CVE Vulnerabilities - 14 April 2026

Versions 2.7.1 and below of MaxKB's AI assistant software contain a security flaw that lets malicious users inject code into the app's chat interface. This can allow them to take control of other user...

MaxKB versions 2.7.1 and below may allow authenticated users with tool-editing permissions to access internal services that should be blocked by the sandbox. This is due to a flaw in how MaxKB handles...

SAP HANA Cockpit and HANA Database Explorer allow unauthorized access to sensitive information, potentially exposing confidential data. This issue affects SAP HANA systems, and users should update to ...

October CMS versions 3.7.13 and earlier, and 4.1.9 and earlier, contain a security flaw that allows attackers with Editor access to steal sensitive information such as database passwords and AWS keys....

Authenticated users with template editing permissions can access sensitive data on October CMS installations with the CMS_SAFE_MODE feature enabled. This affects some versions of the software, but can...

FortiWeb security software versions 8.0.0 through 8.0.3, 7.6.0 through 7.6.6, 7.4, 7.2, and 7.0 have a bug that can cause the software to crash or become unresponsive, potentially disrupting your netw...

A security issue in SAP S/4HANA allows an authenticated user to delete important system files, giving them control over the system. This could lead to system crashes or data loss. SAP is working on a ...

Fortinet's FortiSandbox products, used for security analysis, have a security flaw that could allow an attacker to inject and execute malicious code on your system. This could lead to unauthorized act...

A security issue in mitmproxy's LDAP proxy authentication can allow a malicious client to access a mitmproxy instance without a valid username and password. This issue is fixed in mitmproxy 12.2.2 and...

Mitmproxy's built-in LDAP proxy authentication is vulnerable to a security risk. If an attacker uses a special kind of username, they can bypass the authentication process. This only affects users who...

Older versions of Docmost's collaborative wiki software are open to an attack where hackers can inject malicious code into the system. This could put users and their data at risk. Update to version 0....

An attacker with physical access to a Windows system could potentially bypass security features by exploiting an uninitialized resource in the Boot Manager. This could allow an attacker to elevate the...

An attacker can manipulate website content on a SharePoint site, potentially tricking users into doing something they shouldn't. This affects all Microsoft Office SharePoint versions. To fix this, upd...

The Windows Recovery Environment Agent fails to properly erase sensitive information, making it vulnerable to unauthorized access via a physical attack. This could allow an attacker to gain access to ...

FortiSOAR, a security orchestration platform, has a security flaw that could allow a hacker to inject malicious code into web pages if they have an account on the system. This could be a serious issue...

Vulnerable Trezor wallets can leak sensitive information if an attacker has physical access during setup. This allows the attacker to steal assets. Update to the latest patched version to fix the issu...

Deno's authentication token system has a bug that allows tokens meant for one server to be sent to another. This can happen if you use DENO_AUTH_TOKENS and import code from a potentially untrusted sou...

Versions 2.7.1 and below of the MaxKB AI assistant for enterprise are at risk of a serious security threat. An attacker could inject malicious code into the system, potentially allowing them to execut...

An authorized user on the same computer can bypass a security feature in Windows Virtualization-Based Security. This could allow a malicious user to access sensitive data or systems. Update your Windo...

An attacker with local access can bypass Windows Hello security by entering invalid input, potentially allowing them to access your device or data. This vulnerability affects Windows devices that use ...

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress has a security flaw that allows an attacker with admin access to inject malicious code into the site. This can only h...

If you're using Docmost version 0.70.0 through 0.70.2, an unauthorized user can see sensitive information in your wiki by using the search function. This is a confidentiality breach, meaning private i...

The Windows Snipping Tool, a built-in Windows feature, allows hackers to intercept sensitive information when you use it over a network. This could let attackers see sensitive data you're sending to t...

An attacker can pretend to be a trusted user or device on a Windows network, potentially accessing sensitive information or taking control of systems. This risk affects Windows systems, particularly t...

FortiSOAR, a security orchestration, automation, and response platform, stores passwords in a recoverable format. This means that if an attacker gains access to the system, they can retrieve passwords...