CVE Vulnerabilities - 16 April 2026

Flowise's vector store allows an authenticated attacker to write data to any location on the server's file system. This can happen if an attacker has valid API credentials and a document store with pr...

Older versions of FFmpeg, a tool for video processing, have a security flaw that could let an attacker make the program write data to a wrong place in its memory. This could potentially be used to tak...

A security flaw in Cryptomator version 1.19.1 allows a hacker to bypass security checks and access your encrypted cloud storage hub without your permission. This can happen if you have a malicious act...

A flaw in pyLoad's session cookie settings can allow attackers to make session cookies unsecure, potentially stealing user data. To fix this, ensure that pyLoad only trusts session cookies from a know...

A vulnerability in Mojic version 2.1.3 allows a malicious actor to bypass file integrity checks by measuring the time it takes for the decryption process to fail. This could potentially allow an attac...

A vulnerability in Mojic version 2.1.3 allows attackers to bypass file integrity checks and potentially forge decryption passwords. This is because the software checks for a digital signature in a way...

A security weakness in the Payroll Management and Information System software could allow hackers to access sensitive employee information. This means that an attacker could potentially view or modify...

Versions of Dell PowerScale OneFS before 9.12.0.0 are at risk. A skilled attacker with high-level access to the system could potentially crash the system, making it unavailable. To stay safe, update t...

The OPEN-BRAIN plugin for WordPress is not properly protecting its settings page, allowing an attacker with administrator access to inject malicious scripts. This could lead to unauthorized actions or...

A security issue in the Custom New User Notification plugin for WordPress allows attackers with Administrator-level access to inject malicious code into the plugin's settings. This could be used to ha...

An attacker can access sensitive user information by manipulating a specific cookie. This issue affects versions of Vision Helpdesk prior to 5.7.0 and poses a risk to user privacy. Update to version 5...

An attacker can pretend another user made an approval decision, potentially misleading governance records. This affects users who manage approvals in the affected software. To protect your company's a...

A security issue in Wago Smart Designer versions up to 2.33.1 allows an attacker to list projects and usernames by making repeated requests to a specific endpoint. This could potentially allow unautho...

Untrusted input can be used to inject malicious HTML into hono/jsx server-side rendered pages. This could lead to unexpected HTML attributes, corrupted structure, or even cross-site scripting if not h...

hono's server-side rendering can be tricked into adding malicious HTML attributes or elements if it uses untrusted input as attribute names. This could allow an attacker to inject unintended HTML, pot...

Certain versions of Dell PowerScale OneFS have a flaw that allows a highly privileged attacker with direct access to the system to potentially crash it, making it unavailable. This is a serious issue ...

A software component accepts XML input without properly checking it, which allows hackers to access sensitive files and data. This could lead to unauthorized access to confidential information. Consid...

Malicious PDFs can be used to clear or manipulate the terminal display, potentially leading to social engineering attacks. This affects anyone who uses MuPDF mutool to view PDF metadata. To minimize r...

## Summary `langchain-openai`'s `_url_to_size()` helper (used by `get_num_tokens_from_messages` for image token counting) validated URLs for SSRF protection and then fetched them in a separate networ...

A vulnerability in the OneSignal plugin for WordPress allows attackers with subscriber-level access or higher to delete important notification settings. This affects versions of the plugin up to 3.8.0...

A hashing error in Plonky3 allows for the creation of identical hashes from different input lengths, which could lead to unintended consequences in applications relying on hash uniqueness. This issue ...

The XML parsing library used by some software may allow an attacker to overwhelm the system with a large number of XML documents, causing a denial-of-service. This is a concern because it could make t...

Yubico's software for FIDO2 security keys has a flaw that could allow hackers to trick it into running malicious code. This could happen if a user installs a fake version of the software. To stay safe...

A bug in some certificate validation software allows a certificate to be issued with a name that's not supposed to be allowed. This could lead to a certificate being trusted for a name that's not supp...

Wildcard certificates can be used to bypass intended name restrictions, potentially allowing unauthorized access. This issue affects certain certificates that use wildcard names, and can only be explo...