Monitor vulnerabilities that affect your stack.
Sign up free to get alerts when software you use is affected.
CVE Vulnerabilities - 14 April 2026
RSS739 vulnerabilities published on 14 April 2026
Severity:
WordPress Plugin 'Contact Form 7' Unauthenticated File Upload
MINI-gp34-c9mp-678r
A security issue in the WordPress plugin 'Contact Form 7' allows attackers to upload malicious files without authentication. This can lead to unauthorized access to sensitive data or website takeover....
MINI-c6px-jm5p-hgm7
MINI-c6px-jm5p-hgm7
MINI-h8f4-466m-977g
MINI-h8f4-466m-977g
Drupal PHPMailer Cross-Site Scripting (XSS) in Email Module
MINI-3m82-833v-7wg9
A weakness in the email module of the Drupal content management system allows an attacker to inject malicious code into email messages. This could let them steal user data or take control of accounts....
MINI-c2v9-3f22-953m
MINI-c2v9-3f22-953m
MINI-447h-q994-qm5g
MINI-447h-q994-qm5g
Apache HTTP Server Remote File Disclosure Vulnerability
MINI-2988-wxcf-mhfx
A security issue in Apache's HTTP server could allow attackers to access sensitive files on a server. This could happen if a user visits a specially crafted website, potentially exposing sensitive inf...
MINI-f65q-jjjm-63g9
MINI-f65q-jjjm-63g9
MINI-r4hr-55hg-25qg
MINI-r4hr-55hg-25qg
MINI-7p62-4qmc-xjp8
MINI-7p62-4qmc-xjp8
MINI-2vv6-9h26-723j
MINI-2vv6-9h26-723j
MINI-3r5x-57m5-727m
MINI-3r5x-57m5-727m
MINI-973j-54m6-c824
MINI-973j-54m6-c824
Invalid Security Advisory Removed to Prevent Mistake
CVE-2026-5307
A security advisory was mistakenly issued and has been removed. This means it's not a real issue to worry about. No further action is needed.
Error: Incorrect Vulnerability Information Removed
CVE-2024-9168
This vulnerability was incorrectly listed. The information has been removed to prevent accidental use. No action is needed.
CGA-pcv8-mwr7-xj34
CGA-pcv8-mwr7-xj34
CGA-pcv8-mwr7-xj34
CGA-28gr-q28x-4j89
CGA-28gr-q28x-4j89
CGA-28gr-q28x-4j89
Rootio-libpng1.6: Incorrect PNG Image Processing
ROOT-OS-DEBIAN-12-CVE-2026-34757
The Rootio-libpng1.6 package contains a security issue that can be exploited if an attacker sends a specially crafted PNG image. This could potentially lead to data corruption or other issues. Update ...
libpng in Rootio: Uncontrolled Memory Access
ROOT-OS-DEBIAN-12-CVE-2025-28164
A security issue was found in the libpng library used by Rootio. If exploited, this could allow an attacker to run malicious code on your system. Root has released a patch to fix this issue, so it's r...
rootio-libpng1.6: Malicious Image Files Can Execute Arbitrary Code
ROOT-OS-DEBIAN-12-CVE-2025-28162
A bug in the rootio-libpng1.6 library could allow hackers to execute malicious code if a specially crafted image file is opened. This affects users of Root:Debian:12. To stay safe, update to the patch...
Root's Axios Library Allows Unauthorized Access to Data
ROOT-APP-NPM-CVE-2025-27152
A security issue in the Axios library used by Root's npm package could allow an attacker to access unauthorized data. This affects users of Root's API and requires updating to a fixed version of the A...
Root's Axios Package Has a Security Patch
ROOT-APP-NPM-CVE-2026-39865
If you're using the Axios package from Root, you'll want to update to the latest version to fix a security issue that could allow an attacker to manipulate requests. This affects users of Root's npm p...
Root FTP Software Allows Unauthorized Access on Certain Systems
ROOT-APP-NPM-GHSA-6v7q-wjvx-w8wg
The Root FTP software has a security issue that could allow an attacker to gain unauthorized access to certain systems. This issue has been fixed by Root in a recent update, and users should update th...