CVE Vulnerabilities - 11 April 2026

A bug in the Sonos Era 300's handling of network requests allows hackers to execute code on your device without needing a password. This could allow them to access or manipulate your device's settings...

An attacker can execute arbitrary code on aws-mcp-server installations without needing a password. This is a serious security risk because it allows unauthorized access to the server. Update aws-mcp-s...

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication i...

The BuddyPress Groupblog plugin for WordPress has a security issue that lets attackers with limited access take control of any blog on a WordPress site, including the main site. This can happen when a...

If you use Labcenter Electronics Proteus, you should be aware that a malicious file can be used to run unauthorized code on your system if you open it or visit a bad website. This requires user intera...

Labcenter Electronics Proteus software has a security flaw that lets hackers run malicious code on your computer if you open a specially crafted file or visit a website that contains the file. This ca...

A flaw in Labcenter Electronics Proteus allows hackers to execute malicious code on your computer if you open a specially crafted file or visit a malicious website. This can happen if you're not caref...

A security flaw in Labcenter Electronics Proteus allows hackers to run malicious code on affected computers if a user opens a specially crafted file or visits a malicious website. This could potential...

NoMachine software may allow a local attacker to gain administrator access, potentially taking control of the system. This is a concern for businesses that use NoMachine for remote access and collabor...

NoMachine users are at risk of having their system compromised by unauthorized access if an attacker can run low-privileged code on the same machine. This can happen if the NoMachine software does not...

If someone tricks you into opening a malicious XPM file or visiting a fake website with a malicious XPM file, an attacker might be able to run malicious code on your computer. This affects GIMP instal...

GIMP, a popular image editing software, has a security flaw that could allow hackers to run malicious code on your computer if you open a specially crafted file or visit a malicious website. This mean...

If a user opens a malicious file or visits a malicious website, an attacker can potentially take control of their GIMP installation. This is a serious concern, especially for users who work with image...

A security flaw in GIMP can allow hackers to run malicious code on your computer if you visit a bad website or open a malicious file. To stay safe, you should update GIMP to the latest version or use ...

This vulnerability in GIMP allows hackers to execute malicious code on a computer if a user opens a specially crafted PSD file or visits a malicious website. If you use GIMP, update to the latest vers...

ChargePoint Home Flex devices are at risk of being hacked by someone on the same network, potentially allowing them to access and control the device. This is a serious issue because hackers can exploi...

If an attacker is connected to the same network as a ChargePoint Home Flex charger, they can potentially access and control the device, potentially leading to unauthorized access to your home's electr...

A vulnerability in ChargePoint Home Flex charging stations can reveal sensitive information without requiring login credentials. This could allow an attacker to access stored credentials and gain furt...

A security issue in OpenClaw allows attackers to access the system without entering a valid login. This means unauthorized users can potentially access sensitive areas of OpenClaw. To protect your sys...

A vulnerability in KeePassXC allows a local attacker to gain elevated access to the system if they can run low-privileged code on the target machine. This could potentially let the attacker execute ma...

The Optimole plugin for WordPress contains a security flaw that allows hackers to inject malicious code on any page, even if they're not logged in. This can happen when a user visits a page that has b...

An attacker with some privileges on a system with NoMachine installed can delete any file they choose, potentially causing data loss. This is a concern because sensitive files could be deleted, and it...

The LifterLMS plugin for WordPress has a security flaw that allows attackers with certain permissions to view sensitive information from the plugin's database. This is a serious issue because it could...

An attacker can access sensitive information on your OpenClaw installation, even if they're not logged in, by manipulating the path to files used by OpenClaw. This is a serious issue because it could ...

The GreenShift plugin for WordPress, used for animation and page building, has a security flaw. Attackers with contributor-level access can inject malicious scripts into pages, which can execute when ...