CVE Vulnerabilities - 14 April 2026

An attacker with local access can exploit a weakness in Windows TDI Translation Driver to gain administrator-level control over a system. This could allow the attacker to install malware, change syste...

An issue in the Windows Ancillary Function Driver for WinSock could allow a local attacker to access sensitive data or take control of the system. This driver is used in Windows networks, so affected ...

The Windows Ancillary Function Driver for WinSock has a bug that allows a malicious user with administrative rights to potentially gain even higher-level access to the system. This means an attacker c...

A bug in Windows Server Update Service could let an authorized user gain extra privileges on the system. This is a concern because it could allow an attacker to take control of your server. To protect...

An issue in the Windows Ancillary Function Driver for WinSock could allow a malicious user to gain more access to a Windows system than they should. This is a security concern because it could be expl...

An attacker with authorized access to Windows Shell can potentially gain elevated privileges on a local machine. This means they could gain control over the system or access sensitive information. To ...

A security flaw in Windows Shell could let a malicious user gain more access to a computer than they should have. This could happen if an attacker knows how to exploit the issue. To protect your syste...

Sensitive information in Windows Cryptographic Services is not properly secured, potentially allowing authorized attackers to escalate their privileges locally. This could lead to unauthorized access ...

An attacker with administrative access can exploit a flaw in the Windows AppLocker Driver to gain elevated privileges on a local machine, potentially allowing them to access or modify sensitive data. ...

A security issue in ImageMagick can cause it to crash or behave unexpectedly when processing certain types of image files. This can allow an attacker to potentially disrupt service or execute code. Up...

AVideo's CloneSite feature has a bug that lets attackers delete files they shouldn't be able to. This is a problem because sensitive data could be deleted or overwritten. To fix this, update to the la...

Large wikis using XWiki's REST APIs may experience performance issues due to excessive resource usage. This can happen when a malicious user requests a list of all pages. To fix this, update to XWiki ...

Serendipity's authentication cookies can be set to target an attacker's website, allowing them to hijack user sessions. This happens when an attacker controls the 'Host' header during login, which can...

A flaw in the Free5GC UDR service allows unauthorized updates to Policy Data notification subscriptions if the service receives invalid or incomplete input. This could lead to unintended modifications...

This issue affects NetApp's FlashArray Purity software, which may not follow the intended snapshot retention schedule. This could lead to unexpected data loss or retention. Affected administrators sho...

A password for a router's SNMP (Simple Network Management Protocol) feature is hardcoded, allowing anyone to access sensitive information without needing a password. This could lead to unauthorized ac...

Apache Struts contains a security issue that allows attackers to manipulate log entries by altering a specific request. This could potentially lead to false or misleading information in the logs. To p...

An issue with a Microsoft Exchange Server or related product allows an attacker to keep trying different passwords until they guess correctly. This could let a hacker access a user's account. To fix t...

A weakness in a popular web admin tool could allow an attacker to overwrite critical files by sending malicious input in a specific request. This could lead to data loss or system compromise. Update t...

A critical flaw in the Keycloak login page for organization selection can allow a hacker with administrative privileges to inject malicious code into a user's browser, potentially leading to stolen se...

MaxKB's chat interface in versions 2.7.1 and below can let attackers inject malicious code into other users' browsers, including admins. This can lead to stolen data or compromised accounts. Update to...

Versions of MaxKB AI Assistant 2.7.1 and below are vulnerable to a security flaw that allows attackers to inject malicious JavaScript code into the application's chat interface. This could potentially...

## Summary When an HTTP request follows a cross-domain redirect (301/302/307/308), `follow-redirects` only strips `authorization`, `proxy-authorization`, and `cookie` headers (matched by regex at ind...

A specially crafted GraphQL query with many repeated fields can cause the graphql-php library to use excessive CPU resources, potentially leading to slow or crashed queries. This issue affects GraphQL...

A flaw in the Windows USB Print Driver can be exploited by an attacker with physical access to the system, allowing them to potentially gain elevated privileges. This means a malicious person could ga...