CVE Vulnerabilities - 8 April 2026

The Download Monitor plugin for WordPress is at risk because it doesn't properly check the source of some requests. This could allow an attacker to trick an administrator into deleting, disabling, or ...

AVideo's Electronic Program Guide feature in versions 26.0 and earlier allows attackers to inject malicious JavaScript code into the guide, which can steal user sessions and take control of accounts w...

LangChain's prompt templates may evaluate untrusted expressions, potentially leading to security risks if untrusted template strings are accepted. This issue affects applications that use untrusted te...

LangChain's prompt template validation is incomplete, allowing malicious code to be injected into templates. This can lead to formatting errors or even security issues if untrusted data is used in tem...

If you use InvenTree, be aware that versions prior to 1.2.7 and 1.3.0 allow authenticated users to download images from any URL, which could be malicious. This means an attacker could trick a user int...

The OpenTelemetry-go library reads the full HTTP response body without limits, which allows an attacker who controls the collector endpoint to cause a memory crash. This is a serious issue if you send...

LiquidJS templates can leak sensitive data, such as API keys, if the `ownPropertyOnly` security option is used. This happens when sorting data in a multi-tenant template system. To fix, update to the ...

Flipmart versions 2.8 and below have a security issue that allows unauthorized users to access sensitive content. This is a concern because it could lead to sensitive data being exposed or manipulated...

A bug in G5Plus April software allows hackers to access sensitive areas of a website without permission. This means that if the security settings are not properly configured, attackers can see or even...

A security flaw in tagDiv Composer allows an attacker to inject malicious code into web pages. This could compromise the security of websites that use the software. Update to version 5.4.3 or later to...

A security problem in Make My Trivia allows unauthorized users to access areas they shouldn't. If your Make My Trivia software is configured incorrectly, attackers can exploit this weakness. Update to...

The Precious Metals Automated Product Pricing Pro software has a security weakness that could allow unauthorized access to sensitive areas. This could lead to data theft or manipulation. Update the so...

The WowOptin plugin for WordPress has a security issue that could allow unauthorized access to sensitive data. This affects versions of the plugin installed on WordPress websites. To fix this, update ...

A security flaw in PublisherDesk allows attackers to access sensitive configuration files without permission. This affects PublisherDesk versions 1.0 through 1.5.0. To fix this, update to a newer vers...

A configuration error in Simply Schedule Appointments allows unauthorized users to access sessions they shouldn't be able to. This means that users with incorrect permissions can potentially access an...

A security weakness in the Author Avatars List/Block software lets attackers access data they shouldn't have. This affects versions of the software up to 2.1.25. To stay secure, update to the latest v...

A security flaw in Glowlogix WP Frontend Profile allows unauthorized access to user data when access control settings are incorrectly configured. This affects versions 1.3.9 and earlier of the plugin....

A security issue exists in linkPizza-Manager, a software used to manage links. This issue allows someone with the wrong configuration to access areas they shouldn't. You should update to the latest ve...

A security issue in the Diet Calorie Calculator allows unauthorized users to access sensitive information. This affects versions up to 1.1.1, so it's essential to update to a newer version to ensure s...

A security issue in the Pinpoint Booking System allows unauthorized users to access and potentially manipulate booking information. This affects all versions up to 2.9.9.6.5. To stay secure, update to...

A security flaw in ShipTime's discounted shipping rates feature allows unauthorized users to access and claim discounts they shouldn't have. This could lead to incorrect or unauthorized discounts bein...

An incorrectly configured security setting in Leadrebel can allow unauthorized users to access sensitive information. This affects versions of Leadrebel from an unknown version up to 1.0.2. To stay se...

A security issue in ProWCPlugins Product Price by Formula for WooCommerce can allow unauthorized access to product prices. This means that someone could potentially see or change prices without permis...

A security issue in Ultimate Member could allow unauthorized users to access sensitive data. This is because access control settings are not properly enforced. To fix this, update to a version of Ulti...

The LeadLovers Forms application has a security flaw that allows unauthorized users to access sensitive data. This issue affects all versions of LeadLovers Forms up to and including 1.0.2. To fix this...