CVE Vulnerabilities - 14 April 2026

A security issue in Webkul Krayin CRM v2.2.x allows attackers to potentially access sensitive internal resources. This is a concern because it could lead to unauthorized access to your company's inter...

A security issue in Microsoft Office Word could allow an attacker to run malicious code on your computer without your knowledge or permission. This could lead to the theft of sensitive information or ...

An attacker can exploit a flaw in Microsoft Office Word to run their own code on a computer, potentially causing damage or stealing sensitive information. This affects all versions of Microsoft Office...

An attacker can exploit a weakness in the Microsoft Graphics Component to run unauthorized code on a system, potentially causing harm. This weakness can be exploited by a malicious actor who has acces...

A vulnerability in Microsoft Office can allow an attacker to run malicious code on your computer if they can send you a specially crafted file. If you open this file, the attacker can take control of ...

Attackers can exploit a weakness in Windows' Component Object Model to gain elevated privileges on a local computer. This means they could potentially take control of your system, which is a serious r...

An attacker can potentially gain elevated access to sensitive files on a local system due to a flaw in the way Microsoft Brokering File System handles shared resources. This issue is significant becau...

Deno's security settings may not prevent some files from being accessed, which could allow an attacker to do more than they should. This could happen if you're running code that lets Deno read or writ...

If you're using PraisonAI version 4.5.138 or earlier, an attacker could put a fake 'tools.py' file in the folder where you run PraisonAI and execute malicious code on your computer. This could comprom...

### Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface (SBI) to create or overwrite Traffic Influenc...

The Free5GC UDR system has a security weakness that allows unauthorized users to access sensitive data by sending a special request. This means attackers can potentially get access to confidential inf...

The free5GC UDR service has a security weakness that lets anyone delete traffic influence subscriptions without logging in. This is because the system doesn't properly check the path of incoming reque...

Deno's AES encryption doesn't check if encrypted data has been tampered with, which can lead to data being compromised. This affects Deno's AES-256-GCM and AES-128-GCM encryption. To protect your data...

Deno's crypto module in Node.js can be tricked into allowing an attacker to repeatedly perform encryption operations without finalizing the process, potentially leading to brute force attacks or attem...

An unauthenticated attacker can send large requests to Monetr's Stripe webhook, causing excessive memory usage and potential denial of service. To protect against this, ensure that any upstream proxie...

A security issue in OpenEdge's AdminServer lets authorized users access sensitive files on the server. This could happen if the user has the right permissions and knows how to exploit it. OpenEdge has...

A security flaw in Monetr's Stripe webhook endpoint allows an attacker to crash the service with a large, specially crafted POST request. This can make the service unresponsive or crash, disrupting it...

A bug in Kyverno allows an attacker to steal a Kubernetes service account token by creating a malicious policy. This can happen if a policy doesn't explicitly set an Authorization header, allowing the...

Kyverno's service call feature may send your service account token to an attacker-controlled endpoint if you don't explicitly set the Authorization header in your policy. This can happen if your polic...

A security flaw in Windows TCP/IP could allow an attacker to execute code on a computer over a network. This could happen if an attacker sends a malicious message to a vulnerable computer at the right...

An attacker who has logged in to Webkul Krayin CRM can access, edit, or delete any contact that belongs to other users. This happens because the system does not properly check permissions. To fix this...

A security issue in Webkul Krayin CRM version 2.2.x allows anyone with a login to access, change, or delete leads from other users. This could let attackers erase valuable sales data or disrupt busine...

A potential security issue exists in Fortinet's cloud-based management software for network devices. An attacker could potentially take control of the system if they send a specially crafted request. ...

Deno's patch for preventing Windows batch file execution can be bypassed using alternate casing. This can allow attackers to inject commands on Windows systems. To fix this, update to Deno version 2.5...

Deno's Deny-Env option is bypassed when using toObject. This means that environment variables listed in Deny-Env can still be accessed using this method. If you're using Deno and rely on the Deny-Env ...