This is a multi-part message in MIME format.
------------=_69E671B3.45FEFFAF
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "git.synchro.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Cybersecurity and Infrastructure Security Agency (CISA) You
are subscribed to Vulnerability Bulletins for Cybersecurity and Infrastructure
Security Agency. This information has recently been updated and is now available.
Content analysis details: (4.4 points, 4.0 required)
pts rule name description
---- ---------------------- -------------------------------------------------- -0.0 NO_RECEIVED Informational: message has no Received headers
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
0.0 HTML_MESSAGE BODY: HTML included in message
-1.0 FROM_GOV_DKIM_AU From Government address and DKIM signed
3.0 URI_DOTCN_SPOOF .CN TLD for non-.CN visible URL - likely Chinese
phishing
2.5 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
-0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_69E671B3.45FEFFAF
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path: <
0101019dac2bf026-36ac8dbc-b172-4338-a360-851c2e6eff79-000000@us-west.messages.cisa.gov>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=rpjgs5kil5v2r6jymzuqpeeusbjzj4on; d=messages.cisa.gov;
t=1776710054;
h=Content-Type:MIME-Version:From:To:List-Unsubscribe-Post:List-Unsubscribe:Subject:Message-ID:Date;
bh=HQzCkAYUFI58rYXoOmRuLucakvqiUZIo4RC+2Q2EpR0=;
b=Tqo6ogg9ItMn/2FEYd+C8nE5rjnXkwW7CCaRGb84Wmco3UqSymOFHF41iLmR8giu
Q+XMR6PHVpTRBh+4lGW8GGwGDz/a+iKl+YoPj3bf4MAlkUZxb6z852LHFb0Cofqtevs
bZDnSxDSqV3VbnyzsswPtX8sxaAsXe1TydlMEyCUw9hWfLyTB93r7MzmhdewRO017CK
nXU4CxO9ZntsQHicXgNLef6P31NsRZyNFZwENO2042NjQ7/ki+vU2r5II1Zd+dDdCbS
32SFJHqLE9zEp2cqGba3qhr0MBvmW6DDiSBMqL5IP1efhKZ1POrr2NgQdVbDZ2Eqpbu
wj+uvdmEEA==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=sdwquzu2a4io5lomurvncbcrpryr42dn; d=messagingfabric.com;
t=1776710054;
h=Content-Type:MIME-Version:From:To:List-Unsubscribe-Post:List-Unsubscribe:Subject:Message-ID:Date:Feedback-ID;
bh=HQzCkAYUFI58rYXoOmRuLucakvqiUZIo4RC+2Q2EpR0=;
b=H1h2CB9XJynWaWu1zj5OJskzOr9+69yEPBBJ9sYAgfMx4QHMVzmNdaqqmVHN9WWy
SHQuWuR+KspanDjoQ+ofrjbaatnmo5JpmGQTjiqSzuIs2Jp6mp9PkMkcNZSclSOZN1s
ffNNxOemzhYzIZYmTd5aSipnHmDDesz4pxfy1X7s=
Content-Type: multipart/mixed; boundary="===============6153051594857359952==" MIME-Version: 1.0
From: CISA <
cisa@messages.cisa.gov>
To:
cisa@toolazy.synchro.net
X-Accountcode: USDHSCISA
List-Unsubscribe-Post: List-Unsubscribe=One-Click
open_flag: false
List-Unsubscribe: <
https://public.govdelivery.com/accounts/USDHSCISA/subscriber/one_click_unsubscribe?verification=5.75b5747deffb80dfcd68a1379a61b9a5&destination=cisa%40toolazy.synchro.net>
bulletin_total_email_recipient_count: 274603
process_send_event: true
Errors-To:
messages@messages.cisa.gov
bulletin_recipient_id: 290626569438
x-subscriber: 3.XPUsnSywBeFJcSiywrgDA+y/h0AcURLpcGeCksQaQutNLAzg7/w1sWS/7MUQV8ZZOGzQmnZE/w+GiwtMRE2YiLg/XfNUTSEVAtJSYHLUN+jdM9xJDOsS0rZMxNQ0BbpP1BC5oIdmUTqZSGoUNe5gFpiiYCf7o0wZ7/U/oNHHgJE=
subscriber_id: 3473808814
emailMessageID: 20260420.28441351::BP3
Subject: =?US-ASCII?Q?Vulnerability_Summary_for_the_Week_of_April_13,_2026?= Message-ID: <
0101019dac2bf026-36ac8dbc-b172-4338-a360-851c2e6eff79-000000@us-west-2.messagingfabric.com>
Date: Mon, 20 Apr 2026 18:34:13 +0000
Feedback-ID: ::1.us-west-2.p6s0dOSD/Bh2d1AskdlzeN80W4aso1ZElT3TVYD5Rrc=:AmazonSES
X-SES-Outgoing: 2026.04.20-66.179.16.142
--===============6153051594857359952==
Content-Type: multipart/alternative; boundary="===============3904973969769106710=="
MIME-Version: 1.0
--===============3904973969769106710==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Cybersecurity and Infrastructure Security Agency (CISA)
You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrast= ructure Security Agency. This information has recently been updated and is = now available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities t= hat have been recorded in the past week. In some cases, the vulnerabilities=
in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the=C2=A0Common Vulnerabilities and Exposures =
[
https://www.cve.org/ ]=C2=A0(CVE) vulnerability naming standard and are o= rganized according to severity, determined by the=C2=A0Common Vulnerability=
Scoring System [
https://www.cve.org/about/relatedefforts ]=C2=A0(CVSS) st= andard. The division of high, medium, and low severities correspond to the = following scores:
* *High*: vulnerabilities with a CVSS base score of 7.0=E2=80=9310.0=20
* *Medium*: vulnerabilities with a CVSS base score of 4.0=E2=80=936.9=20
* *Low*: vulnerabilities with a CVSS base score of 0.0=E2=80=933.9=20
Entries may include additional information provided by organizations and ef= forts sponsored by CISA. This information may include identifying informati= on, values, definitions, and related links. Patch information is provided w= hen available. Please note that some of the information in the bulletin is = compiled from external, open-source reports and is not a direct result of C= ISA analysis.
Vulnerability Summary for the Week of April 13, 2026 [
https://www.cisa.gov= /news-events/bulletins/sb26-110 ] 04/20/2026 2:00 PM EDT=20
High Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info G= rafana--Pyroscope Pyroscope is an open-source continuous profiling database=
. The database supports various storage backends, including Tencent Cloud O= bject Storage (COS). If the database is configured to use Tencent COS as th=
e storage backend, an attacker could extract the secret_key configuration v= alue from the Pyroscope API. To exploit this vulnerability, an attacker nee=
ds direct access to the Pyroscope API. We highly recommend limiting the pub= lic internet exposure of all our databases, such that they are only accessi= ble by trusted users or internal systems. This vulnerability is fixed in ve= rsions: 1.15.x: 1.15.2 and above. 1.16.x: 1.16.1 and above. 1.17.x: 1.17.0 = and above (i.e. all versions). Thanks to Th=C3=A9o Cusnir for reporting thi=
s vulnerability to us via our bug bounty program. 2026-04-15 9.1 CVE-2025-4= 1118 [
https://www.cve.org/CVERecord?id=3DCVE-2025-41118 ]
https://grafana.= com/security/security-advisories/cve-2025-41118
=C2=A0 n/a--Grocery Store Management System v1.0 Improper input handling in=
/Grocery/search_products_itname.php, in anirudhkannan Grocery Store Manage= ment System 1.0, allows SQL injection via the sitem_name POST parameter. 20= 26-04-14 9.8 CVE-2025-63939 [
https://www.cve.org/CVERecord?id=3DCVE-2025-6= 3939 ]
https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2025-= 63939
=C2=A0 n/a--manikandan580 School-management-system v1.0 In manikandan580 Sc= hool-management-system 1.0, a time-based blind SQL injection vulnerability = exists in /studentms/admin/between-date-reprtsdetails.php through the fromd= ate POST parameter. 2026-04-14 9.8 CVE-2025-65135 [
https://www.cve.org/CVE= Record?id=3DCVE-2025-65135 ]
https://github.com/TREXNEGRO/Security-Advisori= es/tree/main/CVE-2025-65135
=C2=A0 Owen--WebStack The WebStack theme for WordPress is vulnerable to arb= itrary file uploads due to missing file type validation in the io_img_uploa= d() function in all versions up to, and including, 1.2024. This makes it po= ssible for unauthenticated attackers to upload arbitrary files on the affec= ted site's server which may make remote code execution possible. 2026-04-15=
9.8 CVE-2026-1555 [
https://www.cve.org/CVERecord?id=3DCVE-2026-1555 ] htt= ps://www.wordfence.com/threat-intel/vulnerabilities/id/b97805de-1b47-4c9f-b= aae-2e37c1b78570?source=3Dcve
https://github.com/owen0o0/WebStack/blob/master/inc/ajax.php#L5 https://github.com/owen0o0/WebStack/tree/master
=C2=A0 Cisco--Cisco Identity Services Engine Software A vulnerability in Ci= sco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to = execute arbitrary commands on the underlying operating system of an affecte=
d device. To exploit this vulnerability, the attacker must have valid admin= istrative credentials. This vulnerability is due to insufficient validation=
of user-supplied input. An attacker could exploit this vulnerability by se= nding a crafted HTTP request to an affected device. A successful exploit co= uld allow the attacker to obtain user-level access to the underlying operat= ing system and then elevate privileges to root. In single-node ISE deployme= nts, successful exploitation of this vulnerability could cause the affected=
ISE node to become unavailable, resulting in a denial of service (DoS) con= dition. In that condition, endpoints that have not already authenticated wo= uld be unable to access the network until the node is restored. 2026-04-15 = 9.9 CVE-2026-20147 [
https://www.cve.org/CVERecord?id=3DCVE-2026-20147 ] ci= sco-sa-ise-rce-traversal-8bYndVrZ [
https://sec.cloudapps.cisco.com/securit= y/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ ] =C2=A0 Cisco--Cisco Identity Services Engine Software A vulnerability in Ci= sco Identity Services Engine (ISE) could allow an authenticated, remote att= acker to execute arbitrary commands on the underlying operating system of a=
n affected device. To exploit this vulnerability, the attacker must have at=
least Read Only Admin credentials. This vulnerability is due to insufficie=
nt validation of user-supplied input. An attacker could exploit this vulner= ability by sending a crafted HTTP request to an affected device. A successf=
ul exploit could allow the attacker to obtain user-level access to the unde= rlying operating system and then elevate privileges to root. In single= -node ISE deployments, successful exploitation of these vulnerabilities cou=
ld cause the affected ISE node to become unavailable, resulting in a denial=
of service (DoS) condition. In that condition, endpoints that have not alr= eady authenticated would be unable to access the network until the node is = restored. 2026-04-15 9.9 CVE-2026-20180 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-20180 ] cisco-sa-ise-rce-4fverepv [
https://sec.cloudapps.cisco= .com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverep=
v ]
=C2=A0 Cisco--Cisco Webex Meetings A vulnerability in the integration of si= ngle sign-on (SSO) with Control Hub in Cisco Webex Services could have allo= wed an unauthenticated, remote attacker to impersonate any user within the = service. This vulnerability existed because of improper certificate validat= ion. Prior to this vulnerability being addressed, an attacker could have ex= ploited this vulnerability by connecting to a service endpoint and supplyin=
g a crafted token. A successful exploit could have allowed the attacker to = gain unauthorized access to legitimate Cisco Webex services. 2026-04-15 9.8=
CVE-2026-20184 [
https://www.cve.org/CVERecord?id=3DCVE-2026-20184 ] cisco= -sa-webex-cui-cert-8jSZYhWL [
https://sec.cloudapps.cisco.com/security/cent= er/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL ]
=C2=A0 Cisco--Cisco Identity Services Engine Software A vulnerability in Ci= sco Identity Services Engine (ISE) could allow an authenticated, remote att= acker to execute arbitrary commands on the underlying operating system of a=
n affected device. To exploit this vulnerability, the attacker must have at=
least Read Only Admin credentials. This vulnerability is due to insufficie=
nt validation of user-supplied input. An attacker could exploit this vulner= ability by sending a crafted HTTP request to an affected device. A successf=
ul exploit could allow the attacker to obtain user-level access to the unde= rlying operating system and then elevate privileges to root. In single= -node ISE deployments, successful exploitation of these vulnerabilities cou=
ld cause the affected ISE node to become unavailable, resulting in a denial=
of service (DoS) condition. In that condition, endpoints that have not alr= eady authenticated would be unable to access the network until the node is = restored. 2026-04-15 9.9 CVE-2026-20186 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-20186 ] cisco-sa-ise-rce-4fverepv [
https://sec.cloudapps.cisco= .com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverep=
v ]
=C2=A0 Ubiquiti Inc--UniFi Play PowerAmp A malicious actor with access to t=
he UniFi Play network could exploit a Path Traversal vulnerability found in=
the device firmware to write files on the system that could be used for a = remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Versio=
n 1.0.35 and earlier) UniFi Play Audio Port=C2=A0 (Version 1.0.24 and earli= er) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Updat=
e UniFi Play Audio Port=C2=A0 to Version 1.1.9 or later 2026-04-13 9.8 CVE-= 2026-22562 [
https://www.cve.org/CVERecord?id=3DCVE-2026-22562 ]
https://co= mmunity.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-8= 9d8-939903c08e83
=C2=A0 Ubiquiti Inc--UniFi Play PowerAmp A series of Improper Input Validat= ion vulnerabilities could allow a Command Injection by a malicious actor wi=
th access to the UniFi Play network. Affected Products: UniFi Play PowerAmp=
(Version 1.0.35 and earlier) UniFi Play Audio Port=C2=A0 (Version 1.0.24 a=
nd earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or lat=
er Update UniFi Play Audio Port=C2=A0 to Version 1.1.9 or later 2026-04-13 = 9.8 CVE-2026-22563 [
https://www.cve.org/CVERecord?id=3DCVE-2026-22563 ] ht= tps://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-509= 0-4ef8-89d8-939903c08e83
=C2=A0 Ubiquiti Inc--UniFi Play PowerAmp An Improper Access Control vulnera= bility could allow a malicious actor with access to the UniFi Play network =
to enable SSH to make unauthorized changes to the system. Affected Products=
: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port=C2= =A0 (Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to = Version 1.0.38 or later Update UniFi Play Audio Port=C2=A0 to Version 1.1.9=
or later 2026-04-13 9.8 CVE-2026-22564 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-22564 ]
https://community.ui.com/releases/Security-Advisory-Bul= letin-063/e468dd4b-5090-4ef8-89d8-939903c08e83
=C2=A0 Festo--MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD In products of the MS=
E6 product-family by Festo a remote authenticated, low privileged attacker = could use functions of undocumented test mode which could lead to a complet=
e loss of confidentiality, integrity and availability. 2026-04-16 8.8 CVE-2= 023-3634 [
https://www.cve.org/CVERecord?id=3DCVE-2023-3634 ]
https://certv= de.com/de/advisories/VDE-2023-020/
https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2023/fsa-202304.js=
on
=C2=A0 shahinurislam--Career Section The Career Section plugin for WordPres=
s is vulnerable to Cross-Site Request Forgery leading to Path Traversal and=
Arbitrary File Deletion in all versions up to, and including, 1.6. This is=
due to missing nonce validation and insufficient file path validation on t=
he delete action in the 'appform_options_page_html' function. This makes it=
possible for unauthenticated attackers to delete arbitrary files on the se= rver via a forged request, granted they can trick a site administrator into=
performing an action such as clicking on a link. 2026-04-16 8.8 CVE-2025-1= 4868 [
https://www.cve.org/CVERecord?id=3DCVE-2025-14868 ]
https://www.word= fence.com/threat-intel/vulnerabilities/id/84936b68-923a-4da1-ae67-1d63d0253= 42e?source=3Dcve
https://plugins.trac.wordpress.org/changeset/3474216/career-section
=C2=A0 Nozomi Networks--Guardian An access control vulnerability was discov= ered in the Threat Intelligence functionality due to a specific access rest= riction not being properly enforced for users with view-only privileges. An=
authenticated user with view-only privileges for the Threat Intelligence f= unctionality can perform administrative actions on it, altering the rules c= onfiguration, and/or affecting their availability. 2026-04-15 8.1 CVE-2025-= 40897 [
https://www.cve.org/CVERecord?id=3DCVE-2025-40897 ]
https://securit= y.nozominetworks.com/NN-2026:1-01
=C2=A0 Nozomi Networks--Guardian A Stored Cross-Site Scripting vulnerabilit=
y was discovered in the Assets and Nodes functionality due to improper vali= dation of an input parameter. An authenticated user with custom fields priv= ileges can define a malicious custom field containing a JavaScript payload.=
When the victim views the Assets or Nodes pages, the XSS executes in their=
browser context, allowing the attacker to perform unauthorized actions as = the victim, such as modify application data, disrupt application availabili= ty, and access limited sensitive information. 2026-04-15 8.9 CVE-2025-40899=
[
https://www.cve.org/CVERecord?id=3DCVE-2025-40899 ]
https://security.noz= ominetworks.com/NN-2026:2-01
=C2=A0 livemesh--Livemesh Addons by Elementor The Livemesh Addons for Eleme= ntor plugin for WordPress is vulnerable to Local File Inclusion in all vers= ions up to, and including, 9.0. This is due to insufficient sanitization of=
the template name parameter in the `lae_get_template_part()` function, whi=
ch uses an inadequate `str_replace()` approach that can be bypassed using r= ecursive directory traversal patterns. This makes it possible for authentic= ated attackers, with Contributor-level access and above, to include and exe= cute arbitrary files on the server, allowing the attacker to include and ex= ecute local files via the widget's template parameter granted they can tric=
k an administrator into performing an action or install Elementor. 2026-04-=
16 8.8 CVE-2026-1620 [
https://www.cve.org/CVERecord?id=3DCVE-2026-1620 ] h= ttps://www.wordfence.com/threat-intel/vulnerabilities/id/2483875a-84de-4a40= -a69e-aee68da1ce3b?source=3Dcve
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/inclu= des/helper-functions.php#L669
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/in= cludes/helper-functions.php#L669
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/inclu= des/helper-functions.php#L671
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/in= cludes/helper-functions.php#L671
=C2=A0 Cloud Foundry--UUA Cloud Foundry UUA is=C2=A0vulnerable to a bypass = that allows an attacker to obtain a token for any user and gain access to U= AA-protected systems. This vulnerability exists when SAML 2.0 bearer assert= ions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertion=
s that are neither signed nor encrypted.=C2=A0This issue affects UUA=C2=A0f= rom v77.30.0 to v78.7.0 (inclusive)=C2=A0and it affects=C2=A0CF Deployment= =C2=A0from v48.7.0 to v54.14.0 (inclusive). 2026-04-16 8.6 CVE-2026-22734 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-22734 ]
https://www.cloudfound= ry.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/
=C2=A0 WSO2--WSO2 API Manager The XML parsers within multiple WSO2 products=
accept user-supplied XML data without properly configuring to prevent the = resolution of external entities. This omission allows malicious actors to c= raft XML payloads that exploit the parser's behavior, leading to the inclus= ion of external resources. By leveraging this vulnerability, an attacker ca=
n read confidential files from the file system and access limited HTTP reso= urces reachable by the product. Additionally, the vulnerability can be expl= oited to perform denial of service attacks by exhausting server resources t= hrough recursive entity expansion or fetching large external resources. 202= 6-04-16 7.5 CVE-2024-2374 [
https://www.cve.org/CVERecord?id=3DCVE-2024-237=
4 ]
https://security.docs.wso2.com/en/latest/security-announcements/securit= y-advisories/2026/WSO2-2024-3255/
=C2=A0 Bosch--BVMS Uncontrolled Resource Consumption in Bosch VMS Central S= erver in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of = disk space via network interface. 2026-04-15 7.5 CVE-2024-33618 [
https://w= ww.cve.org/CVERecord?id=3DCVE-2024-33618 ]
https://psirt.bosch.com/security= -advisories/BOSCH-SA-162032-BT.html
=C2=A0 Dell--PowerProtect Data Domain BoostFS Dell PowerProtect Data Domain=
BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS202=
5 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1=
.0 through 7.13.1.50, contain an insufficiently protected credentials vulne= rability. A low privileged attacker with local access could potentially exp= loit this vulnerability, leading to credential exposure. The attacker may b=
e able to use the exposed credentials to access the system with privileges =
of the compromised account. 2026-04-17 7.8 CVE-2025-36568 [
https://www.cve= .org/CVERecord?id=3DCVE-2025-36568 ]
https://www.dell.com/support/kbdoc/en-= us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain= -multiple-vulnerabilities
=C2=A0 WC Lovers--WCFM Marketplace Improper Neutralization of Special Eleme= nts used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCF=
M Marketplace allows SQL Injection.This issue affects WCFM Marketplace: fro=
m n/a through 3.7.1. 2026-04-15 7.6 CVE-2025-63029 [
https://www.cve.org/CV= ERecord?id=3DCVE-2025-63029 ]
https://patchstack.com/database/wordpress/plu= gin/wc-multivendor-marketplace/vulnerability/wordpress-wcfm-marketplace-plu= gin-3-7-1-sql-injection-vulnerability?_s_id=3Dcve
=C2=A0 FirebirdSQL--firebird Firebird is an open-source relational database=
management system. In versions FB3 of the client library placed incorrect = data length values into XSQLDA fields when communicating with FB4 or higher=
servers, resulting in an information leak. This issue is fixed by upgradin=
g to the FB4 client or higher. 2026-04-17 7.9 CVE-2025-65104 [
https://www.= cve.org/CVERecord?id=3DCVE-2025-65104 ]
https://github.com/FirebirdSQL/fire= bird/security/advisories/GHSA-mfpr-9886-xjhg
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0
=C2=A0 Lenovo--Diagnostics During an internal security assessment, a potent= ial vulnerability was discovered in Lenovo Diagnostics and the HardwareScan= Addin used in Lenovo Vantage that, during installation or when using hardwa=
re scan, could allow a local authenticated user to perform an arbitrary fil=
e write with elevated privileges. 2026-04-15 7.1 CVE-2026-0827 [
https://ww= w.cve.org/CVERecord?id=3DCVE-2026-0827 ]
https://support.lenovo.com/us/en/p= roduct_security/LEN-210693
=C2=A0 Splunk--Splunk Enterprise In Splunk Enterprise versions below 10.2.1=
, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4= .2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411= .127, a low-privileged user that does not hold the `admin` or `power` Splun=
k roles could potentially perform a Remote Code Execution (RCE) by uploadin=
g a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory d=
ue to improper handling and insufficient isolation of temporary files withi=
n the `apptemp` directory. 2026-04-15 7.1 CVE-2026-20204 [
https://www.cve.= org/CVERecord?id=3DCVE-2026-20204 ]
https://advisory.splunk.com/advisories/= SVD-2026-0403
=C2=A0 Splunk--Splunk MCP Server In Splunk MCP Server app versions below 1.= 0.3 , a user who holds a role with access to the Splunk `_internal` index o=
r possesses the high-privilege capability `mcp_tool_admin` could view users=
session and authorization tokens in clear text.<br><br>The vulnerability w= ould require either local access to the log files or administrative access =
to internal indexes, which by default only the admin role receives. <br><br= >Review roles and capabilities on your instance and restrict internal index=
access to administrator-level roles. See [Define roles on the Splunk platf= orm with capabilities](
https://docs.splunk.com/Documentation/Splunk/latest/= Security/Rolesandcapabilities) and [Connecting to MCP Server and Admin sett= ings](
https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-pl= atform/connecting-to-mcp-server-and-admin-settings) in the Splunk documenta= tion for more information. 2026-04-15 7.2 CVE-2026-20205 [
https://www.cve.= org/CVERecord?id=3DCVE-2026-20205 ]
https://advisory.splunk.com/advisories/= SVD-2026-0407
=C2=A0 Microsoft--Windows 10 Version 1809 Concurrent execution using shared=
resource with improper synchronization ('race condition') in Windows Manag= ement Services allows an authorized attacker to elevate privileges locally.=
2026-04-14 7.8 CVE-2026-20930 [
https://www.cve.org/CVERecord?id=3DCVE-202= 6-20930 ] Windows Management Services Elevation of Privilege Vulnerability =
[
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20930 ]
=C2=A0 Ubiquiti Inc--UniFi Play PowerAmp An Improper Access Control vulnera= bility could allow a malicious actor with access to the UniFi Play network =
to obtain UniFi Play WiFi credentials. Affected Products: UniFi Play PowerA=
mp (Version 1.0.35 and earlier) UniFi Play Audio Port=C2=A0 (Version 1.0.24=
and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or l= ater Update UniFi Play Audio Port=C2=A0 to Version 1.1.9 or later 2026-04-1=
3 7.5 CVE-2026-22566 [
https://www.cve.org/CVERecord?id=3DCVE-2026-22566 ] =
https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5= 090-4ef8-89d8-939903c08e83
=C2=A0 Eaton--IPP software Eaton Intelligent Power Protector (IPP) is affec= ted by insecure library loading in its executable, which could lead to arbi= trary code execution by an attacker with access to the software package.=C2= =A0This security issue has been fixed in the latest version of Eaton IPP so= ftware which is available on the Eaton download center. 2026-04-16 7.8 CVE-= 2026-22619 [
https://www.cve.org/CVERecord?id=3DCVE-2026-22619 ]
https://ww= w.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-= bulletins/etn-va-2025-1025.pdf
=C2=A0 easyappointments--Easy Appointments The Easy Appointments plugin for=
WordPress is vulnerable to Sensitive Information Exposure in all versions =
up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointme= nts/` REST API endpoint. This is due to the endpoint being registered with = `'permission_callback' =3D> '__return_true'`, which allows access without a=
ny authentication or authorization checks. This makes it possible for unaut= henticated attackers to extract sensitive customer appointment data includi=
ng full names, email addresses, phone numbers, IP addresses, appointment de= scriptions, and pricing information. 2026-04-17 7.5 CVE-2026-2262 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-2262 ]
https://www.wordfence.com/threa= t-intel/vulnerabilities/id/e681aa8e-522e-4092-aa1f-8ada3097c8d6?source=3Dcve
https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/e= a-blocks/ea-blocks.php#L190
https://plugins.trac.wordpress.org/browser/easy-appointments/trunk/ea-block= s/ea-blocks.php#L190
https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/e= a-blocks/ea-blocks.php#L141
https://plugins.trac.wordpress.org/changeset/3485692/easy-appointments/trun= k/ea-blocks/ea-blocks.php
https://plugins.trac.wordpress.org/changeset?old_path=3D%2Feasy-appointment= s/tags/3.12.21&new_path=3D%2Feasy-appointments/tags/3.12.22
=C2=A0 Barracuda Networks--RMM Barracuda RMM versions prior to=C2=A02025.2.=
2 contain a privilege escalation vulnerability that allows local attackers =
to gain SYSTEM-level privileges by exploiting overly permissive filesystem = ACLs on the C:\Windows\Automation directory. Attackers can modify existing = automation content or place attacker-controlled files in this directory, wh= ich are then executed under the NT AUTHORITY\SYSTEM account during routine = automation cycles, typically succeeding within the next execution cycle. 20= 26-04-15 7.8 CVE-2026-22676 [
https://www.cve.org/CVERecord?id=3DCVE-2026-2= 2676 ]
https://download.mw-rmm.barracudamsp.com/PDF/2025.2.2/RN_BRMM_2025.2= .2_EN.pdf
https://www.vulncheck.com/advisories/barracuda-rmm-privilege-escalation-via= -insecure-directory-permissions
=C2=A0 Fortinet--FortiAnalyzer Cloud A heap-based buffer overflow vulnerabi= lity in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Clou=
d 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execut=
e arbitrary code or commands via specifically crafted requests. Successful = exploitation would require a large amount of effort in preparation because =
of ASLR and network segmentation 2026-04-14 7.3 CVE-2026-22828 [
https://ww= w.cve.org/CVERecord?id=3DCVE-2026-22828 ]
https://fortiguard.fortinet.com/p= sirt/FG-IR-26-121
=C2=A0 Eclipse Foundation--Eclipse Jetty In Eclipse Jetty, the HTTP/1.1 par= ser is vulnerable to request smuggling when chunk extensions are used, simi= lar to the "funky chunks" techniques outlined here: *
https://w4ke.info/202= 5/06/18/funky-chunks.html *
https://w4ke.info/2025/10/29/funky-chunks-2.htm=
l Jetty terminates chunk extension parsing at=C2=A0\r\n=C2=A0inside quoted = strings instead of treating this as an error. POST / HTTP/1.1 Host: localho=
st Transfer-Encoding: chunked 1;ext=3D"val X 0 GET /smuggled HTTP/1.1 ... N= ote how the chunk extension does not close the double quotes, and it is abl=
e to inject a smuggled request. 2026-04-14 7.4 CVE-2026-2332 [
https://www.= cve.org/CVERecord?id=3DCVE-2026-2332 ]
https://github.com/jetty/jetty.proje= ct/security/advisories/GHSA-355h-qmc2-wpwf
https://gitlab.eclipse.org/security/cve-assignment/-/issues/89
=C2=A0=20
Back to top [ #top ]
Medium Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info W= SO2--WSO2 API Manager The authentication endpoint fails to adequately valid= ate user-supplied input before reflecting it back in the response. This all= ows an attacker to inject malicious script payloads into the input paramete= rs, which are then executed by the victim's browser. Successful exploitatio=
n can enable an attacker to redirect the user's browser to a malicious webs= ite, modify the UI of the web page, or retrieve information from the browse=
r. However, the impact is limited as session-related sensitive cookies are = protected by the httpOnly flag, preventing session hijacking. 2026-04-16 6.=
1 CVE-2024-10242 [
https://www.cve.org/CVERecord?id=3DCVE-2024-10242 ] http= s://security.docs.wso2.com/en/latest/security-announcements/security-adviso= ries/2026/WSO2-2024-3741/
=C2=A0 WSO2--WSO2 Identity Server Active access tokens are not revoked or i= nvalidated when a user account is locked within WSO2 Identity Server. This = failure to enforce revocation allows previously issued, valid tokens to rem= ain usable, enabling continued access to protected resources by locked user=
accounts. The security consequence is that a locked user account can maint= ain access to protected resources through the use of existing, unexpired ac= cess tokens. This creates a security gap where access control policies are = bypassed, potentially leading to unauthorized data access or actions until = the tokens naturally expire. 2026-04-16 6 CVE-2025-12624 [
https://www.cve.= org/CVERecord?id=3DCVE-2025-12624 ]
https://security.docs.wso2.com/en/lates= t/security-announcements/security-advisories/2026/WSO2-2025-4684/
=C2=A0 flippercode--WP Maps Store Locator,Google Maps,OpenStreetMap,Mapbox,= Listing,Directory & Filters The WP Maps - Store Locator,Google Maps,OpenStr= eetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerabl=
e to Stored Cross-Site Scripting via the 'put_wpgm' shortcode in all versio=
ns up to, and including, 4.8.7. This is due to insufficient input sanitizat= ion and output escaping on user-supplied shortcode attributes. This makes i=
t possible for authenticated attackers, with contributor level access and a= bove, to inject arbitrary web scripts in pages that will execute whenever a=
user accesses an injected page. 2026-04-16 6.4 CVE-2025-13364 [
https://ww= w.cve.org/CVERecord?id=3DCVE-2025-13364 ]
https://www.wordfence.com/threat-= intel/vulnerabilities/id/91d6cf21-cb65-40cb-ad19-5a8e7179fd98?source=3Dcve
https://plugins.trac.wordpress.org/changeset?old_path=3Dwp-google-map-plugi= n/tags/4.8.7/wp-google-map-plugin.php&new_path=3Dwp-google-map-plugin/tags/= 4.8.8/wp-google-map-plugin.php
=C2=A0 DesigningMedia--Eleganzo The Eleganzo theme for WordPress is vulnera= ble to arbitrary directory deletion due to insufficient path validation in = the akd_required_plugin_callback function in all versions up to, and includ= ing, 1.2. This makes it possible for authenticated attackers, with Subscrib= er-level access and above, to delete arbitrary directories on the server, i= ncluding the WordPress root directory. 2026-04-14 6.5 CVE-2025-15470 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-15470 ]
https://www.wordfence.com/t= hreat-intel/vulnerabilities/id/7c5d7818-e548-4d8f-b847-396d528b58cd?source= =3Dcve
https://testwp.local/wp-content/themes/eleganzo/welcome.php#L96
=C2=A0 Emarket-design--YouTube Showcase Improper Neutralization of Input Du= ring Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-= design YouTube Showcase allows Stored XSS.This issue affects YouTube Showca= se: from n/a through 3.5.1. 2026-04-15 6.5 CVE-2025-15636 [
https://www.cve= .org/CVERecord?id=3DCVE-2025-15636 ]
https://patchstack.com/database/wordpr= ess/plugin/youtube-showcase/vulnerability/wordpress-youtube-showcase-plugin= -3-5-1-cross-site-scripting-xss-vulnerability?_s_id=3Dcve
=C2=A0 HCLSoftware--Velocity Rate Limiting for attempting a user login is n=
ot being properly enforced, making HCL DevOps Velocity susceptible to brute= -force attacks past the unsuccessful login attempt limit.=C2=A0 This vulner= ability is fixed in 5.1.7. 2026-04-13 6.8 CVE-2025-31991 [
https://www.cve.= org/CVERecord?id=3DCVE-2025-31991 ]
https://support.hcl-software.com/csm?id= =3Dkb_article&sysparm_article=3DKB0130138
=C2=A0 ABB--AC800M (System 800xA) A vulnerability exists in the command han= dling of the IEC 61850 communication stack included in the product revision=
s listed as affected in this CVE. An attacker with access to IEC 61850 netw= orks could exploit the vulnera bility by using a specially crafted 61850 pa= cket, forcing the communication interfaces of the PM 877, CI850 and CI868 m= odules into fault mode or causing unavailability of the S+ Operations 61850=
connectivity, resulting in a denial-of-service situation.=C2=A0 The System=
800xA IEC61850 Connect is not affected. Note: This vulnerability does not = impact on the overall availability and functionality of the S+ Operations n= ode, only the 61850 communication function. =C2=A0 =C2=A0 This issue affect=
s AC800M (System 800xA):=C2=A0from 6.0.0x through 6.0.0303.0, from 6.1.0x t= hrough 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.= 1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, = A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.=
10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3. 2026-04-13 6.5 CVE-2025= -3756 [
https://www.cve.org/CVERecord?id=3DCVE-2025-3756 ]
https://search.a= bb.com/library/Download.aspx?DocumentID=3D7PAA020125&LanguageCode=3Den&Docu= mentPartId=3D&Action=3DLaunch
=C2=A0 Dell--PowerScale OneFS Dell PowerScale OneFS, versions prior to 9.12= .0.0, contains an insertion of sensitive information into log file vulnerab= ility. A low privileged attacker with local access could potentially exploi=
t this vulnerability, leading to the disclosure of certain user credentials=
. The attacker may be able to use the exposed credentials to access the vul= nerable application with privileges of the compromised account. 2026-04-16 = 6.6 CVE-2025-43937 [
https://www.cve.org/CVERecord?id=3DCVE-2025-43937 ] ht= tps://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-upda= te-for-dell-powerscale-onefs-multiple-vulnerabilities
=C2=A0 Dell--PowerProtect Data Domain Dell PowerProtect Data Domain with Da=
ta Domain Operating System (DD OS) of Feature Release versions 8.4 through = 8.5 contain a session fixation vulnerability. A high privileged attacker wi=
th remote access could potentially exploit this vulnerability, leading to u= nauthorized access. 2026-04-17 6.2 CVE-2025-46605 [
https://www.cve.org/CVE= Record?id=3DCVE-2025-46605 ]
https://www.dell.com/support/kbdoc/en-us/00045= 0699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multipl= e-vulnerabilities
=C2=A0 Dell--PowerProtect Data Domain Dell PowerProtect Data Domain with Da=
ta Domain Operating System (DD OS) of Feature Release versions 8.4 through = 8.5 contain an improper restriction of excessive authentication attempts vu= lnerability. A high privileged attacker with remote access could potentiall=
y exploit this vulnerability, leading to unauthorized access. 2026-04-17 6.=
2 CVE-2025-46606 [
https://www.cve.org/CVERecord?id=3DCVE-2025-46606 ] http= s://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update= -for-dell-powerprotect-data-domain-multiple-vulnerabilities
=C2=A0 Dell--PowerProtect Data Domain Dell PowerProtect Data Domain with Da=
ta Domain Operating System (DD OS) of Feature Release versions 8.4 through = 8.5 contain an improper authentication vulnerability. A high privileged att= acker with remote access could potentially exploit this vulnerability, lead= ing to unauthorized access. 2026-04-17 6.6 CVE-2025-46607 [
https://www.cve= .org/CVERecord?id=3DCVE-2025-46607 ]
https://www.dell.com/support/kbdoc/en-= us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain= -multiple-vulnerabilities
=C2=A0 Dell--PowerProtect Data Domain Dell PowerProtect Data Domain with Da=
ta Domain Operating System (DD OS) of Feature Release versions 8.4 through = 8.5 contain an improper authentication vulnerability. A high privileged att= acker with remote access could potentially exploit this vulnerability, lead= ing to unauthorized access. 2026-04-17 6.6 CVE-2025-46641 [
https://www.cve= .org/CVERecord?id=3DCVE-2025-46641 ]
https://www.dell.com/support/kbdoc/en-= us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain= -multiple-vulnerabilities
=C2=A0 Fortinet--FortiOS A missing authentication for critical function vul= nerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7= .4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6=
.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute un= authorized code or commands via specially crafted packets. 2026-04-14 6.2 C= VE-2025-53847 [
https://www.cve.org/CVERecord?id=3DCVE-2025-53847 ] https:/= /fortiguard.fortinet.com/psirt/FG-IR-26-125
=C2=A0 WSO2--WSO2 API Manager The authentication endpoint fails to encode u= ser-supplied input before rendering it in the web page, allowing for script=
injection. An attacker can leverage this by injecting malicious scripts in=
to the authentication endpoint. This can result in the user's browser being=
redirected to a malicious website, manipulation of the web page's user int= erface, or the retrieval of information from the browser. However, session = hijacking is not possible due to the httpOnly flag protecting session-relat=
ed cookies. 2026-04-16 6.1 CVE-2025-6024 [
https://www.cve.org/CVERecord?id= =3DCVE-2025-6024 ]
https://security.docs.wso2.com/en/latest/security-announ= cements/security-advisories/2026/WSO2-2025-4251/
=C2=A0 Fortinet--FortiManager An improper neutralization of special element=
s used in an sql command ('sql injection') vulnerability in Fortinet FortiA= nalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyz=
er 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.= 6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer C= loud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7= .6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all = versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7= .6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all ve= rsions, FortiManager Cloud 7.0 all versions may allow a privileged authenti= cated attacker to execute unauthorized code or commands via JSON RPC API 20= 26-04-14 6.8 CVE-2025-61848 [
https://www.cve.org/CVERecord?id=3DCVE-2025-6= 1848 ]
https://fortiguard.fortinet.com/psirt/FG-IR-26-111
=C2=A0 leaflet[.]com--Leaflet 1.9.4 Leaflet versions up to and including 1.= 9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method=
. This method renders user-supplied input as raw HTML without sanitization,=
allowing attackers to inject arbitrary JavaScript code through event handl=
er attributes (e.g., <img src=3Dx onerror=3D"alert('XSS')">). When a victim=
views an affected map popup, the malicious script executes in the context =
of the victim's browser session. 2026-04-14 6.1 CVE-2025-69993 [
https://ww= w.cve.org/CVERecord?id=3DCVE-2025-69993 ]
http://leaflet.com https://github.com/PierfrancescoConti/leaflet-cve-2025-69993/blob/main/ADVI= SORY.md
=C2=A0 Microsoft--Windows 10 Version 1607 Reliance on untrusted inputs in a=
security decision in Windows Boot Loader allows an authorized attacker to = bypass a security feature locally. 2026-04-14 6.7 CVE-2026-0390 [
https://w= ww.cve.org/CVERecord?id=3DCVE-2026-0390 ] UEFI Secure Boot Security Feature=
Bypass Vulnerability [
https://msrc.microsoft.com/update-guide/vulnerabili= ty/CVE-2026-0390 ]
=C2=A0 SAP_SE--SAP Supplier Relationship Management (SICF Handler in SRM Ca= talog) Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplie=
r Relationship Management (SICF Handler in SRM Catalog), an unauthenticated=
attacker could craft a malicious URL, that if accessed by a victim, result=
s in execution of malicious content within the victim's browser. This could=
allow the attacker to access and modify information, impacting the confide= ntiality and integrity of the application, while availability remains unaff= ected. 2026-04-14 6.1 CVE-2026-0512 [
https://www.cve.org/CVERecord?id=3DCV= E-2026-0512 ]
https://me.sap.com/notes/3645228 https://url.sap/sapsecuritypatchday
=C2=A0 turn2honey--EMC Easily Embed Calendly Scheduling The EMC - Easily Em= bed Calendly Scheduling Features plugin for WordPress is vulnerable to Stor=
ed Cross-Site Scripting via the plugin's calendly shortcode in all versions=
up to, and including, 4.4 due to insufficient input sanitization and outpu=
t escaping on user supplied attributes. This makes it possible for authenti= cated attackers, with contributor-level access and above, to inject arbitra=
ry web scripts in pages that will execute whenever a user accesses an injec= ted page. 2026-04-19 6.4 CVE-2026-0868 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-0868 ]
https://www.wordfence.com/threat-intel/vulnerabilities/i= d/d5653ebe-7145-4b1c-94f8-ca87ed0dc4f5?source=3Dcve
https://plugins.trac.wordpress.org/changeset/3466576/embed-calendly-schedul= ing
=C2=A0 vanderwijk--Content Blocks (Custom Post Widget) The Content Blocks (= Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site=
Scripting via the plugin's content_block shortcode in all versions up to, = and including, 3.3.9 due to insufficient input sanitization and output esca= ping on user supplied values consumed from user-created content blocks. Thi=
s makes it possible for authenticated attackers, with contributor-level acc= ess and above, to inject arbitrary web scripts in pages that will execute w= henever a user accesses an injected page. 2026-04-18 6.4 CVE-2026-0894 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-0894 ]
https://www.wordfence.com/= threat-intel/vulnerabilities/id/246dee15-82e0-4630-8d95-d2419e9eaef8?source= =3Dcve
https://plugins.trac.wordpress.org/changeset/3447914/custom-post-widget
=C2=A0 youzify--Youzify BuddyPress Community, User Profile, Social Network =
& Membership Plugin for WordPress The Youzify plugin for WordPress is vulne= rable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter i=
n all versions up to, and including, 1.3.6 due to insufficient input saniti= zation and output escaping. This makes it possible for authenticated attack= ers, with Subscriber-level access and above, to inject arbitrary web script=
s in pages that will execute whenever a user accesses an injected page. 202= 6-04-18 6.4 CVE-2026-1559 [
https://www.cve.org/CVERecord?id=3DCVE-2026-155=
9 ]
https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd69711-8303= -4086-87c3-eb2935a89aff?source=3Dcve
https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/co= re/wall/class-youzify-form.php#L506
https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/publ= ic/core/wall/class-youzify-form.php#L506
https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/co= re/class-youzify-wall.php#L109
https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/publ= ic/core/class-youzify-wall.php#L109
https://plugins.trac.wordpress.org/changeset/3483281/youzify/trunk/includes= /public/core/wall/class-youzify-form.php
https://plugins.trac.wordpress.org/changeset?old_path=3D%2Fyouzify/tags/1.3= .6&new_path=3D%2Fyouzify/tags/1.3.7
=C2=A0 livemesh--Livemesh Addons by Elementor The Livemesh Addons for Eleme= ntor plugin for WordPress is vulnerable to unauthorized modification of dat=
a and Stored Cross-Site Scripting via plugin settings in all versions up to=
, and including, 9.0. This is due to missing authorization checks on the AJ=
AX handler `lae_admin_ajax()` and insufficient output escaping on multiple = checkbox settings fields. This makes it possible for authenticated attacker=
s, with Subscriber-level access and above, to inject arbitrary web scripts =
in the plugin settings page that will execute whenever an administrator acc= esses the plugin settings page granted they can obtain a valid nonce, which=
can be leaked via the plugin's improper access control on settings pages. = 2026-04-16 6.4 CVE-2026-1572 [
https://www.cve.org/CVERecord?id=3DCVE-2026-= 1572 ]
https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9bf5a-1= 9ac-4e99-b32d-1ab681356a1b?source=3Dcve
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/ad= min/admin-ajax.php#L28
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/ad= min/admin-ajax.php#L64
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin= /admin-ajax.php#L64
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin= /admin-ajax.php#L28
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/plugi= n.php#L207
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/pl= ugin.php#L207
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin= /views/settings.php#L707
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/ad= min/views/settings.php#L707
=C2=A0 surbma--Surbma | Booking.com Shortcode The Surbma | Booking.com Shor= tcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via=
the plugin's `surbma-bookingcom` shortcode in all versions up to, and incl= uding, 2.1 due to insufficient input sanitization and output escaping on us=
er supplied attributes. This makes it possible for authenticated attackers,=
with contributor-level access and above, to inject arbitrary web scripts i=
n pages that will execute whenever a user accesses an injected page. 2026-0= 4-14 6.4 CVE-2026-1607 [
https://www.cve.org/CVERecord?id=3DCVE-2026-1607 ]=
https://www.wordfence.com/threat-intel/vulnerabilities/id/01280afb-4745-4f= 36-823e-ed794bb3353a?source=3Dcve
https://plugins.trac.wordpress.org/browser/surbma-bookingcom-shortcode/tags= /2.0/surbma-bookingcom-shortcode.php#L34
=C2=A0 Lenovo--Service Bridge A potential DLL hijacking vulnerability was r= eported in Lenovo Service Bridge that, under certain conditions, could allo=
w a local authenticated user to execute code with elevated privileges. 2026= -04-15 6.7 CVE-2026-1636 [
https://www.cve.org/CVERecord?id=3DCVE-2026-1636=
]
https://support.lenovo.com/us/en/product_security/LEN-211071
=C2=A0 prasunsen--Hostel The Hostel plugin for WordPress is vulnerable to R= eflected Cross-Site Scripting via the 'shortcode_id' parameter in all versi= ons up to, and including, 1.1.6 due to insufficient input sanitization and = output escaping. This makes it possible for unauthenticated attackers to in= ject arbitrary web scripts in pages that execute if they can successfully t= rick a user into performing an action such as clicking on a link. 2026-04-1=
8 6.1 CVE-2026-1838 [
https://www.cve.org/CVERecord?id=3DCVE-2026-1838 ] ht= tps://www.wordfence.com/threat-intel/vulnerabilities/id/2b9da491-771a-4100-= b41a-7411981dd34b?source=3Dcve
https://plugins.trac.wordpress.org/browser/hostel/trunk/hostel.php#L44 https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/hostel.php#L44 https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/ajax.ph= p#L28
https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/aj= ax.php#L28
https://plugins.trac.wordpress.org/browser/hostel/trunk/views/partial/rooms= -table.html.php#L29
https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/views/partial/= rooms-table.html.php#L29
https://plugins.trac.wordpress.org/changeset/3478265/hostel/trunk/hostel.php https://plugins.trac.wordpress.org/changeset?old_path=3D%2Fhostel/tags/1.1.= 6&new_path=3D%2Fhostel/tags/1.1.7
=C2=A0 woobeewoo--Product Pricing Table by WooBeWoo The Product Pricing Tab=
le by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request For= gery in all versions up to, and including, 1.1.0. This is due to missing or=
incorrect nonce validation on the updateLabel() and remove() functions. Th=
is makes it possible for unauthenticated attackers to inject arbitrary web = scripts in pages or delete pricing tables via a forged request granted they=
can trick a site administrator into performing an action such as clicking =
on a link. 2026-04-15 6.1 CVE-2026-1852 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-1852 ]
https://www.wordfence.com/threat-intel/vulnerabilities/i= d/a3b459e0-4bd9-443e-96e4-91663a35c26e?source=3Dcve
https://github.com/wpcodefactory/woo-product-pricing-tables/releases/tag/v1= .1.1
=C2=A0 Cisco--Cisco Unity Connection A vulnerability in the web-based manag= ement interface of Cisco Unity Connection could allow an unauthenticated, r= emote attacker to conduct a reflected XSS attack against a user of the inte= rface. This vulnerability exists because the web-based management interface=
does not properly validate user-supplied input. An attacker could exploit = this vulnerability by persuading a user to click a crafted link. A successf=
ul exploit could allow the attacker to execute arbitrary script code in the=
context of the affected interface or access sensitive, browser-based infor= mation. 2026-04-15 6.1 CVE-2026-20059 [
https://www.cve.org/CVERecord?id=3D= CVE-2026-20059 ] cisco-sa-unity-vulns-n2EJSbbw [
https://sec.cloudapps.cisc= o.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2= EJSbbw ]
=C2=A0 Cisco--Cisco Unity Connection Multiple vulnerabilities in Cisco Unit=
y Connection could allow an authenticated, remote attacker to download=
arbitrary files from an affected system. To exploit these vulnerabilities,=
the attacker must have valid administrative credentials. These vulne= rabilities are due to improper sanitization of user input to the web-based = management interface. An attacker could exploit these vulnerabilities by se= nding a crafted HTTPS request. A successful exploit could allow the attacke=
r to download arbitrary files from an affected system. 2026-04-15 6.5 CVE-2= 026-20078 [
https://www.cve.org/CVERecord?id=3DCVE-2026-20078 ] cisco-sa-un= ity-file-download-RmKEVWPx [
https://sec.cloudapps.cisco.com/security/cente= r/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx ]
=C2=A0 Cisco--Cisco Unity Connection Multiple vulnerabilities in Cisco Unit=
y Connection could allow an authenticated, remote attacker to download=
arbitrary files from an affected system. To exploit these vulnerabilities,=
the attacker must have valid administrative credentials. These vulne= rabilities are due to improper sanitization of user input to the web-based = management interface. An attacker could exploit these vulnerabilities by se= nding a crafted HTTPS request. A successful exploit could allow the attacke=
r to download arbitrary files from an affected system. 2026-04-15 6.5 CVE-2= 026-20081 [
https://www.cve.org/CVERecord?id=3DCVE-2026-20081 ] cisco-sa-un= ity-file-download-RmKEVWPx [
https://sec.cloudapps.cisco.com/security/cente= r/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx ]
=C2=A0 Cisco--Cisco Identity Services Engine Software A vulnerability in th= e CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Id= entity Connector (ISE-PIC) could allow an authenticated, local attacker wit=
h administrative privileges to perform a command injection attack on the un= derlying operating system and elevate privileges to root. This vulnerabilit=
y is due to insufficient validation of user supplied input. An attacker cou=
ld exploit this vulnerability by providing crafted input to a specific CLI = command. A successful exploit could allow the attacker to elevate their pri= vileges to root on the underlying operating system. 2026-04-15 6 CVE-2026-2= 0136 [
https://www.cve.org/CVERecord?id=3DCVE-2026-20136 ] cisco-sa-ise-cmd= -inj-5WSJcYJB [
https://sec.cloudapps.cisco.com/security/center/content/Cis= coSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB ]
=C2=A0 Cisco--Cisco Webex Contact Center A vulnerability in the Desktop Age=
nt functionality of Cisco Webex Contact Center could have allowed an unauth= enticated, remote attacker to conduct cross-site scripting attacks. Cisco h=
as addressed this vulnerability in the Cisco Webex Contact Center service, = and no customer action is needed. This vulnerability existed because HTML a=
nd script content was not properly handled. Prior to this vulnerability bei=
ng addressed, an attacker could have exploited this vulnerability by persua= ding a user to follow a malicious link. A successful exploit could have all= owed the attacker to steal sensitive information from the browser, includin=
g authentication and session information. 2026-04-15 6.1 CVE-2026-20170 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-20170 ] cisco-sa-webexcc-xss-WEX= 5nUnA [
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecuri= tyAdvisory/cisco-sa-webexcc-xss-WEX5nUnA ]
=C2=A0 Splunk--Splunk Enterprise In Splunk Enterprise versions below 10.2.2=
, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4= .2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.241= 1.127, a user who holds a role that contains the high-privilege capability = `edit_user`could create a specially crafted username that includes a null b= yte or a non-UTF-8 percent-encoded byte due to improper input validation.<b= r><br>This could lead to inconsistent conversion of usernames into a proper=
format for storage and account management inconsistencies, such as being u= nable to edit or delete affected users. 2026-04-15 6.6 CVE-2026-20202 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-20202 ]
https://advisory.splunk.co= m/advisories/SVD-2026-0401
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper input validation in = Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigg=
er privileged functions. 2026-04-13 6.6 CVE-2026-21010 [
https://www.cve.or= g/CVERecord?id=3DCVE-2026-21010 ]
https://security.samsungmobile.com/securi= tyUpdate.smsb?year=3D2026&month=3D04
=C2=A0 Adobe--Adobe Connect Adobe Connect versions 2025.3, 12.10 and earlie=
r are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If =
an attacker is able to convince a victim to visit a URL referencing a vulne= rable page, malicious JavaScript content may be executed within the context=
of the victim's browser. Scope is changed. 2026-04-14 6.1 CVE-2026-21331 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-21331 ]
https://helpx.adobe.co= m/security/products/connect/apsb26-37.html
=C2=A0 Fortinet--FortiSOAR on-premise A cleartext transmission of sensitive=
information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, = FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiS= OAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiS= OAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, = FortiSOAR on-premise 7.3 all versions may allow attacker to information dis= closure via <insert attack vector here> 2026-04-14 6.2 CVE-2026-22155 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-22155 ]
https://fortiguard.fortine= t.com/psirt/FG-IR-26-106
=C2=A0 Fortinet--FortiSOAR on-premise An improper limitation of a pathname =
to a restricted directory ('path traversal') vulnerability in Fortinet Fort= iSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR = PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premis=
e 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-= premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow a=
n authenticated remote attacker to perform path traversal attack via File C= ontent Extraction actions. 2026-04-14 6.2 CVE-2026-22573 [
https://www.cve.= org/CVERecord?id=3DCVE-2026-22573 ]
https://fortiguard.fortinet.com/psirt/F= G-IR-26-116
=C2=A0 Eaton--IPP Software Due to improper input validation in one of the E= aton Intelligent Power Protector (IPP) XML, it is possible for an attacker = with admin privileges and access to the local system to inject malicious co=
de resulting in arbitrary command execution.=C2=A0This security issue has b= een fixed in the latest version of Eaton IPP software which is available on=
the Eaton download centre. 2026-04-16 6 CVE-2026-22615 [
https://www.cve.o= rg/CVERecord?id=3DCVE-2026-22615 ]
https://www.eaton.com/content/dam/eaton/= company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf =C2=A0 Eaton--IPP Software Eaton=C2=A0Intelligent Power Protector (IPP)=C2= =A0software=C2=A0allows repeated authentication attempts against the web in= terface login page due to insufficient rate=E2=80=91limiting controls.=C2= =A0This security issue has been fixed in the latest version of Eaton IPP wh= ich is available on the Eaton download centre. 2026-04-16 6.5 CVE-2026-2261=
6 [
https://www.cve.org/CVERecord?id=3DCVE-2026-22616 ]
https://www.eaton.c= om/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins= /etn-va-2025-1025.pdf
=C2=A0 Fortinet--FortiVoice An exposure of sensitive information to an unau= thorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 thr= ough 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR = 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authent= icated attacker with at least read-only permission on system maintenance to=
access backup information via crafted HTTP requests 2026-04-14 5.4 CVE-202= 4-23104 [
https://www.cve.org/CVERecord?id=3DCVE-2024-23104 ]
https://forti= guard.fortinet.com/psirt/FG-IR-26-124
=C2=A0 WSO2--WSO2 API Manager The WSO2 API Manager developer portal accepts=
user-supplied input without enforcing expected validation constraints or p= roper output encoding. This deficiency allows a malicious actor to inject s= cript content that is executed within the context of a user's browser. By l= everaging this cross-site scripting vulnerability, a malicious actor can ca= use the browser to redirect to a malicious website, make changes to the UI =
of the web page, or retrieve information from the browser. However, session=
hijacking is not possible as all session-related sensitive cookies are pro= tected by the httpOnly flag. 2026-04-16 5.4 CVE-2024-4867 [
https://www.cve= .org/CVERecord?id=3DCVE-2024-4867 ]
https://security.docs.wso2.com/en/lates= t/security-announcements/security-advisories/2026/WSO2-2024-3391/
=C2=A0 cartasi--Nexi XPay The Nexi XPay plugin for WordPress is vulnerable =
to unauthorized modification of data due to missing authorization checks on=
the redirect function in all versions up to, and including, 8.3.0. This ma= kes it possible for unauthenticated attackers to mark pending WooCommerce o= rders as paid/completed. 2026-04-14 5.3 CVE-2025-15565 [
https://www.cve.or= g/CVERecord?id=3DCVE-2025-15565 ]
https://www.wordfence.com/threat-intel/vu= lnerabilities/id/f420151b-c783-49b1-b0e9-e936a904278a?source=3Dcve
https://plugins.trac.wordpress.org/browser/cartasi-x-pay/tags/8.2.0/src/cla= sses/Nexi/WC_Gateway_XPay_Process_Completion.php#L268
=C2=A0 Dell--Dell Pro 14 Essential PV14250 Dell Client Platform BIOS contai=
ns a Weak Password Recovery Mechanism vulnerability. An unauthenticated att= acker with physical access to the system could potentially exploit this vul= nerability, leading to unauthorized access. 2026-04-16 5.1 CVE-2025-36579 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-36579 ]
https://www.dell.com/s= upport/kbdoc/en-us/000300450/dsa-2025-153
=C2=A0 Fortinet--FortiOS An Improper Limitation of a Pathname to a Restrict=
ed Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS = 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions,=
FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiP=
AM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, = FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all vers= ions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy=
7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all vers= ions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 thro= ugh 7.0.6 may allow an authenticated attacker with admin profile and at lea=
st read-write permissions to write or delete arbitrary files via specific C=
LI commands. 2026-04-14 5.4 CVE-2025-61624 [
https://www.cve.org/CVERecord?= id=3DCVE-2025-61624 ]
https://fortiguard.fortinet.com/psirt/FG-IR-26-122
=C2=A0 Fortinet--FortiManager Cloud An improper limitation of a pathname to=
a restricted directory ('path traversal') vulnerability in Fortinet FortiA= nalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyz=
er 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.= 6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer C= loud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7= .6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all = versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7= .6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all ve= rsions, FortiManager Cloud 7.0 all versions may allow a privileged attacker=
to delete files from the underlying filesystem via crafted CLI requests. 2= 026-04-14 5.4 CVE-2025-68649 [
https://www.cve.org/CVERecord?id=3DCVE-2025-= 68649 ]
https://fortiguard.fortinet.com/psirt/FG-IR-26-120
=C2=A0 wpxpo--Post Grid Gutenberg Blocks for News, Magazines, Blog Websites=
PostX The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - = PostX plugin for WordPress is vulnerable to unauthorized modification of da=
ta due to a missing capability check on the ultp_shareCount_callback() func= tion in all versions up to, and including, 5.0.5. This makes it possible fo=
r unauthenticated attackers to modify the share_count post meta for any pos=
t, including private or draft posts. 2026-04-16 5.3 CVE-2026-0718 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-0718 ]
https://www.wordfence.com/threa= t-intel/vulnerabilities/id/c4b2cf3b-5d35-4ce6-9453-1538a6f7752f?source=3Dcve
https://plugins.trac.wordpress.org/changeset?old_path=3D/ultimate-post/tags= /5.0.5/classes/Blocks.php&new_path=3D/ultimate-post/tags/5.0.6/classes/Bloc= ks.php
=C2=A0 iberezansky--3D FlipBook PDF Embedder, PDF Flipbook Viewer, Flipbook=
Image Gallery The 3D FlipBook - PDF Embedder, PDF Flipbook Viewer, Flipboo=
k Image Gallery plugin for WordPress is vulnerable to unauthorized access o=
f data due to a missing capability check on the send_post_pages_json() func= tion in all versions up to, and including, 1.16.17. This makes it possible = for unauthenticated attackers to retrieve flipbook page metadata for draft,=
private and password-protected flipbooks. 2026-04-14 5.3 CVE-2026-1314 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-1314 ]
https://www.wordfence.com= /threat-intel/vulnerabilities/id/d7e41753-2dbf-4afa-b61e-e617be2c4dc2?sourc= e=3Dcve
https://plugins.trac.wordpress.org/changeset/3467608/
=C2=A0 themefusion--Avada (Fusion) Builder The Avada (Fusion) Builder plugi=
n for WordPress is vulnerable to Arbitrary WordPress Action Execution in al=
l versions up to, and including, 3.15.1. This is due to the plugin's `outpu= t_action_hook()` function accepting user-controlled input to trigger any re= gistered WordPress action hook without proper authorization checks. This ma= kes it possible for authenticated attackers, with Subscriber-level access a=
nd above, to execute arbitrary WordPress action hooks via the Dynamic Data = feature, potentially leading to privilege escalation, file inclusion, denia=
l of service, or other security impacts depending on which action hooks are=
available in the WordPress installation. 2026-04-15 5.4 CVE-2026-1509 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-1509 ]
https://www.wordfence.com/= threat-intel/vulnerabilities/id/fdc57b06-bae9-49a3-84dd-f593705330e9?source= =3Dcve
https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226 https://avada.com/documentation/avada-changelog/
=C2=A0 Wpmet--MetForm Pro The MetForm Pro plugin for WordPress is vulnerabl=
e to Improper Input Validation in all versions up to, and including, 3.9.7 = This is due to the payment integrations (Stripe/PayPal) trusting a user-sub= mitted calculation field value without recomputing or validating it against=
the configured form price. This makes it possible for unauthenticated atta= ckers to manipulate the payment amount via the 'mf-calculation' field in th=
e form submission REST request granted there exists a specific form with th=
is particular configuration. 2026-04-15 5.3 CVE-2026-1782 [
https://www.cve= .org/CVERecord?id=3DCVE-2026-1782 ]
https://www.wordfence.com/threat-intel/= vulnerabilities/id/a49dd64b-6ae8-49ed-9e8a-e5b73c2acf4b?source=3Dcve
https://wpmet.com/plugin/metform/
=C2=A0 Cisco--Cisco Secure Web Appliance A vulnerability in the authenticat= ion service feature of Cisco AsyncOS Software for Cisco Secure Web Applianc=
e could allow an unauthenticated, remote attacker to bypass authentication = policy requirements. This vulnerability is due to improper validation of us= er-supplied authentication input in HTTP requests. An attacker could exploi=
t this vulnerability by sending HTTP requests that contain specific authent= ication requests to an affected device. A successful exploit could allow th=
e attacker to bypass policy enforcement on the device. There is no direct i= mpact to the Cisco Secure Web Appliance. However, as a result of exploiting=
this vulnerability, an attacker could send HTTP requests that should be re= stricted through the device. 2026-04-15 5.3 CVE-2026-20152 [
https://www.cv= e.org/CVERecord?id=3DCVE-2026-20152 ] cisco-sa-wsa-auth-bypass-6YZkTQhd [ h= ttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor= y/cisco-sa-wsa-auth-bypass-6YZkTQhd ]
=C2=A0 Cisco--Cisco ThousandEyes Enterprise Agent A vulnerability in the CL=
I of Cisco ThousandEyes Enterprise Agent could allow an authenticated, loca=
l attacker with low privileges to overwrite arbitrary files on the local sy= stem of an affected device. This vulnerability is due to improper access co= ntrols on files that are on the local file system of an affected devic=
e. An attacker could exploit this vulnerability by placing a symbolic link =
in a specific location on the local file system. A successful exploit could=
allow the attacker to bypass file system permissions and overwrite arbitra=
ry files on the affected device. 2026-04-15 5.5 CVE-2026-20161 [
https://ww= w.cve.org/CVERecord?id=3DCVE-2026-20161 ] cisco-sa-te-agentfilewrite-tqUw3S=
MU [
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA= dvisory/cisco-sa-te-agentfilewrite-tqUw3SMU ]
=C2=A0 Microsoft--Windows 10 Version 1809 Access of resource using incompat= ible type ('type confusion') in Windows COM allows an authorized attacker t=
o disclose information locally. 2026-04-14 5.5 CVE-2026-20806 [
https://www= .cve.org/CVERecord?id=3DCVE-2026-20806 ] Windows COM Server Information Dis= closure Vulnerability [
https://msrc.microsoft.com/update-guide/vulnerabili= ty/CVE-2026-20806 ]
=C2=A0 Grafana--Loki The CVE-2021-36156 fix validates the namespace paramet=
er for path traversal sequences after a single URL decode, by double encodi= ng, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules= /{namespace} Thanks to Prasanth Sundararajan for reporting this vulnerabili= ty. 2026-04-15 5.3 CVE-2026-21726 [
https://www.cve.org/CVERecord?id=3DCVE-= 2026-21726 ]
https://grafana.com/security/security-advisories/cve-2026-21726 =C2=A0 Fortinet--FortiSOAR PaaS A cleartext transmission of sensitive infor= mation vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiS= OAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR Pa=
aS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on= -premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiS= OAR on-premise 7.3 all versions may allow an authenticated attacker to view=
cleartext password in response for Secure Message Exchange and Radius quer= ies, if configured 2026-04-14 5.4 CVE-2026-21742 [
https://www.cve.org/CVER= ecord?id=3DCVE-2026-21742 ]
https://fortiguard.fortinet.com/psirt/FG-IR-26-= 106
=C2=A0 Eaton--IPP Software Eaton Intelligent Power Protector (IPP) uses an = insecure cookie configuration, which could allow a network=E2=80=91based at= tacker to intercept the cookie and exploit it through a man=E2=80=91in=E2= =80=91the=E2=80=91middle attack.=C2=A0This security issue has been fixed in=
the latest version of Eaton IPP software which is available on the Eaton d= ownload centre. 2026-04-16 5.7 CVE-2026-22617 [
https://www.cve.org/CVEReco= rd?id=3DCVE-2026-22617 ]
https://www.eaton.com/content/dam/eaton/company/ne= ws-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf
=C2=A0 Eaton--IPP software A security misconfiguration was identified in Ea= ton Intelligent Power Protector (IPP), where an HTTP response header was se=
t with an insecure attribute, potentially exposing users to web=E2=80=91bas=
ed attacks.=C2=A0This security issue has been fixed in the latest version o=
f Eaton IPP software which is available on the Eaton download centre. 2026-= 04-16 5.9 CVE-2026-22618 [
https://www.cve.org/CVERecord?id=3DCVE-2026-2261=
8 ]
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecu= rity/security-bulletins/etn-va-2025-1025.pdf
=C2=A0 Wago--Smart Designer In Wago Smart Designer in versions up to 2.33.1=
a low privileged remote attacker may enumerate projects and usernames thro= ugh iterative requests to an specific endpoint. 2026-04-16 4.3 CVE-2023-587=
2 [
https://www.cve.org/CVERecord?id=3DCVE-2023-5872 ]
https://certvde.com/= de/advisories/VDE-2023-045
https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.j= son
=C2=A0 Vision--Helpdesk Vision Helpdesk before 5.7.0 (patched in 5.6.10) al= lows attackers to read user profiles via modified serialized cookie data to=
vis_client_id. 2026-04-16 4.3 CVE-2024-58343 [
https://www.cve.org/CVEReco= rd?id=3DCVE-2024-58343 ]
https://github.com/websec/Vision-Helpdesk-Exploit https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-un= authorized-session-access-67264646bde7fa99ea26446f
=C2=A0 Zaytech--Smart Online Order for Clover Cross-Site Request Forgery (C= SRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Si=
te Request Forgery.This issue affects Smart Online Order for Clover: from n=
/a through 1.6.0. 2026-04-15 4.3 CVE-2025-15635 [
https://www.cve.org/CVERe= cord?id=3DCVE-2025-15635 ]
https://patchstack.com/database/wordpress/plugin= /clover-online-orders/vulnerability/wordpress-smart-online-order-for-clover= -plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve
=C2=A0 Dell--PowerScale OneFS Dell PowerScale OneFS, versions prior to 9.12= .0.0, contains an improper check for unusual or exceptional conditions vuln= erability. A high privileged attacker with local access could potentially e= xploit this vulnerability, leading to denial of service. 2026-04-16 4.1 CVE= -2025-43883 [
https://www.cve.org/CVERecord?id=3DCVE-2025-43883 ]
https://w= ww.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-= dell-powerscale-onefs-multiple-vulnerabilities
=C2=A0 Dell--PowerScale OneFS Dell PowerScale OneFS, versions prior to 9.12= .0.0, contains an improper resource shutdown or release vulnerability. A hi=
gh privileged attacker with local access could potentially exploit this vul= nerability, leading to denial of service. 2026-04-16 4.4 CVE-2025-43935 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-43935 ]
https://www.dell.com/sup= port/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale= -onefs-multiple-vulnerabilities
=C2=A0 DeluxeThemes--Userpro Cross-Site Request Forgery (CSRF) vulnerabilit=
y in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affe= cts Userpro: from n/a before 5.1.11. 2026-04-15 4.3 CVE-2025-53444 [ https:= //www.cve.org/CVERecord?id=3DCVE-2025-53444 ]
https://patchstack.com/databa= se/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-11-c= ross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve
=C2=A0 Fortinet--FortiSOAR on-premise A server-side request forgery (ssrf) = vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, For= tiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiS= OAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-pr= emise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise=
7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-p= remise 7.3 all versions may allow an authenticated attacker to discover ser= vices running on local ports via crafted requests. 2026-04-14 4.1 CVE-2025-= 59809 [
https://www.cve.org/CVERecord?id=3DCVE-2025-59809 ]
https://fortigu= ard.fortinet.com/psirt/FG-IR-26-103
=C2=A0 Fortinet--FortiSandbox PaaS An Improper Neutralization of Input Duri=
ng Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vuln= erability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5= .0.0 through 5.0.4 may allow an attacker to perform an XSS attack via craft=
ed HTTP requests. 2026-04-14 4.9 CVE-2025-61886 [
https://www.cve.org/CVERe= cord?id=3DCVE-2025-61886 ]
https://fortiguard.fortinet.com/psirt/FG-IR-26-1=
09
=C2=A0 themefusion--Avada (Fusion) Builder The Avada (Fusion) Builder plugi=
n for WordPress is vulnerable to Sensitive Information Exposure in all vers= ions up to, and including, 3.15.1. This is due to the plugin's `fusion_get_= post_custom_field()` function failing to validate whether metadata keys are=
protected (underscore-prefixed). This makes it possible for authenticated = attackers, with Subscriber-level access and above, to extract protected pos=
t metadata fields that should not be publicly accessible via the Dynamic Da=
ta feature's `post_custom_field` parameter. 2026-04-15 4.3 CVE-2026-1541 [ =
https://www.cve.org/CVERecord?id=3DCVE-2026-1541 ]
https://www.wordfence.co= m/threat-intel/vulnerabilities/id/f1f69f93-80e3-434d-98a6-fc8757b4e6d1?sour= ce=3Dcve
https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
=C2=A0 Cisco--Cisco Unity Connection A vulnerability in the web-based manag= ement interface of Cisco Unity Connection could allow an unauthenticated, r= emote attacker to redirect a user to a malicious web page. This vulnerabili=
ty is due to improper input validation of HTTP request parameters. An attac= ker could exploit this vulnerability by persuading a user to click a crafte=
d link. A successful exploit could allow the attacker to redirect a user to=
a malicious web page. 2026-04-15 4.7 CVE-2026-20060 [
https://www.cve.org/= CVERecord?id=3DCVE-2026-20060 ] cisco-sa-unity-vulns-n2EJSbbw [
https://sec= .cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa= -unity-vulns-n2EJSbbw ]
=C2=A0 Cisco--Cisco Unity Connection A vulnerability in the web-based manag= ement interface of Cisco Unity Connection could allow an authenticated, rem= ote attacker to perform an SQL injection attack against an affected device.=
To exploit this vulnerability, the attacker must have valid user credentia=
ls on the affected device. This vulnerability is due to insufficient valida= tion of user-supplied input. An attacker could exploit this vulnerability b=
y sending a crafted HTTP(S) request to the web-based management interface o=
f an affected device. A successful exploit could allow the attacker to view=
data on the affected device. 2026-04-15 4.3 CVE-2026-20061 [
https://www.c= ve.org/CVERecord?id=3DCVE-2026-20061 ] cisco-sa-unity-vulns-n2EJSbbw [ http= s://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c= isco-sa-unity-vulns-n2EJSbbw ]
=C2=A0 Cisco--Cisco Identity Services Engine Software Multiple vulnerabilit= ies in the web-based management interface of Cisco Identity Services Engine=
(ISE) could allow an authenticated, remote attacker with administrative&nb= sp;write privileges to conduct a stored cross-site scripting (XSS) attack o=
r a reflected XSS attack against a user of the web-based management interfa=
ce of an affected device. These vulnerabilities are due to insufficient san= itization of user-supplied data that is stored in the web page. An attacker=
could exploit these vulnerabilities by convincing a user of the interface =
to click a specific link or view an affected web page. The injected script = code may be executed in the context of the web-based management interface o=
r allow the attacker to access sensitive browser-based information. 2026-04= -15 4.8 CVE-2026-20132 [
https://www.cve.org/CVERecord?id=3DCVE-2026-20132 =
] cisco-sa-isexss-BS8ctE7U [
https://sec.cloudapps.cisco.com/security/cente= r/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U ]
=C2=A0 Cisco--Cisco Identity Services Engine Software A vulnerability in Ci= sco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to = perform path traversal attacks on the underlying operating system and read = arbitrary files. To exploit this vulnerability, the attacker must have vali=
d administrative credentials. This vulnerability is due to improper validat= ion of user-supplied input. An attacker could exploit this vulnerability by=
sending a crafted HTTP request to an affected system. A successful exploit=
could allow the attacker to access sensitive files on the affected system.=
2026-04-15 4.9 CVE-2026-20148 [
https://www.cve.org/CVERecord?id=3DCVE-202= 6-20148 ] cisco-sa-ise-rce-traversal-8bYndVrZ [
https://sec.cloudapps.cisco= .com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-travers= al-8bYndVrZ ]
=C2=A0 Splunk--Splunk Enterprise In Splunk Enterprise versions below 10.2.2=
, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4= .2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.241= 1.127, a low-privileged user that does not hold the `admin` or `power` Splu=
nk roles,=C2=A0has write permission on the app, and does not hold the high-= privilege capability `accelerate_datamodel`, could turn on or off Data Mode=
l Acceleration due to improper access control. 2026-04-15 4.3 CVE-2026-2020=
3 [
https://www.cve.org/CVERecord?id=3DCVE-2026-20203 ]
https://advisory.sp= lunk.com/advisories/SVD-2026-0402
=C2=A0 Microsoft--Windows 10 Version 1607 Improper removal of sensitive inf= ormation before storage or transfer in Windows Recovery Environment Agent a= llows an unauthorized attacker to bypass a security feature with a physical=
attack. 2026-04-14 4.6 CVE-2026-20928 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-20928 ] Windows Recovery Environment Security Feature Bypass Vu= lnerability [
https://msrc.microsoft.com/update-guide/vulnerability/CVE-202= 6-20928 ]
=C2=A0 Microsoft--Microsoft SharePoint Enterprise Server 2016 Improper neut= ralization of input during web page generation ('cross-site scripting') in = Microsoft Office SharePoint allows an authorized attacker to perform spoofi=
ng over a network. 2026-04-14 4.6 CVE-2026-20945 [
https://www.cve.org/CVER= ecord?id=3DCVE-2026-20945 ] Microsoft SharePoint Server Spoofing Vulnerabil= ity [
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945 ] =C2=A0 Fortinet--FortiSOAR PaaS An improper neutralization of input during = web page generation ('cross-site scripting') vulnerability in Fortinet Fort= iSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSO=
AR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-pre= mise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSO=
AR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may a= llow an authenticated remote attacker to perform a stored cross site script= ing (XSS) attack via crafted HTTP Requests. 2026-04-14 4.4 CVE-2026-22154 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-22154 ]
https://fortiguard.for= tinet.com/psirt/FG-IR-26-117
=C2=A0 Fortinet--FortiSOAR PaaS A storing passwords in a recoverable format=
vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR Pa=
aS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3=
all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premi=
se 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on= -premise 7.3 all versions may allow an authenticated remote attacker to ret= rieve Service account password via server address modification in LDAP conf= iguration. 2026-04-14 4.1 CVE-2026-22574 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-22574 ]
https://fortiguard.fortinet.com/psirt/FG-IR-26-105
=C2=A0 Fortinet--FortiSOAR PaaS A storing passwords in a recoverable format=
vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR Pa=
aS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3=
all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premi=
se 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on= -premise 7.3 all versions may allow an authenticated remote attacker to ret= rieve passwords for multiple installed connectors via server address modifi= cation in connector configuration. 2026-04-14 4.1 CVE-2026-22576 [
https://= www.cve.org/CVERecord?id=3DCVE-2026-22576 ]
https://fortiguard.fortinet.com= /psirt/FG-IR-26-104
=C2=A0 octobercms--october October is a Content Management System (CMS) and=
web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 co= ntain a sandbox bypass vulnerability in the optional Twig safe mode feature=
(CMS_SAFE_MODE). Certain methods on the collect() helper were not properly=
restricted, allowing authenticated users with template editing permissions=
to bypass sandbox protections. Exploitation requires authenticated backend=
access with CMS template editing permissions and only affects installation=
s with CMS_SAFE_MODE enabled (disabled by default). This issue has been fix=
ed in versions 3.7.13 and 4.1.5. To workaround this issue, users can disabl=
e CMS_SAFE_MODE if untrusted template editing is not required, and restrict=
CMS template editing permissions to fully trusted administrators only. 202= 6-04-14 4.9 CVE-2026-22692 [
https://www.cve.org/CVERecord?id=3DCVE-2026-22= 692 ]
https://github.com/octobercms/october/security/advisories/GHSA-m5qg-j= c75-4jp6
=C2=A0=20
Back to top [ #top ]
Low Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info W= SO2--WSO2 API Manager The component accepts XML input through the publisher=
without disabling external entity resolution. This allows malicious actors=
to submit a crafted XML payload that exploits the unescaped external entit=
y references. By leveraging this vulnerability, a malicious actor can read = confidential files from the product's file system or access limited HTTP re= sources reachable via HTTP GET requests to the vulnerable product. 2026-04-=
16 3.5 CVE-2024-8010 [
https://www.cve.org/CVERecord?id=3DCVE-2024-8010 ] h= ttps://security.docs.wso2.com/en/latest/security-announcements/security-adv= isories/2026/WSO2-2024-3581/
=C2=A0 1Panel-dev--MaxKB A vulnerability has been found in 1Panel-dev MaxKB=
up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of=
the component MdPreview. Such manipulation leads to cross site scripting. = The attack can be executed remotely. The exploit has been disclosed to the = public and may be used. Upgrading to version 2.5.0 is recommended to addres=
s this issue. The name of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70= b8d8. It is advisable to upgrade the affected component. The vendor was con= tacted early, responded in a very professional manner and quickly released =
a fixed version of the affected product. 2026-04-13 3.5 CVE-2025-15632 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-15632 ] VDB-356967 | 1Panel-dev M= axKB MdPreview chat.ts cross site scripting [
https://vuldb.com/vuln/356967=
]
VDB-356967 | CTI Indicators (IOB, IOC, TTP, IOA) [
https://vuldb.com/vuln/3= 56967/cti ]
Submit #782265 | 1Panel-dev MaxKB <=3D v2.6.1 Stored XSS [
https://vuldb.co= m/submit/782265 ]
https://github.com/AnalogyC0de/public_exp/issues/28 https://github.com/1Panel-dev/MaxKB/pull/4578 https://github.com/1Panel-dev/MaxKB/commit/7230daa5ec3e6574b6ede83dd48a4fbc= 0e70b8d8
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.5.0 https://github.com/1Panel-dev/MaxKB/
=C2=A0 Siemens--Siemens Software Center A vulnerability has been identified=
in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All ve= rsions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcente=
r STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.=
0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomat=
ix Plant Simulation (All versions < V2504.0008). Affected applications do n=
ot properly validate client certificates to connect to Analytics Service en= dpoint. This could allow an unauthenticated remote attacker to perform man =
in the middle attacks. 2026-04-14 3.7 CVE-2025-40745 [
https://www.cve.org/= CVERecord?id=3DCVE-2025-40745 ]
https://cert-portal.siemens.com/productcert= /html/ssa-981622.html
=C2=A0 Grafana--Grafana Correlations --- title: Cross-Tenant Legacy Correla= tion Disclosure and Deletion draft: false hero: image: /static/img/heros/he= ro-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and De= letion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727=
cvss_score: "3.3" cvss_vector: "CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A= :N" fixed_versions: - ">=3D11.6.11 >=3D12.0.9 >=3D12.1.6 >=3D12.2.4" --- A = cross-tenant isolation vulnerability was found in Grafana's Correlations fe= ature affecting legacy correlation records. Due to a backward compatibility=
condition allowing org_id =3D 0 records to be returned across organization=
s, a user with datasource management privileges could read and permanently = delete legacy correlation data belonging to another organization. This issu=
e affects correlations created prior to Grafana 10.2 and is fixed in >=3D11= .6.11, >=3D12.0.9, >=3D12.1.6, and >=3D12.2.4. Thanks to Gyu-hyeok Lee (g2h=
) for reporting this vulnerability. 2026-04-15 3.3 CVE-2026-21727 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-21727 ]
https://grafana.com/security/s= ecurity-advisories/cve-2026-21727
=C2=A0 HCL--AION HCL AION is affected by a vulnerability where certain syst=
em behaviours may allow exploration of internal filesystem structures. Expo= sure of such information may provide insights into the underlying environme= nt, which could potentially aid in further targeted actions or limited info= rmation disclosure. 2026-04-15 2.9 CVE-2025-52641 [
https://www.cve.org/CVE= Record?id=3DCVE-2025-52641 ]
https://support.hcl-software.com/csm?id=3Dkb_a= rticle&sysparm_article=3DKB0130007
=C2=A0 Fortinet--FortiNAC-F An URL Redirection to Untrusted Site ('Open Red= irect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 = through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may=
allow a remote privileged attacker with system administrator role to redir= ect users to an arbitrary website via crafted CSV file. 2026-04-14 2.2 CVE-= 2026-21741 [
https://www.cve.org/CVERecord?id=3DCVE-2026-21741 ]
https://fo= rtiguard.fortinet.com/psirt/FG-IR-26-118
=C2=A0=20
Back to top [ #top ]
Severity Not Yet Assigned
Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info A= MD--AMD EPYC 7003 Series Processors Insufficient checks of the RMP on host = buffer access in IOMMU may allow an attacker with privileges and a compromi= sed hypervisor to trigger an out of bounds condition without RMP checks, re= sulting in a potential loss of confidential guest integrity. 2026-04-16 not=
yet calculated CVE-2023-20585 [
https://www.cve.org/CVERecord?id=3DCVE-202= 3-20585 ]
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB= -3016.html
=C2=A0 n/a--NietThijmen ShoppingCart 0.0.2 Command injection in the connect=
function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute a= rbitrary shell commands and achieve remote code execution via injection of = malicious payloads into the Port field 2026-04-15 not yet calculated CVE-20= 24-53412 [
https://www.cve.org/CVERecord?id=3DCVE-2024-53412 ]
https://gith= ub.com/NietThijmen/ShoppingCart/issues/1
https://github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412= /README.md
=C2=A0 Grafana--Grafana Alerting In Grafana's alerting system, users with e= dit permissions for a contact point, specifically the permissions "alert.no= tifications:write" or "alert.notifications.receivers:test" that are granted=
as part of the fixed role "Contact Point Writer", which is part of the bas=
ic role Editor - can edit contact points created by other users, modify the=
endpoint URL to a controlled server. By invoking the test functionality, a= ttackers can capture and extract redacted secure settings, such as authenti= cation credentials for third-party services (e.g., Slack tokens). This lead=
s to unauthorized access and potential compromise of external integrations.=
2026-04-15 not yet calculated CVE-2025-12141 [
https://www.cve.org/CVEReco= rd?id=3DCVE-2025-12141 ]
https://grafana.com/security/security-advisories/c= ve-2025-12141/
=C2=A0 MCPHub--MCPHub MCPHub in versions below=C2=A00.11.0 is vulnerable to=
authentication bypass. Some endpoints are not protected by authentication = middleware, allowing an unauthenticated attacker to perform actions in the = name of other users and using their privileges. 2026-04-14 not yet calculat=
ed CVE-2025-13822 [
https://www.cve.org/CVERecord?id=3DCVE-2025-13822 ] htt= ps://github.com/samanhappy/mcphub
https://cert.pl/en/posts/2026/04/CVE-2025-13822
=C2=A0 Legion of the Bouncy Castle Inc.--BC-JAVA Use of a Broken or Risky C= ryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC= -JAVA bcprov on all (core modules). This vulnerability is associated with p= rogram files G3413CTRBlockCipher. GOSTCTR implementation unable to process = more than 255 blocks correctly. This issue affects BC-JAVA: from 1.59 befor=
e 1.84. 2026-04-15 not yet calculated CVE-2025-14813 [
https://www.cve.org/= CVERecord?id=3DCVE-2025-14813 ]
https://github.com/bcgit/bc-java/wiki/CVE%E= 2%80%902025%E2%80%9014813
https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c2= 9871f
https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c= 6d4f3
=C2=A0 Unknown--Form Maker by 10Web The Form Maker by 10Web WordPress plugi=
n before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapp= ing" feature is in use, which could make SQL Injection attacks possible in = certain contexts. 2026-04-13 not yet calculated CVE-2025-15441 [
https://ww= w.cve.org/CVERecord?id=3DCVE-2025-15441 ]
https://wpscan.com/vulnerability/= 41f69b0a-4d17-4a6b-b803-ea1c370e3cc0/
=C2=A0 OpenText, Inc--RightFax Deserialization of untrusted data vulnerabil= ity in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Inje= ction.This issue affects RightFax: through 25.4. 2026-04-15 not yet calcula= ted CVE-2025-15610 [
https://www.cve.org/CVERecord?id=3DCVE-2025-15610 ] ht= tps://support.opentext.com/csm?id=3Dot_kb_unauthenticated&sysparm_article= =3DKB0861863
=C2=A0 Sparx Systems Pty Ltd.--Sparx Enterprise Architect Insufficiently Pr= otected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. C= lient does not verify the receiver of OAuth2 credentials during OpenID auth= entication 2026-04-16 not yet calculated CVE-2025-15621 [
https://www.cve.o= rg/CVERecord?id=3DCVE-2025-15621 ]
https://sparxsystems.com/products/ea/17.= 1/history.html
=C2=A0 Sparx Systems Pty Ltd.--Sparx Enterprise Architect Insufficiently Pr= otected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterpris=
e Architect.=C2=A0Client reveals plaintext OAuth2 client secretDesktop clie=
nt decodes the secret and uses the plaintext secret to exchange it into an = access and id tokens as part of the OpenID authentication flow. 2026-04-17 = not yet calculated CVE-2025-15622 [
https://www.cve.org/CVERecord?id=3DCVE-= 2025-15622 ]
https://sparxsystems.com/products/ea/17.1/history.html
=C2=A0 Sparx Systems Pty Ltd.--Sparx Pro Cloud Server Exposure of Private P= ersonal Information to an Unauthorized Actor, : Exposure of Sensitive Syste=
m Information to an Unauthorized Control Sphere vulnerability in Sparx Syst= ems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve data= base password in plaintext in certain situations 2026-04-17 not yet calcula= ted CVE-2025-15623 [
https://www.cve.org/CVERecord?id=3DCVE-2025-15623 ] ht= tps://sparxsystems.com/products/procloudserver/6.1/history.html
=C2=A0 Sparx Systems Pty Ltd.--Sparx Pro Cloud Server Plaintext Storage of =
a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.= =C2=A0 In a setup where OpenID is used as the primary method of authenticat= ion to authenticate to Sparx EA, Pro Cloud Server creates local passwords t=
o the users and stores them in plaintext. 2026-04-17 not yet calculated CVE= -2025-15624 [
https://www.cve.org/CVERecord?id=3DCVE-2025-15624 ]
https://s= parxsystems.com/products/procloudserver/6.1/history.html
=C2=A0 Sparx Systems Pty Ltd.--Sparx Pro Cloud Server Unauthenticated user =
is able to=C2=A0execute arbitrary SQL commands in Sparx Pro Cloud Server da= tabase in certain cases. 2026-04-17 not yet calculated CVE-2025-15625 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-15625 ]
https://sparxsystems.com/p= roducts/procloudserver/6.1/history.html
=C2=A0 n/a--Phpgurukul Online Course In Phpgurukul Online Course Registrati=
on v3.1, an arbitrary file upload vulnerability was discovered within the p= rofile picture upload functionality on the /my-profile.php page. 2026-04-13=
not yet calculated CVE-2025-51414 [
https://www.cve.org/CVERecord?id=3DCVE= -2025-51414 ]
https://github.com/12T40910/CVE/issues/12 https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-= in-online-course-registration-v3-1-bd8b839be1d7
=C2=A0 AMD--AMD EPYC 9004 Series Processors Incorrect use of boot service i=
n the AMD Platform Configuration Blob (APCB) SMM driver could allow a privi= leged attacker with local access (Ring 0) to achieve privilege escalation p= otentially resulting in arbitrary code execution. 2026-04-16 not yet calcul= ated CVE-2025-54502 [
https://www.cve.org/CVERecord?id=3DCVE-2025-54502 ] h= ttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7054.html =C2=A0 AMD--AMD EPYC 9004 Series Processors A missing lock verification in = AMD Secure Processor (ASP) firmware may permit a locally authenticated atta= cker with administrative privileges to alter MMIO routing on some Zen 5-bas=
ed products, potentially compromising guest system integrity. 2026-04-16 no=
t yet calculated CVE-2025-54510 [
https://www.cve.org/CVERecord?id=3DCVE-20= 25-54510 ]
https://www.amd.com/en/resources/product-security/bulletin/AMD-S= B-3034.html
=C2=A0 Apache Software Foundation--Apache Airflow The example example_xcom= =C2=A0that was included in airflow documentation implemented unsafe pattern=
of reading value from xcom in the way that could be exploited to allow UI = user who had access to modify XComs to perform arbitrary execution of code =
on the worker. Since the UI users are already highly trusted, this is a Low=
severity vulnerability. It does not affect Airflow release - example_dags = are not supposed to be enabled in production environment, however users fol= lowing the example could replicate the bad pattern. Documentation of Airflo=
w 3.2.0 contains version of the example with improved resiliance for that c= ase. Users who followed that pattern are advised to adjust their implementa= tions accordingly. 2026-04-15 not yet calculated CVE-2025-54550 [
https://w= ww.cve.org/CVERecord?id=3DCVE-2025-54550 ]
https://lists.apache.org/thread/= 3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1
https://github.com/apache/airflow/pull/63200
=C2=A0 Openai[.]com-- Codex CLI v0.23.0 A vulnerability was identified in O= penAI Codex CLI v0.23.0 and before that enables code execution through mali= cious MCP (Model Context Protocol) configuration files. The attack is trigg= ered when a user runs the codex command inside a malicious or compromised r= epository. Codex automatically loads project-local .env and .codex/config.t= oml files without requiring user confirmation, allowing attackers to embed = arbitrary commands that execute immediately. 2026-04-14 not yet calculated = CVE-2025-61260 [
https://www.cve.org/CVERecord?id=3DCVE-2025-61260 ] http:/= /openai.com
https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vul= nerability/
=C2=A0 Snipe-it[.]com--Snipe-IT asset management v8.3.0 Cross-Site Scriptin=
g vulnerability in the Snipe-IT web-based asset management system v8.3.0 to=
up and including v8.3.1 allows authenticated attacker with lowest privileg=
es sufficient only to log in, to inject arbitrary JavaScript code via "Name=
" and "Surname" fields. The JavaScript code is executed whenever "Activity = Report" or modified profile is viewed directly by any user with sufficient = permissions. Successful exploitation of this issue requires that the profil= e's "Display Name" is not set. The vulnerability is fixed in v8.3.2. 2026-0= 4-13 not yet calculated CVE-2025-63743 [
https://www.cve.org/CVERecord?id= =3DCVE-2025-63743 ]
http://grokability.com
http://snipe-it.com https://github.com/grokability/snipe-it/commit/b6d397bcca4e8a05176b782de769= d7160058bfc4#diff-7fe056d76c09808dac923c4639161d587c3fff281a01122f3e10c4a78= 1674a65
https://github.com/mikust/CVEs/tree/main/CVE-2025-63743
=C2=A0 n/a-- hotel-management-php version 1.0 alandsilva26 hotel-management= -php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_= room.php which allows an attacker to inject and execute arbitrary JavaScrip=
t via the room_id GET parameter. 2026-04-14 not yet calculated CVE-2025-651=
32 [
https://www.cve.org/CVERecord?id=3DCVE-2025-65132 ]
https://github.com= /TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65132/README.md
=C2=A0 n/a--School Management System v1.0 A SQL injection vulnerability exi= sts in the School Management System (version 1.0) by manikandan580. An unau= thenticated or authenticated remote attacker can supply a crafted HTTP requ= est to the affected endpoint to manipulate SQL query logic and extract sens= itive database information. 2026-04-14 not yet calculated CVE-2025-65133 [ =
https://www.cve.org/CVERecord?id=3DCVE-2025-65133 ]
https://github.com/TREX= NEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md
=C2=A0 n/a--School Management System v1.0 In manikandan580 School-managemen= t-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists i=
n /studentms/admin/contact-us.php via the email POST parameter. 2026-04-14 = not yet calculated CVE-2025-65134 [
https://www.cve.org/CVERecord?id=3DCVE-= 2025-65134 ]
https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE= -2025-65134/README.md
=C2=A0 n/a--School Management System v1.0 In manikandan580 School-managemen= t-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/cont= act-us.php via the pagedes POST parameter. 2026-04-14 not yet calculated CV= E-2025-65136 [
https://www.cve.org/CVERecord?id=3DCVE-2025-65136 ]
https://= github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65136/README.md =C2=A0 Apache Software Foundation--Apache Airflow Before Airflow 3.2.0, it = was unclear that secure Airflow deployments require the Deployment Manager =
to take appropriate actions and pay attention to security details and secur= ity model of Airflow. Some assumptions the Deployment Manager could make we=
re not clear or explicit enough, even though Airflow's intentions and secur= ity model of Airflow did not suggest different assumptions. The overall sec= urity model [1], workload isolation [2], and JWT authentication details [3]=
are now described in more detail. Users concerned with role isolation and = following the Airflow security model of Airflow are advised to upgrade to A= irflow 3.2, where several security improvements have been implemented. They=
should also read and follow the relevant documents to make sure that their=
deployment is secure enough. It also clarifies that the Deployment Manager=
is ultimately responsible for securing your Airflow deployment. This had a= lso been communicated via Airflow 3.2.0 Blog announcement [4]. [1] Security=
Model:
https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_= token_authentication.html [2] Workload isolation:
https://airflow.apache.or= g/docs/apache-airflow/stable/security/workload.html [3] JWT Token authentic= ation:
https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_t= oken_authentication.html [4] Airflow 3.2.0 Blog announcement:
https://airfl= ow.apache.org/blog/airflow-3.2.0/ Users are recommended to upgrade to versi=
on 3.2.0, which fixes this issue. 2026-04-13 not yet calculated CVE-2025-66= 236 [
https://www.cve.org/CVERecord?id=3DCVE-2025-66236 ]
https://github.co= m/apache/airflow/pull/58662
https://lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo
=C2=A0 gonitro[.]com-- Nitro PDF Pro v14.41.1.4 A NULL pointer dereference =
in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial =
of Service (DoS) via a crafted XFA packet. 2026-04-13 not yet calculated CV= E-2025-66769 [
https://www.cve.org/CVERecord?id=3DCVE-2025-66769 ]
https://= www.gonitro.com/
https://jeroscope.com/advisories/2025/jero-2025-015/
=C2=A0 nordicsemi[.]no--IronSide SE Nordic Semiconductor IronSide SE for nR= F54H20 before 23.0.2+17 has an Algorithmic complexity issue. 2026-04-15 not=
yet calculated CVE-2025-67841 [
https://www.cve.org/CVERecord?id=3DCVE-202= 5-67841 ]
https://nordicsemi.no https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf
=C2=A0 gonitro[.]com-- Nitro PDF Pro v14.41.1.4 Nitro PDF Pro for Windows 1= 4.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScrip=
t implementation of app.alert(). When app.alert() is called with more than = one argument and the first argument evaluates to null (for example, app.ale= rt(app.activeDocs, true) when app.activeDocs is null), the engine routes th=
e call through a fallback path intended for non-string arguments. In this p= ath, js_ValueToString() is invoked on the null value and returns an invalid=
string pointer, which is then passed to JS_GetStringChars() without valida= tion. Dereferencing this pointer leads to an access violation and applicati=
on crash when opening a crafted PDF. 2026-04-13 not yet calculated CVE-2025= -69624 [
https://www.cve.org/CVERecord?id=3DCVE-2025-69624 ]
http://nitro.c=
om
=C2=A0 gonitro[.]com-- Nitro PDF Pro v14.41.1.4 Nitro PDF Pro for Windows 1= 4.41.1.4 contains a heap use-after-free vulnerability in the implementation=
of the JavaScript method this.mailDoc(). During execution, an internal XID=
object is allocated and then freed prematurely, after which the freed poin= ter is still passed into UI and logging helper functions. Because the freed=
memory region may contain unpredictable heap data or remnants of attacker-= controlled JavaScript strings, downstream routines such as wcscmp() may pro= cess invalid or stale pointers. This can result in access violations and no= n-deterministic crashes. 2026-04-13 not yet calculated CVE-2025-69627 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-69627 ]
http://nitro.com https://jeroscope.com/advisories/2025/jero-2025-016/
=C2=A0 trezor[.]com--Trezor One v1.13.0 A side-channel vulnerability exists=
in the implementation of BIP-39 mnemonic processing, as observed in Trezor=
One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13=
.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard gu= idelines, which induce non-constant time execution and specific branch patt= erns for word searching. An attacker with physical access during the initia=
l setup phase can collect a single side-channel trace. By utilizing profili= ng-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can rec= over the mnemonic code and subsequently steal the assets. The issue was pat= ched. 2026-04-14 not yet calculated CVE-2025-69893 [
https://www.cve.org/CV= ERecord?id=3DCVE-2025-69893 ]
http://trezor.com https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-process= ing-when-unlocked
=C2=A0 n/a-- transloadit uppy v0.25.6 An issue pertaining to CWE-843: Acces=
s of Resource Using Incompatible Type was discovered in transloadit uppy v0= .25.6. 2026-04-14 not yet calculated CVE-2025-70023 [
https://www.cve.org/C= VERecord?id=3DCVE-2025-70023 ]
https://github.com/transloadi https://github.com/transloadit/uppy https://gist.github.com/zcxlighthouse/27926a85371ac5d2291f44903254753e
=C2=A0 Safetica Application suite-- STProcessMonitor 11.11.4.0=C2=A0 STProc= essMonitor 11.11.4.0, part of the Safetica Application suite, allows an adm= in-privileged user to send crafted IOCTL requests to terminate processes th=
at are protected through a third-party implementation. This is caused by in= sufficient caller validation in the driver's IOCTL handler, enabling unauth= orized processes to perform those actions in kernel space. Successful explo= itation can lead to denial of service by disrupting critical third-party se= rvices or applications. Unauthorized processes load the driver and send a c= rafted IOCTL request (0xB822200C) to terminate processes protected by a thi= rd-party implementation. This action exploits insufficient caller validatio=
n in the driver's IOCTL handler, allowing unauthorized processes to perform=
termination operations in kernel space. Successful exploitation can lead t=
o denial of service by disrupting critical third-party services or applicat= ions. 2026-04-17 not yet calculated CVE-2025-70795 [
https://www.cve.org/CV= ERecord?id=3DCVE-2025-70795 ]
https://bbs.kafan.cn/thread-2287429-1-1.html https://bbs.kafan.cn/thread-2287429-2-1.html https://www.virustotal.com/gui/file/70bcec00c215fe52779700f74e9bd669ff836f5= 94df92381cbfb7ee0568e7a8b
https://www.virustotal.com/gui/file/9ace6a1e4bee5834be38b4c2fd26780d1fcc18e= a9d58224e31d6382c19e53296
https://www.virustotal.com/gui/file/fc3588482f596a067b65d5d64d21fe62463b38a= 138fc87d8d2350efa86d34284
https://github.com/magicsword-io/LOLDrivers/commit/eea8326bf891d810902203e9= ac5cfdeaf5a17a1c
https://github.com/magicsword-io/LOLDrivers/issues/268
=C2=A0 Vtiger[.]com-- Vtiger CRM 8.4.0 Vtiger CRM 8.4.0 contains a reflecte=
d cross-site scripting (XSS) vulnerability in the MailManager module. Impro= per handling of user-controlled input in the _folder parameter allows a spe= cially crafted, double URL-encoded payload to be reflected and executed in = the context of an authenticated user s session. 2026-04-13 not yet calculat=
ed CVE-2025-70936 [
https://www.cve.org/CVERecord?id=3DCVE-2025-70936 ] htt= ps://www.vtiger.com/open-source-crm/
https://www.simonjuguna.com/cve-2025-70936-reflected-xss-vulnerability-in-v= tiger-crm-v8-4-0/
=C2=A0 Progress Software Corporation--OpenEdge A vulnerability in the Admin= Server component of OpenEdge on all supported platforms grants its authenti= cated users=C2=A0OS-level access to the server through the adopted authorit=
y of the AdminServer process itself.=C2=A0 The delegated authority of the A= dminServer could allow its users the ability to read arbitrary files on the=
host system through the misuse of the setFile() and openFile() methods exp= osed through the RMI interface.=C2=A0 Misuse was limited only by OS-level a= uthority of the AdminServer's elevated privileges granted and the user's ac= cess to these methods enabled through RMI.=C2=A0 The exploitable methods ha=
ve been removed thus eliminating their access through RMI or downstream of = the RMI registry. 2026-04-14 not yet calculated CVE-2025-7389 [
https://www= .cve.org/CVERecord?id=3DCVE-2025-7389 ]
https://community.progress.com/s/ar= ticle/Important-Arbitrary-File-Ready-Security-Update-for-OpenEdge-AdminServ=
er
=C2=A0 Progress Software Corporation--OpenEdge The OECH1 prefix encoding is=
intended to obfuscate values across the OpenEdge platform. =C2=A0It has be=
en identified as cryptographically weak and unsuitable for stored encodings=
and enterprise applications. =C2=A0OECH1 encodings should be considered ex= ploitable and immediately replaced by any other supported prefix encoding, = all of which are based on symmetric encryption. 2026-04-14 not yet calculat=
ed CVE-2025-8095 [
https://www.cve.org/CVERecord?id=3DCVE-2025-8095 ] https= ://community.progress.com/s/article/Unintended-Use-of-OECH1-for-Password-Se= crets-Protection
=C2=A0 PureStorage--FlashBlade A vulnerability exists in FlashBlade whereby=
sensitive information may be logged under specific conditions. 2026-04-14 = not yet calculated CVE-2026-0207 [
https://www.cve.org/CVERecord?id=3DCVE-2= 026-0207 ]
https://support.purestorage.com/bundle/m_security_bulletins/page= /Pure_Security/topics/concept/c_security_bulletins.html
=C2=A0 PureStorage--FlashArray Under certain administrative conditions, Fla= shArray Purity may apply snapshot retention policies earlier or later than = configured. 2026-04-14 not yet calculated CVE-2026-0209 [
https://www.cve.o= rg/CVERecord?id=3DCVE-2026-0209 ]
https://support.purestorage.com/bundle/m_= security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.h= tml
=C2=A0 Palo Alto Networks--Cortex XDR Agent A problem with a protection mec= hanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local=
Windows administrator to disable the agent.=C2=A0This issue may be leverag=
ed by malware to perform malicious activity without detection. 2026-04-13 n=
ot yet calculated CVE-2026-0232 [
https://www.cve.org/CVERecord?id=3DCVE-20= 26-0232 ]
https://security.paloaltonetworks.com/CVE-2026-0232
=C2=A0 Palo Alto Networks--Autonomous Digital Experience Manager A certific= ate validation vulnerability in Palo Alto Networks Autonomous Digital Exper= ience Manager on Windows allows an unauthenticated attacker with adjacent n= etwork access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges=
. 2026-04-13 not yet calculated CVE-2026-0233 [
https://www.cve.org/CVEReco= rd?id=3DCVE-2026-0233 ]
https://security.paloaltonetworks.com/CVE-2026-0233 =C2=A0 Palo Alto Networks--Cortex XSOAR Microsoft Teams Marketplace An impr= oper verification of cryptographic signature vulnerability exists in Cortex=
XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams tha=
t enables an unauthenticated user to access and modify protected resources.=
2026-04-13 not yet calculated CVE-2026-0234 [
https://www.cve.org/CVERecor= d?id=3DCVE-2026-0234 ]
https://security.paloaltonetworks.com/CVE-2026-0234 =C2=A0 Legion of the Bouncy Castle Inc.--BC-JAVA Improper neutralization of=
special elements used in an LDAP query ('LDAP injection') vulnerability in=
Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). Thi=
s vulnerability is associated with program files LDAPStoreHelper. This issu=
e affects BC-JAVA: from 1.74 before 1.84. 2026-04-15 not yet calculated CVE= -2026-0636 [
https://www.cve.org/CVERecord?id=3DCVE-2026-0636 ]
https://git= hub.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636
https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929= fcbde
=C2=A0 keras-team--keras-team/keras A vulnerability in the `TFSMLayer` clas=
s of the `keras` package, version 3.13.0, allows attacker-controlled Tensor= Flow SavedModels to be loaded during deserialization of `.keras` models, ev=
en when `safe_mode=3DTrue`. This bypasses the security guarantees of `safe_= mode` and enables arbitrary attacker-controlled code execution during model=
inference under the victim's privileges. The issue arises due to the uncon= ditional loading of external SavedModels, serialization of attacker-control= led file paths, and the lack of validation in the `from_config()` method. 2= 026-04-13 not yet calculated CVE-2026-1462 [
https://www.cve.org/CVERecord?= id=3DCVE-2026-1462 ]
https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81= bdbda331c
https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb= 362f163f
=C2=A0 Pegasystems--Pega Infinity Pega Platform versions 8.1.0 through 25.1=
.1 are affected by an HTML Injection vulnerability in a user interface comp= onent. Requires a high privileged user with a developer role. 2026-04-15 no=
t yet calculated CVE-2026-1564 [
https://www.cve.org/CVERecord?id=3DCVE-202= 6-1564 ]
https://support.pega.com/support-doc/pega-security-advisory-b26-vu= lnerability-remediation-note
=C2=A0 Pegasystems--Pega Infinity Pega Platform versions 8.1.0 through 25.1=
.1 are affected by a Stored Cross-Site Scripting vulnerability in a user in= terface component. Requires a high privileged user with a developer role. 2= 026-04-15 not yet calculated CVE-2026-1711 [
https://www.cve.org/CVERecord?= id=3DCVE-2026-1711 ]
https://support.pega.com/support-doc/pega-security-adv= isory-d26-vulnerability-remediation-note
=C2=A0 ASUS--DriverHub An Incorrect Permission Assignment for Critical Reso= urce vulnerability in the ASUS DriverHub update process allows privilege es= calation due to improper protection of required execution resources during = the validation phase, permitting a local user to make unprivileged modifica= tions. This allows the altered resource to pass system checks and be execut=
ed with elevated privileges upon a user-initiated update. Refer to the 'Sec= urity Update for ASUS DriverHub' section on the ASUS Security Advisory for = more information. 2026-04-16 not yet calculated CVE-2026-1880 [
https://www= .cve.org/CVERecord?id=3DCVE-2026-1880 ]
https://www.asus.com/security-advis= ory
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper input validation in = data related to network restrictions prior to SMR Apr-2026 Release 1 allows=
physical attackers to bypass the restrictions. 2026-04-13 not yet calculat=
ed CVE-2026-21003 [
https://www.cve.org/CVERecord?id=3DCVE-2026-21003 ] htt= ps://security.samsungmobile.com/securityUpdate.smsb?year=3D2026&month=3D04 =C2=A0 Samsung Mobile--Samsung Mobile Devices Improper access control in Sa= msung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to acce=
ss to hidden notification contents. 2026-04-13 not yet calculated CVE-2026-= 21006 [
https://www.cve.org/CVERecord?id=3DCVE-2026-21006 ]
https://securit= y.samsungmobile.com/securityUpdate.smsb?year=3D2026&month=3D04
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper check for exceptiona=
l conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical=
attackers to bypass Knox Guard. 2026-04-13 not yet calculated CVE-2026-210=
07 [
https://www.cve.org/CVERecord?id=3DCVE-2026-21007 ]
https://security.s= amsungmobile.com/securityUpdate.smsb?year=3D2026&month=3D04
=C2=A0 Samsung Mobile--Samsung Mobile Devices Exposure of sensitive informa= tion in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to=
access sensitive information. 2026-04-13 not yet calculated CVE-2026-21008=
[
https://www.cve.org/CVERecord?id=3DCVE-2026-21008 ]
https://security.sam= sungmobile.com/securityUpdate.smsb?year=3D2026&month=3D04
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper check for exceptiona=
l conditions in Recents prior to SMR Apr-2026 Release 1 allows physical att= acker to bypass App Pinning. 2026-04-13 not yet calculated CVE-2026-21009 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-21009 ]
https://security.samsu= ngmobile.com/securityUpdate.smsb?year=3D2026&month=3D04
=C2=A0 Samsung Mobile--Samsung Mobile Devices Incorrect privilege assignmen=
t in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows p= hysical attackers to bypass Extend Unlock. 2026-04-13 not yet calculated CV= E-2026-21011 [
https://www.cve.org/CVERecord?id=3DCVE-2026-21011 ]
https://= security.samsungmobile.com/securityUpdate.smsb?year=3D2026&month=3D04
=C2=A0 Samsung Mobile--Samsung Mobile Devices External control of file name=
in AODManager prior to SMR Apr-2026 Release 1 allows privileged local atta= cker to create file with system privilege. 2026-04-13 not yet calculated CV= E-2026-21012 [
https://www.cve.org/CVERecord?id=3DCVE-2026-21012 ]
https://= security.samsungmobile.com/securityUpdate.smsb?year=3D2026&month=3D04
=C2=A0 Samsung Mobile--Galaxy Wearable Incorrect default permission in Gala=
xy Wearable prior to version 2.2.68.26 allows local attackers to access sen= sitive information. 2026-04-13 not yet calculated CVE-2026-21013 [
https://= www.cve.org/CVERecord?id=3DCVE-2026-21013 ]
https://security.samsungmobile.= com/serviceWeb.smsb?year=3D2026&month=3D04
=C2=A0 Samsung Mobile--Samsung Camera Improper access control in Samsung Ca= mera prior to version 16.5.00.28 allows local attacker to access location d= ata. User interaction is required for triggering this vulnerability. 2026-0= 4-13 not yet calculated CVE-2026-21014 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-21014 ]
https://security.samsungmobile.com/serviceWeb.smsb?year= =3D2026&month=3D04
=C2=A0 Veeam--Backup and Replication A vulnerability allowing a local attac= ker with administrator privileges to bypass Windows Driver Signature Enforc= ement. 2026-04-17 not yet calculated CVE-2026-21709 [
https://www.cve.org/C= VERecord?id=3DCVE-2026-21709 ]
https://www.veeam.com/kb4830 https://www.veeam.com/kb4831
=C2=A0 CubeCart Limited--CubeCart An OS command injection vulnerability exi= sts in CubeCart prior to 6.6.0, which may allow a user with an administrati=
ve privilege to execute an arbitrary OS command. 2026-04-17 not yet calcula= ted CVE-2026-21719 [
https://www.cve.org/CVERecord?id=3DCVE-2026-21719 ] ht= tps://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-i= n-years/62405
https://jvn.jp/en/jp/JVN78422311/
=C2=A0 Imagination Technologies--Graphics DDK Software installed and run as=
a non-privileged user may conduct improper GPU system calls to gain write = permission to read-only wrapped user-mode memory and files. This is caused =
by improper handling of GPU memory reservation protections. 2026-04-17 not = yet calculated CVE-2026-21733 [
https://www.cve.org/CVERecord?id=3DCVE-2026= -21733 ]
https://www.imaginationtech.com/gpu-driver-vulnerabilities/
=C2=A0 Ubiquiti Inc--UniFi Play PowerAmp An Improper Input Validation vulne= rability could allow a malicious actor with access to the UniFi Play networ=
k to cause the device to stop responding. Affected Products: UniFi Play Pow= erAmp (Version 1.0.35 and earlier) UniFi Play Audio Port=C2=A0 (Version 1.0= .24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 o=
r later Update UniFi Play Audio Port=C2=A0 to Version 1.1.9 or later 2026-0= 4-13 not yet calculated CVE-2026-22565 [
https://www.cve.org/CVERecord?id= =3DCVE-2026-22565 ]
https://community.ui.com/releases/Security-Advisory-Bul= letin-063/e468dd4b-5090-4ef8-89d8-939903c08e83
=C2=A0 Microchip--IStaX A privilege escalation vulnerability in Microchip I= StaX allows an authenticated low-privileged user to recover a shared per-de= vice cookie secret from their own webstax_auth session cookie and forge a n=
ew cookie with administrative privileges.This issue affects IStaX before 20= 26.03. 2026-04-16 not yet calculated CVE-2026-2336 [
https://www.cve.org/CV= ERecord?id=3DCVE-2026-2336 ]
https://www.microchip.com/en-us/solutions/tech= nologies/embedded-security/how-to-report-potential-product-security-vulnera= bilities/istax-privilege-escalation-via-weak-cookie-authentication
=C2=A0=20
Back to top [ #top ]
body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight=
: normal; font-style: normal; color: #333333; }=20
Having trouble viewing this message?=C2=A0View it as a webpage [
https://co= ntent.govdelivery.com/accounts/USDHSCISA/bulletins/413c4ad ].=C2=A0 [ https= ://content.govdelivery.com/accounts/USDHS/bulletins/292141e ]
You are subscribed to updates from the Cybersecurity and Infrastructure Sec= urity Agency [
https://www.cisa.gov ] (CISA)
Manage Subscriptions [
https://public.govdelivery.com/accounts/USDHSCISA/su= bscriber/edit?preferences=3Dtrue#tab1 ]=C2=A0=C2=A0|=C2=A0=C2=A0Privacy Pol= icy [
https://www.cisa.gov/privacy-policy ]=C2=A0=C2=A0|=C2=A0 Help [ https= ://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https:/= /insights.govdelivery.com/Communications/Subscriber_Help_Center ]
Connect with CISA:=20
Facebook [
https://www.facebook.com/CISA ]=C2=A0 |=C2=A0 Twitter [
https://= twitter.com/CISAgov ]=C2=A0 |=C2=A0 Instagram [
https://Instagram.com/cisag=
ov ]=C2=A0 |=C2=A0 LinkedIn [
https://www.linkedin.com/company/cybersecurit= y-and-infrastructure-security-agency ]=C2=A0 |=C2=A0=C2=A0 YouTube [ https:= //www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ]
________________________________________________________________________
This email was sent to
cisa@toolazy.synchro.net using GovDelivery Communica= tions Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency=
=C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202 GovDelivery logo [ =
https://subscriberhelp.granicus.com/ ]=20
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margi= n-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_displa=
y img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; ma= rgin-right:0px;}
--===============3904973969769106710==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"
http://www.w3.org/1999/xhtml" xml:lang=3D"en" lang=3D"en"> <head>
<title> Vulnerability Summary for the Week of April 13, 2026
</title>
</head>
<body style=3D"">
<table width=3D"700" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=
align=3D"center">
<tr>
<td>
<!--[if (gte mso 9)|(IE)]>
<table style=3D"display:none"><tr><td><a name=3D"gd_top" id=3D"gd_top"></= a></td></tr></table>
<![endif]-->
<a name=3D"gd_top" id=3D"gd_top"></a>
=20
<p><img src=3D"
https://content.govdelivery.com/attachments/fancy_images/U= SDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" al= t=3D"Cybersecurity and Infrastructure Security Agency (CISA)" title=3D"" wi= dth=3D"600" height=3D"100"></p>
<p>You are subscribed to Vulnerability Bulletins for Cybersecurity and In= frastructure Security Agency. This information has recently been updated an=
d is now available.</p>
<p>The CISA Vulnerability Bulletin provides a summary of new vulnerabilitie=
s that have been recorded in the past week. In some cases, the vulnerabilit= ies in the bulletin may not yet have assigned CVSS scores.</p> <p>Vulnerabilities are based on the=C2=A0<a href=3D"
https://www.cve.org/" t= arget=3D"_blank" class=3D"ext" data-extlink=3D"" rel=3D"noopener">Common Vu= lnerabilities and Exposures</a>=C2=A0(CVE) vulnerability naming standard an=
d are organized according to severity, determined by the=C2=A0<a href=3D"ht= tps://www.cve.org/about/relatedefforts" target=3D"_blank" rel=3D"noopener">= Common Vulnerability Scoring System</a>=C2=A0(CVSS) standard. The division =
of high, medium, and low severities correspond to the following scores:</p>
<strong>High</strong>: vulnerabilities with a CVSS base score of 7.0=E2=80= =9310.0</li>
<strong>Medium</strong>: vulnerabilities with a CVSS base score of 4.0=E2= =80=936.9</li>
<strong>Low</strong>: vulnerabilities with a CVSS base score of 0.0=E2=80= =933.9</li>
</ul>
<p>Entries may include additional information provided by organizations and=
efforts sponsored by CISA. This information may include identifying inform= ation, values, definitions, and related links. Patch information is provide=
d when available. Please note that some of the information in the bulletin =
is compiled from external, open-source reports and is not a direct result o=
f CISA analysis.</p>
<div class=3D"rss_item" style=3D"margin-bottom: 2em;">
<div class=3D"rss_title" style=3D"font-weight: bold; font-size: 120%; margi=
n: 0 0 0.3em; padding: 0;"><a href=3D"
https://www.cisa.gov/news-events/bull= etins/sb26-110">Vulnerability Summary for the Week of April 13, 2026</a></d=
<div class=3D"rss_pub_date" style=3D"font-size: 90%; font-style: italic; co= lor: #666666; margin: 0 0 0.3em; padding: 0;">04/20/2026 2:00 PM EDT</div>
<div class=3D"rss_description" style=3D"margin: 0 0 0.3em; padding: 0;">
<div id=3D"high_v">
<h2 id=3D"high_v_title">High Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"High Vulnerabilities" align=3D"center">
<thead>
<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>
<td class=3D"vendor-product">Grafana--Pyroscope</td>
<td>Pyroscope is an open-source continuous profiling database. The database=
supports various storage backends, including Tencent Cloud Object Storage = (COS). If the database is configured to use Tencent COS as the storage back= end, an attacker could extract the secret_key configuration value from the = Pyroscope API. To exploit this vulnerability, an attacker needs direct acce=
ss to the Pyroscope API. We highly recommend limiting the public internet e= xposure of all our databases, such that they are only accessible by trusted=
users or internal systems. This vulnerability is fixed in versions: 1.15.x=
: 1.15.2 and above. 1.16.x: 1.16.1 and above. 1.17.x: 1.17.0 and above (i.e=
. all versions). Thanks to Th=C3=A9o Cusnir for reporting this vulnerabilit=
y to us via our bug bounty program.</td>
<td>2026-04-15</td>
<td>9.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-41118" target=3D= "_blank" rel=3D"noopener">CVE-2025-41118</a></td>
<a href=3D"
https://grafana.com/security/security-advisories/cve-2025-41118"=
target=3D"_blank" rel=3D"noopener">
https://grafana.com/security/security-a= dvisories/cve-2025-41118</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">n/a--Grocery Store Management System v1.0</td> <td>Improper input handling in /Grocery/search_products_itname.php, in anir= udhkannan Grocery Store Management System 1.0, allows SQL injection via the=
sitem_name POST parameter.</td>
<td>2026-04-14</td>
<td>9.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-63939" target=3D= "_blank" rel=3D"noopener">CVE-2025-63939</a></td>
<a href=3D"
https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2= 025-63939" target=3D"_blank" rel=3D"noopener">
https://github.com/TREXNEGRO/= Security-Advisories/tree/main/CVE-2025-63939</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">n/a--manikandan580 School-management-system v1= .0</td>
<td>In manikandan580 School-management-system 1.0, a time-based blind SQL i= njection vulnerability exists in /studentms/admin/between-date-reprtsdetail= s.php through the fromdate POST parameter.</td>
<td>2026-04-14</td>
<td>9.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-65135" target=3D= "_blank" rel=3D"noopener">CVE-2025-65135</a></td>
<a href=3D"
https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2= 025-65135" target=3D"_blank" rel=3D"noopener">
https://github.com/TREXNEGRO/= Security-Advisories/tree/main/CVE-2025-65135</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Owen--WebStack</td>
<td>The WebStack theme for WordPress is vulnerable to arbitrary file upload=
s due to missing file type validation in the io_img_upload() function in al=
l versions up to, and including, 1.2024. This makes it possible for unauthe= nticated attackers to upload arbitrary files on the affected site's server = which may make remote code execution possible.</td>
<td>2026-04-15</td>
<td>9.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1555" target=3D"= _blank" rel=3D"noopener">CVE-2026-1555</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/b97805= de-1b47-4c9f-baae-2e37c1b78570?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/b97805de-1b4= 7-4c9f-baae-2e37c1b78570?source=3Dcve</a><br><a href=3D"
https://github.com/= owen0o0/WebStack/blob/master/inc/ajax.php#L5" target=3D"_blank" rel=3D"noop= ener">
https://github.com/owen0o0/WebStack/blob/master/inc/ajax.php#L5</a><b= r><a href=3D"
https://github.com/owen0o0/WebStack/tree/master" target=3D"_bl= ank" rel=3D"noopener">
https://github.com/owen0o0/WebStack/tree/master</a><b= r>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Identity Services Engine Software= </td>
<td>A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authentic= ated, remote attacker to execute arbitrary commands on the underlying opera= ting system of an affected device. To exploit this vulnerability, the attac= ker must have valid administrative credentials. This vulnerability is due t=
o insufficient validation of user-supplied input. An attacker could exploit=
this vulnerability by sending a crafted HTTP request to an affected device=
. A successful exploit could allow the attacker to obtain user-level access=
to the underlying operating system and then elevate privileges to root. In=
single-node ISE deployments, successful exploitation of this vulnerability=
could cause the affected ISE node to become unavailable, resulting in a de= nial of service (DoS) condition. In that condition, endpoints that have not=
already authenticated would be unable to access the network until the node=
is restored.</td>
<td>2026-04-15</td>
<td>9.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20147" target=3D= "_blank" rel=3D"noopener">CVE-2026-20147</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ" target=3D"_blank" rel=3D= "noopener">cisco-sa-ise-rce-traversal-8bYndVrZ</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Identity Services Engine Software= </td>
<td>A vulnerability in Cisco Identity Services Engine (ISE) could allow an = authenticated, remote attacker to execute arbitrary commands on the underly= ing operating system of an affected device. To exploit this vulnerability, = the attacker must have at least Read Only Admin credentials. This vulnerabi= lity is due to insufficient validation of user-supplied input. An attacker = could exploit this vulnerability by sending a crafted HTTP request to an af= fected device. A successful exploit could allow the attacker to obtain user= -level access to the underlying operating system and then elevate privilege=
s to&nbsp;root. In single-node ISE deployments, successful exploitation=
of these vulnerabilities could cause the affected ISE node to become unava= ilable, resulting in a denial of service (DoS) condition. In that condition=
, endpoints that have not already authenticated would be unable to access t=
he network until the node is restored.</td>
<td>2026-04-15</td>
<td>9.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20180" target=3D= "_blank" rel=3D"noopener">CVE-2026-20180</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-ise-rce-4fverepv" target=3D"_blank" rel=3D"noopener"= >cisco-sa-ise-rce-4fverepv</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Webex Meetings</td>
<td>A vulnerability in the integration of single sign-on (SSO) with Control=
Hub in Cisco Webex Services could have allowed an unauthenticated, remote = attacker to impersonate any user within the service. This vulnerability exi= sted because of improper certificate validation. Prior to this vulnerabilit=
y being addressed, an attacker could have exploited this vulnerability by c= onnecting to a service endpoint and supplying a crafted token. A successful=
exploit could have allowed the attacker to gain unauthorized access to leg= itimate Cisco Webex services.</td>
<td>2026-04-15</td>
<td>9.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20184" target=3D= "_blank" rel=3D"noopener">CVE-2026-20184</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL" target=3D"_blank" rel=3D"no= opener">cisco-sa-webex-cui-cert-8jSZYhWL</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Identity Services Engine Software= </td>
<td>A vulnerability in Cisco Identity Services Engine (ISE) could allow an = authenticated, remote attacker to execute arbitrary commands on the underly= ing operating system of an affected device. To exploit this vulnerability, = the attacker must have at least Read Only Admin credentials. This vulnerabi= lity is due to insufficient validation of user-supplied input. An attacker = could exploit this vulnerability by sending a crafted HTTP request to an af= fected device. A successful exploit could allow the attacker to obtain user= -level access to the underlying operating system and then elevate privilege=
s to&nbsp;root. In single-node ISE deployments, successful exploitation=
of these vulnerabilities could cause the affected ISE node to become unava= ilable, resulting in a denial of service (DoS) condition. In that condition=
, endpoints that have not already authenticated would be unable to access t=
he network until the node is restored.</td>
<td>2026-04-15</td>
<td>9.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20186" target=3D= "_blank" rel=3D"noopener">CVE-2026-20186</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-ise-rce-4fverepv" target=3D"_blank" rel=3D"noopener"= >cisco-sa-ise-rce-4fverepv</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Ubiquiti Inc--UniFi Play PowerAmp</td>
<td>A malicious actor with access to the UniFi Play network could exploit a=
Path Traversal vulnerability found in the device firmware to write files o=
n the system that could be used for a remote code execution (RCE). Affected=
Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)=E2=80=A8UniFi P= lay Audio Port=C2=A0 (Version 1.0.24 and earlier)=E2=80=A8 Mitigation: Upda=
te UniFi Play PowerAmp to Version 1.0.38 or later=E2=80=A8Update UniFi Play=
Audio Port=C2=A0 to Version 1.1.9 or later</td>
<td>2026-04-13</td>
<td>9.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22562" target=3D= "_blank" rel=3D"noopener">CVE-2026-22562</a></td>
<a href=3D"
https://community.ui.com/releases/Security-Advisory-Bulletin-063= /e468dd4b-5090-4ef8-89d8-939903c08e83" target=3D"_blank" rel=3D"noopener">h= ttps://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-50= 90-4ef8-89d8-939903c08e83</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Ubiquiti Inc--UniFi Play PowerAmp</td>
<td>A series of Improper Input Validation vulnerabilities could allow a Com= mand Injection by a malicious actor with access to the UniFi Play network. = Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)=E2=80=
=A8 UniFi Play Audio Port=C2=A0 (Version 1.0.24 and earlier)=E2=80=A8 Mitig= ation: Update UniFi Play PowerAmp to Version 1.0.38 or later=E2=80=A8 Updat=
e UniFi Play Audio Port=C2=A0 to Version 1.1.9 or later</td> <td>2026-04-13</td>
<td>9.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22563" target=3D= "_blank" rel=3D"noopener">CVE-2026-22563</a></td>
<a href=3D"
https://community.ui.com/releases/Security-Advisory-Bulletin-063= /e468dd4b-5090-4ef8-89d8-939903c08e83" target=3D"_blank" rel=3D"noopener">h= ttps://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-50= 90-4ef8-89d8-939903c08e83</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Ubiquiti Inc--UniFi Play PowerAmp</td>
<td>An Improper Access Control vulnerability could allow a malicious actor = with access to the UniFi Play network to enable SSH to make unauthorized ch= anges to the system.=E2=80=A8 Affected Products: UniFi Play PowerAmp (Versi=
on 1.0.35 and earlier)=E2=80=A8 UniFi Play Audio Port=C2=A0 (Version 1.0.24=
and earlier)=E2=80=A8 Mitigation: Update UniFi Play PowerAmp to Version 1.= 0.38 or later=E2=80=A8 Update UniFi Play Audio Port=C2=A0 to Version 1.1.9 =
or later</td>
<td>2026-04-13</td>
<td>9.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22564" target=3D= "_blank" rel=3D"noopener">CVE-2026-22564</a></td>
<a href=3D"
https://community.ui.com/releases/Security-Advisory-Bulletin-063= /e468dd4b-5090-4ef8-89d8-939903c08e83" target=3D"_blank" rel=3D"noopener">h= ttps://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-50= 90-4ef8-89d8-939903c08e83</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Festo--MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD= </td>
<td>In products of the MSE6 product-family by Festo a remote authenticated,=
low privileged attacker could use functions of undocumented test mode whic=
h could lead to a complete loss of confidentiality, integrity and availabil= ity.</td>
<td>2026-04-16</td>
<td>8.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2023-3634" target=3D"= _blank" rel=3D"noopener">CVE-2023-3634</a></td>
<a href=3D"
https://certvde.com/de/advisories/VDE-2023-020/" target=3D"_blan=
k" rel=3D"noopener">
https://certvde.com/de/advisories/VDE-2023-020/</a><br>=
<a href=3D"
https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2023/fs= a-202304.json" target=3D"_blank" rel=3D"noopener">
https://festo.csaf-tp.cer= tvde.com/.well-known/csaf/white/2023/fsa-202304.json</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">shahinurislam--Career Section</td>
<td>The Career Section plugin for WordPress is vulnerable to Cross-Site Req= uest Forgery leading to Path Traversal and Arbitrary File Deletion in all v= ersions up to, and including, 1.6. This is due to missing nonce validation = and insufficient file path validation on the delete action in the 'appform_= options_page_html' function. This makes it possible for unauthenticated att= ackers to delete arbitrary files on the server via a forged request, grante=
d they can trick a site administrator into performing an action such as cli= cking on a link.</td>
<td>2026-04-16</td>
<td>8.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-14868" target=3D= "_blank" rel=3D"noopener">CVE-2025-14868</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/84936b= 68-923a-4da1-ae67-1d63d025342e?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/84936b68-923= a-4da1-ae67-1d63d025342e?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/changeset/3474216/career-section" target=3D"_blank" rel=3D"= noopener">
https://plugins.trac.wordpress.org/changeset/3474216/career-secti= on</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Nozomi Networks--Guardian</td>
<td>An access control vulnerability was discovered in the Threat Intelligen=
ce functionality due to a specific access restriction not being properly en= forced for users with view-only privileges. An authenticated user with view= -only privileges for the Threat Intelligence functionality can perform admi= nistrative actions on it, altering the rules configuration, and/or affectin=
g their availability.</td>
<td>2026-04-15</td>
<td>8.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-40897" target=3D= "_blank" rel=3D"noopener">CVE-2025-40897</a></td>
<a href=3D"
https://security.nozominetworks.com/NN-2026:1-01" target=3D"_bla= nk" rel=3D"noopener">
https://security.nozominetworks.com/NN-2026:1-01</a><b= r>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Nozomi Networks--Guardian</td>
<td>A Stored Cross-Site Scripting vulnerability was discovered in the Asset=
s and Nodes functionality due to improper validation of an input parameter.=
An authenticated user with custom fields privileges can define a malicious=
custom field containing a JavaScript payload. When the victim views the As= sets or Nodes pages, the XSS executes in their browser context, allowing th=
e attacker to perform unauthorized actions as the victim, such as modify ap= plication data, disrupt application availability, and access limited sensit= ive information.</td>
<td>2026-04-15</td>
<td>8.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-40899" target=3D= "_blank" rel=3D"noopener">CVE-2025-40899</a></td>
<a href=3D"
https://security.nozominetworks.com/NN-2026:2-01" target=3D"_bla= nk" rel=3D"noopener">
https://security.nozominetworks.com/NN-2026:2-01</a><b= r>=C2=A0</td>
</tr>
<td class=3D"vendor-product">livemesh--Livemesh Addons by Elementor</td> <td>The Livemesh Addons for Elementor plugin for WordPress is vulnerable to=
Local File Inclusion in all versions up to, and including, 9.0. This is du=
e to insufficient sanitization of the template name parameter in the `lae_g= et_template_part()` function, which uses an inadequate `str_replace()` appr= oach that can be bypassed using recursive directory traversal patterns. Thi=
s makes it possible for authenticated attackers, with Contributor-level acc= ess and above, to include and execute arbitrary files on the server, allowi=
ng the attacker to include and execute local files via the widget's templat=
e parameter granted they can trick an administrator into performing an acti=
on or install Elementor.</td>
<td>2026-04-16</td>
<td>8.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1620" target=3D"= _blank" rel=3D"noopener">CVE-2026-1620</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/248387= 5a-84de-4a40-a69e-aee68da1ce3b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/2483875a-84d= e-4a40-a69e-aee68da1ce3b?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-function= s.php#L669" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpre= ss.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L66= 9</a><br><a href=3D"
https://plugins.trac.wordpress.org/browser/addons-for-e= lementor/tags/9.0/includes/helper-functions.php#L669" target=3D"_blank" rel= =3D"noopener">
https://plugins.trac.wordpress.org/browser/addons-for-element= or/tags/9.0/includes/helper-functions.php#L669</a><br><a href=3D"
https://pl= ugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper= -functions.php#L671" target=3D"_blank" rel=3D"noopener">
https://plugins.tra= c.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-function= s.php#L671</a><br><a href=3D"
https://plugins.trac.wordpress.org/browser/add= ons-for-elementor/tags/9.0/includes/helper-functions.php#L671" target=3D"_b= lank" rel=3D"noopener">
https://plugins.trac.wordpress.org/browser/addons-fo= r-elementor/tags/9.0/includes/helper-functions.php#L671</a><br>=C2=A0</td> </tr>
<td class=3D"vendor-product">Cloud Foundry--UUA</td>
<td>Cloud Foundry UUA is=C2=A0vulnerable to a bypass that allows an attacke=
r to obtain a token for any user and gain access to UAA-protected systems. = This vulnerability exists when SAML 2.0 bearer assertions are enabled for a=
client, as the UAA accepts SAML 2.0 bearer assertions that are neither sig= ned nor encrypted.=C2=A0This issue affects UUA=C2=A0from v77.30.0 to v78.7.=
0 (inclusive)=C2=A0and it affects=C2=A0CF Deployment=C2=A0from v48.7.0 to v= 54.14.0 (inclusive).</td>
<td>2026-04-16</td>
<td>8.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22734" target=3D= "_blank" rel=3D"noopener">CVE-2026-22734</a></td>
<a href=3D"
https://www.cloudfoundry.org/blog/cve-2026-22734-uaa-saml-2-0-si= gnature-bypass/" target=3D"_blank" rel=3D"noopener">
https://www.cloudfoundr= y.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/</a><br>=C2=A0</td> </tr>
<td class=3D"vendor-product">WSO2--WSO2 API Manager</td>
<td>The XML parsers within multiple WSO2 products accept user-supplied XML = data without properly configuring to prevent the resolution of external ent= ities. This omission allows malicious actors to craft XML payloads that exp= loit the parser's behavior, leading to the inclusion of external resources.=
By leveraging this vulnerability, an attacker can read confidential files = from the file system and access limited HTTP resources reachable by the pro= duct. Additionally, the vulnerability can be exploited to perform denial of=
service attacks by exhausting server resources through recursive entity ex= pansion or fetching large external resources.</td>
<td>2026-04-16</td>
<td>7.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-2374" target=3D"= _blank" rel=3D"noopener">CVE-2024-2374</a></td>
<a href=3D"
https://security.docs.wso2.com/en/latest/security-announcements/= security-advisories/2026/WSO2-2024-3255/" target=3D"_blank" rel=3D"noopener= ">
https://security.docs.wso2.com/en/latest/security-announcements/security-= advisories/2026/WSO2-2024-3255/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Bosch--BVMS</td>
<td>Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch = VMS 12.0.1 allows attackers to consume excessive amounts of disk space via = network interface.</td>
<td>2026-04-15</td>
<td>7.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-33618" target=3D= "_blank" rel=3D"noopener">CVE-2024-33618</a></td>
<a href=3D"
https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.h= tml" target=3D"_blank" rel=3D"noopener">
https://psirt.bosch.com/security-ad= visories/BOSCH-SA-162032-BT.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--PowerProtect Data Domain BoostFS</td> <td>Dell PowerProtect Data Domain BoostFS for client of Feature Release ver= sions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20=
, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insuffici= ently protected credentials vulnerability. A low privileged attacker with l= ocal access could potentially exploit this vulnerability, leading to creden= tial exposure. The attacker may be able to use the exposed credentials to a= ccess the system with privileges of the compromised account.</td> <td>2026-04-17</td>
<td>7.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-36568" target=3D= "_blank" rel=3D"noopener">CVE-2025-36568</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-= security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"=
target=3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-u= s/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-= multiple-vulnerabilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">WC Lovers--WCFM Marketplace</td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQ=
L Injection') vulnerability in WC Lovers WCFM Marketplace allows SQL Inject= ion.This issue affects WCFM Marketplace: from n/a through 3.7.1.</td> <td>2026-04-15</td>
<td>7.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-63029" target=3D= "_blank" rel=3D"noopener">CVE-2025-63029</a></td>
<a href=3D"
https://patchstack.com/database/wordpress/plugin/wc-multivendor-= marketplace/vulnerability/wordpress-wcfm-marketplace-plugin-3-7-1-sql-injec= tion-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">
https://= patchstack.com/database/wordpress/plugin/wc-multivendor-marketplace/vulnera= bility/wordpress-wcfm-marketplace-plugin-3-7-1-sql-injection-vulnerability?= _s_id=3Dcve</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">FirebirdSQL--firebird</td>
<td>Firebird is an open-source relational database management system. In ve= rsions FB3 of the client library placed incorrect data length values into X= SQLDA fields when communicating with FB4 or higher servers, resulting in an=
information leak. This issue is fixed by upgrading to the FB4 client or hi= gher.</td>
<td>2026-04-17</td>
<td>7.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-65104" target=3D= "_blank" rel=3D"noopener">CVE-2025-65104</a></td>
<a href=3D"
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA= -mfpr-9886-xjhg" target=3D"_blank" rel=3D"noopener">
https://github.com/Fire= birdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg</a><br><a href=3D"=
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0" target=3D"_bla= nk" rel=3D"noopener">
https://github.com/FirebirdSQL/firebird/releases/tag/v= 4.0.0</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Lenovo--Diagnostics</td>
<td>During an internal security assessment, a potential vulnerability was d= iscovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Va= ntage that, during installation or when using hardware scan, could allow a = local authenticated user to perform an arbitrary file write with elevated p= rivileges.</td>
<td>2026-04-15</td>
<td>7.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0827" target=3D"= _blank" rel=3D"noopener">CVE-2026-0827</a></td>
<a href=3D"
https://support.lenovo.com/us/en/product_security/LEN-210693" ta= rget=3D"_blank" rel=3D"noopener">
https://support.lenovo.com/us/en/product_s= ecurity/LEN-210693</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Splunk--Splunk Enterprise</td>
<td>In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11,=
and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.25= 10.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user t= hat does not hold the `admin` or `power` Splunk roles could potentially per= form a Remote Code Execution (RCE) by uploading a malicious file to the `$S= PLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and i= nsufficient isolation of temporary files within the `apptemp` directory.</t=
<td>2026-04-15</td>
<td>7.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20204" target=3D= "_blank" rel=3D"noopener">CVE-2026-20204</a></td>
<a href=3D"
https://advisory.splunk.com/advisories/SVD-2026-0403" target=3D"= _blank" rel=3D"noopener">
https://advisory.splunk.com/advisories/SVD-2026-04= 03</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Splunk--Splunk MCP Server</td>
<td>In Splunk MCP Server app versions below 1.0.3 , a user who holds a role=
with access to the Splunk `_internal` index or possesses the high-privileg=
e capability `mcp_tool_admin` could view users session and authorization to= kens in clear text.<br><br>The vulnerability would require eith=
er local access to the log files or administrative access to internal index= es, which by default only the admin role receives. <br><br>Revi=
ew roles and capabilities on your instance and restrict internal index acce=
ss to administrator-level roles. See [Define roles on the Splunk platform w= ith capabilities](
https://docs.splunk.com/Documentation/Splunk/latest/Secur= ity/Rolesandcapabilities) and [Connecting to MCP Server and Admin settings]= (
https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-platfor= m/connecting-to-mcp-server-and-admin-settings) in the Splunk documentation = for more information.</td>
<td>2026-04-15</td>
<td>7.2</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20205" target=3D= "_blank" rel=3D"noopener">CVE-2026-20205</a></td>
<a href=3D"
https://advisory.splunk.com/advisories/SVD-2026-0407" target=3D"= _blank" rel=3D"noopener">
https://advisory.splunk.com/advisories/SVD-2026-04= 07</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Microsoft--Windows 10 Version 1809</td> <td>Concurrent execution using shared resource with improper synchronizatio=
n ('race condition') in Windows Management Services allows an authorized at= tacker to elevate privileges locally.</td>
<td>2026-04-14</td>
<td>7.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20930" target=3D= "_blank" rel=3D"noopener">CVE-2026-20930</a></td>
<a href=3D"
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 0930" target=3D"_blank" rel=3D"noopener">Windows Management Services Elevat= ion of Privilege Vulnerability</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Ubiquiti Inc--UniFi Play PowerAmp</td>
<td>An Improper Access Control vulnerability could allow a malicious actor = with access to the UniFi Play network to obtain UniFi Play WiFi credentials= .=E2=80=A8 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earli= er)=E2=80=A8 UniFi Play Audio Port=C2=A0 (Version 1.0.24 and earlier)=E2=80= =A8 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later=E2=80= =A8 Update UniFi Play Audio Port=C2=A0 to Version 1.1.9 or later</td> <td>2026-04-13</td>
<td>7.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22566" target=3D= "_blank" rel=3D"noopener">CVE-2026-22566</a></td>
<a href=3D"
https://community.ui.com/releases/Security-Advisory-Bulletin-063= /e468dd4b-5090-4ef8-89d8-939903c08e83" target=3D"_blank" rel=3D"noopener">h= ttps://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-50= 90-4ef8-89d8-939903c08e83</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Eaton--IPP software</td>
<td>Eaton Intelligent Power Protector (IPP) is affected by insecure library=
loading in its executable, which could lead to arbitrary code execution by=
an attacker with access to the software package.=C2=A0This security issue = has been fixed in the latest version of Eaton IPP software which is availab=
le on the Eaton download center.</td>
<td>2026-04-16</td>
<td>7.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22619" target=3D= "_blank" rel=3D"noopener">CVE-2026-22619</a></td>
<a href=3D"
https://www.eaton.com/content/dam/eaton/company/news-insights/cy= bersecurity/security-bulletins/etn-va-2025-1025.pdf" target=3D"_blank" rel= =3D"noopener">
https://www.eaton.com/content/dam/eaton/company/news-insights= /cybersecurity/security-bulletins/etn-va-2025-1025.pdf</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">easyappointments--Easy Appointments</td>
<td>The Easy Appointments plugin for WordPress is vulnerable to Sensitive I= nformation Exposure in all versions up to, and including, 3.12.21 via the `= /wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to=
the endpoint being registered with `'permission_callback' =3D> '__retur= n_true'`, which allows access without any authentication or authorization c= hecks. This makes it possible for unauthenticated attackers to extract sens= itive customer appointment data including full names, email addresses, phon=
e numbers, IP addresses, appointment descriptions, and pricing information.= </td>
<td>2026-04-17</td>
<td>7.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-2262" target=3D"= _blank" rel=3D"noopener">CVE-2026-2262</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/e681aa= 8e-522e-4092-aa1f-8ada3097c8d6?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/e681aa8e-522= e-4092-aa1f-8ada3097c8d6?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.= php#L190" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpress= .org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L190</a= ><br><a href=3D"
https://plugins.trac.wordpress.org/browser/easy-appointment= s/trunk/ea-blocks/ea-blocks.php#L190" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/browser/easy-appointments/trunk/ea-blocks/= ea-blocks.php#L190</a><br><a href=3D"
https://plugins.trac.wordpress.org/bro= wser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L141" target=3D= "_blank" rel=3D"noopener">
https://plugins.trac.wordpress.org/browser/easy-a= ppointments/tags/3.12.19/ea-blocks/ea-blocks.php#L141</a><br><a href=3D"htt= ps://plugins.trac.wordpress.org/changeset/3485692/easy-appointments/trunk/e= a-blocks/ea-blocks.php" target=3D"_blank" rel=3D"noopener">
https://plugins.= trac.wordpress.org/changeset/3485692/easy-appointments/trunk/ea-blocks/ea-b= locks.php</a><br><a href=3D"
https://plugins.trac.wordpress.org/changeset?ol= d_path=3D%2Feasy-appointments/tags/3.12.21&new_path=3D%2Feasy-appointments/= tags/3.12.22" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordp= ress.org/changeset?old_path=3D%2Feasy-appointments/tags/3.12.21&new_path=3D= %2Feasy-appointments/tags/3.12.22</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Barracuda Networks--RMM</td>
<td>Barracuda RMM versions prior to=C2=A02025.2.2 contain a privilege escal= ation vulnerability that allows local attackers to gain SYSTEM-level privil= eges by exploiting overly permissive filesystem ACLs on the C:\Windows\Auto= mation directory. Attackers can modify existing automation content or place=
attacker-controlled files in this directory, which are then executed under=
the NT AUTHORITY\SYSTEM account during routine automation cycles, typicall=
y succeeding within the next execution cycle.</td>
<td>2026-04-15</td>
<td>7.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22676" target=3D= "_blank" rel=3D"noopener">CVE-2026-22676</a></td>
<a href=3D"
https://download.mw-rmm.barracudamsp.com/PDF/2025.2.2/RN_BRMM_20= 25.2.2_EN.pdf" target=3D"_blank" rel=3D"noopener">
https://download.mw-rmm.b= arracudamsp.com/PDF/2025.2.2/RN_BRMM_2025.2.2_EN.pdf</a><br><a href=3D"http= s://www.vulncheck.com/advisories/barracuda-rmm-privilege-escalation-via-ins= ecure-directory-permissions" target=3D"_blank" rel=3D"noopener">
https://www= .vulncheck.com/advisories/barracuda-rmm-privilege-escalation-via-insecure-d= irectory-permissions</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiAnalyzer Cloud</td>
<td>A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cl= oud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a=
remote unauthenticated attacker to execute arbitrary code or commands via = specifically crafted requests. Successful exploitation would require a larg=
e amount of effort in preparation because of ASLR and network segmentation<=
<td>2026-04-14</td>
<td>7.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22828" target=3D= "_blank" rel=3D"noopener">CVE-2026-22828</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-121" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-121</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Eclipse Foundation--Eclipse Jetty</td>
<td>In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smugglin=
g when chunk extensions are used, similar to the "funky chunks" techniques = outlined here: *
https://w4ke.info/2025/06/18/funky-chunks.html *
https://w= 4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension pa= rsing at=C2=A0\r\n=C2=A0inside quoted strings instead of treating this as a=
n error. POST / HTTP/1.1 Host: localhost Transfer-Encoding: chunked 1;ext= =3D"val X 0 GET /smuggled HTTP/1.1 ... Note how the chunk extension does no=
t close the double quotes, and it is able to inject a smuggled request.</td=
<td>2026-04-14</td>
<td>7.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-2332" target=3D"= _blank" rel=3D"noopener">CVE-2026-2332</a></td>
<a href=3D"
https://github.com/jetty/jetty.project/security/advisories/GHSA-= 355h-qmc2-wpwf" target=3D"_blank" rel=3D"noopener">
https://github.com/jetty= /jetty.project/security/advisories/GHSA-355h-qmc2-wpwf</a><br><a href=3D"ht= tps://gitlab.eclipse.org/security/cve-assignment/-/issues/89" target=3D"_bl= ank" rel=3D"noopener">
https://gitlab.eclipse.org/security/cve-assignment/-/= issues/89</a><br>=C2=A0</td>
</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
<div id=3D"medium_v">
<h2 id=3D"medium_v_title">Medium Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Medium Vulnerabilities" align=3D"center">
<thead>
<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>
<td class=3D"vendor-product">WSO2--WSO2 API Manager</td>
<td>The authentication endpoint fails to adequately validate user-supplied = input before reflecting it back in the response. This allows an attacker to=
inject malicious script payloads into the input parameters, which are then=
executed by the victim's browser. Successful exploitation can enable an at= tacker to redirect the user's browser to a malicious website, modify the UI=
of the web page, or retrieve information from the browser. However, the im= pact is limited as session-related sensitive cookies are protected by the h= ttpOnly flag, preventing session hijacking.</td>
<td>2026-04-16</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-10242" target=3D= "_blank" rel=3D"noopener">CVE-2024-10242</a></td>
<a href=3D"
https://security.docs.wso2.com/en/latest/security-announcements/= security-advisories/2026/WSO2-2024-3741/" target=3D"_blank" rel=3D"noopener= ">
https://security.docs.wso2.com/en/latest/security-announcements/security-= advisories/2026/WSO2-2024-3741/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">WSO2--WSO2 Identity Server</td>
<td>Active access tokens are not revoked or invalidated when a user account=
is locked within WSO2 Identity Server. This failure to enforce revocation = allows previously issued, valid tokens to remain usable, enabling continued=
access to protected resources by locked user accounts. The security conseq= uence is that a locked user account can maintain access to protected resour= ces through the use of existing, unexpired access tokens. This creates a se= curity gap where access control policies are bypassed, potentially leading =
to unauthorized data access or actions until the tokens naturally expire.</=
<td>2026-04-16</td>
<td>6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-12624" target=3D= "_blank" rel=3D"noopener">CVE-2025-12624</a></td>
<a href=3D"
https://security.docs.wso2.com/en/latest/security-announcements/= security-advisories/2026/WSO2-2025-4684/" target=3D"_blank" rel=3D"noopener= ">
https://security.docs.wso2.com/en/latest/security-announcements/security-= advisories/2026/WSO2-2025-4684/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">flippercode--WP Maps Store Locator,Google Maps= ,OpenStreetMap,Mapbox,Listing,Directory & Filters</td>
<td>The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Di= rectory & Filters plugin for WordPress is vulnerable to Stored Cross-Si=
te Scripting via the 'put_wpgm' shortcode in all versions up to, and includ= ing, 4.8.7. This is due to insufficient input sanitization and output escap= ing on user-supplied shortcode attributes. This makes it possible for authe= nticated attackers, with contributor level access and above, to inject arbi= trary web scripts in pages that will execute whenever a user accesses an in= jected page.</td>
<td>2026-04-16</td>
<td>6.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-13364" target=3D= "_blank" rel=3D"noopener">CVE-2025-13364</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/91d6cf= 21-cb65-40cb-ad19-5a8e7179fd98?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/91d6cf21-cb6= 5-40cb-ad19-5a8e7179fd98?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/changeset?old_path=3Dwp-google-map-plugin/tags/4.8.7/wp-goo= gle-map-plugin.php&new_path=3Dwp-google-map-plugin/tags/4.8.8/wp-google-map= -plugin.php" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpr= ess.org/changeset?old_path=3Dwp-google-map-plugin/tags/4.8.7/wp-google-map-= plugin.php&new_path=3Dwp-google-map-plugin/tags/4.8.8/wp-google-map-plugin.= php</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">DesigningMedia--Eleganzo</td>
<td>The Eleganzo theme for WordPress is vulnerable to arbitrary directory d= eletion due to insufficient path validation in the akd_required_plugin_call= back function in all versions up to, and including, 1.2. This makes it poss= ible for authenticated attackers, with Subscriber-level access and above, t=
o delete arbitrary directories on the server, including the WordPress root = directory.</td>
<td>2026-04-14</td>
<td>6.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15470" target=3D= "_blank" rel=3D"noopener">CVE-2025-15470</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c5d78= 18-e548-4d8f-b847-396d528b58cd?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c5d7818-e54= 8-4d8f-b847-396d528b58cd?source=3Dcve</a><br><a href=3D"
https://testwp.loca= l/wp-content/themes/eleganzo/welcome.php#L96" target=3D"_blank" rel=3D"noop= ener">
https://testwp.local/wp-content/themes/eleganzo/welcome.php#L96</a><b= r>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Emarket-design--YouTube Showcase</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-sit=
e Scripting') vulnerability in Emarket-design YouTube Showcase allows Store=
d XSS.This issue affects YouTube Showcase: from n/a through 3.5.1.</td> <td>2026-04-15</td>
<td>6.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15636" target=3D= "_blank" rel=3D"noopener">CVE-2025-15636</a></td>
<a href=3D"
https://patchstack.com/database/wordpress/plugin/youtube-showcas= e/vulnerability/wordpress-youtube-showcase-plugin-3-5-1-cross-site-scriptin= g-xss-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https:/= /patchstack.com/database/wordpress/plugin/youtube-showcase/vulnerability/wo= rdpress-youtube-showcase-plugin-3-5-1-cross-site-scripting-xss-vulnerabilit= y?_s_id=3Dcve</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">HCLSoftware--Velocity</td>
<td>Rate Limiting for attempting a user login is not being properly enforce=
d, making HCL DevOps Velocity susceptible to brute-force attacks past the u= nsuccessful login attempt limit.=C2=A0 This vulnerability is fixed in 5.1.7= .</td>
<td>2026-04-13</td>
<td>6.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-31991" target=3D= "_blank" rel=3D"noopener">CVE-2025-31991</a></td>
<a href=3D"
https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0130138" target=3D"_blank" rel=3D"noopener">
https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0130138</a><br>=C2=A0</t=
</tr>
<td class=3D"vendor-product">ABB--AC800M (System 800xA)</td>
<td>A vulnerability exists in the command handling of the IEC 61850 communi= cation stack included in the product revisions listed as affected in this C= VE. An attacker with access to IEC 61850 networks could exploit the vulnera=
bility by using a specially crafted 61850 packet, forcing the communicatio=
n interfaces of the PM 877, CI850 and CI868 modules into fault mode or caus= ing unavailability of the S+ Operations 61850 connectivity, resulting in a = denial-of-service situation.=C2=A0 The System 800xA IEC61850 Connect is not=
affected. Note: This vulnerability does not impact on the overall availabi= lity and functionality of the S+ Operations node, only the 61850 communicat= ion function. =C2=A0 =C2=A0 This issue affects AC800M (System 800xA):=C2=A0= from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x=
through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.= 2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0= .005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations=
: 2.1, 2.2, 2.3, 3.3.</td>
<td>2026-04-13</td>
<td>6.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-3756" target=3D"= _blank" rel=3D"noopener">CVE-2025-3756</a></td>
<a href=3D"
https://search.abb.com/library/Download.aspx?DocumentID=3D7PAA02= 0125&LanguageCode=3Den&DocumentPartId=3D&Action=3DLaunch" target=3D"_blank"=
rel=3D"noopener">
https://search.abb.com/library/Download.aspx?DocumentID= =3D7PAA020125&LanguageCode=3Den&DocumentPartId=3D&Action=3DLaunch</a><br>= =C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--PowerScale OneFS</td>
<td>Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertio=
n of sensitive information into log file vulnerability. A low privileged at= tacker with local access could potentially exploit this vulnerability, lead= ing to the disclosure of certain user credentials. The attacker may be able=
to use the exposed credentials to access the vulnerable application with p= rivileges of the compromised account.</td>
<td>2026-04-16</td>
<td>6.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-43937" target=3D= "_blank" rel=3D"noopener">CVE-2025-43937</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-= security-update-for-dell-powerscale-onefs-multiple-vulnerabilities" target= =3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-us/00037= 6214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulner= abilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--PowerProtect Data Domain</td>
<td>Dell PowerProtect Data Domain with Data Domain Operating System (DD OS)=
of Feature Release versions 8.4 through 8.5 contain a session fixation vul= nerability. A high privileged attacker with remote access could potentially=
exploit this vulnerability, leading to unauthorized access.</td> <td>2026-04-17</td>
<td>6.2</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-46605" target=3D= "_blank" rel=3D"noopener">CVE-2025-46605</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-= security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"=
target=3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-u= s/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-= multiple-vulnerabilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--PowerProtect Data Domain</td>
<td>Dell PowerProtect Data Domain with Data Domain Operating System (DD OS)=
of Feature Release versions 8.4 through 8.5 contain an improper restrictio=
n of excessive authentication attempts vulnerability. A high privileged att= acker with remote access could potentially exploit this vulnerability, lead= ing to unauthorized access.</td>
<td>2026-04-17</td>
<td>6.2</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-46606" target=3D= "_blank" rel=3D"noopener">CVE-2025-46606</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-= security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"=
target=3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-u= s/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-= multiple-vulnerabilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--PowerProtect Data Domain</td>
<td>Dell PowerProtect Data Domain with Data Domain Operating System (DD OS)=
of Feature Release versions 8.4 through 8.5 contain an improper authentica= tion vulnerability. A high privileged attacker with remote access could pot= entially exploit this vulnerability, leading to unauthorized access.</td> <td>2026-04-17</td>
<td>6.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-46607" target=3D= "_blank" rel=3D"noopener">CVE-2025-46607</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-= security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"=
target=3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-u= s/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-= multiple-vulnerabilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--PowerProtect Data Domain</td>
<td>Dell PowerProtect Data Domain with Data Domain Operating System (DD OS)=
of Feature Release versions 8.4 through 8.5 contain an improper authentica= tion vulnerability. A high privileged attacker with remote access could pot= entially exploit this vulnerability, leading to unauthorized access.</td> <td>2026-04-17</td>
<td>6.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-46641" target=3D= "_blank" rel=3D"noopener">CVE-2025-46641</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-= security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"=
target=3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-u= s/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-= multiple-vulnerabilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiOS</td>
<td>A missing authentication for critical function vulnerability in Fortine=
t FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 t= hrough 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, Fort= iOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or co= mmands via specially crafted packets.</td>
<td>2026-04-14</td>
<td>6.2</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-53847" target=3D= "_blank" rel=3D"noopener">CVE-2025-53847</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-125" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-125</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">WSO2--WSO2 API Manager</td>
<td>The authentication endpoint fails to encode user-supplied input before = rendering it in the web page, allowing for script injection. An attacker ca=
n leverage this by injecting malicious scripts into the authentication endp= oint. This can result in the user's browser being redirected to a malicious=
website, manipulation of the web page's user interface, or the retrieval o=
f information from the browser. However, session hijacking is not possible = due to the httpOnly flag protecting session-related cookies.</td> <td>2026-04-16</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-6024" target=3D"= _blank" rel=3D"noopener">CVE-2025-6024</a></td>
<a href=3D"
https://security.docs.wso2.com/en/latest/security-announcements/= security-advisories/2026/WSO2-2025-4251/" target=3D"_blank" rel=3D"noopener= ">
https://security.docs.wso2.com/en/latest/security-announcements/security-= advisories/2026/WSO2-2025-4251/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiManager</td>
<td>An improper neutralization of special elements used in an sql command (= 'sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.=
4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, Forti= Analyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAn= alyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, For= tiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiM= anager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0=
all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7= .4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud=
7.0 all versions may allow a privileged authenticated attacker to execute = unauthorized code or commands via JSON RPC API</td>
<td>2026-04-14</td>
<td>6.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-61848" target=3D= "_blank" rel=3D"noopener">CVE-2025-61848</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-111" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-111</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">leaflet[.]com--Leaflet 1.9.4</td>
<td>Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site=
Scripting (XSS) via the bindPopup() method. This method renders user-suppl= ied input as raw HTML without sanitization, allowing attackers to inject ar= bitrary JavaScript code through event handler attributes (e.g., <img src= =3Dx onerror=3D"alert('XSS')">). When a victim views an affected map pop= up, the malicious script executes in the context of the victim's browser se= ssion.</td>
<td>2026-04-14</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-69993" target=3D= "_blank" rel=3D"noopener">CVE-2025-69993</a></td>
<a href=3D"
http://leaflet.com" target=3D"_blank" rel=3D"noopener">
http://le= aflet.com</a><br><a href=3D"
https://github.com/PierfrancescoConti/leaflet-c= ve-2025-69993/blob/main/ADVISORY.md" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/PierfrancescoConti/leaflet-cve-2025-69993/blob/main/ADVISOR= Y.md</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Microsoft--Windows 10 Version 1607</td> <td>Reliance on untrusted inputs in a security decision in Windows Boot Loa= der allows an authorized attacker to bypass a security feature locally.</td=
<td>2026-04-14</td>
<td>6.7</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0390" target=3D"= _blank" rel=3D"noopener">CVE-2026-0390</a></td>
<a href=3D"
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0= 390" target=3D"_blank" rel=3D"noopener">UEFI Secure Boot Security Feature B= ypass Vulnerability</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">SAP_SE--SAP Supplier Relationship Management (= SICF Handler in SRM Catalog)</td>
<td>Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier R= elationship Management (SICF Handler in SRM Catalog), an unauthenticated at= tacker could craft a malicious URL, that if accessed by a victim, results i=
n execution of malicious content within the victim's browser. This could al= low the attacker to access and modify information, impacting the confidenti= ality and integrity of the application, while availability remains unaffect= ed.</td>
<td>2026-04-14</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0512" target=3D"= _blank" rel=3D"noopener">CVE-2026-0512</a></td>
<a href=3D"
https://me.sap.com/notes/3645228" target=3D"_blank" rel=3D"noope= ner">
https://me.sap.com/notes/3645228</a><br><a href=3D"
https://url.sap/sap= securitypatchday" target=3D"_blank" rel=3D"noopener">
https://url.sap/sapsec= uritypatchday</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">turn2honey--EMC Easily Embed Calendly Scheduli= ng</td>
<td>The EMC - Easily Embed Calendly Scheduling Features plugin for WordPres=
s is vulnerable to Stored Cross-Site Scripting via the plugin's calendly sh= ortcode in all versions up to, and including, 4.4 due to insufficient input=
sanitization and output escaping on user supplied attributes. This makes i=
t possible for authenticated attackers, with contributor-level access and a= bove, to inject arbitrary web scripts in pages that will execute whenever a=
user accesses an injected page.</td>
<td>2026-04-19</td>
<td>6.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0868" target=3D"= _blank" rel=3D"noopener">CVE-2026-0868</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/d5653e= be-7145-4b1c-94f8-ca87ed0dc4f5?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/d5653ebe-714= 5-4b1c-94f8-ca87ed0dc4f5?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/changeset/3466576/embed-calendly-scheduling" target=3D"_bla= nk" rel=3D"noopener">
https://plugins.trac.wordpress.org/changeset/3466576/e= mbed-calendly-scheduling</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">vanderwijk--Content Blocks (Custom Post Widget= )</td>
<td>The Content Blocks (Custom Post Widget) plugin for WordPress is vulnera= ble to Stored Cross-Site Scripting via the plugin's content_block shortcode=
in all versions up to, and including, 3.3.9 due to insufficient input sani= tization and output escaping on user supplied values consumed from user-cre= ated content blocks. This makes it possible for authenticated attackers, wi=
th contributor-level access and above, to inject arbitrary web scripts in p= ages that will execute whenever a user accesses an injected page.</td> <td>2026-04-18</td>
<td>6.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0894" target=3D"= _blank" rel=3D"noopener">CVE-2026-0894</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/246dee= 15-82e0-4630-8d95-d2419e9eaef8?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/246dee15-82e= 0-4630-8d95-d2419e9eaef8?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/changeset/3447914/custom-post-widget" target=3D"_blank" rel= =3D"noopener">
https://plugins.trac.wordpress.org/changeset/3447914/custom-p= ost-widget</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">youzify--Youzify BuddyPress Community, User Pr= ofile, Social Network & Membership Plugin for WordPress</td>
<td>The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scr= ipting via the 'checkin_place_id' parameter in all versions up to, and incl= uding, 1.3.6 due to insufficient input sanitization and output escaping. Th=
is makes it possible for authenticated attackers, with Subscriber-level acc= ess and above, to inject arbitrary web scripts in pages that will execute w= henever a user accesses an injected page.</td>
<td>2026-04-18</td>
<td>6.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1559" target=3D"= _blank" rel=3D"noopener">CVE-2026-1559</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd697= 11-8303-4086-87c3-eb2935a89aff?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd69711-830= 3-4086-87c3-eb2935a89aff?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/browser/youzify/trunk/includes/public/core/wall/class-youzi= fy-form.php#L506" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.w= ordpress.org/browser/youzify/trunk/includes/public/core/wall/class-youzify-= form.php#L506</a><br><a href=3D"
https://plugins.trac.wordpress.org/browser/= youzify/tags/1.3.6/includes/public/core/wall/class-youzify-form.php#L506" t= arget=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpress.org/browse= r/youzify/tags/1.3.6/includes/public/core/wall/class-youzify-form.php#L506<= /a><br><a href=3D"
https://plugins.trac.wordpress.org/browser/youzify/trunk/= includes/public/core/class-youzify-wall.php#L109" target=3D"_blank" rel=3D"= noopener">
https://plugins.trac.wordpress.org/browser/youzify/trunk/includes= /public/core/class-youzify-wall.php#L109</a><br><a href=3D"
https://plugins.= trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/class-yo= uzify-wall.php#L109" target=3D"_blank" rel=3D"noopener">
https://plugins.tra= c.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/class-youzi= fy-wall.php#L109</a><br><a href=3D"
https://plugins.trac.wordpress.org/chang= eset/3483281/youzify/trunk/includes/public/core/wall/class-youzify-form.php=
" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpress.org/cha= ngeset/3483281/youzify/trunk/includes/public/core/wall/class-youzify-form.p= hp</a><br><a href=3D"
https://plugins.trac.wordpress.org/changeset?old_path= =3D%2Fyouzify/tags/1.3.6&new_path=3D%2Fyouzify/tags/1.3.7" target=3D"_blank=
" rel=3D"noopener">
https://plugins.trac.wordpress.org/changeset?old_path=3D= %2Fyouzify/tags/1.3.6&new_path=3D%2Fyouzify/tags/1.3.7</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">livemesh--Livemesh Addons by Elementor</td> <td>The Livemesh Addons for Elementor plugin for WordPress is vulnerable to=
unauthorized modification of data and Stored Cross-Site Scripting via plug=
in settings in all versions up to, and including, 9.0. This is due to missi=
ng authorization checks on the AJAX handler `lae_admin_ajax()` and insuffic= ient output escaping on multiple checkbox settings fields. This makes it po= ssible for authenticated attackers, with Subscriber-level access and above,=
to inject arbitrary web scripts in the plugin settings page that will exec= ute whenever an administrator accesses the plugin settings page granted the=
y can obtain a valid nonce, which can be leaked via the plugin's improper a= ccess control on settings pages.</td>
<td>2026-04-16</td>
<td>6.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1572" target=3D"= _blank" rel=3D"noopener">CVE-2026-1572</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9bf= 5a-19ac-4e99-b32d-1ab681356a1b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9bf5a-19a= c-4e99-b32d-1ab681356a1b?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#= L28" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpress.org/= browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#L28</a><br><a hr= ef=3D"
https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/= 9.0/admin/admin-ajax.php#L64" target=3D"_blank" rel=3D"noopener">
https://pl= ugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-= ajax.php#L64</a><br><a href=3D"
https://plugins.trac.wordpress.org/browser/a= ddons-for-elementor/trunk/admin/admin-ajax.php#L64" target=3D"_blank" rel= =3D"noopener">
https://plugins.trac.wordpress.org/browser/addons-for-element= or/trunk/admin/admin-ajax.php#L64</a><br><a href=3D"
https://plugins.trac.wo= rdpress.org/browser/addons-for-elementor/trunk/admin/admin-ajax.php#L28" ta= rget=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpress.org/browser= /addons-for-elementor/trunk/admin/admin-ajax.php#L28</a><br><a href=3D"http= s://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/plugin.ph= p#L207" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpress.o= rg/browser/addons-for-elementor/trunk/plugin.php#L207</a><br><a href=3D"htt= ps://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/plugi= n.php#L207" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpre= ss.org/browser/addons-for-elementor/tags/9.0/plugin.php#L207</a><br><a href= =3D"
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/a= dmin/views/settings.php#L707" target=3D"_blank" rel=3D"noopener">
https://pl= ugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/views/set= tings.php#L707</a><br><a href=3D"
https://plugins.trac.wordpress.org/browser= /addons-for-elementor/tags/9.0/admin/views/settings.php#L707" target=3D"_bl= ank" rel=3D"noopener">
https://plugins.trac.wordpress.org/browser/addons-for= -elementor/tags/9.0/admin/views/settings.php#L707</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">surbma--Surbma | Booking.com Shortcode</td> <td>The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable t=
o Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcod=
e in all versions up to, and including, 2.1 due to insufficient input sanit= ization and output escaping on user supplied attributes. This makes it poss= ible for authenticated attackers, with contributor-level access and above, =
to inject arbitrary web scripts in pages that will execute whenever a user = accesses an injected page.</td>
<td>2026-04-14</td>
<td>6.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1607" target=3D"= _blank" rel=3D"noopener">CVE-2026-1607</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/01280a= fb-4745-4f36-823e-ed794bb3353a?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/01280afb-474= 5-4f36-823e-ed794bb3353a?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/browser/surbma-bookingcom-shortcode/tags/2.0/surbma-booking= com-shortcode.php#L34" target=3D"_blank" rel=3D"noopener">
https://plugins.t= rac.wordpress.org/browser/surbma-bookingcom-shortcode/tags/2.0/surbma-booki= ngcom-shortcode.php#L34</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Lenovo--Service Bridge</td>
<td>A potential DLL hijacking vulnerability was reported in Lenovo Service = Bridge that, under certain conditions, could allow a local authenticated us=
er to execute code with elevated privileges.</td>
<td>2026-04-15</td>
<td>6.7</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1636" target=3D"= _blank" rel=3D"noopener">CVE-2026-1636</a></td>
<a href=3D"
https://support.lenovo.com/us/en/product_security/LEN-211071" ta= rget=3D"_blank" rel=3D"noopener">
https://support.lenovo.com/us/en/product_s= ecurity/LEN-211071</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">prasunsen--Hostel</td>
<td>The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site S= cripting via the 'shortcode_id' parameter in all versions up to, and includ= ing, 1.1.6 due to insufficient input sanitization and output escaping. This=
makes it possible for unauthenticated attackers to inject arbitrary web sc= ripts in pages that execute if they can successfully trick a user into perf= orming an action such as clicking on a link.</td>
<td>2026-04-18</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1838" target=3D"= _blank" rel=3D"noopener">CVE-2026-1838</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9da4= 91-771a-4100-b41a-7411981dd34b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9da491-771= a-4100-b41a-7411981dd34b?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/browser/hostel/trunk/hostel.php#L44" target=3D"_blank" rel= =3D"noopener">
https://plugins.trac.wordpress.org/browser/hostel/trunk/hoste= l.php#L44</a><br><a href=3D"
https://plugins.trac.wordpress.org/browser/host= el/tags/1.1.6/hostel.php#L44" target=3D"_blank" rel=3D"noopener">
https://pl= ugins.trac.wordpress.org/browser/hostel/tags/1.1.6/hostel.php#L44</a><br><a=
href=3D"
https://plugins.trac.wordpress.org/browser/hostel/trunk/controller= s/ajax.php#L28" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wor= dpress.org/browser/hostel/trunk/controllers/ajax.php#L28</a><br><a href=3D"=
https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/aj= ax.php#L28" target=3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpre= ss.org/browser/hostel/tags/1.1.6/controllers/ajax.php#L28</a><br><a href=3D= "
https://plugins.trac.wordpress.org/browser/hostel/trunk/views/partial/room= s-table.html.php#L29" target=3D"_blank" rel=3D"noopener">
https://plugins.tr= ac.wordpress.org/browser/hostel/trunk/views/partial/rooms-table.html.php#L2= 9</a><br><a href=3D"
https://plugins.trac.wordpress.org/browser/hostel/tags/= 1.1.6/views/partial/rooms-table.html.php#L29" target=3D"_blank" rel=3D"noop= ener">
https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/views/pa= rtial/rooms-table.html.php#L29</a><br><a href=3D"
https://plugins.trac.wordp= ress.org/changeset/3478265/hostel/trunk/hostel.php" target=3D"_blank" rel= =3D"noopener">
https://plugins.trac.wordpress.org/changeset/3478265/hostel/t= runk/hostel.php</a><br><a href=3D"
https://plugins.trac.wordpress.org/change= set?old_path=3D%2Fhostel/tags/1.1.6&new_path=3D%2Fhostel/tags/1.1.7" target= =3D"_blank" rel=3D"noopener">
https://plugins.trac.wordpress.org/changeset?o= ld_path=3D%2Fhostel/tags/1.1.6&new_path=3D%2Fhostel/tags/1.1.7</a><br>=C2= =A0</td>
</tr>
<td class=3D"vendor-product">woobeewoo--Product Pricing Table by WooBeWoo</=
<td>The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerabl=
e to Cross-Site Request Forgery in all versions up to, and including, 1.1.0=
. This is due to missing or incorrect nonce validation on the updateLabel()=
and remove() functions. This makes it possible for unauthenticated attacke=
rs to inject arbitrary web scripts in pages or delete pricing tables via a = forged request granted they can trick a site administrator into performing =
an action such as clicking on a link.</td>
<td>2026-04-15</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1852" target=3D"= _blank" rel=3D"noopener">CVE-2026-1852</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/a3b459= e0-4bd9-443e-96e4-91663a35c26e?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/a3b459e0-4bd= 9-443e-96e4-91663a35c26e?source=3Dcve</a><br><a href=3D"
https://github.com/= wpcodefactory/woo-product-pricing-tables/releases/tag/v1.1.1" target=3D"_bl= ank" rel=3D"noopener">
https://github.com/wpcodefactory/woo-product-pricing-= tables/releases/tag/v1.1.1</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Unity Connection</td>
<td>A vulnerability in the web-based management interface of Cisco Unity Co= nnection could allow an unauthenticated, remote attacker to conduct a refle= cted XSS attack against a user of the interface. This vulnerability exists = because the web-based management interface does not properly validate user-= supplied input. An attacker could exploit this vulnerability by persuading =
a user to click a crafted link. A successful exploit could allow the attack=
er to execute arbitrary script code in the context of the affected interfac=
e or access sensitive, browser-based information.</td>
<td>2026-04-15</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20059" target=3D= "_blank" rel=3D"noopener">CVE-2026-20059</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-unity-vulns-n2EJSbbw" target=3D"_blank" rel=3D"noope= ner">cisco-sa-unity-vulns-n2EJSbbw</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Unity Connection</td>
<td>Multiple vulnerabilities in Cisco Unity Connection could allow an authe= nticated, remote attacker&nbsp;to download arbitrary files from an affe= cted system. To exploit these vulnerabilities, the attacker must have valid=
administrative credentials.&nbsp; These vulnerabilities are due to imp= roper sanitization of user input to the web-based management interface. An = attacker could exploit these vulnerabilities by sending a crafted HTTPS req= uest. A successful exploit could allow the attacker to download arbitrary f= iles from an affected system.</td>
<td>2026-04-15</td>
<td>6.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20078" target=3D= "_blank" rel=3D"noopener">CVE-2026-20078</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-unity-file-download-RmKEVWPx" target=3D"_blank" rel= =3D"noopener">cisco-sa-unity-file-download-RmKEVWPx</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Unity Connection</td>
<td>Multiple vulnerabilities in Cisco Unity Connection could allow an authe= nticated, remote attacker&nbsp;to download arbitrary files from an affe= cted system. To exploit these vulnerabilities, the attacker must have valid=
administrative credentials.&nbsp; These vulnerabilities are due to imp= roper sanitization of user input to the web-based management interface. An = attacker could exploit these vulnerabilities by sending a crafted HTTPS req= uest. A successful exploit could allow the attacker to download arbitrary f= iles from an affected system.</td>
<td>2026-04-15</td>
<td>6.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20081" target=3D= "_blank" rel=3D"noopener">CVE-2026-20081</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-unity-file-download-RmKEVWPx" target=3D"_blank" rel= =3D"noopener">cisco-sa-unity-file-download-RmKEVWPx</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Identity Services Engine Software= </td>
<td>A vulnerability in the&nbsp;CLI of Cisco Identity Services Engine (= ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an auth= enticated, local attacker with administrative privileges to perform a comma=
nd injection attack on the underlying operating system and elevate privileg=
es to root. This vulnerability is due to insufficient validation of user su= pplied input. An attacker could exploit this vulnerability by providing cra= fted input to a specific CLI command. A successful exploit could allow the = attacker to elevate their privileges to root on the underlying operating sy= stem.</td>
<td>2026-04-15</td>
<td>6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20136" target=3D= "_blank" rel=3D"noopener">CVE-2026-20136</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB" target=3D"_blank" rel=3D"noope= ner">cisco-sa-ise-cmd-inj-5WSJcYJB</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Webex Contact Center</td>
<td>A vulnerability in the Desktop Agent functionality of Cisco Webex Conta=
ct Center could have allowed an unauthenticated, remote attacker to conduct=
cross-site scripting attacks. Cisco has addressed this vulnerability in th=
e Cisco Webex Contact Center service, and no customer action is needed. Thi=
s vulnerability existed because HTML and script content was not properly ha= ndled. Prior to this vulnerability being addressed, an attacker could have = exploited this vulnerability by persuading a user to follow a malicious lin=
k. A successful exploit could have allowed the attacker to steal sensitive = information from the browser, including authentication and session informat= ion.</td>
<td>2026-04-15</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20170" target=3D= "_blank" rel=3D"noopener">CVE-2026-20170</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA" target=3D"_blank" rel=3D"noope= ner">cisco-sa-webexcc-xss-WEX5nUnA</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Splunk--Splunk Enterprise</td>
<td>In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11,=
and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.25= 10.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a rol=
e that contains the high-privilege capability `edit_user`could create a spe= cially crafted username that includes a null byte or a non-UTF-8 percent-en= coded byte due to improper input validation.<br><br>This could = lead to inconsistent conversion of usernames into a proper format for stora=
ge and account management inconsistencies, such as being unable to edit or = delete affected users.</td>
<td>2026-04-15</td>
<td>6.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20202" target=3D= "_blank" rel=3D"noopener">CVE-2026-20202</a></td>
<a href=3D"
https://advisory.splunk.com/advisories/SVD-2026-0401" target=3D"= _blank" rel=3D"noopener">
https://advisory.splunk.com/advisories/SVD-2026-04= 01</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper input validation in Retail Mode prior to SMR Apr-2026 Release =
1 allows local attackers to trigger privileged functions.</td> <td>2026-04-13</td>
<td>6.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21010" target=3D= "_blank" rel=3D"noopener">CVE-2026-21010</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Adobe--Adobe Connect</td>
<td>Adobe Connect versions 2025.3, 12.10 and earlier are affected by a refl= ected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to c= onvince a victim to visit a URL referencing a vulnerable page, malicious Ja= vaScript content may be executed within the context of the victim's browser=
. Scope is changed.</td>
<td>2026-04-14</td>
<td>6.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21331" target=3D= "_blank" rel=3D"noopener">CVE-2026-21331</a></td>
<a href=3D"
https://helpx.adobe.com/security/products/connect/apsb26-37.html=
" target=3D"_blank" rel=3D"noopener">
https://helpx.adobe.com/security/produ= cts/connect/apsb26-37.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSOAR on-premise</td>
<td>A cleartext transmission of sensitive information vulnerability in Fort= inet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2=
, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSO=
AR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1=
, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versi= ons may allow attacker to information disclosure via <insert attack vect=
or here></td>
<td>2026-04-14</td>
<td>6.2</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22155" target=3D= "_blank" rel=3D"noopener">CVE-2026-22155</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-106" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-106</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSOAR on-premise</td>
<td>An improper limitation of a pathname to a restricted directory ('path t= raversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, Fo= rtiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR P= aaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR o= n-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOA=
R on-premise 7.3 all versions may allow an authenticated remote attacker to=
perform path traversal attack via File Content Extraction actions.</td> <td>2026-04-14</td>
<td>6.2</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22573" target=3D= "_blank" rel=3D"noopener">CVE-2026-22573</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-116" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-116</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Eaton--IPP Software</td>
<td>Due to improper input validation in one of the Eaton Intelligent Power = Protector (IPP) XML, it is possible for an attacker with admin privileges a=
nd access to the local system to inject malicious code resulting in arbitra=
ry command execution.=C2=A0This security issue has been fixed in the latest=
version of Eaton IPP software which is available on the Eaton download cen= tre.</td>
<td>2026-04-16</td>
<td>6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22615" target=3D= "_blank" rel=3D"noopener">CVE-2026-22615</a></td>
<a href=3D"
https://www.eaton.com/content/dam/eaton/company/news-insights/cy= bersecurity/security-bulletins/etn-va-2025-1025.pdf" target=3D"_blank" rel= =3D"noopener">
https://www.eaton.com/content/dam/eaton/company/news-insights= /cybersecurity/security-bulletins/etn-va-2025-1025.pdf</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Eaton--IPP Software</td> <td>Eaton=C2=A0Intelligent Power Protector (IPP)=C2=A0software=C2=A0allows = repeated authentication attempts against the web interface login page due t=
o insufficient rate=E2=80=91limiting controls.=C2=A0This security issue has=
been fixed in the latest version of Eaton IPP which is available on the Ea= ton download centre.</td>
<td>2026-04-16</td>
<td>6.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22616" target=3D= "_blank" rel=3D"noopener">CVE-2026-22616</a></td>
<a href=3D"
https://www.eaton.com/content/dam/eaton/company/news-insights/cy= bersecurity/security-bulletins/etn-va-2025-1025.pdf" target=3D"_blank" rel= =3D"noopener">
https://www.eaton.com/content/dam/eaton/company/news-insights= /cybersecurity/security-bulletins/etn-va-2025-1025.pdf</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiVoice</td>
<td>An exposure of sensitive information to an unauthorized actor vulnerabi= lity in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2=
all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiV= oice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at = least read-only permission on system maintenance to access backup informati=
on via crafted HTTP requests</td>
<td>2026-04-14</td>
<td>5.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-23104" target=3D= "_blank" rel=3D"noopener">CVE-2024-23104</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-124" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-124</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">WSO2--WSO2 API Manager</td>
<td>The WSO2 API Manager developer portal accepts user-supplied input witho=
ut enforcing expected validation constraints or proper output encoding. Thi=
s deficiency allows a malicious actor to inject script content that is exec= uted within the context of a user's browser. By leveraging this cross-site = scripting vulnerability, a malicious actor can cause the browser to redirec=
t to a malicious website, make changes to the UI of the web page, or retrie=
ve information from the browser. However, session hijacking is not possible=
as all session-related sensitive cookies are protected by the httpOnly fla= g.</td>
<td>2026-04-16</td>
<td>5.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-4867" target=3D"= _blank" rel=3D"noopener">CVE-2024-4867</a></td>
<a href=3D"
https://security.docs.wso2.com/en/latest/security-announcements/= security-advisories/2026/WSO2-2024-3391/" target=3D"_blank" rel=3D"noopener= ">
https://security.docs.wso2.com/en/latest/security-announcements/security-= advisories/2026/WSO2-2024-3391/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">cartasi--Nexi XPay</td>
<td>The Nexi XPay plugin for WordPress is vulnerable to unauthorized modifi= cation of data due to missing authorization checks on the redirect function=
in all versions up to, and including, 8.3.0. This makes it possible for un= authenticated attackers to mark pending WooCommerce orders as paid/complete= d.</td>
<td>2026-04-14</td>
<td>5.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15565" target=3D= "_blank" rel=3D"noopener">CVE-2025-15565</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/f42015= 1b-c783-49b1-b0e9-e936a904278a?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/f420151b-c78= 3-49b1-b0e9-e936a904278a?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/browser/cartasi-x-pay/tags/8.2.0/src/classes/Nexi/WC_Gatewa= y_XPay_Process_Completion.php#L268" target=3D"_blank" rel=3D"noopener">http= s://plugins.trac.wordpress.org/browser/cartasi-x-pay/tags/8.2.0/src/classes= /Nexi/WC_Gateway_XPay_Process_Completion.php#L268</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--Dell Pro 14 Essential PV14250</td>
<td>Dell Client Platform BIOS contains a Weak Password Recovery Mechanism v= ulnerability. An unauthenticated attacker with physical access to the syste=
m could potentially exploit this vulnerability, leading to unauthorized acc= ess.</td>
<td>2026-04-16</td>
<td>5.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-36579" target=3D= "_blank" rel=3D"noopener">CVE-2025-36579</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153"=
target=3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-u= s/000300450/dsa-2025-153</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiOS</td>
<td>An Improper Limitation of a Pathname to a Restricted Directory ('Path T= raversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, = FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all vers= ions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, = FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all vers= ions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 al=
l versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11=
, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchMana= ger 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow a=
n authenticated attacker with admin profile and at least read-write permiss= ions to write or delete arbitrary files via specific CLI commands.</td> <td>2026-04-14</td>
<td>5.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-61624" target=3D= "_blank" rel=3D"noopener">CVE-2025-61624</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-122" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-122</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiManager Cloud</td>
<td>An improper limitation of a pathname to a restricted directory ('path t= raversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, For= tiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyz=
er 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer=
Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnal= yzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager=
7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all v= ersions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 t= hrough 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 a=
ll versions may allow a privileged attacker to delete files from the underl= ying filesystem via crafted CLI requests.</td>
<td>2026-04-14</td>
<td>5.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-68649" target=3D= "_blank" rel=3D"noopener">CVE-2025-68649</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-120" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-120</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">wpxpo--Post Grid Gutenberg Blocks for News, Ma= gazines, Blog Websites PostX</td>
<td>The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - Pos=
tX plugin for WordPress is vulnerable to unauthorized modification of data = due to a missing capability check on the ultp_shareCount_callback() functio=
n in all versions up to, and including, 5.0.5. This makes it possible for u= nauthenticated attackers to modify the share_count post meta for any post, = including private or draft posts.</td>
<td>2026-04-16</td>
<td>5.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0718" target=3D"= _blank" rel=3D"noopener">CVE-2026-0718</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b2cf= 3b-5d35-4ce6-9453-1538a6f7752f?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b2cf3b-5d3= 5-4ce6-9453-1538a6f7752f?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/changeset?old_path=3D/ultimate-post/tags/5.0.5/classes/Bloc= ks.php&new_path=3D/ultimate-post/tags/5.0.6/classes/Blocks.php" target=3D"_= blank" rel=3D"noopener">
https://plugins.trac.wordpress.org/changeset?old_pa= th=3D/ultimate-post/tags/5.0.5/classes/Blocks.php&new_path=3D/ultimate-post= /tags/5.0.6/classes/Blocks.php</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">iberezansky--3D FlipBook PDF Embedder, PDF Fli= pbook Viewer, Flipbook Image Gallery</td>
<td>The 3D FlipBook - PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gal= lery plugin for WordPress is vulnerable to unauthorized access of data due =
to a missing capability check on the send_post_pages_json() function in all=
versions up to, and including, 1.16.17. This makes it possible for unauthe= nticated attackers to retrieve flipbook page metadata for draft, private an=
d password-protected flipbooks.</td>
<td>2026-04-14</td>
<td>5.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1314" target=3D"= _blank" rel=3D"noopener">CVE-2026-1314</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e417= 53-2dbf-4afa-b61e-e617be2c4dc2?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e41753-2db= f-4afa-b61e-e617be2c4dc2?source=3Dcve</a><br><a href=3D"
https://plugins.tra= c.wordpress.org/changeset/3467608/" target=3D"_blank" rel=3D"noopener">http= s://plugins.trac.wordpress.org/changeset/3467608/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">themefusion--Avada (Fusion) Builder</td>
<td>The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitr= ary WordPress Action Execution in all versions up to, and including, 3.15.1=
. This is due to the plugin's `output_action_hook()` function accepting use= r-controlled input to trigger any registered WordPress action hook without = proper authorization checks. This makes it possible for authenticated attac= kers, with Subscriber-level access and above, to execute arbitrary WordPres=
s action hooks via the Dynamic Data feature, potentially leading to privile=
ge escalation, file inclusion, denial of service, or other security impacts=
depending on which action hooks are available in the WordPress installatio= n.</td>
<td>2026-04-15</td>
<td>5.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1509" target=3D"= _blank" rel=3D"noopener">CVE-2026-1509</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc57b= 06-bae9-49a3-84dd-f593705330e9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc57b06-bae= 9-49a3-84dd-f593705330e9?source=3Dcve</a><br><a href=3D"
https://themeforest= .net/item/avada-responsive-multipurpose-theme/2833226" target=3D"_blank" re= l=3D"noopener">
https://themeforest.net/item/avada-responsive-multipurpose-t= heme/2833226</a><br><a href=3D"
https://avada.com/documentation/avada-change= log/" target=3D"_blank" rel=3D"noopener">
https://avada.com/documentation/av= ada-changelog/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Wpmet--MetForm Pro</td>
<td>The MetForm Pro plugin for WordPress is vulnerable to Improper Input Va= lidation in all versions up to, and including, 3.9.7 This is due to the pay= ment integrations (Stripe/PayPal) trusting a user-submitted calculation fie=
ld value without recomputing or validating it against the configured form p= rice. This makes it possible for unauthenticated attackers to manipulate th=
e payment amount via the 'mf-calculation' field in the form submission REST=
request granted there exists a specific form with this particular configur= ation.</td>
<td>2026-04-15</td>
<td>5.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1782" target=3D"= _blank" rel=3D"noopener">CVE-2026-1782</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/a49dd6= 4b-6ae8-49ed-9e8a-e5b73c2acf4b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/a49dd64b-6ae= 8-49ed-9e8a-e5b73c2acf4b?source=3Dcve</a><br><a href=3D"
https://wpmet.com/p= lugin/metform/" target=3D"_blank" rel=3D"noopener">
https://wpmet.com/plugin= /metform/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Secure Web Appliance</td>
<td>A vulnerability in the authentication service feature of Cisco AsyncOS = Software for Cisco Secure Web Appliance could allow an unauthenticated, rem= ote attacker to bypass authentication policy requirements. This vulnerabili=
ty is due to improper validation of user-supplied authentication input in H= TTP requests. An attacker could exploit this vulnerability by sending HTTP = requests that contain specific authentication requests to an affected devic=
e. A successful exploit could allow the attacker to bypass policy enforceme=
nt on the device. There is no direct impact to the Cisco Secure Web Applian= ce. However, as a result of exploiting this vulnerability, an attacker coul=
d send HTTP requests that should be restricted through the device.</td> <td>2026-04-15</td>
<td>5.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20152" target=3D= "_blank" rel=3D"noopener">CVE-2026-20152</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd" target=3D"_blank" rel=3D"n= oopener">cisco-sa-wsa-auth-bypass-6YZkTQhd</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco ThousandEyes Enterprise Agent</td=
<td>A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could=
allow an authenticated, local attacker with low privileges to overwrite ar= bitrary files on the local system of an affected device. This vulnerability=
is due to improper access controls on files that are on the local file sys= tem&nbsp;of an affected device. An attacker could exploit this vulnerab= ility by placing a symbolic link in a specific location on the local file s= ystem. A successful exploit could allow the attacker to bypass file system = permissions and overwrite arbitrary files on the affected device.</td> <td>2026-04-15</td>
<td>5.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20161" target=3D= "_blank" rel=3D"noopener">CVE-2026-20161</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU" target=3D"_blank" rel=3D= "noopener">cisco-sa-te-agentfilewrite-tqUw3SMU</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Microsoft--Windows 10 Version 1809</td>
<td>Access of resource using incompatible type ('type confusion') in Window=
s COM allows an authorized attacker to disclose information locally.</td> <td>2026-04-14</td>
<td>5.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20806" target=3D= "_blank" rel=3D"noopener">CVE-2026-20806</a></td>
<a href=3D"
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 0806" target=3D"_blank" rel=3D"noopener">Windows COM Server Information Dis= closure Vulnerability</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Grafana--Loki</td>
<td>The CVE-2021-36156 fix validates the namespace parameter for path trave= rsal sequences after a single URL decode, by double encoding, an attacker c=
an read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Than=
ks to Prasanth Sundararajan for reporting this vulnerability.</td> <td>2026-04-15</td>
<td>5.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21726" target=3D= "_blank" rel=3D"noopener">CVE-2026-21726</a></td>
<a href=3D"
https://grafana.com/security/security-advisories/cve-2026-21726"=
target=3D"_blank" rel=3D"noopener">
https://grafana.com/security/security-a= dvisories/cve-2026-21726</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSOAR PaaS</td>
<td>A cleartext transmission of sensitive information vulnerability in Fort= inet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2=
, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSO=
AR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1=
, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versi= ons may allow an authenticated attacker to view cleartext password in respo= nse for Secure Message Exchange and Radius queries, if configured</td> <td>2026-04-14</td>
<td>5.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21742" target=3D= "_blank" rel=3D"noopener">CVE-2026-21742</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-106" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-106</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Eaton--IPP Software</td>
<td>Eaton Intelligent Power Protector (IPP) uses an insecure cookie configu= ration, which could allow a network=E2=80=91based attacker to intercept the=
cookie and exploit it through a man=E2=80=91in=E2=80=91the=E2=80=91middle = attack.=C2=A0This security issue has been fixed in the latest version of Ea= ton IPP software which is available on the Eaton download centre.</td> <td>2026-04-16</td>
<td>5.7</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22617" target=3D= "_blank" rel=3D"noopener">CVE-2026-22617</a></td>
<a href=3D"
https://www.eaton.com/content/dam/eaton/company/news-insights/cy= bersecurity/security-bulletins/etn-va-2025-1025.pdf" target=3D"_blank" rel= =3D"noopener">
https://www.eaton.com/content/dam/eaton/company/news-insights= /cybersecurity/security-bulletins/etn-va-2025-1025.pdf</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Eaton--IPP software</td>
<td>A security misconfiguration was identified in Eaton Intelligent Power P= rotector (IPP), where an HTTP response header was set with an insecure attr= ibute, potentially exposing users to web=E2=80=91based attacks.=C2=A0This s= ecurity issue has been fixed in the latest version of Eaton IPP software wh= ich is available on the Eaton download centre.</td>
<td>2026-04-16</td>
<td>5.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22618" target=3D= "_blank" rel=3D"noopener">CVE-2026-22618</a></td>
<a href=3D"
https://www.eaton.com/content/dam/eaton/company/news-insights/cy= bersecurity/security-bulletins/etn-va-2025-1025.pdf" target=3D"_blank" rel= =3D"noopener">
https://www.eaton.com/content/dam/eaton/company/news-insights= /cybersecurity/security-bulletins/etn-va-2025-1025.pdf</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Wago--Smart Designer</td>
<td>In Wago Smart Designer in versions up to 2.33.1 a low privileged remote=
attacker may enumerate projects and usernames through iterative requests t=
o an specific endpoint.</td>
<td>2026-04-16</td>
<td>4.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2023-5872" target=3D"= _blank" rel=3D"noopener">CVE-2023-5872</a></td>
<a href=3D"
https://certvde.com/de/advisories/VDE-2023-045" target=3D"_blank=
" rel=3D"noopener">
https://certvde.com/de/advisories/VDE-2023-045</a><br><a=
href=3D"
https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2= 023-045.json" target=3D"_blank" rel=3D"noopener">
https://wago.csaf-tp.certv= de.com/.well-known/csaf/white/2023/vde-2023-045.json</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Vision--Helpdesk</td>
<td>Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to re=
ad user profiles via modified serialized cookie data to vis_client_id.</td> <td>2026-04-16</td>
<td>4.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-58343" target=3D= "_blank" rel=3D"noopener">CVE-2024-58343</a></td>
<a href=3D"
https://github.com/websec/Vision-Helpdesk-Exploit" target=3D"_bl= ank" rel=3D"noopener">
https://github.com/websec/Vision-Helpdesk-Exploit</a>= <br><a href=3D"
https://websec.net/blog/critical-vulnerability-in-vision-hel= pdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f" target= =3D"_blank" rel=3D"noopener">
https://websec.net/blog/critical-vulnerability= -in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26= 446f</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Zaytech--Smart Online Order for Clover</td> <td>Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online=
Order for Clover allows Cross Site Request Forgery.This issue affects Smar=
t Online Order for Clover: from n/a through 1.6.0.</td>
<td>2026-04-15</td>
<td>4.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15635" target=3D= "_blank" rel=3D"noopener">CVE-2025-15635</a></td>
<a href=3D"
https://patchstack.com/database/wordpress/plugin/clover-online-o= rders/vulnerability/wordpress-smart-online-order-for-clover-plugin-1-6-0-cr= oss-site-request-forgery-csrf-vulnerability?_s_id=3Dcve" target=3D"_blank" = rel=3D"noopener">
https://patchstack.com/database/wordpress/plugin/clover-on= line-orders/vulnerability/wordpress-smart-online-order-for-clover-plugin-1-= 6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve</a><br>=C2=A0= </td>
</tr>
<td class=3D"vendor-product">Dell--PowerScale OneFS</td>
<td>Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper=
check for unusual or exceptional conditions vulnerability. A high privileg=
ed attacker with local access could potentially exploit this vulnerability,=
leading to denial of service.</td>
<td>2026-04-16</td>
<td>4.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-43883" target=3D= "_blank" rel=3D"noopener">CVE-2025-43883</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-= security-update-for-dell-powerscale-onefs-multiple-vulnerabilities" target= =3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-us/00037= 6214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulner= abilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Dell--PowerScale OneFS</td>
<td>Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper=
resource shutdown or release vulnerability. A high privileged attacker wit=
h local access could potentially exploit this vulnerability, leading to den= ial of service.</td>
<td>2026-04-16</td>
<td>4.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-43935" target=3D= "_blank" rel=3D"noopener">CVE-2025-43935</a></td>
<a href=3D"
https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-= security-update-for-dell-powerscale-onefs-multiple-vulnerabilities" target= =3D"_blank" rel=3D"noopener">
https://www.dell.com/support/kbdoc/en-us/00037= 6214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulner= abilities</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">DeluxeThemes--Userpro</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro=
allows Cross Site Request Forgery.This issue affects Userpro: from n/a bef= ore 5.1.11.</td>
<td>2026-04-15</td>
<td>4.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-53444" target=3D= "_blank" rel=3D"noopener">CVE-2025-53444</a></td>
<a href=3D"
https://patchstack.com/database/wordpress/plugin/userpro/vulnera= bility/wordpress-userpro-plugin-5-1-11-cross-site-request-forgery-csrf-vuln= erability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">
https://patchstac= k.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plu= gin-5-1-11-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve</a><br= >=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSOAR on-premise</td>
<td>A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerabil= ity in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, F= ortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSO=
AR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise = 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on= -premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow =
an authenticated attacker to discover services running on local ports via c= rafted requests.</td>
<td>2026-04-14</td>
<td>4.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-59809" target=3D= "_blank" rel=3D"noopener">CVE-2025-59809</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-103" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-103</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSandbox PaaS</td>
<td>An Improper Neutralization of Input During Web Page Generation ('Cross-= site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSand= box 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an=
attacker to perform an XSS attack via crafted HTTP requests.</td> <td>2026-04-14</td>
<td>4.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-61886" target=3D= "_blank" rel=3D"noopener">CVE-2025-61886</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-109" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-109</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">themefusion--Avada (Fusion) Builder</td>
<td>The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensit= ive Information Exposure in all versions up to, and including, 3.15.1. This=
is due to the plugin's `fusion_get_post_custom_field()` function failing t=
o validate whether metadata keys are protected (underscore-prefixed). This = makes it possible for authenticated attackers, with Subscriber-level access=
and above, to extract protected post metadata fields that should not be pu= blicly accessible via the Dynamic Data feature's `post_custom_field` parame= ter.</td>
<td>2026-04-15</td>
<td>4.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1541" target=3D"= _blank" rel=3D"noopener">CVE-2026-1541</a></td>
<a href=3D"
https://www.wordfence.com/threat-intel/vulnerabilities/id/f1f69f= 93-80e3-434d-98a6-fc8757b4e6d1?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">
https://www.wordfence.com/threat-intel/vulnerabilities/id/f1f69f93-80e= 3-434d-98a6-fc8757b4e6d1?source=3Dcve</a><br><a href=3D"
https://themeforest= .net/item/avada-responsive-multipurpose-theme/2833226" target=3D"_blank" re= l=3D"noopener">
https://themeforest.net/item/avada-responsive-multipurpose-t= heme/2833226</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Unity Connection</td>
<td>A vulnerability in the web-based management interface of Cisco Unity Co= nnection could allow an unauthenticated, remote attacker to redirect a user=
to a malicious web page. This vulnerability is due to improper input valid= ation of HTTP request parameters. An attacker could exploit this vulnerabil= ity by persuading a user to click a crafted link. A successful exploit coul=
d allow the attacker to redirect a user to a malicious web page.</td> <td>2026-04-15</td>
<td>4.7</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20060" target=3D= "_blank" rel=3D"noopener">CVE-2026-20060</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-unity-vulns-n2EJSbbw" target=3D"_blank" rel=3D"noope= ner">cisco-sa-unity-vulns-n2EJSbbw</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Unity Connection</td>
<td>A vulnerability in the web-based management interface of Cisco Unity Co= nnection could allow an authenticated, remote attacker to perform an SQL in= jection attack against an affected device. To exploit this vulnerability, t=
he attacker must have valid user credentials on the affected device. This v= ulnerability is due to insufficient validation of user-supplied input. An a= ttacker could exploit this vulnerability by sending a crafted HTTP(S) reque=
st to the web-based management interface of an affected device. A successfu=
l exploit could allow the attacker to view data on the affected device.</td=
<td>2026-04-15</td>
<td>4.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20061" target=3D= "_blank" rel=3D"noopener">CVE-2026-20061</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-unity-vulns-n2EJSbbw" target=3D"_blank" rel=3D"noope= ner">cisco-sa-unity-vulns-n2EJSbbw</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Identity Services Engine Software= </td>
<td>Multiple vulnerabilities in the web-based management interface of Cisco=
Identity Services Engine (ISE) could allow an authenticated, remote attack=
er with administrative&nbsp;write privileges to conduct a stored cross-= site scripting (XSS) attack or a reflected XSS attack against a user of the=
web-based management interface of an affected device. These vulnerabilitie=
s are due to insufficient sanitization of user-supplied data that is stored=
in the web page. An attacker could exploit these vulnerabilities by convin= cing a user of the interface to click a specific link or view an affected w=
eb page. The injected script code may be executed in the context of the web= -based management interface or allow the attacker to access sensitive brows= er-based information.</td>
<td>2026-04-15</td>
<td>4.8</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20132" target=3D= "_blank" rel=3D"noopener">CVE-2026-20132</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-isexss-BS8ctE7U" target=3D"_blank" rel=3D"noopener">= cisco-sa-isexss-BS8ctE7U</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Cisco--Cisco Identity Services Engine Software= </td>
<td>A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authentic= ated, remote attacker to perform path traversal attacks on the underlying o= perating system and read arbitrary files. To exploit this vulnerability, th=
e attacker must have valid administrative credentials. This vulnerability i=
s due to improper validation of user-supplied input. An attacker could expl= oit this vulnerability by sending a crafted HTTP request to an affected sys= tem. A successful exploit could allow the attacker to access sensitive file=
s on the affected system.</td>
<td>2026-04-15</td>
<td>4.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20148" target=3D= "_blank" rel=3D"noopener">CVE-2026-20148</a></td>
<a href=3D"
https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ" target=3D"_blank" rel=3D= "noopener">cisco-sa-ise-rce-traversal-8bYndVrZ</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Splunk--Splunk Enterprise</td>
<td>In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11,=
and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.25= 10.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user = that does not hold the `admin` or `power` Splunk roles,=C2=A0has write perm= ission on the app, and does not hold the high-privilege capability `acceler= ate_datamodel`, could turn on or off Data Model Acceleration due to imprope=
r access control.</td>
<td>2026-04-15</td>
<td>4.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20203" target=3D= "_blank" rel=3D"noopener">CVE-2026-20203</a></td>
<a href=3D"
https://advisory.splunk.com/advisories/SVD-2026-0402" target=3D"= _blank" rel=3D"noopener">
https://advisory.splunk.com/advisories/SVD-2026-04= 02</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Microsoft--Windows 10 Version 1607</td> <td>Improper removal of sensitive information before storage or transfer in=
Windows Recovery Environment Agent allows an unauthorized attacker to bypa=
ss a security feature with a physical attack.</td>
<td>2026-04-14</td>
<td>4.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20928" target=3D= "_blank" rel=3D"noopener">CVE-2026-20928</a></td>
<a href=3D"
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 0928" target=3D"_blank" rel=3D"noopener">Windows Recovery Environment Secur= ity Feature Bypass Vulnerability</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Microsoft--Microsoft SharePoint Enterprise Ser= ver 2016</td>
<td>Improper neutralization of input during web page generation ('cross-sit=
e scripting') in Microsoft Office SharePoint allows an authorized attacker =
to perform spoofing over a network.</td>
<td>2026-04-14</td>
<td>4.6</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-20945" target=3D= "_blank" rel=3D"noopener">CVE-2026-20945</a></td>
<a href=3D"
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 0945" target=3D"_blank" rel=3D"noopener">Microsoft SharePoint Server Spoofi=
ng Vulnerability</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSOAR PaaS</td>
<td>An improper neutralization of input during web page generation ('cross-= site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6= .3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, Fo= rtiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, Fo= rtiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versio= ns, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote=
attacker to perform a stored cross site scripting (XSS) attack via crafted=
HTTP Requests.</td>
<td>2026-04-14</td>
<td>4.4</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22154" target=3D= "_blank" rel=3D"noopener">CVE-2026-22154</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-117" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-117</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSOAR PaaS</td>
<td>A storing passwords in a recoverable format vulnerability in Fortinet F= ortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, Fort= iSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-= premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, Fort= iSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions ma=
y allow an authenticated remote attacker to retrieve Service account passwo=
rd via server address modification in LDAP configuration.</td> <td>2026-04-14</td>
<td>4.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22574" target=3D= "_blank" rel=3D"noopener">CVE-2026-22574</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-105" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-105</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Fortinet--FortiSOAR PaaS</td>
<td>A storing passwords in a recoverable format vulnerability in Fortinet F= ortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, Fort= iSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-= premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, Fort= iSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions ma=
y allow an authenticated remote attacker to retrieve passwords for multiple=
installed connectors via server address modification in connector configur= ation.</td>
<td>2026-04-14</td>
<td>4.1</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22576" target=3D= "_blank" rel=3D"noopener">CVE-2026-22576</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-104" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-104</= a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">octobercms--october</td>
<td>October is a Content Management System (CMS) and web platform. Versions=
prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass = vulnerability in the optional Twig safe mode feature (CMS_SAFE_MODE). Certa=
in methods on the collect() helper were not properly restricted, allowing a= uthenticated users with template editing permissions to bypass sandbox prot= ections. Exploitation requires authenticated backend access with CMS templa=
te editing permissions and only affects installations with CMS_SAFE_MODE en= abled (disabled by default). This issue has been fixed in versions 3.7.13 a=
nd 4.1.5. To workaround this issue, users can disable CMS_SAFE_MODE if untr= usted template editing is not required, and restrict CMS template editing p= ermissions to fully trusted administrators only.</td>
<td>2026-04-14</td>
<td>4.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22692" target=3D= "_blank" rel=3D"noopener">CVE-2026-22692</a></td>
<a href=3D"
https://github.com/octobercms/october/security/advisories/GHSA-m= 5qg-jc75-4jp6" target=3D"_blank" rel=3D"noopener">
https://github.com/octobe= rcms/october/security/advisories/GHSA-m5qg-jc75-4jp6</a><br>=C2=A0</td>
</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
<div id=3D"low_v">
<h2 id=3D"low_v_title">Low Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Low Vulnerabilities" align=3D"center">
<thead>
<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>
<td class=3D"vendor-product">WSO2--WSO2 API Manager</td>
<td>The component accepts XML input through the publisher without disabling=
external entity resolution. This allows malicious actors to submit a craft=
ed XML payload that exploits the unescaped external entity references. By l= everaging this vulnerability, a malicious actor can read confidential files=
from the product's file system or access limited HTTP resources reachable = via HTTP GET requests to the vulnerable product.</td>
<td>2026-04-16</td>
<td>3.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-8010" target=3D"= _blank" rel=3D"noopener">CVE-2024-8010</a></td>
<a href=3D"
https://security.docs.wso2.com/en/latest/security-announcements/= security-advisories/2026/WSO2-2024-3581/" target=3D"_blank" rel=3D"noopener= ">
https://security.docs.wso2.com/en/latest/security-announcements/security-= advisories/2026/WSO2-2024-3581/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">1Panel-dev--MaxKB</td>
<td>A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacte=
d is an unknown function of the file ui/src/chat.ts of the component MdPrev= iew. Such manipulation leads to cross site scripting. The attack can be exe= cuted remotely. The exploit has been disclosed to the public and may be use=
d. Upgrading to version 2.5.0 is recommended to address this issue. The nam=
e of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8. It is advisable=
to upgrade the affected component. The vendor was contacted early, respond=
ed in a very professional manner and quickly released a fixed version of th=
e affected product.</td>
<td>2026-04-13</td>
<td>3.5</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15632" target=3D= "_blank" rel=3D"noopener">CVE-2025-15632</a></td>
<a href=3D"
https://vuldb.com/vuln/356967" target=3D"_blank" rel=3D"noopener= ">VDB-356967 | 1Panel-dev MaxKB MdPreview chat.ts cross site scripting</a><= br><a href=3D"
https://vuldb.com/vuln/356967/cti" target=3D"_blank" rel=3D"n= oopener">VDB-356967 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br><a href=3D= "
https://vuldb.com/submit/782265" target=3D"_blank" rel=3D"noopener">Submit=
#782265 | 1Panel-dev MaxKB <=3D v2.6.1 Stored XSS</a><br><a href=3D"htt= ps://github.com/AnalogyC0de/public_exp/issues/28" target=3D"_blank" rel=3D"= noopener">
https://github.com/AnalogyC0de/public_exp/issues/28</a><br><a hre= f=3D"
https://github.com/1Panel-dev/MaxKB/pull/4578" target=3D"_blank" rel= =3D"noopener">
https://github.com/1Panel-dev/MaxKB/pull/4578</a><br><a href= =3D"
https://github.com/1Panel-dev/MaxKB/commit/7230daa5ec3e6574b6ede83dd48a= 4fbc0e70b8d8" target=3D"_blank" rel=3D"noopener">
https://github.com/1Panel-= dev/MaxKB/commit/7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8</a><br><a href=3D= "
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.5.0" target=3D"_blank"=
rel=3D"noopener">
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.5.0</= a><br><a href=3D"
https://github.com/1Panel-dev/MaxKB/" target=3D"_blank" re= l=3D"noopener">
https://github.com/1Panel-dev/MaxKB/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Siemens--Siemens Software Center</td>
<td>A vulnerability has been identified in Siemens Software Center (All ver= sions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcente=
r Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions &= lt; V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid E= dge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulatio=
n (All versions < V2504.0008). Affected applications do not properly val= idate client certificates to connect to Analytics Service endpoint. This co= uld allow an unauthenticated remote attacker to perform man in the middle a= ttacks.</td>
<td>2026-04-14</td>
<td>3.7</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-40745" target=3D= "_blank" rel=3D"noopener">CVE-2025-40745</a></td>
<a href=3D"
https://cert-portal.siemens.com/productcert/html/ssa-981622.html=
" target=3D"_blank" rel=3D"noopener">
https://cert-portal.siemens.com/produc= tcert/html/ssa-981622.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Grafana--Grafana Correlations</td>
<td>--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draf=
t: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-T= enant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product:=
Grafana severity: Low cve: CVE-2026-21727 cvss_score: "3.3" cvss_vector: "= CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" fixed_versions: - ">=3D11.= 6.11 >=3D12.0.9 >=3D12.1.6 >=3D12.2.4" --- A cross-tenant isolatio=
n vulnerability was found in Grafana's Correlations feature affecting legac=
y correlation records. Due to a backward compatibility condition allowing o= rg_id =3D 0 records to be returned across organizations, a user with dataso= urce management privileges could read and permanently delete legacy correla= tion data belonging to another organization. This issue affects correlation=
s created prior to Grafana 10.2 and is fixed in >=3D11.6.11, >=3D12.0= .9, >=3D12.1.6, and >=3D12.2.4. Thanks to Gyu-hyeok Lee (g2h) for rep= orting this vulnerability.</td>
<td>2026-04-15</td>
<td>3.3</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21727" target=3D= "_blank" rel=3D"noopener">CVE-2026-21727</a></td>
<a href=3D"
https://grafana.com/security/security-advisories/cve-2026-21727"=
target=3D"_blank" rel=3D"noopener">
https://grafana.com/security/security-a= dvisories/cve-2026-21727</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">HCL--AION</td>
<td>HCL AION is affected by a vulnerability where certain system behaviours=
may allow exploration of internal filesystem structures. Exposure of such = information may provide insights into the underlying environment, which cou=
ld potentially aid in further targeted actions or limited information discl= osure.</td>
<td>2026-04-15</td>
<td>2.9</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-52641" target=3D= "_blank" rel=3D"noopener">CVE-2025-52641</a></td>
<a href=3D"
https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0130007" target=3D"_blank" rel=3D"noopener">
https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0130007</a><br>=C2=A0</t=
</tr>
<td class=3D"vendor-product">Fortinet--FortiNAC-F</td>
<td>An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [C= WE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-=
F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileg=
ed attacker with system administrator role to redirect users to an arbitrar=
y website via crafted CSV file.</td>
<td>2026-04-14</td>
<td>2.2</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21741" target=3D= "_blank" rel=3D"noopener">CVE-2026-21741</a></td>
<a href=3D"
https://fortiguard.fortinet.com/psirt/FG-IR-26-118" target=3D"_b= lank" rel=3D"noopener">
https://fortiguard.fortinet.com/psirt/FG-IR-26-118</= a><br>=C2=A0</td>
</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
<div id=3D"snya_v">
<h2 id=3D"snya_v_title">Severity Not Yet Assigned</h2>
<table id=3D"table_severity_not_yet_assigned" class=3D"table no-tablesaw" s= tyle=3D"table-layout: fixed; width: 100%;" border=3D"1" summary=3D"Severity=
Not Yet Assigned" align=3D"center">
<thead>
<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
<span class=3D"primary-vendor">Primary</span><br><span class=3D"primary-ven= dor">Vendor</span> -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>
<td class=3D"vendor-product">AMD--AMD EPYC 7003 Series Processors</td> <td>Insufficient checks of the RMP on host buffer access in IOMMU may allow=
an attacker with privileges and a compromised hypervisor to trigger an out=
of bounds condition without RMP checks, resulting in a potential loss of c= onfidential guest integrity.</td>
<td>2026-04-16</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2023-20585" target=3D= "_blank" rel=3D"noopener">CVE-2023-20585</a></td>
<a href=3D"
https://www.amd.com/en/resources/product-security/bulletin/AMD-S= B-3016.html" target=3D"_blank" rel=3D"noopener">
https://www.amd.com/en/reso= urces/product-security/bulletin/AMD-SB-3016.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">n/a--NietThijmen ShoppingCart 0.0.2</td> <td>Command injection in the connect function in NietThijmen ShoppingCart 0= .0.2 allows an attacker to execute arbitrary shell commands and achieve rem= ote code execution via injection of malicious payloads into the Port field<=
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2024-53412" target=3D= "_blank" rel=3D"noopener">CVE-2024-53412</a></td>
<a href=3D"
https://github.com/NietThijmen/ShoppingCart/issues/1" target=3D"= _blank" rel=3D"noopener">
https://github.com/NietThijmen/ShoppingCart/issues= /1</a><br><a href=3D"
https://github.com/Buckdray/vulnerability-research/blo= b/main/CVE-2024-53412/README.md" target=3D"_blank" rel=3D"noopener">https:/= /github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README= .md</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Grafana--Grafana Alerting</td>
<td>In Grafana's alerting system, users with edit permissions for a contact=
point, specifically the permissions "alert.notifications:write" or "alert.= notifications.receivers:test" that are granted as part of the fixed role "C= ontact Point Writer", which is part of the basic role Editor - can edit con= tact points created by other users, modify the endpoint URL to a controlled=
server. By invoking the test functionality, attackers can capture and extr= act redacted secure settings, such as authentication credentials for third-= party services (e.g., Slack tokens). This leads to unauthorized access and = potential compromise of external integrations.</td>
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-12141" target=3D= "_blank" rel=3D"noopener">CVE-2025-12141</a></td>
<a href=3D"
https://grafana.com/security/security-advisories/cve-2025-12141/=
" target=3D"_blank" rel=3D"noopener">
https://grafana.com/security/security-= advisories/cve-2025-12141/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">MCPHub--MCPHub</td>
<td>MCPHub in versions below=C2=A00.11.0 is vulnerable to authentication by= pass. Some endpoints are not protected by authentication middleware, allowi=
ng an unauthenticated attacker to perform actions in the name of other user=
s and using their privileges.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-13822" target=3D= "_blank" rel=3D"noopener">CVE-2025-13822</a></td>
<a href=3D"
https://github.com/samanhappy/mcphub" target=3D"_blank" rel=3D"n= oopener">
https://github.com/samanhappy/mcphub</a><br><a href=3D"
https://cer= t.pl/en/posts/2026/04/CVE-2025-13822" target=3D"_blank" rel=3D"noopener">ht= tps://cert.pl/en/posts/2026/04/CVE-2025-13822</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Legion of the Bouncy Castle Inc.--BC-JAVA</td> <td>Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legio=
n of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vuln= erability is associated with program files G3413CTRBlockCipher. GOSTCTR imp= lementation unable to process more than 255 blocks correctly. This issue af= fects BC-JAVA: from 1.59 before 1.84.</td>
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-14813" target=3D= "_blank" rel=3D"noopener">CVE-2025-14813</a></td>
<a href=3D"
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%901= 4813" target=3D"_blank" rel=3D"noopener">
https://github.com/bcgit/bc-java/w= iki/CVE%E2%80%902025%E2%80%9014813</a><br><a href=3D"
https://github.com/bcg= it/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f" target=3D"_blan=
k" rel=3D"noopener">
https://github.com/bcgit/bc-java/commit/b42574345414e4b= 7c8051b16fa1fafe01c29871f</a><br><a href=3D"
https://github.com/bcgit/bc-jav= a/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3" target=3D"_blank" rel=3D= "noopener">
https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801= b3581fdf95c6d4f3</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Unknown--Form Maker by 10Web</td>
<td>The Form Maker by 10Web WordPress plugin before 1.15.38 does not proper=
ly prepare SQL queries when the "MySQL Mapping" feature is in use, which co= uld make SQL Injection attacks possible in certain contexts.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15441" target=3D= "_blank" rel=3D"noopener">CVE-2025-15441</a></td>
<a href=3D"
https://wpscan.com/vulnerability/41f69b0a-4d17-4a6b-b803-ea1c370= e3cc0/" target=3D"_blank" rel=3D"noopener">
https://wpscan.com/vulnerability= /41f69b0a-4d17-4a6b-b803-ea1c370e3cc0/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">OpenText, Inc--RightFax</td>
<td>Deserialization of untrusted data vulnerability in OpenText, Inc RightF=
ax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects Ri= ghtFax: through 25.4.</td>
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15610" target=3D= "_blank" rel=3D"noopener">CVE-2025-15610</a></td>
<a href=3D"
https://support.opentext.com/csm?id=3Dot_kb_unauthenticated&sysp= arm_article=3DKB0861863" target=3D"_blank" rel=3D"noopener">
https://support= .opentext.com/csm?id=3Dot_kb_unauthenticated&sysparm_article=3DKB0861863</a= ><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Sparx Systems Pty Ltd.--Sparx Enterprise Archi= tect</td>
<td>Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx En= terprise Architect. Client does not verify the receiver of OAuth2 credentia=
ls during OpenID authentication</td>
<td>2026-04-16</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15621" target=3D= "_blank" rel=3D"noopener">CVE-2025-15621</a></td>
<a href=3D"
https://sparxsystems.com/products/ea/17.1/history.html" target= =3D"_blank" rel=3D"noopener">
https://sparxsystems.com/products/ea/17.1/hist= ory.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Sparx Systems Pty Ltd.--Sparx Enterprise Archi= tect</td>
<td>Insufficiently Protected Credentials vulnerability in Sparx Systems Pty=
Ltd. Sparx Enterprise Architect.=C2=A0Client reveals plaintext OAuth2 clie=
nt secretDesktop client decodes the secret and uses the plaintext secret to=
exchange it into an access and id tokens as part of the OpenID authenticat= ion flow.</td>
<td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15622" target=3D= "_blank" rel=3D"noopener">CVE-2025-15622</a></td>
<a href=3D"
https://sparxsystems.com/products/ea/17.1/history.html" target= =3D"_blank" rel=3D"noopener">
https://sparxsystems.com/products/ea/17.1/hist= ory.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Sparx Systems Pty Ltd.--Sparx Pro Cloud Server= </td>
<td>Exposure of Private Personal Information to an Unauthorized Actor, : Ex= posure of Sensitive System Information to an Unauthorized Control Sphere vu= lnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticat=
ed user can retrieve database password in plaintext in certain situations</=
<td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15623" target=3D= "_blank" rel=3D"noopener">CVE-2025-15623</a></td>
<a href=3D"
https://sparxsystems.com/products/procloudserver/6.1/history.htm=
l" target=3D"_blank" rel=3D"noopener">
https://sparxsystems.com/products/pro= cloudserver/6.1/history.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Sparx Systems Pty Ltd.--Sparx Pro Cloud Server= </td>
<td>Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd.=
Sparx Pro Cloud Server.=C2=A0 In a setup where OpenID is used as the prima=
ry method of authentication to authenticate to Sparx EA, Pro Cloud Server c= reates local passwords to the users and stores them in plaintext.</td> <td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15624" target=3D= "_blank" rel=3D"noopener">CVE-2025-15624</a></td>
<a href=3D"
https://sparxsystems.com/products/procloudserver/6.1/history.htm=
l" target=3D"_blank" rel=3D"noopener">
https://sparxsystems.com/products/pro= cloudserver/6.1/history.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Sparx Systems Pty Ltd.--Sparx Pro Cloud Server= </td>
<td>Unauthenticated user is able to=C2=A0execute arbitrary SQL commands in = Sparx Pro Cloud Server database in certain cases.</td>
<td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-15625" target=3D= "_blank" rel=3D"noopener">CVE-2025-15625</a></td>
<a href=3D"
https://sparxsystems.com/products/procloudserver/6.1/history.htm=
l" target=3D"_blank" rel=3D"noopener">
https://sparxsystems.com/products/pro= cloudserver/6.1/history.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">n/a--Phpgurukul Online Course</td>
<td>In Phpgurukul Online Course Registration v3.1, an arbitrary file upload=
vulnerability was discovered within the profile picture upload functionali=
ty on the /my-profile.php page.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-51414" target=3D= "_blank" rel=3D"noopener">CVE-2025-51414</a></td>
<a href=3D"
https://github.com/12T40910/CVE/issues/12" target=3D"_blank" rel= =3D"noopener">
https://github.com/12T40910/CVE/issues/12</a><br><a href=3D"h= ttps://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-i= n-online-course-registration-v3-1-bd8b839be1d7" target=3D"_blank" rel=3D"no= opener">
https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file= -upload-in-online-course-registration-v3-1-bd8b839be1d7</a><br>=C2=A0</td> </tr>
<td class=3D"vendor-product">AMD--AMD EPYC 9004 Series Processors</td> <td>Incorrect use of boot service in the AMD Platform Configuration Blob (A= PCB) SMM driver could allow a privileged attacker with local access (Ring 0=
) to achieve privilege escalation potentially resulting in arbitrary code e= xecution.</td>
<td>2026-04-16</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-54502" target=3D= "_blank" rel=3D"noopener">CVE-2025-54502</a></td>
<a href=3D"
https://www.amd.com/en/resources/product-security/bulletin/AMD-S= B-7054.html" target=3D"_blank" rel=3D"noopener">
https://www.amd.com/en/reso= urces/product-security/bulletin/AMD-SB-7054.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">AMD--AMD EPYC 9004 Series Processors</td>
<td>A missing lock verification in AMD Secure Processor (ASP) firmware may = permit a locally authenticated attacker with administrative privileges to a= lter MMIO routing on some Zen 5-based products, potentially compromising gu= est system integrity.</td>
<td>2026-04-16</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-54510" target=3D= "_blank" rel=3D"noopener">CVE-2025-54510</a></td>
<a href=3D"
https://www.amd.com/en/resources/product-security/bulletin/AMD-S= B-3034.html" target=3D"_blank" rel=3D"noopener">
https://www.amd.com/en/reso= urces/product-security/bulletin/AMD-SB-3034.html</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Apache Software Foundation--Apache Airflow</td=
<td>The example example_xcom=C2=A0that was included in airflow documentatio=
n implemented unsafe pattern of reading value from xcom in the way that cou=
ld be exploited to allow UI user who had access to modify XComs to perform = arbitrary execution of code on the worker. Since the UI users are already h= ighly trusted, this is a Low severity vulnerability. It does not affect Air= flow release - example_dags are not supposed to be enabled in production en= vironment, however users following the example could replicate the bad patt= ern. Documentation of Airflow 3.2.0 contains version of the example with im= proved resiliance for that case. Users who followed that pattern are advise=
d to adjust their implementations accordingly.</td>
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-54550" target=3D= "_blank" rel=3D"noopener">CVE-2025-54550</a></td>
<a href=3D"
https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1=
" target=3D"_blank" rel=3D"noopener">
https://lists.apache.org/thread/3mf4cf= x070ofsnf9qy0s2v5gqb5sc2g1</a><br><a href=3D"
https://github.com/apache/airf= low/pull/63200" target=3D"_blank" rel=3D"noopener">
https://github.com/apach= e/airflow/pull/63200</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Openai[.]com-- Codex CLI v0.23.0</td>
<td>A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before t= hat enables code execution through malicious MCP (Model Context Protocol) c= onfiguration files. The attack is triggered when a user runs the codex comm= and inside a malicious or compromised repository. Codex automatically loads=
project-local .env and .codex/config.toml files without requiring user con= firmation, allowing attackers to embed arbitrary commands that execute imme= diately.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-61260" target=3D= "_blank" rel=3D"noopener">CVE-2025-61260</a></td>
<a href=3D"
http://openai.com" target=3D"_blank" rel=3D"noopener">
http://ope= nai.com</a><br><a href=3D"
https://research.checkpoint.com/2025/openai-codex= -cli-command-injection-vulnerability/" target=3D"_blank" rel=3D"noopener">h= ttps://research.checkpoint.com/2025/openai-codex-cli-command-injection-vuln= erability/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Snipe-it[.]com--Snipe-IT asset management v8.3= .0</td>
<td>Cross-Site Scripting vulnerability in the Snipe-IT web-based asset mana= gement system v8.3.0 to up and including v8.3.1 allows authenticated attack=
er with lowest privileges sufficient only to log in, to inject arbitrary Ja= vaScript code via "Name" and "Surname" fields. The JavaScript code is execu= ted whenever "Activity Report" or modified profile is viewed directly by an=
y user with sufficient permissions. Successful exploitation of this issue r= equires that the profile's "Display Name" is not set. The vulnerability is = fixed in v8.3.2.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-63743" target=3D= "_blank" rel=3D"noopener">CVE-2025-63743</a></td>
<a href=3D"
http://grokability.com" target=3D"_blank" rel=3D"noopener">http:= //grokability.com</a><br><a href=3D"
http://snipe-it.com" target=3D"_blank" = rel=3D"noopener">
http://snipe-it.com</a><br><a href=3D"
https://github.com/g= rokability/snipe-it/commit/b6d397bcca4e8a05176b782de769d7160058bfc4#diff-7f= e056d76c09808dac923c4639161d587c3fff281a01122f3e10c4a781674a65" target=3D"_= blank" rel=3D"noopener">
https://github.com/grokability/snipe-it/commit/b6d3= 97bcca4e8a05176b782de769d7160058bfc4#diff-7fe056d76c09808dac923c4639161d587= c3fff281a01122f3e10c4a781674a65</a><br><a href=3D"
https://github.com/mikust= /CVEs/tree/main/CVE-2025-63743" target=3D"_blank" rel=3D"noopener">
https://= github.com/mikust/CVEs/tree/main/CVE-2025-63743</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">n/a-- hotel-management-php version 1.0</td> <td>alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scrip= ting (XSS) in /public/admin/edit_room.php which allows an attacker to injec=
t and execute arbitrary JavaScript via the room_id GET parameter.</td> <td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-65132" target=3D= "_blank" rel=3D"noopener">CVE-2025-65132</a></td>
<a href=3D"
https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2= 025-65132/README.md" target=3D"_blank" rel=3D"noopener">
https://github.com/= TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65132/README.md</a><br>=C2= =A0</td>
</tr>
<td class=3D"vendor-product">n/a--School Management System v1.0</td>
<td>A SQL injection vulnerability exists in the School Management System (v= ersion 1.0) by manikandan580. An unauthenticated or authenticated remote at= tacker can supply a crafted HTTP request to the affected endpoint to manipu= late SQL query logic and extract sensitive database information.</td> <td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-65133" target=3D= "_blank" rel=3D"noopener">CVE-2025-65133</a></td>
<a href=3D"
https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2= 025-65133/README.md" target=3D"_blank" rel=3D"noopener">
https://github.com/= TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65133/README.md</a><br>=C2= =A0</td>
</tr>
<td class=3D"vendor-product">n/a--School Management System v1.0</td>
<td>In manikandan580 School-management-system 1.0, a reflected cross-site s= cripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via = the email POST parameter.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-65134" target=3D= "_blank" rel=3D"noopener">CVE-2025-65134</a></td>
<a href=3D"
https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2= 025-65134/README.md" target=3D"_blank" rel=3D"noopener">
https://github.com/= TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md</a><br>=C2= =A0</td>
</tr>
<td class=3D"vendor-product">n/a--School Management System v1.0</td>
<td>In manikandan580 School-management-system 1.0, a reflected XSS vulnerab= ility exists in /studentms/admin/contact-us.php via the pagedes POST parame= ter.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-65136" target=3D= "_blank" rel=3D"noopener">CVE-2025-65136</a></td>
<a href=3D"
https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2= 025-65136/README.md" target=3D"_blank" rel=3D"noopener">
https://github.com/= TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65136/README.md</a><br>=C2= =A0</td>
</tr>
<td class=3D"vendor-product">Apache Software Foundation--Apache Airflow</td=
<td>Before Airflow 3.2.0, it was unclear that secure Airflow deployments re= quire the Deployment Manager to take appropriate actions and pay attention =
to security details and security model of Airflow. Some assumptions the Dep= loyment Manager could make were not clear or explicit enough, even though A= irflow's intentions and security model of Airflow did not suggest different=
assumptions. The overall security model [1], workload isolation [2], and J=
WT authentication details [3] are now described in more detail. Users conce= rned with role isolation and following the Airflow security model of Airflo=
w are advised to upgrade to Airflow 3.2, where several security improvement=
s have been implemented. They should also read and follow the relevant docu= ments to make sure that their deployment is secure enough. It also clarifie=
s that the Deployment Manager is ultimately responsible for securing your A= irflow deployment. This had also been communicated via Airflow 3.2.0 Blog a= nnouncement [4]. [1] Security Model:
https://airflow.apache.org/docs/apache= -airflow/stable/security/jwt_token_authentication.html [2] Workload isolati= on:
https://airflow.apache.org/docs/apache-airflow/stable/security/workload= .html [3] JWT Token authentication:
https://airflow.apache.org/docs/apache-= airflow/stable/security/jwt_token_authentication.html [4] Airflow 3.2.0 Blo=
g announcement:
https://airflow.apache.org/blog/airflow-3.2.0/ Users are re= commended to upgrade to version 3.2.0, which fixes this issue.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-66236" target=3D= "_blank" rel=3D"noopener">CVE-2025-66236</a></td>
<a href=3D"
https://github.com/apache/airflow/pull/58662" target=3D"_blank" = rel=3D"noopener">
https://github.com/apache/airflow/pull/58662</a><br><a hre= f=3D"
https://lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo" targ= et=3D"_blank" rel=3D"noopener">
https://lists.apache.org/thread/g8fyy1tkmxkk= fk7tx2v6h8mvwzpyykbo</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">gonitro[.]com-- Nitro PDF Pro v14.41.1.4</td> <td>A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allo=
ws attackers to cause a Denial of Service (DoS) via a crafted XFA packet.</=
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-66769" target=3D= "_blank" rel=3D"noopener">CVE-2025-66769</a></td>
<a href=3D"
https://www.gonitro.com/" target=3D"_blank" rel=3D"noopener">htt= ps://www.gonitro.com/</a><br><a href=3D"
https://jeroscope.com/advisories/20= 25/jero-2025-015/" target=3D"_blank" rel=3D"noopener">
https://jeroscope.com= /advisories/2025/jero-2025-015/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">nordicsemi[.]no--IronSide SE</td>
<td>Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an A= lgorithmic complexity issue.</td>
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-67841" target=3D= "_blank" rel=3D"noopener">CVE-2025-67841</a></td>
<a href=3D"
https://nordicsemi.no" target=3D"_blank" rel=3D"noopener">https:= //nordicsemi.no</a><br><a href=3D"
https://docs.nordicsemi.com/bundle/SA/res= ource/SA-2025-447-v1.1.pdf" target=3D"_blank" rel=3D"noopener">
https://docs= .nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf</a><br>=C2=A0</td> </tr>
<td class=3D"vendor-product">gonitro[.]com-- Nitro PDF Pro v14.41.1.4</td> <td>Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference=
vulnerability in the JavaScript implementation of app.alert(). When app.al= ert() is called with more than one argument and the first argument evaluate=
s to null (for example, app.alert(app.activeDocs, true) when app.activeDocs=
is null), the engine routes the call through a fallback path intended for = non-string arguments. In this path, js_ValueToString() is invoked on the nu=
ll value and returns an invalid string pointer, which is then passed to JS_= GetStringChars() without validation. Dereferencing this pointer leads to an=
access violation and application crash when opening a crafted PDF.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-69624" target=3D= "_blank" rel=3D"noopener">CVE-2025-69624</a></td>
<a href=3D"
http://nitro.com" target=3D"_blank" rel=3D"noopener">
http://nitr= o.com</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">gonitro[.]com-- Nitro PDF Pro v14.41.1.4</td> <td>Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vuln= erability in the implementation of the JavaScript method this.mailDoc(). Du= ring execution, an internal XID object is allocated and then freed prematur= ely, after which the freed pointer is still passed into UI and logging help=
er functions. Because the freed memory region may contain unpredictable hea=
p data or remnants of attacker-controlled JavaScript strings, downstream ro= utines such as wcscmp() may process invalid or stale pointers. This can res= ult in access violations and non-deterministic crashes.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-69627" target=3D= "_blank" rel=3D"noopener">CVE-2025-69627</a></td>
<a href=3D"
http://nitro.com" target=3D"_blank" rel=3D"noopener">
http://nitr= o.com</a><br><a href=3D"
https://jeroscope.com/advisories/2025/jero-2025-016=
/" target=3D"_blank" rel=3D"noopener">
https://jeroscope.com/advisories/2025= /jero-2025-016/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">trezor[.]com--Trezor One v1.13.0</td>
<td>A side-channel vulnerability exists in the implementation of BIP-39 mne= monic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1= .13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This=
originates from the BIP-39 standard guidelines, which induce non-constant = time execution and specific branch patterns for word searching. An attacker=
with physical access during the initial setup phase can collect a single s= ide-channel trace. By utilizing profiling-based Deep Learning Side-Channel = Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequen= tly steal the assets. The issue was patched.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-69893" target=3D= "_blank" rel=3D"noopener">CVE-2025-69893</a></td>
<a href=3D"
http://trezor.com" target=3D"_blank" rel=3D"noopener">
http://tre= zor.com</a><br><a href=3D"
https://trezor.io/vulnerability/fix-side-channel-= in-bip-39-mnemonic-processing-when-unlocked" target=3D"_blank" rel=3D"noope= ner">
https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-pr= ocessing-when-unlocked</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">n/a-- transloadit uppy v0.25.6</td>
<td>An issue pertaining to CWE-843: Access of Resource Using Incompatible T= ype was discovered in transloadit uppy v0.25.6.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-70023" target=3D= "_blank" rel=3D"noopener">CVE-2025-70023</a></td>
<a href=3D"
https://github.com/transloadi" target=3D"_blank" rel=3D"noopener= ">
https://github.com/transloadi</a><br><a href=3D"
https://github.com/transl= oadit/uppy" target=3D"_blank" rel=3D"noopener">
https://github.com/transload= it/uppy</a><br><a href=3D"
https://gist.github.com/zcxlighthouse/27926a85371= ac5d2291f44903254753e" target=3D"_blank" rel=3D"noopener">
https://gist.gith= ub.com/zcxlighthouse/27926a85371ac5d2291f44903254753e</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Safetica Application suite-- STProcessMonitor = 11.11.4.0=C2=A0</td>
<td>STProcessMonitor 11.11.4.0, part of the Safetica Application suite, all= ows an admin-privileged user to send crafted IOCTL requests to terminate pr= ocesses that are protected through a third-party implementation. This is ca= used by insufficient caller validation in the driver's IOCTL handler, enabl= ing unauthorized processes to perform those actions in kernel space. Succes= sful exploitation can lead to denial of service by disrupting critical thir= d-party services or applications. Unauthorized processes load the driver an=
d send a crafted IOCTL request (0xB822200C) to terminate processes protecte=
d by a third-party implementation. This action exploits insufficient caller=
validation in the driver's IOCTL handler, allowing unauthorized processes =
to perform termination operations in kernel space. Successful exploitation = can lead to denial of service by disrupting critical third-party services o=
r applications.</td>
<td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-70795" target=3D= "_blank" rel=3D"noopener">CVE-2025-70795</a></td>
<a href=3D"
https://bbs.kafan.cn/thread-2287429-1-1.html" target=3D"_blank" = rel=3D"noopener">
https://bbs.kafan.cn/thread-2287429-1-1.html</a><br><a hre= f=3D"
https://bbs.kafan.cn/thread-2287429-2-1.html" target=3D"_blank" rel=3D= "noopener">
https://bbs.kafan.cn/thread-2287429-2-1.html</a><br><a href=3D"h= ttps://www.virustotal.com/gui/file/70bcec00c215fe52779700f74e9bd669ff836f59= 4df92381cbfb7ee0568e7a8b" target=3D"_blank" rel=3D"noopener">
https://www.vi= rustotal.com/gui/file/70bcec00c215fe52779700f74e9bd669ff836f594df92381cbfb7= ee0568e7a8b</a><br><a href=3D"
https://www.virustotal.com/gui/file/9ace6a1e4= bee5834be38b4c2fd26780d1fcc18ea9d58224e31d6382c19e53296" target=3D"_blank" = rel=3D"noopener">
https://www.virustotal.com/gui/file/9ace6a1e4bee5834be38b4= c2fd26780d1fcc18ea9d58224e31d6382c19e53296</a><br><a href=3D"
https://www.vi= rustotal.com/gui/file/fc3588482f596a067b65d5d64d21fe62463b38a138fc87d8d2350= efa86d34284" target=3D"_blank" rel=3D"noopener">
https://www.virustotal.com/= gui/file/fc3588482f596a067b65d5d64d21fe62463b38a138fc87d8d2350efa86d34284</= a><br><a href=3D"
https://github.com/magicsword-io/LOLDrivers/commit/eea8326= bf891d810902203e9ac5cfdeaf5a17a1c" target=3D"_blank" rel=3D"noopener">https= ://github.com/magicsword-io/LOLDrivers/commit/eea8326bf891d810902203e9ac5cf= deaf5a17a1c</a><br><a href=3D"
https://github.com/magicsword-io/LOLDrivers/i= ssues/268" target=3D"_blank" rel=3D"noopener">
https://github.com/magicsword= -io/LOLDrivers/issues/268</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Vtiger[.]com-- Vtiger CRM 8.4.0</td>
<td>Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulner= ability in the MailManager module. Improper handling of user-controlled inp=
ut in the _folder parameter allows a specially crafted, double URL-encoded = payload to be reflected and executed in the context of an authenticated use=
r s session.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-70936" target=3D= "_blank" rel=3D"noopener">CVE-2025-70936</a></td>
<a href=3D"
https://www.vtiger.com/open-source-crm/" target=3D"_blank" rel= =3D"noopener">
https://www.vtiger.com/open-source-crm/</a><br><a href=3D"htt= ps://www.simonjuguna.com/cve-2025-70936-reflected-xss-vulnerability-in-vtig= er-crm-v8-4-0/" target=3D"_blank" rel=3D"noopener">
https://www.simonjuguna.= com/cve-2025-70936-reflected-xss-vulnerability-in-vtiger-crm-v8-4-0/</a><br= >=C2=A0</td>
</tr>
<td class=3D"vendor-product">Progress Software Corporation--OpenEdge</td>
<td>A vulnerability in the AdminServer component of OpenEdge on all support=
ed platforms grants its authenticated users=C2=A0OS-level access to the ser= ver through the adopted authority of the AdminServer process itself.=C2=A0 = The delegated authority of the AdminServer could allow its users the abilit=
y to read arbitrary files on the host system through the misuse of the setF= ile() and openFile() methods exposed through the RMI interface.=C2=A0 Misus=
e was limited only by OS-level authority of the AdminServer's elevated priv= ileges granted and the user's access to these methods enabled through RMI.= =C2=A0 The exploitable methods have been removed thus eliminating their acc= ess through RMI or downstream of the RMI registry.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-7389" target=3D"= _blank" rel=3D"noopener">CVE-2025-7389</a></td>
<a href=3D"
https://community.progress.com/s/article/Important-Arbitrary-Fil= e-Ready-Security-Update-for-OpenEdge-AdminServer" target=3D"_blank" rel=3D"= noopener">
https://community.progress.com/s/article/Important-Arbitrary-File= -Ready-Security-Update-for-OpenEdge-AdminServer</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Progress Software Corporation--OpenEdge</td> <td>The OECH1 prefix encoding is intended to obfuscate values across the Op= enEdge platform. =C2=A0It has been identified as cryptographically weak and=
unsuitable for stored encodings and enterprise applications. =C2=A0OECH1 e= ncodings should be considered exploitable and immediately replaced by any o= ther supported prefix encoding, all of which are based on symmetric encrypt= ion.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2025-8095" target=3D"= _blank" rel=3D"noopener">CVE-2025-8095</a></td>
<a href=3D"
https://community.progress.com/s/article/Unintended-Use-of-OECH1= -for-Password-Secrets-Protection" target=3D"_blank" rel=3D"noopener">https:= //community.progress.com/s/article/Unintended-Use-of-OECH1-for-Password-Sec= rets-Protection</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">PureStorage--FlashBlade</td>
<td>A vulnerability exists in FlashBlade whereby sensitive information may =
be logged under specific conditions.</td>
<td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0207" target=3D"= _blank" rel=3D"noopener">CVE-2026-0207</a></td>
<a href=3D"
https://support.purestorage.com/bundle/m_security_bulletins/page= /Pure_Security/topics/concept/c_security_bulletins.html" target=3D"_blank" = rel=3D"noopener">
https://support.purestorage.com/bundle/m_security_bulletin= s/page/Pure_Security/topics/concept/c_security_bulletins.html</a><br>=C2=A0= </td>
</tr>
<td class=3D"vendor-product">PureStorage--FlashArray</td>
<td>Under certain administrative conditions, FlashArray Purity may apply sn= apshot retention policies earlier or later than configured.</td> <td>2026-04-14</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0209" target=3D"= _blank" rel=3D"noopener">CVE-2026-0209</a></td>
<a href=3D"
https://support.purestorage.com/bundle/m_security_bulletins/page= /Pure_Security/topics/concept/c_security_bulletins.html" target=3D"_blank" = rel=3D"noopener">
https://support.purestorage.com/bundle/m_security_bulletin= s/page/Pure_Security/topics/concept/c_security_bulletins.html</a><br>=C2=A0= </td>
</tr>
<td class=3D"vendor-product">Palo Alto Networks--Cortex XDR Agent</td>
<td>A problem with a protection mechanism in the Palo Alto Networks Cortex = XDR agent on Windows allows a local Windows administrator to disable the ag= ent.=C2=A0This issue may be leveraged by malware to perform malicious activ= ity without detection.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0232" target=3D"= _blank" rel=3D"noopener">CVE-2026-0232</a></td>
<a href=3D"
https://security.paloaltonetworks.com/CVE-2026-0232" target=3D"_= blank" rel=3D"noopener">
https://security.paloaltonetworks.com/CVE-2026-0232= </a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Palo Alto Networks--Autonomous Digital Experie= nce Manager</td>
<td>A certificate validation vulnerability in Palo Alto Networks Autonomous=
Digital Experience Manager on Windows allows an unauthenticated attacker w= ith adjacent network access to execute arbitrary code with NT AUTHORITY\SYS= TEM privileges.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0233" target=3D"= _blank" rel=3D"noopener">CVE-2026-0233</a></td>
<a href=3D"
https://security.paloaltonetworks.com/CVE-2026-0233" target=3D"_= blank" rel=3D"noopener">
https://security.paloaltonetworks.com/CVE-2026-0233= </a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Palo Alto Networks--Cortex XSOAR Microsoft Tea=
ms Marketplace</td>
<td>An improper verification of cryptographic signature vulnerability exist=
s in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsof=
t Teams that enables an unauthenticated user to access and modify protected=
resources.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0234" target=3D"= _blank" rel=3D"noopener">CVE-2026-0234</a></td>
<a href=3D"
https://security.paloaltonetworks.com/CVE-2026-0234" target=3D"_= blank" rel=3D"noopener">
https://security.paloaltonetworks.com/CVE-2026-0234= </a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Legion of the Bouncy Castle Inc.--BC-JAVA</td> <td>Improper neutralization of special elements used in an LDAP query ('LDA=
P injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcp= rov on all (prov modules). This vulnerability is associated with program fi= les LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.84.</td=
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-0636" target=3D"= _blank" rel=3D"noopener">CVE-2026-0636</a></td>
<a href=3D"
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900= 636" target=3D"_blank" rel=3D"noopener">
https://github.com/bcgit/bc-java/wi= ki/CVE%E2%80%902026%E2%80%900636</a><br><a href=3D"
https://github.com/bcgit= /bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde" target=3D"_blank"=
rel=3D"noopener">
https://github.com/bcgit/bc-java/commit/d20cdb8430e092241= 14fec0179a71859929fcbde</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">keras-team--keras-team/keras</td>
<td>A vulnerability in the `TFSMLayer` class of the `keras` package, versio=
n 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded du= ring deserialization of `.keras` models, even when `safe_mode=3DTrue`. This=
bypasses the security guarantees of `safe_mode` and enables arbitrary atta= cker-controlled code execution during model inference under the victim's pr= ivileges. The issue arises due to the unconditional loading of external Sav= edModels, serialization of attacker-controlled file paths, and the lack of = validation in the `from_config()` method.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1462" target=3D"= _blank" rel=3D"noopener">CVE-2026-1462</a></td>
<a href=3D"
https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c"=
target=3D"_blank" rel=3D"noopener">
https://huntr.com/bounties/7e78d6f1-697= 7-4300-b595-e81bdbda331c</a><br><a href=3D"
https://github.com/keras-team/ke= ras/commit/b6773d3decaef1b05d8e794458e148cb362f163f" target=3D"_blank" rel= =3D"noopener">
https://github.com/keras-team/keras/commit/b6773d3decaef1b05d= 8e794458e148cb362f163f</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Pegasystems--Pega Infinity</td>
<td>Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Inj= ection vulnerability in a user interface component. Requires a high privile= ged user with a developer role.</td>
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1564" target=3D"= _blank" rel=3D"noopener">CVE-2026-1564</a></td>
<a href=3D"
https://support.pega.com/support-doc/pega-security-advisory-b26-= vulnerability-remediation-note" target=3D"_blank" rel=3D"noopener">
https://= support.pega.com/support-doc/pega-security-advisory-b26-vulnerability-remed= iation-note</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Pegasystems--Pega Infinity</td>
<td>Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cr= oss-Site Scripting vulnerability in a user interface component. Requires a = high privileged user with a developer role.</td>
<td>2026-04-15</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1711" target=3D"= _blank" rel=3D"noopener">CVE-2026-1711</a></td>
<a href=3D"
https://support.pega.com/support-doc/pega-security-advisory-d26-= vulnerability-remediation-note" target=3D"_blank" rel=3D"noopener">
https://= support.pega.com/support-doc/pega-security-advisory-d26-vulnerability-remed= iation-note</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">ASUS--DriverHub</td>
<td>An Incorrect Permission Assignment for Critical Resource vulnerability =
in the ASUS DriverHub update process allows privilege escalation due to imp= roper protection of required execution resources during the validation phas=
e, permitting a local user to make unprivileged modifications. This allows = the altered resource to pass system checks and be executed with elevated pr= ivileges upon a user-initiated update. Refer to the 'Security Update for AS=
US DriverHub' section on the ASUS Security Advisory for more information.</=
<td>2026-04-16</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-1880" target=3D"= _blank" rel=3D"noopener">CVE-2026-1880</a></td>
<a href=3D"
https://www.asus.com/security-advisory" target=3D"_blank" rel=3D= "noopener">
https://www.asus.com/security-advisory</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper input validation in data related to network restrictions prior=
to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrict= ions.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21003" target=3D= "_blank" rel=3D"noopener">CVE-2026-21003</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 = allows physical attackers to access to hidden notification contents.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21006" target=3D= "_blank" rel=3D"noopener">CVE-2026-21006</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper check for exceptional conditions in Device Care prior to SMR A= pr-2026 Release 1 allows physical attackers to bypass Knox Guard.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21007" target=3D= "_blank" rel=3D"noopener">CVE-2026-21007</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Exposure of sensitive information in S Share prior to SMR Apr-2026 Rele= ase 1 allows adjacent attacker to access sensitive information.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21008" target=3D= "_blank" rel=3D"noopener">CVE-2026-21008</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper check for exceptional conditions in Recents prior to SMR Apr-2= 026 Release 1 allows physical attacker to bypass App Pinning.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21009" target=3D= "_blank" rel=3D"noopener">CVE-2026-21009</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Incorrect privilege assignment in Bluetooth in Maintenance mode prior t=
o SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.= </td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21011" target=3D= "_blank" rel=3D"noopener">CVE-2026-21011</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>External control of file name in AODManager prior to SMR Apr-2026 Relea=
se 1 allows privileged local attacker to create file with system privilege.= </td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21012" target=3D= "_blank" rel=3D"noopener">CVE-2026-21012</a></td>
<a href=3D"
https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Galaxy Wearable</td>
<td>Incorrect default permission in Galaxy Wearable prior to version 2.2.68= .26 allows local attackers to access sensitive information.</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21013" target=3D= "_blank" rel=3D"noopener">CVE-2026-21013</a></td>
<a href=3D"
https://security.samsungmobile.com/serviceWeb.smsb?year=3D2026&m= onth=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungmobil= e.com/serviceWeb.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Samsung Mobile--Samsung Camera</td>
<td>Improper access control in Samsung Camera prior to version 16.5.00.28 a= llows local attacker to access location data. User interaction is required = for triggering this vulnerability.</td>
<td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21014" target=3D= "_blank" rel=3D"noopener">CVE-2026-21014</a></td>
<a href=3D"
https://security.samsungmobile.com/serviceWeb.smsb?year=3D2026&m= onth=3D04" target=3D"_blank" rel=3D"noopener">
https://security.samsungmobil= e.com/serviceWeb.smsb?year=3D2026&month=3D04</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Veeam--Backup and Replication</td>
<td>A vulnerability allowing a local attacker with administrator privileges=
to bypass Windows Driver Signature Enforcement.</td>
<td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21709" target=3D= "_blank" rel=3D"noopener">CVE-2026-21709</a></td>
<a href=3D"
https://www.veeam.com/kb4830" target=3D"_blank" rel=3D"noopener"= >
https://www.veeam.com/kb4830</a><br><a href=3D"
https://www.veeam.com/kb483=
1" target=3D"_blank" rel=3D"noopener">
https://www.veeam.com/kb4831</a><br>= =C2=A0</td>
</tr>
<td class=3D"vendor-product">CubeCart Limited--CubeCart</td>
<td>An OS command injection vulnerability exists in CubeCart prior to 6.6.0=
, which may allow a user with an administrative privilege to execute an arb= itrary OS command.</td>
<td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21719" target=3D= "_blank" rel=3D"noopener">CVE-2026-21719</a></td>
<a href=3D"
https://community.cubecart.com/t/cubecart-6-6-0-released-the-big= gest-update-in-years/62405" target=3D"_blank" rel=3D"noopener">
https://comm= unity.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62= 405</a><br><a href=3D"
https://jvn.jp/en/jp/JVN78422311/" target=3D"_blank" = rel=3D"noopener">
https://jvn.jp/en/jp/JVN78422311/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Imagination Technologies--Graphics DDK</td> <td>Software installed and run as a non-privileged user may conduct imprope=
r GPU system calls to gain write permission to read-only wrapped user-mode = memory and files. This is caused by improper handling of GPU memory reserva= tion protections.</td>
<td>2026-04-17</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-21733" target=3D= "_blank" rel=3D"noopener">CVE-2026-21733</a></td>
<a href=3D"
https://www.imaginationtech.com/gpu-driver-vulnerabilities/" tar= get=3D"_blank" rel=3D"noopener">
https://www.imaginationtech.com/gpu-driver-= vulnerabilities/</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Ubiquiti Inc--UniFi Play PowerAmp</td>
<td>An Improper Input Validation vulnerability could allow a malicious acto=
r with access to the UniFi Play network to cause the device to stop respond= ing.=E2=80=A8 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and ea= rlier)=E2=80=A8 UniFi Play Audio Port=C2=A0 (Version 1.0.24 and earlier)=E2= =80=A8 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later=E2= =80=A8 Update UniFi Play Audio Port=C2=A0 to Version 1.1.9 or later</td> <td>2026-04-13</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-22565" target=3D= "_blank" rel=3D"noopener">CVE-2026-22565</a></td>
<a href=3D"
https://community.ui.com/releases/Security-Advisory-Bulletin-063= /e468dd4b-5090-4ef8-89d8-939903c08e83" target=3D"_blank" rel=3D"noopener">h= ttps://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-50= 90-4ef8-89d8-939903c08e83</a><br>=C2=A0</td>
</tr>
<td class=3D"vendor-product">Microchip--IStaX</td>
<td>A privilege escalation vulnerability in Microchip IStaX allows an authe= nticated low-privileged user to recover a shared per-device cookie secret f= rom their own webstax_auth session cookie and forge a new cookie with admin= istrative privileges.This issue affects IStaX before 2026.03.</td> <td>2026-04-16</td>
<td>not yet calculated</td>
<td><a href=3D"
https://www.cve.org/CVERecord?id=3DCVE-2026-2336" target=3D"= _blank" rel=3D"noopener">CVE-2026-2336</a></td>
<a href=3D"
https://www.microchip.com/en-us/solutions/technologies/embedded-= security/how-to-report-potential-product-security-vulnerabilities/istax-pri= vilege-escalation-via-weak-cookie-authentication" target=3D"_blank" rel=3D"= noopener">
https://www.microchip.com/en-us/solutions/technologies/embedded-s= ecurity/how-to-report-potential-product-security-vulnerabilities/istax-priv= ilege-escalation-via-weak-cookie-authentication</a><br>=C2=A0</td>
</tr>
</tbody>
</table>
<p><a href=3D"#top">Back to top</a></p>
</div>
</div>
</div>
<style>body {
font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: norma=
l; font-style: normal; color: #333333;
}
</style>
=20
<div id=3D"mail_footer">
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; colo=
r: #757575;">Having trouble viewing this message?=C2=A0</span><a href=3D"ht= tps://content.govdelivery.com/accounts/USDHSCISA/bulletins/413c4ad" target= =3D"_blank" rel=3D"noopener">View it as a webpage</a>.=C2=A0<a href=3D"http= s://content.govdelivery.com/accounts/USDHS/bulletins/292141e" target=3D"_bl= ank" rel=3D"noopener"></a><span style=3D"font-size: 10.0pt; color: #757575;= "></span></p>
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">You are subscribed to updates from the </span><a href=3D"
https://w= ww.cisa.gov"><span style=3D"font-size: 10.0pt;">Cybersecurity and Infrastru= cture Security Agency</span></a><span style=3D"font-size: 10.0pt; color: #7= 57575;"> (CISA)<br></span><a href=3D"
https://public.govdelivery.com/account= s/USDHSCISA/subscriber/edit?preferences=3Dtrue#tab1" target=3D"_blank" rel= =3D"noopener"><span style=3D"font-size: 10.0pt; color: #00568c;">Manage Sub= scriptions</span></a>=C2=A0=C2=A0<span style=3D"font-size: 10.0pt; color: #= 757575;">|=C2=A0=C2=A0</span><a href=3D"
https://www.cisa.gov/privacy-policy=
" target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; colo=
r: #00568c;">Privacy Policy</span></a><span style=3D"font-size: 10.0pt; col= or: #757575;">=C2=A0=C2=A0|=C2=A0 <a href=3D"
https://subscriberhelp.granicu= s.com/s/article/Subscriber-Help-Center" target=3D"_blank" rel=3D"noopener">= Help</a><a href=3D"
https://insights.govdelivery.com/Communications/Subscrib= er_Help_Center" target=3D"_blank" rel=3D"noopener"></a></span><span style= =3D"font-size: 10.0pt; color: #757575;"></span></p>
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">Connect with CISA: <br></span><a href=3D"
https://www.facebook.com/= CISA" target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; = color: #00568c;">Facebook</span></a><span style=3D"font-size: 10.0pt; color=
: #757575;">=C2=A0 |=C2=A0 </span><a href=3D"
https://twitter.com/CISAgov" t= arget=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: = #00568c;">Twitter</span></a><span style=3D"font-size: 10.0pt; color: #75757= 5;">=C2=A0 |=C2=A0 </span><a href=3D"
https://Instagram.com/cisagov" target= =3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: #0056= 8c;">Instagram</span></a><span style=3D"font-size: 10.0pt; color: #757575;"= >=C2=A0 |=C2=A0 </span><a href=3D"
https://www.linkedin.com/company/cybersec= urity-and-infrastructure-security-agency" target=3D"_blank" rel=3D"noopener= "><span style=3D"font-size: 10.0pt; color: #00568c;">LinkedIn</span></a><sp=
an style=3D"font-size: 10.0pt; color: #757575;">=C2=A0 |=C2=A0=C2=A0 </span= ><a href=3D"
https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A" targe= t=3D"_self"><span style=3D"font-size: 10.0pt; color: #00568c;">YouTube</spa= n></a><span style=3D"font-size: 10.0pt; color: #757575;"></span></p>
</div>
<div id=3D"tagline">
<hr>
<table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=
<tbody>
<td style=3D"color: #757575; font-size: 10px; font-family: Arial;" width=3D= "89%">This email was sent to
cisa@toolazy.synchro.net using GovDelivery Com= munications Cloud, on behalf of: Cybersecurity and Infrastructure Security = Agency =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202</td>
<td align=3D"right" width=3D"11%"><a href=3D"
https://subscriberhelp.granicu= s.com/" target=3D"_blank" rel=3D"noopener"><img src=3D"
https://content.govd= elivery.com/images/govd-logo-dark.png" border=3D"0" alt=3D"GovDelivery logo=
" width=3D"115"></a></td>
</tr>
</tbody>
</table>
<style type=3D"text/css">body .abe-column-block { min-height: 5px; } table.= gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_ta= ble div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell=
img {margin-left:0px; margin-right:0px;}</style>
</div>
</td>
</tr>
</table>
<img alt=3D"" src=3D"
https://links-2.govdelivery.com/CI0/0101019dac2bf026-3= 6ac8dbc-b172-4338-a360-851c2e6eff79-000000/fTAo-o54Yt91Kvk3hnoz9bLKCdWkqw23= -dROxwHrG8k=3D452" style=3D"display: none; width: 1px; height: 1px;">
</body>
</html>
--===============3904973969769106710==--
--===============6153051594857359952==--
------------=_69E671B3.45FEFFAF--