CVE Vulnerabilities - 8 April 2026

The BEAR plugin for WordPress has a security flaw that allows attackers to delete product categories and other taxonomies without permission. This could happen if an administrator clicks on a maliciou...

The Blog2Social plugin for WordPress has a security flaw that lets attackers with a certain level of account access modify or delete scheduled social media posts that belong to other users. This means...

An attacker can trick an administrator into clicking a link, allowing them to change plugin settings without permission. This can happen in all versions of the Quran Translations plugin for WordPress ...

Cosign, a code signing tool, had a flaw that allowed it to incorrectly verify malicious code as legitimate. This flaw was fixed in versions 3.0.6 and 2.6.3. Users should update to the latest version t...

The LightRAG API allows attackers to create fake login tokens, allowing them to access protected resources without a valid account. This is because the API doesn't properly check the type of token bei...

A vulnerability in parisneo/lollms allows an attacker to keep using an old session after a password reset, potentially giving them continued access to a compromised account. This happens because the a...

If you use Kube-router with per-node BGP passwords and enable detailed logging, anyone with access to the logs can see the passwords. This is a concern because logging is often shared with support tea...

LiquidJS templates can crash due to excessive memory use when an attacker adds a lot of replacements in a template. This can happen when the template tries to replace a pattern with a long string many...

The SourceCodester Sales and Inventory System version 1.0 contains a security weakness that can be exploited by hackers to inject malicious code into the system. This could allow unauthorized access t...

A security vulnerability in Easy Blog Site 1.0 allows attackers to inject malicious code into blog posts. This can happen when a user submits a post title with malicious code, potentially compromising...

A security issue exists in older versions of the Dell PowerProtect Agent that can allow a low-level user with access to the system to potentially view sensitive information. This could be exploited by...

A security update has been released for GitLab to fix a vulnerability that could allow an authorized user with special permissions to accidentally remove or demote users with higher-level access. This...

A security issue exists in JustHTML when using custom settings to allow certain HTML elements. If you've set up JustHTML to allow specific elements like SVG or MathML, an attacker could inject malicio...

This CVE has been removed from the list due to a lack of valid information. As a result, there is no known vulnerability to report. No action is necessary.

A security issue in the WP Super Cache plugin for WordPress allows hackers to access sensitive files on a website. This means that an attacker could potentially read or modify sensitive data, such as ...

The Duplicator Pro plugin for WordPress has a vulnerability that could allow an attacker to execute malicious code on a website. This means a hacker could potentially take control of a site by exploit...

Apache Tomcat's Web Application Manager is vulnerable to a remote code execution attack, allowing an attacker to execute arbitrary code on a server. This means that an attacker could potentially acces...

A flaw in the Apache HTTP Server can allow attackers to run malicious code on affected servers without needing a password. This could allow hackers to take control of the server or steal sensitive dat...

A popular WordPress plugin used for website caching has a weakness that could allow an attacker to obtain sensitive data from websites using it. This could potentially lead to unauthorized access to s...

Adobe Acrobat Reader has a vulnerability that could allow attackers to execute malicious code on your computer if you open a specially crafted PDF file. This could lead to unauthorized access to your ...

A security issue in older versions of Google Chrome could allow a malicious website to access sensitive information from your browser. This is a low-risk issue, but it's still essential to update your...

A security issue in older versions of Google Chrome could allow a malicious extension to crash the browser and potentially cause other issues. If a user installs a malicious extension, it could lead t...

A bug in older versions of Google Chrome allowed an attacker to trick a user into bypassing navigation restrictions by showing a specially crafted web page. This could potentially allow the attacker t...

A security issue in older versions of Google Chrome on Android allows hackers who have taken control of a user's browser to access and manipulate sensitive media information. This could potentially le...

A security issue in older versions of Google Chrome could allow a hacker to trick a user into installing a malicious extension that can bypass rules set by your company to control cookie settings. Thi...