CVE Vulnerabilities - 8 April 2026

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to...

A flaw in the @delmaredigital/payload-puck plugin for PayloadCMS allows unauthorized access to certain features of the Puck visual page builder. This means that an attacker could potentially access or...

Certain IBM software versions allow a user with local access to gain elevated system privileges. This could lead to unauthorized changes to the system or data. Update to the latest fixed version to re...

Emmett, a Python web framework, has a security weakness that allows attackers to access internal files. This means an attacker could potentially read sensitive information that should not be publicly ...

A software library used for managing user sessions incorrectly handles failed decryption, allowing an attacker to manipulate user sessions without a password. This could lead to unauthorized access to...

Emissary workflows before version 8.39.0 can be compromised if an attacker with repository access injects malicious code. This allows the attacker to affect all users who rely on the workflow. Update ...

The Product Feed PRO for WooCommerce plugin for WordPress is vulnerable to a type of attack where an attacker tricks an administrator into performing an unintended action. This could lead to unintende...

IBM Langflow Desktop versions 1.6.0 to 1.8.2 have a security issue that allows an authorized user to run unauthorized code on the system. This can happen if the software is set up with a default secur...

A security patch fixed a way for an authenticated user to steal another user's password and log in as them. This happened because passwords were stored in an easily guessable format and shared in API ...

Multiple IBM Verify products have a security issue that could allow a user with local access to execute unauthorized scripts. This could potentially allow an attacker to take control of the system. IB...

IBM Tivoli Netcool Impact stores sensitive information in log files that can be accessed by local users. This means that unauthorized individuals with access to the system can potentially view sensiti...

A security issue in File Browser allows anyone to download shared files even after permissions have been removed. This is fixed in version 2.63.1. Update to this version to ensure shared files are pro...

A bug in RedwoodSDK allowed attackers to use GET requests to perform actions intended for other HTTP methods. This could have allowed unauthorized changes to a website's state. Update to version 1.0.6...

An older version of the File Browser software allowed newly created users to execute files even if they shouldn't have permission to do so. This has been fixed in version 2.63.1. If you're using File ...

The ASDA-Soft software has a weakness that allows an attacker to potentially inject malicious data into the system, which can lead to unauthorized changes or disruptions. This could happen if an attac...

AVideo versions 26.0 and prior allow an authenticated user to access and read local files on the server. This can be exploited to reveal sensitive information, such as passwords and application source...

A critical issue in Amazon Firecracker 1.13.0 through 1.14.3 and 1.15.0 might allow a local user with administrative privileges in a virtual machine to crash the program running the virtual machine or...

If you use Drizzle ORM, an attacker could potentially inject malicious code into your database by manipulating the text you send to the database. This is fixed in versions 0.45.2 and 1.0.0-beta.20. Up...

A bug in FastFeedParser causes it to crash when parsing URLs that contain a specific type of redirect. This could allow an attacker to take down the system. Update to version 0.5.10 or later to fix th...

A security issue in the Addressable Ruby gem can cause the system to run out of memory if a malicious URL is processed. This happens when the gem tries to match a specific type of URL pattern. If you'...

The File Browser's hook system has a security flaw that allows an attacker to execute unauthorized commands on the server. This could lead to malicious files being uploaded and potentially harming the...

Certain IBM Verify and IBM Security Verify Access versions allow an attacker to bypass security restrictions and access internal authentication endpoints, which could lead to unauthorized access to se...

A software error in Emissary's workflow engine can allow attackers to inject malicious commands, potentially leading to data theft or system compromise. To protect your system, update to version 8.39....

AVideo's open source video platform has a security issue that allows attackers to trick the system into downloading malicious files. This can happen when a user uploads a file with a malicious URL, wh...

The Skilleton software has a security weakness in how it handles certain inputs. This could allow an attacker to cause the software to behave unexpectedly or inefficiently. To fix this, update to vers...