News & Sicurezza

February 2026 Patch Tuesday: Six Zero-Days Among 59 CVEs Patched Microsoft has addressed 59 vulnerabilities in its February 2026 security update release. These include six actively exploited vulnerabilities, three of which were publicly known, and five Critical vul ... Read more Published Date: Feb 11, 2026 (14 hours, 9 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23655 CVE-2026-21533 CVE-2026-21525 CVE-2026-21522 CVE-2026-21519 CVE-2026-21514 CVE-2026-21513 CVE-2026-21510 CVE-2026-24302 CVE-2026-24300 CVE-2026-21532

Microsoft dicht zes aangevallen lekken in Word, Windows en Internet Explorer Tijdens de patchdinsdag van februari heeft Microsoft updates uitgebracht voor zes actief aangevallen kwetsbaarheden in Word, Windows en Internet Explorer. Aanvallen vonden plaats voordat de patches be ... Read more Published Date: Feb 11, 2026 (14 hours, 14 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21533 CVE-2026-21525 CVE-2026-21519 CVE-2026-21514 CVE-2026-21513 CVE-2026-21510

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2025-10913 Published : Feb. 11, 2026, 8:16 a.m. | 2 hours, 8 minutes ago Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-10912 Published : Feb. 11, 2026, 8:16 a.m. | 2 hours, 8 minutes ago Description : Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication Windows Shell Security Feature 0-Day Vulnerability Microsoft released Microsoft Patch Tuesday updates to address a critical zero-day vulnerability in Windows Shell that is currently being actively exp ... Read more Published Date: Feb 11, 2026 (15 hours, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21533 CVE-2026-21510

Microsoft Patch Tuesday February Update Flags Exchange and Azure Vulnerabilities as High-Priority Risks Microsoft Patch Tuesday February 2026 addressed 54 vulnerabilities including six zero-days across Windows, Office, Azure services, Exchange Server, and developer tools. The latest patch update, rollou ... Read more Published Date: Feb 11, 2026 (16 hours, 15 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23655 CVE-2026-21537 CVE-2026-21533 CVE-2026-21531 CVE-2026-21529 CVE-2026-21528 CVE-2026-21527 CVE-2026-21525 CVE-2026-21522 CVE-2026-21519 CVE-2026-21518 CVE-2026-21514 CVE-2026-21513 CVE-2026-21512 CVE-2026-21510 CVE-2026-21258 CVE-2026-21257 CVE-2026-21256 CVE-2026-21255 CVE-2026-21249 CVE-2026-21232 CVE-2026-21231 CVE-2026-21222 CVE-2026-21218 CVE-2026-20846 CVE-2026-20841 CVE-2026-24302 CVE-2026-24300 CVE-2026-21532 CVE-2026-0391 CVE-2026-1861 CVE-2026-22778 CVE-2026-21509 CVE-2025-21537 CVE-2025-21529 CVE-2025-21518 CVE-2025-21218 CVE-2024-21531 CVE-2023-2804 CVE-2023-28461 CVE-2022-21522 CVE-2021-20846 CVE-2021-21231

Trellix SecondSight identifies subtle indicators of an active breach Trellix announced Trellix SecondSight, a threat hunting service designed to proactively identify low-noise advanced threats often undetected, reducing organizational risk for Trellix customers. “Threa ... Read more Published Date: Feb 11, 2026 (16 hours, 36 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

CVE ID : CVE-2026-1357 Published : Feb. 11, 2026, 6:15 a.m. | 4 hours, 8 minutes ago Description : The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2026-1235 Published : Feb. 11, 2026, 6:15 a.m. | 2 hours, 8 minutes ago Description : The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-15400 Published : Feb. 11, 2026, 6:15 a.m. | 2 hours, 8 minutes ago Description : The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...