CVE Vulnerabilities - 16 April 2026

Airflow's task logs revealed sensitive information, potentially allowing unauthorized users to create workflows as if they were administrators. This could lead to data breaches or unauthorized changes...

A security weakness in PySpector's plugin validation allows an attacker to inject malicious code, potentially allowing them to execute arbitrary code within the PySpector process. This could happen if...

The openCryptoki library, used for Linux and AIX, has a vulnerability in its decoding functions that can allow an attacker to access sensitive data by sending malformed files. This can happen when usi...

A malicious PDF file can cause your system to run out of memory. This is a risk if you use the pypdf library to process PDFs. To stay safe, update to the latest version of pypdf or apply the suggested...

Using pypdf to process a malicious PDF file in a specific way can cause it to take a long time to load. This issue is fixed in version 6.10.2 of the software. If you can't update right away, you can t...

A malicious PDF file can cause your computer to run out of memory, leading to system slowdowns or crashes. This affects systems using the pypdf library to handle PDFs. To fix this, update to version 6...

Weblate's translation memory API in versions prior to 5.17 doesn't control who can access certain data. If you're using an outdated version, you may be exposing sensitive information. Update to versio...

A vulnerability in ProcessWire's admin panel allows authenticated administrators to access internal or external hosts by entering malicious URLs. This could lead to network scanning and access to sens...

Dell PowerScale OneFS versions prior to 9.12.0.0 store user credentials in log files, which can be accessed by a low-privileged attacker with local access. This could allow an attacker to steal user c...

A security issue in older versions of authentik allows an application to steal access tokens and use them to pretend to be a user. This could let an app access resources it shouldn't. Update to versio...

A vulnerability in LangChain Text Splitters allows attackers to redirect requests to internal servers or cloud metadata endpoints, potentially exposing sensitive data. This could happen if an applicat...

### Summary Paperclip contains an arbitrary file read vulnerability that allows an attacker with an Agent API key to read files from the Paperclip server host filesystem. The vulnerability occurs beca...

The LINE app for iOS has a security issue that can cause your iPhone to freeze or become unresponsive if you visit a malicious website. This only affects older versions of the app, and updating to the...

This plugin, used by WordPress sites, allows attackers to access sensitive information if they have a low-level user account. This is because the plugin doesn't properly protect against a type of atta...

The Eaton Intelligent Power Protector software doesn't limit how many times you can try to log in to the web interface, making it possible for someone to repeatedly try to guess your username and pass...

OpenHarness users with chat access can read sensitive files if an attacker tricks them into entering malicious commands. This can compromise sensitive project data. Update to a fixed version of OpenHa...

The Email Encoder plugin for WordPress is vulnerable to a security threat that allows attackers to inject malicious code into email links. This can happen when a user accesses a website with the vulne...

The BetterDocs plugin for WordPress contains a security flaw that allows attackers to inject malicious code into certain pages. This could lead to unauthorized actions on your website. Update the plug...

Attackers with administrator access can change plugin settings and inject malicious scripts into the plugin settings page, which can run when an administrator views the page. This can happen if the at...

The WP Maps plugin for WordPress contains a security flaw that can be exploited by attackers with contributor-level access or higher. This flaw could allow an attacker to inject malicious code into a ...

The Vantage theme for WordPress, in versions up to 1.20.32, allows attackers with contributor-level access to inject malicious code into website pages. This can lead to malware execution when a user v...

The WP Docs plugin for WordPress has a security flaw that allows attackers with subscriber-level access or higher to inject malicious scripts into websites. This can lead to unauthorized actions, such...

The WordPress plugin Shortcodes Ultimate allows attackers to inject malicious scripts into website pages, potentially harming visitors. This vulnerability affects all versions up to 7.4.9. Update to t...

The WP YouTube Lyte plugin for WordPress has a security issue that allows an attacker with contributor-level access to inject malicious code into websites using the plugin. This can cause problems for...

## Summary OpenClaw's exec script preflight validator previously validated and then read a script by mutable pathname. A local race could swap the path between validation and read, causing preflight ...