News & Sicurezza

CVE ID : CVE-2026-1357 Published : Feb. 11, 2026, 6:15 a.m. | 4 hours, 8 minutes ago Description : The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-1235 Published : Feb. 11, 2026, 6:15 a.m. | 2 hours, 8 minutes ago Description : The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-15400 Published : Feb. 11, 2026, 6:15 a.m. | 2 hours, 8 minutes ago Description : The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

GitLab Patches Multiple Vulnerabilities That Enables DoS and Cross-site Scripting Attacks GitLab Patches Vulnerabilities A critical security update has been released for both the Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patch ... Read more Published Date: Feb 11, 2026 (11 hours, 9 minutes ago) Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2026-26079 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. Severity: 4.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-26039 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-26044 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-26040 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-26038 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-26036 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-26037 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-26041 Published : Feb. 11, 2026, 5:16 a.m. | 3 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...