CVE Vulnerabilities - 17 April 2026

The Accordion and Accordion Slider plugin for WordPress versions 1.4.6 may allow attackers to secretly install malicious code. This can lead to spam being injected into your website. You should remove...

An attacker can execute unauthorized database commands to steal or modify data. This is a serious risk because it can allow an attacker to access sensitive information or disrupt the database. To prot...

If OpenID is used for authentication, Sparx EA Pro Cloud Server stores users' passwords without encryption. This means that if an unauthorized person gains access to the server, they can easily access...

If you use Sparx Pro Cloud Server, a lack of proper authentication allows anyone to access your database password, potentially giving them control over your system. This is a serious concern because i...

A security issue allows attackers to upload and execute malicious code in Note Mark notes. This means that if you use Note Mark, you could be at risk of having your account taken over. To stay safe, c...

A security issue in Cloud Foundry's UAA system allows attackers to get a special token that lets them access systems that should be protected. This can happen if a specific security feature is turned ...

The Rapid7 Insight Agent on Windows is vulnerable to a security threat. An attacker can exploit this vulnerability by tricking the agent into running malicious code, which can then gain control of the...

Dell PowerProtect Data Domain systems with outdated operating system versions are at risk of being accessed by unauthorized users. This could allow malicious individuals to gain control of the system....

A user with authorized access to some secrets in Vault may accidentally or intentionally delete other secrets they are not allowed to touch, causing disruptions to the service. This issue affects Vaul...

A security issue in Dell PowerProtect Data Domain BoostFS allows an attacker with local access to see sensitive login credentials. This could let the attacker use those credentials to access the syste...

Dell PowerProtect Data Domain appliances with certain software versions may leak sensitive information, such as login credentials, into log files. This could potentially be exploited by an attacker wi...

A security issue in the Unlimited Elements for Elementor plugin for WordPress allows attackers to view sensitive files on the website, such as the password file. This is possible when an attacker with...

An attacker can repeatedly initiate or cancel root token generation or rekey operations, blocking legitimate users from completing these tasks. This can disrupt the operation of Vault. Update to Vault...

If you use an auth mount that passes the Authorization header and uses it to log in to Vault, an attacker could get the Vault token. This could happen if you're using a vulnerable version of Vault. To...

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13...

Dell PowerProtect Data Domain's command injection flaw allows a highly privileged attacker to potentially gain complete control over the system if they have remote access. This could happen if an atta...

A security issue in JetBrains YouTrack allows a high-privilege user to bypass security restrictions, potentially allowing them to execute malicious code. This could lead to unauthorized access and pot...

A security issue in CubeCart's administrative interface allows an attacker with admin privileges to execute any system command, potentially leading to data loss or system compromise. This affects all ...

The WP Statistics plugin for WordPress is vulnerable to a type of cyber attack that injects malicious code into administrator pages. This could allow an attacker to take control of your site or steal ...

A security issue in MobaXterm Home Edition versions up to 26.1 could allow an attacker to gain unauthorized access to your system. This is a local attack, meaning it requires physical access to your c...

A malicious PDF can be crafted to consume all available memory on a system that uses the pypdf library, potentially causing the program to freeze or crash. This affects systems that parse XMP metadata...

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13...

The Tutor LMS plugin for WordPress has a security flaw that can allow attackers with admin access to steal sensitive information from the database. This affects versions up to 3.9.8. Update to the lat...

The wpForo Forum plugin for WordPress has a security flaw that allows anyone to edit any forum post, including private ones, without permission. This is because the plugin doesn't properly check user ...

An outdated version of the MasterStudy LMS WordPress Plugin (up to 3.7.25) allows attackers to potentially steal sensitive user information, such as login credentials and session tokens, by manipulati...