Vulnerability Summary for the Week of April 13, 2026

Vulnerability Summary for the Week of April 13, 2026

Released Apr 20, 2026 Document ID SB26-110 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High: vulnerabilities with a CVSS base score of 7.0–10.0
• Medium: vulnerabilities with a CVSS base score of 4.0–6.9
• Low: vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

Vulnerability Severity:

High Vulnerabilities

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| Grafana--Pyroscope | Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the Pyroscope API. To exploit this vulnerability, an attacker needs direct access to the Pyroscope API. We highly recommend limiting the public internet exposure of all our databases, such that they are only accessible by trusted users or internal systems. This vulnerability is fixed in versions: 1.15.x: 1.15.2 and above. 1.16.x: 1.16.1 and above. 1.17.x: 1.17.0 and above (i.e. all versions). Thanks to Théo Cusnir for reporting this vulnerability to us via our bug bounty program. | 2026-04-15 | 9.1 | CVE-2025-41118 | https://grafana.com/security/security-advisories/cve-2025-41118 |
| n/a--Grocery Store Management System v1.0 | Improper input handling in /Grocery/searchproductsitname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitemname POST parameter. | 2026-04-14 | 9.8 | CVE-2025-63939 | https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-63939 |
| n/a--manikandan580 School-management-system v1.0 | In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter. | 2026-04-14 | 9.8 | CVE-2025-65135 | https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-65135 |
| Owen--WebStack | The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2026-04-15 | 9.8 | CVE-2026-1555 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b97805de-1b47-4c9f-baae-2e37c1b78570?source=cve
https://github.com/owen0o0/WebStack/blob/master/inc/ajax.php#L5
https://github.com/owen0o0/WebStack/tree/master |
| Cisco--Cisco Identity Services Engine Software | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored. | 2026-04-15 | 9.9 | CVE-2026-20147 | cisco-sa-ise-rce-traversal-8bYndVrZ |
| Cisco--Cisco Identity Services Engine Software | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored. | 2026-04-15 | 9.9 | CVE-2026-20180 | cisco-sa-ise-rce-4fverepv |
| Cisco--Cisco Webex Meetings | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services. | 2026-04-15 | 9.8 | CVE-2026-20184 | cisco-sa-webex-cui-cert-8jSZYhWL |
| Cisco--Cisco Identity Services Engine Software | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored. | 2026-04-15 | 9.9 | CVE-2026-20186 | cisco-sa-ise-rce-4fverepv |
| Ubiquiti Inc--UniFi Play PowerAmp | A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later | 2026-04-13 | 9.8 | CVE-2026-22562 | https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83 |
| Ubiquiti Inc--UniFi Play PowerAmp | A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later | 2026-04-13 | 9.8 | CVE-2026-22563 | https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83 |
| Ubiquiti Inc--UniFi Play PowerAmp | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later | 2026-04-13 | 9.8 | CVE-2026-22564 | https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83 |
| Festo--MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD | In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability. | 2026-04-16 | 8.8 | CVE-2023-3634 | https://certvde.com/de/advisories/VDE-2023-020/
https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2023/fsa-202304.json |
| shahinurislam--Career Section | The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the 'appformoptionspagehtml' function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-04-16 | 8.8 | CVE-2025-14868 | https://www.wordfence.com/threat-intel/vulnerabilities/id/84936b68-923a-4da1-ae67-1d63d025342e?source=cve
https://plugins.trac.wordpress.org/changeset/3474216/career-section |
| Nozomi Networks--Guardian | An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability. | 2026-04-15 | 8.1 | CVE-2025-40897 | https://security.nozominetworks.com/NN-2026:1-01 |
| Nozomi Networks--Guardian | A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the Assets or Nodes pages, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information. | 2026-04-15 | 8.9 | CVE-2025-40899 | https://security.nozominetworks.com/NN-2026:2-01 |
| livemesh--Livemesh Addons by Elementor | The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the `laegettemplatepart()function, which uses an inadequatestrreplace()approach that can be bypassed using recursive directory traversal patterns. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the attacker to include and execute local files via the widget's template parameter granted they can trick an administrator into performing an action or install Elementor. | 2026-04-16 | 8.8 | [CVE-2026-1620](https://www.cve.org/CVERecord?id=CVE-2026-1620) | [https://www.wordfence.com/threat-intel/vulnerabilities/id/2483875a-84de-4a40-a69e-aee68da1ce3b?source=cve](https://www.wordfence.com/threat-intel/vulnerabilities/id/2483875a-84de-4a40-a69e-aee68da1ce3b?source=cve)
[https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L669](https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L669)
[https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L669](https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L669)
[https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L671](https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L671)
[https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L671](https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L671) |
| Cloud Foundry--UUA | Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor encrypted. This issue affects UUA from v77.30.0 to v78.7.0 (inclusive) and it affects CF Deployment from v48.7.0 to v54.14.0 (inclusive). | 2026-04-16 | 8.6 | [CVE-2026-22734](https://www.cve.org/CVERecord?id=CVE-2026-22734) | [https://www.cloudfoundry.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/](https://www.cloudfoundry.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/) |
| WSO2--WSO2 API Manager | The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources. | 2026-04-16 | 7.5 | [CVE-2024-2374](https://www.cve.org/CVERecord?id=CVE-2024-2374) | [https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3255/](https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3255/) |
| Bosch--BVMS | Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface. | 2026-04-15 | 7.5 | [CVE-2024-33618](https://www.cve.org/CVERecord?id=CVE-2024-33618) | [https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html](https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html) |
| Dell--PowerProtect Data Domain BoostFS | Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account. | 2026-04-17 | 7.8 | [CVE-2025-36568](https://www.cve.org/CVERecord?id=CVE-2025-36568) | [https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities](https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities) |
| WC Lovers--WCFM Marketplace | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1. | 2026-04-15 | 7.6 | [CVE-2025-63029](https://www.cve.org/CVERecord?id=CVE-2025-63029) | [https://patchstack.com/database/wordpress/plugin/wc-multivendor-marketplace/vulnerability/wordpress-wcfm-marketplace-plugin-3-7-1-sql-injection-vulnerability?_s_id=cve](https://patchstack.com/database/wordpress/plugin/wc-multivendor-marketplace/vulnerability/wordpress-wcfm-marketplace-plugin-3-7-1-sql-injection-vulnerability?_s_id=cve) |
| FirebirdSQL--firebird | Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher. | 2026-04-17 | 7.9 | [CVE-2025-65104](https://www.cve.org/CVERecord?id=CVE-2025-65104) | [https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg](https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg)
[https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0](https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0) |
| Lenovo--Diagnostics | During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges. | 2026-04-15 | 7.1 | [CVE-2026-0827](https://www.cve.org/CVERecord?id=CVE-2026-0827) | [https://support.lenovo.com/us/en/product_security/LEN-210693](https://support.lenovo.com/us/en/product_security/LEN-210693) |
| Splunk--Splunk Enterprise | In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold theadminorpowerSplunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the$SPLUNKHOME/var/run/splunk/apptempdirectory due to improper handling and insufficient isolation of temporary files within theapptempdirectory. | 2026-04-15 | 7.1 | [CVE-2026-20204](https://www.cve.org/CVERecord?id=CVE-2026-20204) | [https://advisory.splunk.com/advisories/SVD-2026-0403](https://advisory.splunk.com/advisories/SVD-2026-0403) |
| Splunk--Splunk MCP Server | In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunkinternalindex or possesses the high-privilege capabilitymcptooladmincould view users session and authorization tokens in clear text.The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Connecting to MCP Server and Admin settings](https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-platform/connecting-to-mcp-server-and-admin-settings) in the Splunk documentation for more information. | 2026-04-15 | 7.2 | [CVE-2026-20205](https://www.cve.org/CVERecord?id=CVE-2026-20205) | [https://advisory.splunk.com/advisories/SVD-2026-0407](https://advisory.splunk.com/advisories/SVD-2026-0407) |
| Microsoft--Windows 10 Version 1809 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | 2026-04-14 | 7.8 | [CVE-2026-20930](https://www.cve.org/CVERecord?id=CVE-2026-20930) | [Windows Management Services Elevation of Privilege Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20930) |
| Ubiquiti Inc--UniFi Play PowerAmp | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later | 2026-04-13 | 7.5 | [CVE-2026-22566](https://www.cve.org/CVERecord?id=CVE-2026-22566) | [https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83](https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83) |
| Eaton--IPP software | Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center. | 2026-04-16 | 7.8 | [CVE-2026-22619](https://www.cve.org/CVERecord?id=CVE-2026-22619) | [https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf) |
| easyappointments--Easy Appointments | The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the/wp-json/wp/v2/eablocks/eaappointments/REST API endpoint. This is due to the endpoint being registered with'permissioncallback' => 'returntrue'`, which allows access without any authentication or authorization checks. This makes it possible for unauthenticated attackers to extract sensitive customer appointment data including full names, email addresses, phone numbers, IP addresses, appointment descriptions, and pricing information. | 2026-04-17 | 7.5 | CVE-2026-2262 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e681aa8e-522e-4092-aa1f-8ada3097c8d6?source=cve
https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L190
https://plugins.trac.wordpress.org/browser/easy-appointments/trunk/ea-blocks/ea-blocks.php#L190
https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L141
https://plugins.trac.wordpress.org/changeset/3485692/easy-appointments/trunk/ea-blocks/ea-blocks.php
https://plugins.trac.wordpress.org/changeset?oldpath=%2Feasy-appointments/tags/3.12.21&newpath=%2Feasy-appointments/tags/3.12.22 |
| Barracuda Networks--RMM | Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker-controlled files in this directory, which are then executed under the NT AUTHORITY\SYSTEM account during routine automation cycles, typically succeeding within the next execution cycle. | 2026-04-15 | 7.8 | CVE-2026-22676 | https://download.mw-rmm.barracudamsp.com/PDF/2025.2.2/RNBRMM2025.2.2_EN.pdf
https://www.vulncheck.com/advisories/barracuda-rmm-privilege-escalation-via-insecure-directory-permissions |
| Fortinet--FortiAnalyzer Cloud | A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation | 2026-04-14 | 7.3 | CVE-2026-22828 | https://fortiguard.fortinet.com/psirt/FG-IR-26-121 |
| Eclipse Foundation--Eclipse Jetty | In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error. POST / HTTP/1.1 Host: localhost Transfer-Encoding: chunked 1;ext="val X 0 GET /smuggled HTTP/1.1 ... Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request. | 2026-04-14 | 7.4 | CVE-2026-2332 | https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf
https://gitlab.eclipse.org/security/cve-assignment/-/issues/89 |

Medium Vulnerabilities

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| WSO2--WSO2 API Manager | The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an attacker to redirect the user's browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking. | 2026-04-16 | 6.1 | CVE-2024-10242 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3741/ |
| WSO2--WSO2 Identity Server | Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire. | 2026-04-16 | 6 | CVE-2025-12624 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/ |
| flippercode--WP Maps Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters | The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-04-16 | 6.4 | CVE-2025-13364 | https://www.wordfence.com/threat-intel/vulnerabilities/id/91d6cf21-cb65-40cb-ad19-5a8e7179fd98?source=cve
https://plugins.trac.wordpress.org/changeset?oldpath=wp-google-map-plugin/tags/4.8.7/wp-google-map-plugin.php&newpath=wp-google-map-plugin/tags/4.8.8/wp-google-map-plugin.php |
| DesigningMedia--Eleganzo | The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akdrequiredplugincallback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary directories on the server, including the WordPress root directory. | 2026-04-14 | 6.5 | CVE-2025-15470 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7c5d7818-e548-4d8f-b847-396d528b58cd?source=cve
https://testwp.local/wp-content/themes/eleganzo/welcome.php#L96 |
| Emarket-design--YouTube Showcase | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube Showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through 3.5.1. | 2026-04-15 | 6.5 | CVE-2025-15636 | https://patchstack.com/database/wordpress/plugin/youtube-showcase/vulnerability/wordpress-youtube-showcase-plugin-3-5-1-cross-site-scripting-xss-vulnerability?sid=cve |
| HCLSoftware--Velocity | Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.  This vulnerability is fixed in 5.1.7. | 2026-04-13 | 6.8 | CVE-2025-31991 | https://support.hcl-software.com/csm?id=kbarticle&sysparmarticle=KB0130138 |
| ABB--AC800M (System 800xA) | A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation.  The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.     This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A0, A1, A2.003, A3.005, A4.001, B0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3. | 2026-04-13 | 6.5 | CVE-2025-3756 | https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125&LanguageCode=en&DocumentPartId=&Action=Launch |
| Dell--PowerScale OneFS | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 2026-04-16 | 6.6 | CVE-2025-43937 | https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities |
| Dell--PowerProtect Data Domain | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | 2026-04-17 | 6.2 | CVE-2025-46605 | https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| Dell--PowerProtect Data Domain | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | 2026-04-17 | 6.2 | CVE-2025-46606 | https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| Dell--PowerProtect Data Domain | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | 2026-04-17 | 6.6 | CVE-2025-46607 | https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| Dell--PowerProtect Data Domain | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | 2026-04-17 | 6.6 | CVE-2025-46641 | https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| Fortinet--FortiOS | A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets. | 2026-04-14 | 6.2 | CVE-2025-53847 | https://fortiguard.fortinet.com/psirt/FG-IR-26-125 |
| WSO2--WSO2 API Manager | The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious website, manipulation of the web page's user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies. | 2026-04-16 | 6.1 | CVE-2025-6024 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/ |
| Fortinet--FortiManager | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API | 2026-04-14 | 6.8 | CVE-2025-61848 | https://fortiguard.fortinet.com/psirt/FG-IR-26-111 |
| leaflet[.]com--Leaflet 1.9.4 | Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes (e.g., ). When a victim views an affected map popup, the malicious script executes in the context of the victim's browser session. | 2026-04-14 | 6.1 | CVE-2025-69993 | http://leaflet.com
https://github.com/PierfrancescoConti/leaflet-cve-2025-69993/blob/main/ADVISORY.md |
| Microsoft--Windows 10 Version 1607 | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | 2026-04-14 | 6.7 | CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability |
| SAPSE--SAP Supplier Relationship Management (SICF Handler in SRM Catalog) | Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected. | 2026-04-14 | 6.1 | CVE-2026-0512 | https://me.sap.com/notes/3645228
https://url.sap/sapsecuritypatchday |
| turn2honey--EMC Easily Embed Calendly Scheduling | The EMC - Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-04-19 | 6.4 | CVE-2026-0868 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d5653ebe-7145-4b1c-94f8-ca87ed0dc4f5?source=cve
https://plugins.trac.wordpress.org/changeset/3466576/embed-calendly-scheduling |
| vanderwijk--Content Blocks (Custom Post Widget) | The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contentblock shortcode in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied values consumed from user-created content blocks. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-04-18 | 6.4 | CVE-2026-0894 | https://www.wordfence.com/threat-intel/vulnerabilities/id/246dee15-82e0-4630-8d95-d2419e9eaef8?source=cve
https://plugins.trac.wordpress.org/changeset/3447914/custom-post-widget |
| youzify--Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-04-18 | 6.4 | CVE-2026-1559 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd69711-8303-4086-87c3-eb2935a89aff?source=cve
https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/wall/class-youzify-form.php#L506
https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/wall/class-youzify-form.php#L506
https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-wall.php#L109
https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/class-youzify-wall.php#L109
https://plugins.trac.wordpress.org/changeset/3483281/youzify/trunk/includes/public/core/wall/class-youzify-form.php
https://plugins.trac.wordpress.org/changeset?oldpath=%2Fyouzify/tags/1.3.6&newpath=%2Fyouzify/tags/1.3.7 |
| livemesh--Livemesh Addons by Elementor | The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler lae_admin_ajax() and insufficient output escaping on multiple checkbox settings fields. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in the plugin settings page that will execute whenever an administrator accesses the plugin settings page granted they can obtain a valid nonce, which can be leaked via the plugin's improper access control on settings pages. | 2026-04-16 | 6.4 | CVE-2026-1572 | https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9bf5a-19ac-4e99-b32d-1ab681356a1b?source=cve
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#L28
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#L64
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/admin-ajax.php#L64
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/admin-ajax.php#L28
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/plugin.php#L207
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/plugin.php#L207
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/views/settings.php#L707
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/views/settings.php#L707 |
| surbma--Surbma | Booking.com Shortcode | The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-04-14 | 6.4 | CVE-2026-1607 | https://www.wordfence.com/threat-intel/vulnerabilities/id/01280afb-4745-4f36-823e-ed794bb3353a?source=cve
https://plugins.trac.wordpress.org/browser/surbma-bookingcom-shortcode/tags/2.0/surbma-bookingcom-shortcode.php#L34 |
| Lenovo--Service Bridge | A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges. | 2026-04-15 | 6.7 | CVE-2026-1636 | https://support.lenovo.com/us/en/product_security/LEN-211071 |
| prasunsen--Hostel | The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-04-18 | 6.1 | CVE-2026-1838 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9da491-771a-4100-b41a-7411981dd34b?source=cve
https://plugins.trac.wordpress.org/browser/hostel/trunk/hostel.php#L44
https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/hostel.php#L44
https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/ajax.php#L28
https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/ajax.php#L28
https://plugins.trac.wordpress.org/browser/hostel/trunk/views/partial/rooms-table.html.php#L29
https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/views/partial/rooms-table.html.php#L29
https://plugins.trac.wordpress.org/changeset/3478265/hostel/trunk/hostel.php
https://plugins.trac.wordpress.org/changeset?oldpath=%2Fhostel/tags/1.1.6&newpath=%2Fhostel/tags/1.1.7 |
| woobeewoo--Product Pricing Table by WooBeWoo | The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel() and remove() functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages or delete pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-04-15 | 6.1 | CVE-2026-1852 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a3b459e0-4bd9-443e-96e4-91663a35c26e?source=cve
https://github.com/wpcodefactory/woo-product-pricing-tables/releases/tag/v1.1.1 |
| Cisco--Cisco Unity Connection | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2026-04-15 | 6.1 | CVE-2026-20059 | cisco-sa-unity-vulns-n2EJSbbw |
| Cisco--Cisco Unity Connection | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system. | 2026-04-15 | 6.5 | CVE-2026-20078 | cisco-sa-unity-file-download-RmKEVWPx |
| Cisco--Cisco Unity Connection | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system. | 2026-04-15 | 6.5 | CVE-2026-20081 | cisco-sa-unity-file-download-RmKEVWPx |
| Cisco--Cisco Identity Services Engine Software | A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system. | 2026-04-15 | 6 | CVE-2026-20136 | cisco-sa-ise-cmd-inj-5WSJcYJB |
| Cisco--Cisco Webex Contact Center | A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information. | 2026-04-15 | 6.1 | CVE-2026-20170 | cisco-sa-webexcc-xss-WEX5nUnA |
| Splunk--Splunk Enterprise | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `editusercould create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users. | 2026-04-15 | 6.6 | [CVE-2026-20202](https://www.cve.org/CVERecord?id=CVE-2026-20202) | [https://advisory.splunk.com/advisories/SVD-2026-0401](https://advisory.splunk.com/advisories/SVD-2026-0401) |
| Samsung Mobile--Samsung Mobile Devices | Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions. | 2026-04-13 | 6.6 | [CVE-2026-21010](https://www.cve.org/CVERecord?id=CVE-2026-21010) | [https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04](https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04) |
| Adobe--Adobe Connect | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. | 2026-04-14 | 6.1 | [CVE-2026-21331](https://www.cve.org/CVERecord?id=CVE-2026-21331) | [https://helpx.adobe.com/security/products/connect/apsb26-37.html](https://helpx.adobe.com/security/products/connect/apsb26-37.html) |
| Fortinet--FortiSOAR on-premise | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via | 2026-04-14 | 6.2 | [CVE-2026-22155](https://www.cve.org/CVERecord?id=CVE-2026-22155) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-106](https://fortiguard.fortinet.com/psirt/FG-IR-26-106) |
| Fortinet--FortiSOAR on-premise | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions. | 2026-04-14 | 6.2 | [CVE-2026-22573](https://www.cve.org/CVERecord?id=CVE-2026-22573) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-116](https://fortiguard.fortinet.com/psirt/FG-IR-26-116) |
| Eaton--IPP Software | Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | 2026-04-16 | 6 | [CVE-2026-22615](https://www.cve.org/CVERecord?id=CVE-2026-22615) | [https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf) |
| Eaton--IPP Software | Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre. | 2026-04-16 | 6.5 | [CVE-2026-22616](https://www.cve.org/CVERecord?id=CVE-2026-22616) | [https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf) |
| Fortinet--FortiVoice | An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests | 2026-04-14 | 5.4 | [CVE-2024-23104](https://www.cve.org/CVERecord?id=CVE-2024-23104) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-124](https://fortiguard.fortinet.com/psirt/FG-IR-26-124) |
| WSO2--WSO2 API Manager | The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site scripting vulnerability, a malicious actor can cause the browser to redirect to a malicious website, make changes to the UI of the web page, or retrieve information from the browser. However, session hijacking is not possible as all session-related sensitive cookies are protected by the httpOnly flag. | 2026-04-16 | 5.4 | [CVE-2024-4867](https://www.cve.org/CVERecord?id=CVE-2024-4867) | [https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3391/](https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3391/) |
| cartasi--Nexi XPay | The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed. | 2026-04-14 | 5.3 | [CVE-2025-15565](https://www.cve.org/CVERecord?id=CVE-2025-15565) | [https://www.wordfence.com/threat-intel/vulnerabilities/id/f420151b-c783-49b1-b0e9-e936a904278a?source=cve](https://www.wordfence.com/threat-intel/vulnerabilities/id/f420151b-c783-49b1-b0e9-e936a904278a?source=cve)
[https://plugins.trac.wordpress.org/browser/cartasi-x-pay/tags/8.2.0/src/classes/Nexi/WC_Gateway_XPay_Process_Completion.php#L268](https://plugins.trac.wordpress.org/browser/cartasi-x-pay/tags/8.2.0/src/classes/Nexi/WC_Gateway_XPay_Process_Completion.php#L268) |
| Dell--Dell Pro 14 Essential PV14250 | Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access. | 2026-04-16 | 5.1 | [CVE-2025-36579](https://www.cve.org/CVERecord?id=CVE-2025-36579) | [https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153](https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153) |
| Fortinet--FortiOS | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands. | 2026-04-14 | 5.4 | [CVE-2025-61624](https://www.cve.org/CVERecord?id=CVE-2025-61624) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-122](https://fortiguard.fortinet.com/psirt/FG-IR-26-122) |
| Fortinet--FortiManager Cloud | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | 2026-04-14 | 5.4 | [CVE-2025-68649](https://www.cve.org/CVERecord?id=CVE-2025-68649) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-120](https://fortiguard.fortinet.com/psirt/FG-IR-26-120) |
| wpxpo--Post Grid Gutenberg Blocks for News, Magazines, Blog Websites PostX | The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCount_callback() function in all versions up to, and including, 5.0.5. This makes it possible for unauthenticated attackers to modify the share_count post meta for any post, including private or draft posts. | 2026-04-16 | 5.3 | [CVE-2026-0718](https://www.cve.org/CVERecord?id=CVE-2026-0718) | [https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b2cf3b-5d35-4ce6-9453-1538a6f7752f?source=cve](https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b2cf3b-5d35-4ce6-9453-1538a6f7752f?source=cve)
[https://plugins.trac.wordpress.org/changeset?old_path=/ultimate-post/tags/5.0.5/classes/Blocks.php&new_path=/ultimate-post/tags/5.0.6/classes/Blocks.php](https://plugins.trac.wordpress.org/changeset?old_path=/ultimate-post/tags/5.0.5/classes/Blocks.php&new_path=/ultimate-post/tags/5.0.6/classes/Blocks.php) |
| iberezansky--3D FlipBook PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | The 3D FlipBook - PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_json() function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticated attackers to retrieve flipbook page metadata for draft, private and password-protected flipbooks. | 2026-04-14 | 5.3 | [CVE-2026-1314](https://www.cve.org/CVERecord?id=CVE-2026-1314) | [https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e41753-2dbf-4afa-b61e-e617be2c4dc2?source=cve](https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e41753-2dbf-4afa-b61e-e617be2c4dc2?source=cve)
[https://plugins.trac.wordpress.org/changeset/3467608/](https://plugins.trac.wordpress.org/changeset/3467608/) |
| themefusion--Avada (Fusion) Builder | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin'soutputactionhook()function accepting user-controlled input to trigger any registered WordPress action hook without proper authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary WordPress action hooks via the Dynamic Data feature, potentially leading to privilege escalation, file inclusion, denial of service, or other security impacts depending on which action hooks are available in the WordPress installation. | 2026-04-15 | 5.4 | [CVE-2026-1509](https://www.cve.org/CVERecord?id=CVE-2026-1509) | [https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc57b06-bae9-49a3-84dd-f593705330e9?source=cve](https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc57b06-bae9-49a3-84dd-f593705330e9?source=cve)
[https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226](https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226)
[https://avada.com/documentation/avada-changelog/](https://avada.com/documentation/avada-changelog/) |
| Wpmet--MetForm Pro | The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations (Stripe/PayPal) trusting a user-submitted calculation field value without recomputing or validating it against the configured form price. This makes it possible for unauthenticated attackers to manipulate the payment amount via the 'mf-calculation' field in the form submission REST request granted there exists a specific form with this particular configuration. | 2026-04-15 | 5.3 | [CVE-2026-1782](https://www.cve.org/CVERecord?id=CVE-2026-1782) | [https://www.wordfence.com/threat-intel/vulnerabilities/id/a49dd64b-6ae8-49ed-9e8a-e5b73c2acf4b?source=cve](https://www.wordfence.com/threat-intel/vulnerabilities/id/a49dd64b-6ae8-49ed-9e8a-e5b73c2acf4b?source=cve)
[https://wpmet.com/plugin/metform/](https://wpmet.com/plugin/metform/) |
| Cisco--Cisco Secure Web Appliance | A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device. | 2026-04-15 | 5.3 | [CVE-2026-20152](https://www.cve.org/CVERecord?id=CVE-2026-20152) | [cisco-sa-wsa-auth-bypass-6YZkTQhd](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd) |
| Cisco--Cisco ThousandEyes Enterprise Agent | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device. | 2026-04-15 | 5.5 | [CVE-2026-20161](https://www.cve.org/CVERecord?id=CVE-2026-20161) | [cisco-sa-te-agentfilewrite-tqUw3SMU](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU) |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. | 2026-04-14 | 5.5 | [CVE-2026-20806](https://www.cve.org/CVERecord?id=CVE-2026-20806) | [Windows COM Server Information Disclosure Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20806) |
| Grafana--Loki | The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this vulnerability. | 2026-04-15 | 5.3 | [CVE-2026-21726](https://www.cve.org/CVERecord?id=CVE-2026-21726) | [https://grafana.com/security/security-advisories/cve-2026-21726](https://grafana.com/security/security-advisories/cve-2026-21726) |
| Fortinet--FortiSOAR PaaS | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured | 2026-04-14 | 5.4 | [CVE-2026-21742](https://www.cve.org/CVERecord?id=CVE-2026-21742) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-106](https://fortiguard.fortinet.com/psirt/FG-IR-26-106) |
| Eaton--IPP Software | Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | 2026-04-16 | 5.7 | [CVE-2026-22617](https://www.cve.org/CVERecord?id=CVE-2026-22617) | [https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf) |
| Eaton--IPP software | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | 2026-04-16 | 5.9 | [CVE-2026-22618](https://www.cve.org/CVERecord?id=CVE-2026-22618) | [https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf) |
| Wago--Smart Designer | In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint. | 2026-04-16 | 4.3 | [CVE-2023-5872](https://www.cve.org/CVERecord?id=CVE-2023-5872) | [https://certvde.com/de/advisories/VDE-2023-045](https://certvde.com/de/advisories/VDE-2023-045)
[https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json](https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json) |
| Vision--Helpdesk | Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. | 2026-04-16 | 4.3 | [CVE-2024-58343](https://www.cve.org/CVERecord?id=CVE-2024-58343) | [https://github.com/websec/Vision-Helpdesk-Exploit](https://github.com/websec/Vision-Helpdesk-Exploit)
[https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f](https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f) |
| Zaytech--Smart Online Order for Clover | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through 1.6.0. | 2026-04-15 | 4.3 | [CVE-2025-15635](https://www.cve.org/CVERecord?id=CVE-2025-15635) | [https://patchstack.com/database/wordpress/plugin/clover-online-orders/vulnerability/wordpress-smart-online-order-for-clover-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve](https://patchstack.com/database/wordpress/plugin/clover-online-orders/vulnerability/wordpress-smart-online-order-for-clover-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve) |
| Dell--PowerScale OneFS | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 2026-04-16 | 4.1 | [CVE-2025-43883](https://www.cve.org/CVERecord?id=CVE-2025-43883) | [https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities](https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities) |
| Dell--PowerScale OneFS | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | 2026-04-16 | 4.4 | [CVE-2025-43935](https://www.cve.org/CVERecord?id=CVE-2025-43935) | [https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities](https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities) |
| DeluxeThemes--Userpro | Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11. | 2026-04-15 | 4.3 | [CVE-2025-53444](https://www.cve.org/CVERecord?id=CVE-2025-53444) | [https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve](https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve) |
| Fortinet--FortiSOAR on-premise | A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests. | 2026-04-14 | 4.1 | [CVE-2025-59809](https://www.cve.org/CVERecord?id=CVE-2025-59809) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-103](https://fortiguard.fortinet.com/psirt/FG-IR-26-103) |
| Fortinet--FortiSandbox PaaS | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests. | 2026-04-14 | 4.9 | [CVE-2025-61886](https://www.cve.org/CVERecord?id=CVE-2025-61886) | [https://fortiguard.fortinet.com/psirt/FG-IR-26-109](https://fortiguard.fortinet.com/psirt/FG-IR-26-109) |
| themefusion--Avada (Fusion) Builder | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin'sfusiongetpostcustomfield()function failing to validate whether metadata keys are protected (underscore-prefixed). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract protected post metadata fields that should not be publicly accessible via the Dynamic Data feature'spostcustomfieldparameter. | 2026-04-15 | 4.3 | [CVE-2026-1541](https://www.cve.org/CVERecord?id=CVE-2026-1541) | [https://www.wordfence.com/threat-intel/vulnerabilities/id/f1f69f93-80e3-434d-98a6-fc8757b4e6d1?source=cve](https://www.wordfence.com/threat-intel/vulnerabilities/id/f1f69f93-80e3-434d-98a6-fc8757b4e6d1?source=cve)
[https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226](https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226) |
| Cisco--Cisco Unity Connection | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page. | 2026-04-15 | 4.7 | [CVE-2026-20060](https://www.cve.org/CVERecord?id=CVE-2026-20060) | [cisco-sa-unity-vulns-n2EJSbbw](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw) |
| Cisco--Cisco Unity Connection | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device. | 2026-04-15 | 4.3 | [CVE-2026-20061](https://www.cve.org/CVERecord?id=CVE-2026-20061) | [cisco-sa-unity-vulns-n2EJSbbw](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw) |
| Cisco--Cisco Identity Services Engine Software | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device. These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. | 2026-04-15 | 4.8 | [CVE-2026-20132](https://www.cve.org/CVERecord?id=CVE-2026-20132) | [cisco-sa-isexss-BS8ctE7U](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U) |
| Cisco--Cisco Identity Services Engine Software | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system. | 2026-04-15 | 4.9 | [CVE-2026-20148](https://www.cve.org/CVERecord?id=CVE-2026-20148) | [cisco-sa-ise-rce-traversal-8bYndVrZ](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ) |
| Splunk--Splunk Enterprise | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold theadminorpowerSplunk roles, has write permission on the app, and does not hold the high-privilege capabilityacceleratedatamodel`, could turn on or off Data Model Acceleration due to improper access control. | 2026-04-15 | 4.3 | CVE-2026-20203 | https://advisory.splunk.com/advisories/SVD-2026-0402 |
| Microsoft--Windows 10 Version 1607 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | 2026-04-14 | 4.6 | CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability |
| Microsoft--Microsoft SharePoint Enterprise Server 2016 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 2026-04-14 | 4.6 | CVE-2026-20945 | Microsoft SharePoint Server Spoofing Vulnerability |
| Fortinet--FortiSOAR PaaS | An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests. | 2026-04-14 | 4.4 | CVE-2026-22154 | https://fortiguard.fortinet.com/psirt/FG-IR-26-117 |
| Fortinet--FortiSOAR PaaS | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration. | 2026-04-14 | 4.1 | CVE-2026-22574 | https://fortiguard.fortinet.com/psirt/FG-IR-26-105 |
| Fortinet--FortiSOAR PaaS | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration. | 2026-04-14 | 4.1 | CVE-2026-22576 | https://fortiguard.fortinet.com/psirt/FG-IR-26-104 |
| octobercms--october | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (CMSSAFEMODE). Certain methods on the collect() helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Exploitation requires authenticated backend access with CMS template editing permissions and only affects installations with CMSSAFEMODE enabled (disabled by default). This issue has been fixed in versions 3.7.13 and 4.1.5. To workaround this issue, users can disable CMSSAFE_MODE if untrusted template editing is not required, and restrict CMS template editing permissions to fully trusted administrators only. | 2026-04-14 | 4.9 | CVE-2026-22692 | https://github.com/octobercms/october/security/advisories/GHSA-m5qg-jc75-4jp6 |

Low Vulnerabilities

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| WSO2--WSO2 API Manager | The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product. | 2026-04-16 | 3.5 | CVE-2024-8010 | https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/ |
| 1Panel-dev--MaxKB | A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.0 is recommended to address this issue. The name of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | 2026-04-13 | 3.5 | CVE-2025-15632 | VDB-356967 | 1Panel-dev MaxKB MdPreview chat.ts cross site scripting
VDB-356967 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #782265 | 1Panel-dev MaxKB <= v2.6.1 Stored XSS
https://github.com/AnalogyC0de/public_exp/issues/28
https://github.com/1Panel-dev/MaxKB/pull/4578
https://github.com/1Panel-dev/MaxKB/commit/7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.5.0
https://github.com/1Panel-dev/MaxKB/ |
| Siemens--Siemens Software Center | A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. | 2026-04-14 | 3.7 | CVE-2025-40745 | https://cert-portal.siemens.com/productcert/html/ssa-981622.html |
| Grafana--Grafana Correlations | --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector: "CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" fixedversions: - ">=11.6.11 >=12.0.9 >=12.1.6 >=12.2.4" --- A cross-tenant isolation vulnerability was found in Grafana's Correlations feature affecting legacy correlation records. Due to a backward compatibility condition allowing orgid = 0 records to be returned across organizations, a user with datasource management privileges could read and permanently delete legacy correlation data belonging to another organization. This issue affects correlations created prior to Grafana 10.2 and is fixed in >=11.6.11, >=12.0.9, >=12.1.6, and >=12.2.4. Thanks to Gyu-hyeok Lee (g2h) for reporting this vulnerability. | 2026-04-15 | 3.3 | CVE-2026-21727 | https://grafana.com/security/security-advisories/cve-2026-21727 |
| HCL--AION | HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure. | 2026-04-15 | 2.9 | CVE-2025-52641 | https://support.hcl-software.com/csm?id=kbarticle&sysparmarticle=KB0130007 |
| Fortinet--FortiNAC-F | An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file. | 2026-04-14 | 2.2 | CVE-2026-21741 | https://fortiguard.fortinet.com/psirt/FG-IR-26-118 |

Severity Not Yet Assigned

| Primary
Vendor -- Product | Description | Published | CVSS Score | Source Info | Patch Info |
| --- | --- | --- | --- | --- | --- |
| AMD--AMD EPYC 7003 Series Processors | Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity. | 2026-04-16 | not yet calculated | CVE-2023-20585 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3016.html |
| n/a--NietThijmen ShoppingCart 0.0.2 | Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field | 2026-04-15 | not yet calculated | CVE-2024-53412 | https://github.com/NietThijmen/ShoppingCart/issues/1
https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md |
| Grafana--Grafana Alerting | In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions "alert.notifications:write" or "alert.notifications.receivers:test" that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations. | 2026-04-15 | not yet calculated | CVE-2025-12141 | https://grafana.com/security/security-advisories/cve-2025-12141/ |
| MCPHub--MCPHub | MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges. | 2026-04-14 | not yet calculated | CVE-2025-13822 | https://github.com/samanhappy/mcphub
https://cert.pl/en/posts/2026/04/CVE-2025-13822 |
| Legion of the Bouncy Castle Inc.--BC-JAVA | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affects BC-JAVA: from 1.59 before 1.84. | 2026-04-15 | not yet calculated | CVE-2025-14813 | https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813
https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f
https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3 |
| Unknown--Form Maker by 10Web | The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts. | 2026-04-13 | not yet calculated | CVE-2025-15441 | https://wpscan.com/vulnerability/41f69b0a-4d17-4a6b-b803-ea1c370e3cc0/ |
| OpenText, Inc--RightFax | Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4. | 2026-04-15 | not yet calculated | CVE-2025-15610 | https://support.opentext.com/csm?id=otkbunauthenticated&sysparm_article=KB0861863 |
| Sparx Systems Pty Ltd.--Sparx Enterprise Architect | Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication | 2026-04-16 | not yet calculated | CVE-2025-15621 | https://sparxsystems.com/products/ea/17.1/history.html |
| Sparx Systems Pty Ltd.--Sparx Enterprise Architect | Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow. | 2026-04-17 | not yet calculated | CVE-2025-15622 | https://sparxsystems.com/products/ea/17.1/history.html |
| Sparx Systems Pty Ltd.--Sparx Pro Cloud Server | Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations | 2026-04-17 | not yet calculated | CVE-2025-15623 | https://sparxsystems.com/products/procloudserver/6.1/history.html |
| Sparx Systems Pty Ltd.--Sparx Pro Cloud Server | Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext. | 2026-04-17 | not yet calculated | CVE-2025-15624 | https://sparxsystems.com/products/procloudserver/6.1/history.html |
| Sparx Systems Pty Ltd.--Sparx Pro Cloud Server | Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | 2026-04-17 | not yet calculated | CVE-2025-15625 | https://sparxsystems.com/products/procloudserver/6.1/history.html |
| n/a--Phpgurukul Online Course | In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page. | 2026-04-13 | not yet calculated | CVE-2025-51414 | https://github.com/12T40910/CVE/issues/12
https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7 |
| AMD--AMD EPYC 9004 Series Processors | Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution. | 2026-04-16 | not yet calculated | CVE-2025-54502 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7054.html |
| AMD--AMD EPYC 9004 Series Processors | A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity. | 2026-04-16 | not yet calculated | CVE-2025-54510 | https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html |
| Apache Software Foundation--Apache Airflow | The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability. It does not affect Airflow release - exampledags are not supposed to be enabled in production environment, however users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of the example with improved resiliance for that case. Users who followed that pattern are advised to adjust their implementations accordingly. | 2026-04-15 | not yet calculated | CVE-2025-54550 | https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1
https://github.com/apache/airflow/pull/63200 |
| Openai[.]com-- Codex CLI v0.23.0 | A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately. | 2026-04-14 | not yet calculated | CVE-2025-61260 | http://openai.com
https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/ |
| Snipe-it[.]com--Snipe-IT asset management v8.3.0 | Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is executed whenever "Activity Report" or modified profile is viewed directly by any user with sufficient permissions. Successful exploitation of this issue requires that the profile's "Display Name" is not set. The vulnerability is fixed in v8.3.2. | 2026-04-13 | not yet calculated | CVE-2025-63743 | http://grokability.com
http://snipe-it.com
https://github.com/grokability/snipe-it/commit/b6d397bcca4e8a05176b782de769d7160058bfc4#diff-7fe056d76c09808dac923c4639161d587c3fff281a01122f3e10c4a781674a65
https://github.com/mikust/CVEs/tree/main/CVE-2025-63743 |
| n/a-- hotel-management-php version 1.0 | alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/editroom.php which allows an attacker to inject and execute arbitrary JavaScript via the roomid GET parameter. | 2026-04-14 | not yet calculated | CVE-2025-65132 | https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65132/README.md |
| n/a--School Management System v1.0 | A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information. | 2026-04-14 | not yet calculated | CVE-2025-65133 | https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md |
| n/a--School Management System v1.0 | In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter. | 2026-04-14 | not yet calculated | CVE-2025-65134 | https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md |
| n/a--School Management System v1.0 | In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter. | 2026-04-14 | not yet calculated | CVE-2025-65136 | https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65136/README.md |
| Apache Software Foundation--Apache Airflow | Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest different assumptions. The overall security model [1], workload isolation [2], and JWT authentication details [3] are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement [4]. [1] Security Model: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html [2] Workload isolation: https://airflow.apache.org/docs/apache-airflow/stable/security/workload.html [3] JWT Token authentication: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html [4] Airflow 3.2.0 Blog announcement: https://airflow.apache.org/blog/airflow-3.2.0/ Users are recommended to upgrade to version 3.2.0, which fixes this issue. | 2026-04-13 | not yet calculated | CVE-2025-66236 | https://github.com/apache/airflow/pull/58662
https://lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo |
| gonitro[.]com-- Nitro PDF Pro v14.41.1.4 | A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet. | 2026-04-13 | not yet calculated | CVE-2025-66769 | https://www.gonitro.com/
https://jeroscope.com/advisories/2025/jero-2025-015/ |
| nordicsemi[.]no--IronSide SE | Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. | 2026-04-15 | not yet calculated | CVE-2025-67841 | https://nordicsemi.no
https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf |
| gonitro[.]com-- Nitro PDF Pro v14.41.1.4 | Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, jsValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JSGetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. | 2026-04-13 | not yet calculated | CVE-2025-69624 | http://nitro.com |
| gonitro[.]com-- Nitro PDF Pro v14.41.1.4 | Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may process invalid or stale pointers. This can result in access violations and non-deterministic crashes. | 2026-04-13 | not yet calculated | CVE-2025-69627 | http://nitro.com
https://jeroscope.com/advisories/2025/jero-2025-016/ |
| trezor[.]com--Trezor One v1.13.0 | A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched. | 2026-04-14 | not yet calculated | CVE-2025-69893 | http://trezor.com
https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked |
| n/a-- transloadit uppy v0.25.6 | An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. | 2026-04-14 | not yet calculated | CVE-2025-70023 | https://github.com/transloadi
https://github.com/transloadit/uppy
https://gist.github.com/zcxlighthouse/27926a85371ac5d2291f44903254753e |
| Safetica Application suite-- STProcessMonitor 11.11.4.0 | STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. Unauthorized processes load the driver and send a crafted IOCTL request (0xB822200C) to terminate processes protected by a third-party implementation. This action exploits insufficient caller validation in the driver's IOCTL handler, allowing unauthorized processes to perform termination operations in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. | 2026-04-17 | not yet calculated | CVE-2025-70795 | https://bbs.kafan.cn/thread-2287429-1-1.html
https://bbs.kafan.cn/thread-2287429-2-1.html
https://www.virustotal.com/gui/file/70bcec00c215fe52779700f74e9bd669ff836f594df92381cbfb7ee0568e7a8b
https://www.virustotal.com/gui/file/9ace6a1e4bee5834be38b4c2fd26780d1fcc18ea9d58224e31d6382c19e53296
https://www.virustotal.com/gui/file/fc3588482f596a067b65d5d64d21fe62463b38a138fc87d8d2350efa86d34284
https://github.com/magicsword-io/LOLDrivers/commit/eea8326bf891d810902203e9ac5cfdeaf5a17a1c
https://github.com/magicsword-io/LOLDrivers/issues/268 |
| Vtiger[.]com-- Vtiger CRM 8.4.0 | Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s session. | 2026-04-13 | not yet calculated | CVE-2025-70936 | https://www.vtiger.com/open-source-crm/
https://www.simonjuguna.com/cve-2025-70936-reflected-xss-vulnerability-in-vtiger-crm-v8-4-0/ |
| Progress Software Corporation--OpenEdge | A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself.  The delegated authority of the AdminServer could allow its users the ability to read arbitrary files on the host system through the misuse of the setFile() and openFile() methods exposed through the RMI interface.  Misuse was limited only by OS-level authority of the AdminServer's elevated privileges granted and the user's access to these methods enabled through RMI.  The exploitable methods have been removed thus eliminating their access through RMI or downstream of the RMI registry. | 2026-04-14 | not yet calculated | CVE-2025-7389 | https://community.progress.com/s/article/Important-Arbitrary-File-Ready-Security-Update-for-OpenEdge-AdminServer |
| Progress Software Corporation--OpenEdge | The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications.  OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption. | 2026-04-14 | not yet calculated | CVE-2025-8095 | https://community.progress.com/s/article/Unintended-Use-of-OECH1-for-Password-Secrets-Protection |
| PureStorage--FlashBlade | A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. | 2026-04-14 | not yet calculated | CVE-2026-0207 | https://support.purestorage.com/bundle/msecuritybulletins/page/PureSecurity/topics/concept/csecurity_bulletins.html |
| PureStorage--FlashArray | Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. | 2026-04-14 | not yet calculated | CVE-2026-0209 | https://support.purestorage.com/bundle/msecuritybulletins/page/PureSecurity/topics/concept/csecurity_bulletins.html |
| Palo Alto Networks--Cortex XDR Agent | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection. | 2026-04-13 | not yet calculated | CVE-2026-0232 | https://security.paloaltonetworks.com/CVE-2026-0232 |
| Palo Alto Networks--Autonomous Digital Experience Manager | A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. | 2026-04-13 | not yet calculated | CVE-2026-0233 | https://security.paloaltonetworks.com/CVE-2026-0233 |
| Palo Alto Networks--Cortex XSOAR Microsoft Teams Marketplace | An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources. | 2026-04-13 | not yet calculated | CVE-2026-0234 | https://security.paloaltonetworks.com/CVE-2026-0234 |
| Legion of the Bouncy Castle Inc.--BC-JAVA | Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.84. | 2026-04-15 | not yet calculated | CVE-2026-0636 | https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636
https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde |
| keras-team--keras-team/keras | A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when `safemode=True. This bypasses the security guarantees ofsafemodeand enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in thefromconfig()` method. | 2026-04-13 | not yet calculated | CVE-2026-1462 | https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c
https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f |
| Pegasystems--Pega Infinity | Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role. | 2026-04-15 | not yet calculated | CVE-2026-1564 | https://support.pega.com/support-doc/pega-security-advisory-b26-vulnerability-remediation-note |
| Pegasystems--Pega Infinity | Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role. | 2026-04-15 | not yet calculated | CVE-2026-1711 | https://support.pega.com/support-doc/pega-security-advisory-d26-vulnerability-remediation-note |
| ASUS--DriverHub | An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. | 2026-04-16 | not yet calculated | CVE-2026-1880 | https://www.asus.com/security-advisory |
| Samsung Mobile--Samsung Mobile Devices | Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions. | 2026-04-13 | not yet calculated | CVE-2026-21003 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 |
| Samsung Mobile--Samsung Mobile Devices | Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents. | 2026-04-13 | not yet calculated | CVE-2026-21006 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 |
| Samsung Mobile--Samsung Mobile Devices | Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard. | 2026-04-13 | not yet calculated | CVE-2026-21007 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 |
| Samsung Mobile--Samsung Mobile Devices | Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information. | 2026-04-13 | not yet calculated | CVE-2026-21008 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 |
| Samsung Mobile--Samsung Mobile Devices | Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning. | 2026-04-13 | not yet calculated | CVE-2026-21009 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 |
| Samsung Mobile--Samsung Mobile Devices | Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock. | 2026-04-13 | not yet calculated | CVE-2026-21011 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 |
| Samsung Mobile--Samsung Mobile Devices | External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege. | 2026-04-13 | not yet calculated | CVE-2026-21012 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 |
| Samsung Mobile--Galaxy Wearable | Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information. | 2026-04-13 | not yet calculated | CVE-2026-21013 | https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=04 |
| Samsung Mobile--Samsung Camera | Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability. | 2026-04-13 | not yet calculated | CVE-2026-21014 | https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=04 |
| Veeam--Backup and Replication | A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement. | 2026-04-17 | not yet calculated | CVE-2026-21709 | https://www.veeam.com/kb4830
https://www.veeam.com/kb4831 |
| CubeCart Limited--CubeCart | An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command. | 2026-04-17 | not yet calculated | CVE-2026-21719 | https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405
https://jvn.jp/en/jp/JVN78422311/ |
| Imagination Technologies--Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections. | 2026-04-17 | not yet calculated | CVE-2026-21733 | https://www.imaginationtech.com/gpu-driver-vulnerabilities/ |
| Ubiquiti Inc--UniFi Play PowerAmp | An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later | 2026-04-13 | not yet calculated | CVE-2026-22565 | https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83 |
| Microchip--IStaX | A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03. | 2026-04-16 | not yet calculated | CVE-2026-2336 | https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/istax-privilege-escalation-via-weak-cookie-authentication |

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.