CVE Vulnerabilities - 14 April 2026

An attacker can update and delete sensitive data without permission. This is a serious issue because it could compromise the integrity of your SAP S/4HANA system. We recommend you apply the latest sec...

An attacker can update and delete sensitive company data without permission. This could lead to financial loss or disruption of business operations. Organizations should apply the latest security patc...

An attacker can update and delete equipment records without permission. This could lead to incorrect or malicious changes to critical business data. SAP S/4HANA users should ensure they have proper au...

Microsoft SharePoint Server's failure to properly validate user input can allow hackers to pretend to be a trusted source on the network, potentially leading to unauthorized access or data theft. This...

The ShopLentor WordPress plugin has a security weakness that allows an attacker with administrative access to inject malicious code into a website. This could allow the attacker to perform unauthorize...

The Booking.com Shortcode plugin for WordPress is affected by a security flaw that allows an attacker to inject malicious scripts into web pages. If an attacker with contributor-level access or higher...

If you use Adobe Framemaker 2022.8 or earlier, a malicious file could be used to access sensitive files on your system. This happens if you open the malicious file. We recommend updating to the latest...

Using Giskard's pattern matching feature, an attacker with access to a check definition can cause a denial of service by crafting a malicious pattern that makes the system take a long time to respond....

Adobe Acrobat Reader versions 26.001.21411 and earlier have a security flaw that could allow a malicious file to access your computer's files without your knowledge. This happens when you open a suspi...

The MaxKB open-source AI assistant has a security flaw in its ToolExecutor component that allows an attacker with certain permissions to execute malicious code and steal sensitive data from the networ...

Authenticated users with tool execution privileges can escape the security restrictions in MaxKB, allowing them to execute unauthorized code and access the network. This vulnerability affects versions...

ImageMagick versions before 7.1.2-19 can crash if given a specially crafted image file. This could potentially allow an attacker to make the software stop working. To fix this, update to version 7.1.2...

Attackers can pretend to be a legitimate user on a local network by exploiting a weakness in Windows Active Directory authentication. This could allow them to access sensitive information or disrupt s...

A security issue in goshs allows an attacker to delete files and create directories on a server even if they are not authenticated, as long as the victim is logged in. This can happen if a malicious w...

A security issue in Radware Alteon's vADC load-balancer allows an attacker to inject malicious code into websites, potentially leading to unauthorized actions or data theft. If not addressed, this cou...

Adobe Connect versions 2025.3 and earlier contain a security flaw that allows hackers to run malicious scripts in your browser if you visit a specially crafted link. This could potentially lead to you...

An attacker can access sensitive information stored in Microsoft Office Word files without permission. This is a concern because it could allow an attacker to gain unauthorized access to confidential ...

An attacker can inject malicious code into Windows Admin Center, which can trick users into revealing sensitive information or taking control of their accounts. This can happen when a user visits a ma...

An attacker can bypass security features in the Windows Biometric Service if they can execute multiple actions at the same time, potentially allowing unauthorized access. This requires a physical atta...

A flaw in Windows Kernel Memory could allow an authorized user on the same machine to view sensitive information they shouldn't have access to. This is a concern for businesses with shared computers o...

Adobe Connect versions 2025.3 and earlier have a security flaw that could let hackers trick users into running malicious code in their browser. If you use Adobe Connect, update to the latest version t...

The Manikandan580 School Management System has a security issue that allows an attacker to inject malicious code into the system. This could happen when a user visits a specially crafted link. This vu...

The hotel management software's room editing page has a security weakness. If an attacker knows how to exploit this, they can inject and run malicious code on your website, potentially causing issues ...

Leaflet versions 1.9.4 and below allow attackers to inject malicious code into map popups. This can happen when a user views a popup with malicious content, which can execute scripts in the user's bro...

An attacker can trick users into visiting a fake website by creating a malicious link. This could potentially lead to phishing or other attacks. SAP has likely released a patch or advisory to address ...