CVE Vulnerabilities - 14 April 2026

An attacker with an account on Fortinet's FortiSOAR platform can use a malicious request to discover which internal server ports are open, potentially allowing them to access sensitive information or ...

Apache PDFBox Examples contain a flaw that can allow an attacker to write malicious files to any location on a user's system. This happens when a specially crafted PDF is opened. To fix this issue, us...

The Eventin plugin for WordPress has a security flaw that allows attackers with Subscriber-level access to read sensitive customer information, such as names, emails, and phone numbers, from event ord...

Self-hosted AI platform Open WebUI has a security issue that allows an attacker to scan the local network and potentially identify open ports. This could allow them to access sensitive services that u...

An attacker can make unauthorized changes to certain data in the SAP S/4HANA system through the OData service. This could lead to incorrect or malicious data being stored in the system. To protect aga...

The Material Master application doesn't check if users have permission to view sensitive data when generating reports. This means that users who are already logged in can potentially see information t...

An attacker can steal and reuse valid session tokens to access sensitive information and make changes in the SAP Business Objects Business Intelligence Platform. This could compromise confidential dat...

A security weakness in FortiSOAR PaaS and on-premise versions means that an attacker with access to the system can potentially retrieve sensitive account passwords. This could allow them to gain unaut...

An attacker with a valid login can trick users into running malicious code in their web browser, potentially exposing sensitive information. This means that a logged-in user can be tricked into reveal...

Podman's HyperV machine backend has a security flaw that allows an attacker to execute arbitrary PowerShell commands on the Windows host with elevated privileges. This affects Windows users who run Po...

ImageMagick's PNG encoder can leak memory when an MNG image fails to be written, which can cause performance issues and potentially lead to system crashes. This issue affects users who rely on ImageMa...

Siemens' software center and certain engineering tools, including Simcenter 3D and Femap, are at risk of being exploited by hackers who can intercept sensitive communications. This could allow unautho...

Using ImageMagick's command line tool with an invalid index can cause the program to crash or potentially leak sensitive data. This issue affects users who rely on ImageMagick for image processing. To...

ImageMagick, a popular image processing tool, has a bug that can allow an attacker to access sensitive data in images. This is a serious issue because it could potentially allow hackers to steal or ma...

A bug in ImageMagick's image processing can allow an attacker to read sensitive information from memory. This can happen when the software tries to process certain types of images. Update ImageMagick ...

The FTXT encoder in ImageMagick does not properly check the size of input data, which can lead to unexpected behavior or crashes. This issue affects users who use the FTXT encoder, particularly those ...

Deno's Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync methods can reveal file information to scripts that don't have permission to read the file. This can happen even if you've restrict...

### Summary `Deno.FsFile.prototype.utime` and `Deno.FsFile.prototype.utimeSync` are not limited by the permission model check `--deny-write=./`. It's possible to change to change the access (`atime`...

A security issue in the OpenJPEG library, used in certain image processing software, can be exploited by a local attacker to execute malicious code. This could potentially lead to unauthorized access ...

OpenTofu may use too much memory, take up too many CPU resources, or freeze when installing modules from untrusted sources. This could cause your computer to become unresponsive or slow down other pro...

An attacker with access to MaxKB can manipulate the output of tools to deceive the system, potentially leading to incorrect or malicious decisions. This vulnerability affects users of MaxKB versions 2...

If a user's permissions are changed in pyLoad, the application doesn't properly update their session. This means a user might still access data they shouldn't have access to. To protect your data, ens...

If an attacker has administrative access, they can view sensitive LDAP server login credentials. This could lead to unauthorized access to the LDAP server. Fortinet has released a patch to fix this is...

The Patient Appointment Scheduler System has a security weakness that allows an attacker to access sensitive information by manipulating database queries. This can lead to unauthorized access to user ...

A bug in the Patient Appointment Scheduler System allows an attacker to access sensitive patient data. This means that a hacker could potentially steal or manipulate patient information. Update the sy...