CVE Vulnerabilities - 14 April 2026

An issue in Windows IIS using the .NET Framework can cause a denial of service (DoS) if an attacker exploits it. This affects web servers running IIS with the .NET Framework, and if not addressed, cou...

A security issue in certain versions of FortiSOAR software allows an attacker who can intercept and replay two-factor authentication requests to gain unauthorized access. This requires the attacker to...

If you use Deno's permission prompts, a malicious program can trick users into granting access by clearing the screen and displaying a fake message. This only affects users who run Deno in an interact...

Apache APISIX versions 0.7 through 3.15.0 transmit sensitive information in plain text when using the OpenID Connect plugin without HTTPS encryption. This means that sensitive data could be intercepte...

The JetEngine plugin for WordPress has a security flaw that lets attackers steal sensitive information from the database. If you have this plugin installed, make sure it's updated to the latest versio...

A security issue in jq's JSON processing could allow an attacker to cause a denial-of-service (slowdown) by submitting a large, specially crafted JSON file. This could impact systems that rely on jq, ...

The jq JSON processor had a security flaw that made it slow down or crash when given a specially crafted JSON file. This could happen in various applications that use jq, such as continuous integratio...

Nest Microservices may crash if an attacker sends a large number of small, valid JSON messages, causing the system to run out of memory and crash. This issue has been fixed in version 11.1.19 of the @...

Nest microservices may crash if an attacker sends a large number of small, valid JSON messages in a single TCP frame. This can cause the call stack to overflow, leading to a crash. Update to Nest vers...

Some versions of ImageMagick can be tricked into running unwanted code if it's given a specially crafted image. This could allow hackers to take control of your system. Update to a fixed version to pr...

ImageMagick's software may crash or freeze when editing very complex XML files, which can cause disruptions to your image editing workflow. This issue has been fixed in newer versions of the software....

This update addresses four security issues that could allow attackers to crash a server or make it slow down. This could happen if an attacker sends a specially crafted message to a Node.js applicatio...

Eclipse Jetty's HTTP parser allows attackers to inject malicious requests by exploiting a weakness in how it handles chunk extensions. This can lead to security risks, such as unauthorized data access...

A security flaw in Windows Universal Plug and Play (UPnP) Device Host allows an attacker to run malicious code on a Windows computer without permission. This could potentially lead to unauthorized acc...

A security weakness in upKeeper Instant Privilege Access allows an attacker to take control of a privileged thread of execution, potentially gaining unauthorized access to sensitive information or sys...

Kiota versions prior to 1.31.1 allow attackers to inject malicious code into generated clients if they control the OpenAPI description or if it's been tampered with. This can happen when Kiota generat...

A bug in older versions of libsixel can cause a program to crash or run malicious code if it processes certain image files. This issue affects versions prior to 1.8.7-r1. To fix this, update to the la...

An attacker with authorized access to a Windows system with Hyper-V enabled can exploit a flaw in input validation to execute malicious code locally, potentially leading to unauthorized actions. This ...

A weakness in SINEC NMS's user authentication means an attacker can gain access without a password. This could let an attacker access the application without permission, which could lead to sensitive ...

Authenticated users can delete emails assigned to others if the Email Dropbox feature is enabled. This is a security risk, so update to version 0.26.0 or disable the Email Dropbox feature to prevent u...

A critical vulnerability in FortiWeb web application firewall versions 8.0.0 to 8.0.3, 7.6.0 to 7.6.6, and 7.4.0 to 7.4.11 could allow attackers to inject malicious code, potentially taking control of...

Versions of BoidCMS before 2.1.3 are vulnerable to a serious security flaw that lets an attacker access and potentially run files on the server. This could allow an authorized user to upload a malicio...

Serendipity, a blogging platform, has a security issue that allows attackers to control email headers. This could be used to send spam emails or make it look like emails are coming from someone else. ...

An attacker can access and control email settings without a password, potentially allowing them to send spam emails from the server and reveal internal network information. This issue has been fixed i...

Certain versions of Fortinet's FortiAnalyzer and FortiManager software have a security flaw that could allow an attacker with permission to execute unauthorized code. This is a serious issue because i...