CVE Vulnerabilities - 1 April 2026

A vulnerability in TinaCMS's media endpoints allows attackers to access and modify files outside the intended media directory by creating symlinks or junctions. This can lead to unauthorized access to...

Attackers can inject JavaScript code into form titles, which can be executed in the browser of any user who views the page. This can happen even if the attacker doesn't have an account. To fix this, t...

A security issue in OpenClaw Gateway allows an attacker with limited permissions to reset and take control of a session, even if they shouldn't have that power. This could be exploited by a malicious ...

The Amelia plugin for WordPress, used to manage appointments and events, has a security flaw that could allow hackers to access sensitive information from the database. This issue affects all versions...

Legacy XenForo profile posts can allow attackers to inject malicious scripts, which can be executed when other users view the content. This could lead to unauthorized actions or data theft. Update to ...

If you use XenForo, make sure you're running version 2.3.9 or later. Earlier versions can be exploited by attackers to inject malicious code into your forum, which could harm users or steal sensitive ...

A security flaw in the z-9527 admin software allows an attacker to remotely manipulate user permissions. This could potentially allow unauthorized access to sensitive areas of the software. Users shou...

A flaw in the user registration process of Gougucms 4.08.18 allows an attacker to manipulate data. This could be done from anywhere on the internet, and an exploit is already available. We recommend u...

A security issue exists in Connext Professional, a software component used for data exchange, that could allow unauthorized access to sensitive data. This issue affects multiple versions of the softwa...

XenForo software versions 2.2.17 and earlier, as well as 2.3.1, can redirect users to any website by entering a specially crafted URL. This could trick users into visiting fake or malicious sites. To ...

Adobe Acrobat can crash when processing certain PDF files with a specific type of loop. This can happen if attackers craft a PDF with malicious JavaScript code that refers to itself in a loop. To stay...

If multiple people share a computer or browser, sensitive user information may be visible to others. This is because the information is stored in the browser cache. To fix this, update XenForo to vers...

If you use XenForo, an attacker could inject malicious code into posts that execute when users interact with them. This can lead to unauthorized actions or data theft. Update to XenForo 2.3.9 or 2.2.1...

Safari's internal cache can be exploited by malicious JavaScript, potentially leading to data exposure or a browser crash. Affected users should update to the latest version of Safari to ensure their ...

Adobe Acrobat Reader may crash if it's opened with a malicious PDF that's missing required data, which could disrupt business operations. This issue affects PDF file handling in Adobe Acrobat Reader. ...

YesWiki has a security flaw that allows malicious code to be injected into a user's browser when they visit a specially crafted URL. This could lead to unauthorized access to sensitive information or ...

An authenticated user with permission to view certain data may be able to access protected fields in Parse Server. This could allow them to gain information they shouldn't have. Update to version 8.6....

If you're using an outdated version of Parse Server, an authenticated user might be able to keep their session active forever. This is a security risk because it could allow unauthorized access to you...

Adobe Acrobat's PDF editing features can leave sensitive information in printed documents or allow it to remain visible on screen. This can happen when editing or redacting sensitive documents, and it...

If you use the Contact Form 7, WPforms, or Elementor forms plugin on your WordPress site, an attacker with high-level access can steal sensitive information like names, emails, and phone numbers from ...

An attacker can inject malicious code into the BloodBank Managing System 1.0 admin panel, potentially taking control of it. This could allow them to access sensitive information, delete data, or disru...

A security weakness in the Gougucms 4.08.18 system makes it possible for hackers to inject malicious code into the site, potentially allowing them to steal user data or take control of the site. This ...

A vulnerability in OpenClaw's image download feature allows a malicious FAL relay to access internal URLs and potentially expose sensitive metadata or service responses. This affects OpenClaw versions...