CVE Vulnerabilities - 8 April 2026

AVideo's open source video platform has a security issue that allows attackers to trick the system into downloading malicious files. This can happen when a user uploads a file with a malicious URL, wh...

The Skilleton software has a security weakness in how it handles certain inputs. This could allow an attacker to cause the software to behave unexpectedly or inefficiently. To fix this, update to vers...

pyLoad's download manager has a security weakness that allows any user to change the SSL certificate and key file paths, potentially allowing unauthorized access to the system. This issue can be fixed...

An attacker-controlled URL is stored on the WWBN AVideo server, which can be used to make unauthorized requests to internal services. This affects authenticated streamers in versions 26.0 and prior. T...

AVideo's outdated PayPal payment handler in versions 26.0 and prior can be exploited by attackers to inflate their wallet balance and renew subscriptions repeatedly. This is caused by a lack of transa...

A security issue in The Plus Addons for Elementor plugin for WordPress allows authorized users to inject malicious code into website pages. This can happen when a contributor or higher-level user edit...

An attacker with contributor-level access to a WordPress site using the LatePoint plugin can inject malicious code that will run when users visit specific pages, potentially leading to unauthorized ac...

The Prime Slider – Addons for Elementor plugin on WordPress sites is vulnerable to a security risk that allows attackers to inject malicious code. This could allow an attacker with Author-level access...

The LearnPress WordPress plugin has a security flaw that lets attackers inject malicious code into course pages, potentially harming users who visit those pages. This vulnerability affects all version...

The Investi plugin for WordPress is vulnerable to a security risk that allows attackers to inject malicious code into web pages. This can happen when a user with Contributor-level access and above add...

The TableOn WordPress plugin has a security flaw that lets attackers inject malicious code into pages if they have a certain level of access. This could allow them to take control of or disrupt your w...

The Strong Testimonials plugin for WordPress has a security flaw that allows someone with contributor-level access to inject malicious code into pages, which can be executed when users visit those pag...

The LightPress Lightbox plugin for WordPress contains a security flaw that allows attackers with contributor access or above to inject malicious scripts into web pages. This can happen when a user acc...

An attacker with contributor-level access can inject malicious scripts into WordPress pages using the PowerPress plugin's shortcodes. This could potentially allow an attacker to take control of sensit...

The Elementor plugin for WordPress allows attackers to inject malicious code into pages, potentially exposing user data. This vulnerability affects all versions up to 3.35.5. To protect your site, upd...

If you use Hono to restrict access to your application, it may incorrectly allow or deny requests from IPv4 clients when they're connected to a system that uses both IPv4 and IPv6. This can happen if ...

Parse Server login endpoint reveals whether a user exists, potentially aiding attackers. This is fixed in versions 9.8.0-alpha.6 and 8.6.74. Update to a patched version to prevent unauthorized user en...

A flaw in File Browser's access rules allows unauthorized access to unintended directories. This could be exploited by an attacker to access sensitive files. Update to version 2.63.1 to fix this issue...

The Gravity Forms plugin for WordPress has a security flaw that allows attackers to inject malicious code into form entries. This can lead to unauthorized access to sensitive information when an admin...

The AWS SDK for Go v2 can crash if it receives a malformed response from a server. This can happen if a malicious actor sends a specially crafted response. To fix this, update to the latest version of...

A malicious response from AWS can cause the Go SDK to crash, potentially disrupting services. This issue affects older versions of the AWS SDK for Go v2. To fix it, update to the latest version of the...

A security issue affects the Hono framework, allowing attackers to write files outside the intended output directory during static site generation. This could lead to unintended files being overwritte...

MATCHA SNS users may be at risk of having malicious scripts executed on their web browsers if they visit a compromised website. This could potentially lead to unauthorized actions or data theft. Users...

An authenticated user with 'ADD' or 'DELETE' permission can execute actions meant for 'MODIFY' permission. This can lead to unintended changes to the system. To fix this, update the WebUI JSON endpoin...

The Download Monitor plugin for WordPress is at risk because it doesn't properly check the source of some requests. This could allow an attacker to trick an administrator into deleting, disabling, or ...