CVE Vulnerabilities - 16 April 2026

Certain skills can secretly access and delete all user data by exploiting a weakness in the Paperclip workspace service. This means sensitive information such as API keys, passwords, and database cred...

A flaw in Adobe Acrobat and pypdf can cause a malicious PDF to crash your system by consuming all available memory. This can happen if a hacker creates a specially crafted PDF with an image that's too...

A malicious PDF can cause pypdf to take a long time to process in certain situations. This is a security risk because an attacker might use this to slow down or even crash a system. To fix this, updat...

An attacker might create a large PDF that uses a specific compression method, which could cause the computer to run out of memory. This affects anyone using pypdf, a Python library for working with PD...

An attacker with proper credentials can write files to the server's file system. This occurs when an authenticated user provides a custom 'basePath' that is not properly validated. To fix this, ensure...

Opam, a package manager for OCaml, contains a flaw that allows attackers to install packages in unintended locations. This could lead to malicious code being installed on a system. Update to a version...

The Simple Music Cloud System's playlist view feature allows hackers to inject harmful code into the database, potentially giving them access to sensitive user information and control over the system....

The Simple Music Cloud Community System version 1.0 has a security weakness in its /music/view_music.php file. This means an attacker could potentially access or modify sensitive data. Update the soft...

A security weakness in Dell Storage Manager's Replay Manager for Microsoft Servers version 8.0 allows a malicious user with limited access to gain more powerful user rights within the system. This cou...

A vulnerability in Authentik's delegated permissions allows a malicious user to execute arbitrary code on the server. This can happen when a user has permission to view property mappings or expression...

An attacker could obtain an access token with scopes not set up in Authentik. This means they might be able to access features or data they shouldn't have access to. Update to version 2024.8.5 or 2024...

The Prismatic plugin for WordPress has a security flaw that allows attackers to inject malicious code into website pages. This could allow them to take control of your site or steal user data. Update ...

Flowise's API Chain feature allows attackers to inject malicious prompts that can redirect API requests to sensitive internal systems, potentially leading to internal network reconnaissance and data t...

Unauthenticated attackers can use Flowise's API to make unauthorized requests to internal systems, potentially leading to data theft or network reconnaissance. This is possible due to a security weakn...

Flowise's security features to prevent Server-Side Request Forgery (SSRF) contain flaws that allow attackers to bypass restrictions. This means they can trick Flowise into making unwanted requests to ...

### Summary The core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass t...

### Summary A Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTP_DENY_LIST for axios an...

A security weakness in Flowise's Custom Function feature allows attackers to access internal network resources. This can happen when an authenticated user uses a built-in HTTP module in the Node.js sa...

Flowise allows uploading JavaScript files through a configuration file, which can lead to the execution of malicious code on the server. This could allow an attacker to access and control the server. ...

Flowise allows malicious JavaScript files to be uploaded through its Chatflow configuration, enabling potential Remote Code Execution attacks. This is because the application does not properly validat...

A critical issue in the AMD SMM driver could allow a highly skilled attacker with direct access to the system to gain more control than they should have, potentially allowing them to run malicious cod...

A security issue in the PHP Protobuf library can cause your application to crash if it receives a specially crafted message. This can happen if you're not careful when processing input from unknown so...

An attacker can crash a PHP application that uses the Protobuf library by sending specially crafted messages. This can cause the application to become unavailable, impacting users. To protect against ...

A security issue in Daylight Studio FuelCMS v1.5.2 allows attackers to reset a user's password without knowing their current password. This is done by sending a specially crafted email link to the use...

A flaw in the Free5GC UDR service allows unauthorized updates to Policy Data notification subscriptions if the service receives invalid or incomplete input. This could lead to unintended modifications...