CVE Vulnerabilities - 14 April 2026

A critical security issue in SP1 V6 allows a malicious user to create fake proof data that could trick the system into accepting it. This affects versions 6.0.0 to 6.0.2. You should update to a fixed ...

A security issue in Composer allows an attacker to inject commands that can be executed on your system. This can happen when installing or updating dependencies from a compromised or malicious Compose...

An attacker with authorized access to SQL Server can potentially execute malicious code on a network, allowing them to access or modify sensitive data. This can happen if the attacker knows how to exp...

An issue in the Windows Shell could allow an attacker to bypass security features over a network. This could allow an attacker to potentially access sensitive data or perform actions on a Windows syst...

An attacker with authorized access to Azure Logic Apps can gain elevated network privileges by exploiting insufficiently protected credentials. This could allow them to access sensitive data or take c...

An attacker can execute code on your computer if you use the Remote Desktop Client and connect to a malicious server. This could allow them to access and steal sensitive information, or take control o...

An attacker can exploit a weakness in Windows WARP to gain higher-than-normal access to the system. This means an attacker who already has some level of access to the system could potentially gain eve...

An attacker with permission to send notifications can potentially gain elevated privileges on a Windows system. This is because a security flaw in the way Windows handles notifications allows unauthor...

An update is available for Ruby to fix critical security issues that could allow attackers to manipulate web applications and corrupt data. This update is essential to prevent potential data breaches ...

A security issue in Fortinet's FortiDDoS-F software versions 7.2.1 to 7.2.2 could allow an attacker to run unauthorized code or commands. This could potentially harm your network. You should update to...

An attacker can reset any user's password and take control of their account in Webkul Krayin CRM if they are logged in. This is a serious security risk as an attacker could use this to access sensitiv...

A malicious program can alter the text shown in permission requests to Deno, potentially deceiving users. This can happen when a program requests access to a file with a specially crafted path. To avo...

A malicious program can modify the Deno run prompt to trick users into granting access. This can happen when a user is asked to confirm a run permission, and an attacker can manipulate the prompt to d...

A security issue in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) versions before V5.8 allows administrators to access and control device groups they belong to. This could enable an adminis...

Older versions of SINEC NMS don't verify user access rights when resetting passwords, allowing an authorized user to reset any account's password. This means an attacker could potentially take control...

Any MinIO user with a valid access key can upload objects to any bucket without needing a secret key or digital signature. This affects all MinIO deployments. To fix, update to the latest version of M...

Opening a specially crafted Excel file in Microsoft Office Excel can give an attacker control over your computer. This affects users who open Excel files from untrusted sources. Update your Microsoft ...

Adobe Connect versions 2025.3 and earlier have a security weakness that allows an attacker to trick a user into clicking on a malicious link, potentially giving the attacker control over the user's ac...

A flaw in Windows Hello's security feature can allow an attacker to access a user's account over a network without permission. This can happen if a hacker sends malicious input to a Windows Hello syst...

The Craft Commerce platform has a security flaw that lets anyone with access to the control panel run malicious code on the server. This could happen if a user with a control panel account makes a spe...

A security flaw in Craft Commerce versions 5.0.0 through 5.5.4 lets a hacker steal sensitive information from your store's database, potentially taking control of your admin account. To stay safe, upd...

## Impact A crafted `hostAlias` argument such as `-oProxyCommand=...` was passed to `ssh`/`scp` without an argument terminator. SSH interprets arguments starting with `-` as options regardless of pos...

Older versions of Adobe Acrobat Reader can be tricked into running malicious code if you open a specially crafted document. This could let the attacker take control of your computer. Update to the lat...

### Impact _What kind of vulnerability is it? Who is impacted?_ Two authentication bypass vulnerabilities in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allow any user who knows a valid a...

A flaw in FlashBlade's logging system may expose sensitive data when certain conditions are met. This could potentially allow unauthorized access to confidential information. Users should review their...