CVE Vulnerabilities - 14 April 2026

A security issue affects AsyncHttpClient, allowing an attacker to steal credentials when the software redirects to a different domain. This can happen when the software is configured to follow redirec...

A security issue in AsyncHttpClient allows attackers to capture credentials when a user is redirected to a different website. To fix this, update to version 3.0.9 or set the stripAuthorizationOnRedire...

An attacker can use malicious input to gain elevated privileges on a SQL Server database, potentially allowing them to access sensitive data or disrupt operations. This issue affects SQL Server instal...

SQL Server has a security weakness that could allow an authorized user to gain unauthorized access to its database. This could happen if an attacker enters specific, malicious information into a datab...

An attacker with local access to a Windows system can exploit this issue to gain elevated privileges. This could allow them to install malicious software or access sensitive data. Users should apply t...

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7....

Certain versions of Fortinet FortiClientEMS are vulnerable to a SQL injection attack, which could allow an attacker to execute unauthorized code or commands. This could potentially lead to unauthorize...

A security issue in Fortinet FortiSandbox versions 5.0.0 to 5.0.5, 4.4.0 to 4.4.8, and all versions of 4.2, and FortiSandbox Cloud 5.0.4 and FortiSandbox PaaS 5.0.4 allows a skilled attacker to delete...

If you're using frp with routeByHTTPUser for access control, an attacker may be able to access a protected backend without the correct password. This is because frp uses different credentials for rout...

A fix to prevent directory traversal was not fully implemented, allowing attackers to access sensitive files by manipulating the URL's query string. This can lead to unauthorized access to sensitive d...

A fix for a previous vulnerability in WWBN AVideo was not fully effective. Attackers can still access arbitrary files on the server by using a specific type of URL query string. To protect against thi...

If you're using an outdated version of Jellyfin, an attacker could potentially crash your media server by sending a very long group name. This would make it harder for others to use the service. Updat...

An attacker can see the live stream keys and OAuth tokens of other users, including those from services like YouTube Live and Twitch. This can happen when an attacker knows the username of the user th...

A security flaw in XWiki's page history compare feature allows an attacker to execute malicious code in the user's browser. If the user is an administrator, this could compromise the entire XWiki inst...

A security issue in older versions of Chamilo LMS allows students to access private course notes belonging to other users. This is a concern because sensitive information could be revealed. To fix thi...

An issue in Windows Shell may allow an attacker to access sensitive information that should not be shared. This could happen if an attacker is able to connect to the same network as the affected syste...

Attackers on your network might be able to see sensitive information about your devices and network setup. This is a security risk because it could let hackers learn more about your network layout and...

A weakness in the Windows Local Security Authority Subsystem Service could allow an attacker to access sensitive data. This affects Windows systems and could lead to unauthorized access to user creden...

Fortinet FortiSOAR PaaS versions 7.6.0 to 7.6.3 and all versions of 7.5, 7.4, and 7.3 may allow an attacker to access files they shouldn't be able to access. This is a concern because it could lead to...

FortiSOAR software versions 7.6.0 through 7.6.3, 7.5.0 through 7.5.2, and 7.4, as well as on-premise versions 7.6.0 through 7.6.2 and 7.5.0 through 7.5.1, may allow attackers to intercept and read sen...

Fortinet's FortiOS versions 7.0 through 7.6 and 6.2.9 through 6.4 are vulnerable to a critical issue that allows an attacker to execute unauthorized code or commands. This means an attacker could pote...

The Germanized for WooCommerce plugin for WordPress has a security flaw that allows hackers to run code of their choice on your website without needing a password. This is a serious issue because it a...

An attacker with limited access to SAP's Human Capital Management system for S/4HANA can accidentally get sensitive information by guessing specific error messages. This could lead to unauthorized acc...

An authenticated user can potentially access sensitive information they shouldn't have access to. This is a confidentiality risk, not a data breach or system crash. SAP is expected to release a patch ...

The gdown library can extract files from archives in a way that allows malicious files to be written outside the intended destination directory, potentially leading to sensitive data being overwritten...