

CVE-2024-4428 (CVSS 9.8) — Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Informa...

NVD CVE-2024-4428 645d ago

CRITICAL

CVE-2024-7071 (CVSS 9.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQ...

NVD CVE-2024-7071 647d ago

CRITICAL

CVE-2024-7593 (CVSS 9.8) — Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or ...

NVD CVE-2024-7593 661d ago

Prev Page 5 / 7 Next

CRITICAL NVD Fri, 20 Feb 2026 02:16:54 UTC

CVE-2026-26980 (CVSS 9.4) — Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a...

https://nvd.nist.gov/vuln/detail/CVE-2026-26980

TL;DR

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

CVE-2026-26980

Read full story ↗