Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 14 April 2026
RSS744 vulnerabilities published on 14 April 2026
Severity:
Novu's Webhook Bypass Allows Unvalidated URL Calls
GHSA-4x48-cgf9-q33f
A Novu webhook can be tricked into calling unvalidated URLs, allowing potential attacks. This is a security risk because an attacker could use this to access internal systems or data. To protect again...
Oxia exposes sensitive authentication tokens in debug logs
GHSA-pm7q-rjjx-979p
When debug logging is enabled in production, Oxia logs authentication tokens in plain text, allowing an attacker to steal them and impersonate users. Affected versions of Oxia using OIDC authenticatio...
Oxia logs sensitive authentication tokens on authentication failures
GHSA-pm7q-rjjx-979p
Oxia exposes authentication tokens in debug logs if debug logging is enabled in production. This allows an attacker with access to logs to steal and reuse user credentials. To fix, ensure debug loggin...
Unsecured Redirects and Header Injection in goshs
GHSA-7qx6-f23w-3w7f
The goshs software allows attackers to redirect users and inject unauthorized headers without proper validation or authentication. This could lead to sensitive information disclosure or phishing attac...
MINI-g7hf-hjcr-2x9h
MINI-g7hf-hjcr-2x9h
MINI-hv2q-pv72-jx2v
MINI-hv2q-pv72-jx2v
MINI-cgc3-xrpc-9vjg
MINI-cgc3-xrpc-9vjg
MINI-cjw4-gwc3-7v86
MINI-cjw4-gwc3-7v86
MINI-rv47-gmrj-xj48
MINI-rv47-gmrj-xj48
MINI-5vj3-h2qr-9xjw
MINI-5vj3-h2qr-9xjw
CGA-h2w6-xjw8-mm3g
CGA-h2w6-xjw8-mm3g
tar-rs: Malicious archives can modify system directory permissions
USN-8138-2
A weakness in tar-rs, a tool used to extract archives, can be exploited by an attacker to change permissions on system directories. If a user or system extracts a specially crafted archive, it could a...
CGA-x525-3pjf-gwq4
CGA-x525-3pjf-gwq4
CGA-96f6-wc7c-f88x
CGA-96f6-wc7c-f88x
CGA-96f6-wc7c-f88x
MINI-pmm2-28r6-w7jr
MINI-pmm2-28r6-w7jr
Apache HTTP Server Denial of Service Vulnerability
MINI-2hw5-q54p-wmhp
A flaw in the Apache HTTP Server can cause the server to crash or become unresponsive, potentially leading to a denial of service. This affects Apache HTTP Server installations, which could impact web...
CGA-46f4-pjfv-59pq
Apache Struts 2 Remote Code Execution in S2-006
CGA-46f4-pjfv-59pq
Apache Struts 2, a widely used Java framework, contains a critical flaw that allows attackers to execute arbitrary code on a server. This can happen when a specially crafted request is sent to the ser...
CGA-3656-69j5-49xj
CGA-3656-69j5-49xj
CGA-g6r6-762m-v9cc
CGA-g6r6-762m-v9cc
Rust's tar archive unpacking allows malicious directory modification
USN-8168-2
Rust's tar archive unpacking functionality has a vulnerability that allows an attacker to modify directory permissions, potentially leading to privilege escalation. This could happen if a user or syst...
X Window Server update fixes critical security flaws
SUSE-SU-2026:1335-1
This update fixes multiple security issues in the X Window Server that could allow an attacker to execute arbitrary code or crash the system. Affected users should update their X Window Server to the ...
X Window Server Vulnerability: Untrusted Input Can Crash System
SUSE-SU-2026:1333-1
A security update for the X Window Server fixes several issues that could allow an attacker to crash the server or execute malicious code. This affects systems that use the X Window Server, which is c...
X Server Update Fixes Multiple Security Risks
SUSE-SU-2026:1332-1
This update addresses four security risks in the X server that could allow an attacker to access or disrupt your system. If left unpatched, these issues could potentially allow an attacker to read or ...