CVE Vulnerabilities - 16 April 2026

An attacker with a user account can access and modify sensitive data in the database, potentially exposing passwords and other confidential information. This is because the Saltcorn application does n...

Attackers with limited access to one company can access, create, or delete agent keys for any agent in any other company. This allows them to gain full access to the compromised company's agents. To f...

An authenticated user can access and generate API tokens for any company's agents, without proper authorization. This allows unauthorized access to sensitive data and actions. To fix this, update your...

An attacker can execute arbitrary system commands on a Flowise server by creating a custom MCP with a malicious command. This requires a valid Flowise account and access to the server. To fix, update ...

The iSherlock software by HGiga has a security flaw that lets attackers with no login access inject malicious commands and run them on the server. This could be exploited by hackers to gain control of...

Froxlor's API for updating customer and admin settings has a security issue. An attacker can access and execute arbitrary files on the system by manipulating the language setting. To fix this, update ...

The CloneSite plugin in WWBN AVideo has a security flaw that allows attackers to execute malicious code on the server. This happens when an attacker tricks the plugin into running a malicious URL, whi...

## Summary The Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can...

Authentik's open-source identity provider has a flaw in its OAuth2 redirect URI checks. If a provider is not configured with any redirect URIs, an attacker can register a domain that resembles a valid...

Paperclip's execution workspace lifecycle has a security flaw that lets attackers inject malicious commands into the system. This can happen when updating a workspace in certain deployment modes, allo...

Users who install Electerm globally with npm are at risk of arbitrary command execution and file tampering. An attacker can exploit this vulnerability by controlling the Electerm update server to run ...

The Electerm installer has a security flaw that lets hackers execute malicious commands on your computer if you install it using npm. This is a serious risk for anyone who uses Electerm. To stay safe,...

The pay-uz Laravel package has a security flaw that lets hackers change important payment files without a password. This could allow attackers to take control of your website's payment system. Update ...

The Vehicle Parking Area Management System v1.0 may allow attackers to access sensitive data or take control of the system if they inject malicious SQL code. This could happen if someone enters specia...

The Riaxe Product Customizer plugin for WordPress is vulnerable, allowing hackers to gain control of your site without a password. This could lead to unauthorized changes, including enabling user regi...

The MailGates/MailAudit program has a security flaw that could allow an attacker to take control of the program and execute unauthorized code. This could happen if an attacker sends a malicious messag...

Creolabs Gravity, a server software, has a bug in its script execution that can be exploited by crafting special scripts. This can cause the software to crash or allow an attacker to execute malicious...

The UEFI Firmware Parser has a flaw that can cause a crash or allow an attacker to run malicious code on a computer. This issue affects the UEFI Firmware Parser, a tool used to work with UEFI firmware...

The UEFI Firmware Parser contains a vulnerability that can cause a crash or potentially allow malicious code to be executed. This issue affects systems that use the Tiano decompressor. To protect your...

The UEFI Firmware Parser is prone to a critical flaw that can cause it to crash or be exploited by hackers. This is due to a bug in how it handles certain types of firmware data. To fix this, the deve...

A vulnerability in the UEFI Firmware Parser can cause the program to crash or allow an attacker to execute malicious code on a computer. This happens when the parser processes a specially crafted firm...

An attacker can exploit a weakness in Microsoft QUIC to gain elevated privileges over a network. This affects how Microsoft QUIC handles certain types of data it receives. To protect your system, appl...

A security issue exists in older versions of Authentik, an open-source identity provider. If a malicious person gets the URL from a shared screen, they could potentially access the same session. To st...

Attackers can execute arbitrary code by manipulating protobuf definitions, potentially allowing them to take control of your website or server. This happens if an attacker can influence the protobuf d...

Flowise, a tool for building AI applications, has a security problem that allows hackers to change user passwords without needing a login. This means that an attacker can gain access to a user's accou...