CVE Vulnerabilities - 8 April 2026

A security weakness in Blackfyre software allows an attacker to trick users into performing actions without their knowledge or consent. This issue affects Blackfyre versions from an unknown version up...

If not set properly, the RPS Include Content plugin can be accessed by unauthorized users, potentially allowing them to view sensitive information. This issue affects RPS Include Content versions 1.2....

The Grand Car Rental website is vulnerable to a security issue known as Cross-Site Request Forgery. This means that an attacker could trick someone into doing something they didn't intend to do on the...

The WP Blockade plugin for WordPress is affected by a security issue that could let an attacker with a Subscriber-level account or above execute malicious shortcodes, potentially leading to informatio...

An attacker-controlled URL is stored on the WWBN AVideo server, which can be used to make unauthorized requests to internal services. This affects authenticated streamers in versions 26.0 and prior. T...

AVideo's outdated PayPal payment handler in versions 26.0 and prior can be exploited by attackers to inflate their wallet balance and renew subscriptions repeatedly. This is caused by a lack of transa...

The Post Blocks & Tools plugin for WordPress has a security flaw that allows attackers to inject malicious scripts on pages. This means that if an attacker has permission to edit a page, they can add ...

A security flaw in the Pagelayer plugin for WordPress allows attackers with high-level access to inject malicious code into pages. This can happen when a user visits the affected page. To fix this iss...

Non-root users in certain Red Hat Process Automation Manager containers can gain full root access, allowing them to perform any action within the container. This happens when a user in the root group ...

Certain OpenShift Update Service images create a file with weak permissions, allowing a non-root user to gain full control of the container by adding themselves as a root user. To fix this, users shou...

Non-root users in certain Web Terminal images can exploit a flaw to gain complete control over the container. This is because the /etc/passwd file was created with permissions that allow non-root user...

Certain Multicluster Engine for Kubernetes images have a security issue that allows an attacker to gain full control of a container. This occurs when an attacker can modify the /etc/passwd file, which...

Certain Ansible images have a security flaw that allows a non-root user to gain full control of the container by manipulating the /etc/passwd file, potentially allowing unauthorized access to sensitiv...

The Beaver Builder plugin for WordPress has a security flaw that lets attackers inject malicious code into website pages. This could allow an attacker to take control of a website's content or steal u...

The WP Visitor Statistics plugin for WordPress has a security weakness that allows authorized users to inject malicious scripts into certain pages. This can happen if a contributor or higher-level use...

The Robo Gallery plugin for WordPress has a security flaw that allows attackers to inject malicious code into web pages. This can happen when an authenticated user with author-level access or above cr...

The pdfl.io plugin for WordPress has a security flaw that allows attackers to inject malicious code into web pages. This can happen if a website using the plugin allows users with certain access level...

An attacker with Contributor-level access and above can inject malicious scripts into the PrivateContent Free plugin for WordPress, which can execute when a user accesses the affected page. This is du...

The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to a security flaw that allows attackers to inject malicious code into pages. This could happen if an authenticated user wit...

The Element Pack Addons for Elementor plugin has a security risk that allows attackers to inject malicious code into SVG files. This can happen if an attacker with contributor-level access uploads a m...

A security weakness in the WowPress plugin for WordPress allows attackers to inject malicious code into certain pages, which can harm users who visit those pages. This affects all versions of the plug...

The Wavr plugin for WordPress is insecure, allowing attackers to inject malicious scripts into pages, which can execute when users access those pages. This affects all versions up to and including 0.2...

An attacker with contributor access can inject malicious scripts into pages that are accessed by other users, potentially allowing them to steal data or take control of user sessions. This affects all...

The Columns by BestWebSoft plugin for WordPress is at risk because an attacker with admin-level access can inject malicious code into pages that will be executed when visited. This can happen if an ad...

The Pinterest Site Verification plugin for WordPress, used in versions up to 1.8, has a security flaw that allows an attacker to inject malicious code into a website. This can harm users who visit the...