CVE Vulnerabilities - 14 April 2026

The Patient Appointment Scheduler System's 'view_details' page allows hackers to access sensitive data by manipulating the URL, potentially exposing patient information. This can happen if an attacker...

The Patient Appointment Scheduler System version 1.0 has a security issue that allows unauthorized access to run malicious code. This could lead to unauthorized changes to system settings or even comp...

A hacker can access sensitive data in the online attendance system by manipulating input fields. This could lead to the exposure of confidential information and unauthorized access to the system. To f...

The Online Employees Work From Home Attendance System, version 1.0, has a security issue that could allow hackers to access sensitive information. If left unaddressed, this vulnerability could lead to...

The SourceCodester Online Employees Work From Home Attendance System version 1.0 has a security weakness that allows hackers to access sensitive data in the database. This is a serious issue because i...

The Online Employees Work From Home Attendance System version 1.0 contains a vulnerability that allows an attacker to manipulate database queries, potentially exposing sensitive employee data or disru...

The SourceCodester Online Employees Work From Home Attendance System has a weakness in how it handles user input, which could allow an attacker to access sensitive data or take control of the system. ...

The Storage Unit Rental Management System's pricing page allows an attacker to access and potentially modify sensitive data. This could lead to unauthorized access to user information or pricing chang...

A hacker could inject malicious code into the Storage Unit Rental Management System's database, potentially stealing sensitive information or taking control of the system. This is a serious risk becau...

The Storage Unit Rental Management System has a security weakness that allows an attacker to potentially access or manipulate sensitive data. This could happen if an attacker sends malicious input to ...

The Storage Unit Rental Management System, version 1.0, contains a security weakness in its database handling that could allow an attacker to access or modify data. This could lead to unauthorized acc...

A malicious person with high-level access can use this flaw to exhaust your system's resources, making your ColdFusion application run slowly or even shut down. This requires no action from regular us...

High-privileged attackers can exploit a weakness in older ColdFusion versions, causing your website to slow down or stop responding. This can happen even if an attacker doesn't interact with your webs...

A vulnerability in the Web Admin interface allows an attacker to trick a user into running a malicious file, which can then expose confidential information to logs. This could potentially lead to sens...

A security issue in FortiNAC-F software could allow a malicious attacker to redirect users to a different website, potentially leading to phishing or other types of attacks. This issue affects certain...

A bug in Fat Free CRM allows any authenticated user to delete emails that belong to other users when the Email Dropbox feature is in use. This means someone could delete important emails from another ...

Sensitive API token hashes may be exposed in invoice templates created by admins on OnPremise installations with template upload enabled. This allows an attacker to obtain hashed API passwords of user...

Kimai's invoice templates can reveal sensitive API token hashes of users who generate invoices with a vulnerable template. This issue affects on-premise installations that allow template uploads. To f...

A high-privileged attacker can inject code that could alter certain data in SAP Landscape Transformation, but the impact is limited. This issue affects SAP Landscape Transformation and requires attent...

Craft CMS Commerce versions 4.0.0 to 4.10.2 and 5.0.0 to 5.5.4 disclose sensitive order information to anyone who knows an order number, potentially exposing customer details. This is a concern for bu...

The justhtml library versions 1.15.0 and earlier contain multiple security flaws that can allow malicious code to bypass sanitization. These flaws can occur when using custom policies or programmatic ...

The NuGet Client has been updated to validate package IDs and versions during download to prevent malicious packages from being installed. This update affects NuGet.exe, NuGet.CommandLine, and .NET SD...

The NuGet client now checks package ID and version during download to prevent tampering. This update affects various NuGet and .NET SDK versions, including .NET 8 and .NET 9. To stay secure, update to...

The DotNetNuke Core code may contain areas that could allow attackers to access sensitive data. This is because of some outdated security settings, such as disabling XML document security checks and u...

A Novu webhook can be tricked into calling unvalidated URLs, allowing potential attacks. This is a security risk because an attacker could use this to access internal systems or data. To protect again...