CVE Vulnerabilities - 17 April 2026

The WP Statistics plugin on WordPress websites has a flaw that allows attackers to access sensitive data, such as user information and analytics, by exploiting a lack of proper security checks. This a...

The Royal Addons for Elementor plugin for WordPress contains a security flaw that allows attackers to inject malicious code into website pages. This could potentially allow an attacker to take control...

If not updated, CubeCart stores can be compromised by malicious input, allowing an attacker to alter data or disrupt the site. Update to version 6.6.0 or later to fix this issue. This is a high priori...

Sensitive credentials for Sparx Enterprise Architect's OAuth2 integration are not properly protected, allowing an attacker to access the system with elevated privileges. This could lead to unauthorize...

Unauthenticated users can access private note assets on the Note app if they know the note and asset IDs. This allows them to view sensitive information without needing to log in. To fix this, the app...

An attacker can send malicious input to the AAP MCP server, allowing them to hide or fake log entries. This could trick operators into running bad commands or visiting bad websites. Update the server ...

The Quiz And Survey Master plugin for WordPress, used to create quizzes and surveys, is vulnerable to a security issue that allows hackers to access other users' quiz answers without permission. This ...

This vulnerability in Tutor LMS plugin for WordPress allows attackers with subscriber-level access to manipulate course content, such as detaching lessons, moving them between topics, and changing the...

The Kubio plugin for WordPress is vulnerable to a security issue that allows authorized users to upload files from external URLs to the site's media library, potentially leading to malicious content b...

The LatePoint WordPress plugin for managing Stripe payments is at risk because an attacker can access sensitive financial information, including invoices, orders, and customer details, without needing...

A bug in Vault's PKI engine can cause it to send sensitive requests to internal network targets, potentially exposing information. This issue has been fixed in certain versions of Vault, so make sure ...

Versions 3.6.1 through 3.6.3 of SiYuan contain a security weakness that could let an attacker inject malicious code into the personal knowledge management system. This could allow them to take control...

The Red Magic 11 Pro smartphone has a security flaw that lets malicious apps access areas of the phone they shouldn't be able to. This means an attacker could potentially write files to areas of the p...

The JetBackup plugin for WordPress allows an attacker with admin access to delete any directory on the server, potentially disabling all plugins and causing site disruption. This is due to a weakness ...

The Form Maker plugin for WordPress has a security weakness that allows an attacker with administrator access to potentially access sensitive information from the database. This can be done by trickin...

The VideoZen plugin for WordPress is vulnerable to a type of attack where attackers can inject malicious code into the plugin settings page. This can happen when an attacker with Administrator-level a...

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to a type of attack that could allow an attacker to delete important data by tricking a logged-in user into clicking on a maliciou...

The Canto plugin for WordPress has a security issue in versions up to 3.1.1 that allows anyone with a subscriber account or higher to change or delete important settings, including those related to sc...

An attacker can determine if a WordPress username exists by sending requests to the login endpoint and measuring response times. This makes it easier to launch targeted attacks against valid accounts....

A security weakness in CubeCart versions older than 6.6.0 allows administrators to potentially access files they shouldn't. This could lead to unauthorized access to sensitive data. Update to version ...

Old versions of the zlib Ruby interface can be tricked into overwriting memory with attacker-controlled data, causing unpredictable behavior. This issue affects Ruby applications using zlib for compre...

A security issue in fio v3.41 can cause the program to crash if it encounters a specific type of malformed job file. This could potentially be exploited by an attacker to disrupt fio operations. To pr...