CVE Vulnerabilities - 18 April 2026

A bug in the SAIL library's TGA image decoder can allow an attacker to write extra data to a memory location. This could potentially lead to security issues if an attacker controls the data being deco...

A bug in Adobe Photoshop's image processing library can cause the application to crash when working with certain image files. This issue affects users who work with images in LAB mode, potentially lea...

A bug in the SAIL library's XWD codec can cause it to access memory incorrectly, potentially leading to crashes or data corruption. This issue was fixed in a recent update, so you should update the li...

A vulnerability in Wish allows malicious users to read or write any file on the server by sending special file names. This can happen if you are using Wish version 2 or possibly version 1. To protect ...

Old versions of NovumOS allow a malicious program to take control of the system by executing arbitrary code at a high level of access, potentially causing system instability or data corruption. This i...

A flaw in Zebra's handling of certain types of transactions can cause it to accept and mine blocks that other Zcash nodes consider invalid, potentially leading to network disruptions and security risk...

Nhost's OAuth feature can be tricked into linking an attacker's account to a victim's account, allowing the attacker to access the victim's account without their password. This happens when an attacke...

Zebra nodes may crash if they receive a specially crafted Zcash transaction. This could be exploited by an attacker to take down a Zebra node. If you're running a Zebra node, update to version 4.3.1 t...

Flowise, a tool for building AI applications, has a security flaw that allows hackers to run malicious code on your computer without needing a password. This means your system could be compromised if ...

Zebra, a Zcash software, has a bug that could allow a malicious party to disrupt the network and cause double-spends. This is because Zebra is not correctly checking certain types of transactions, whi...

Older versions of ChurchCRM are vulnerable to unauthorized API access. An attacker who knows a user's password can access sensitive information and perform actions even if the account is locked or pro...

ChurchCRM, a church management system, has a security flaw that allows a malicious user to upload and execute code on the server. This can happen when an administrator restores a database backup. Chur...

NovumOS versions before 0.24 have a security issue that could allow a malicious program to take control of the operating system. This is because the operating system doesn't properly check where a pro...

Authenticated users can upload malicious files to the Postiz server, potentially allowing an attacker to take control of other users' accounts. This is a security risk because it can lead to account t...

Emissary's Executrix feature allows a malicious user with configuration access to inject and run arbitrary operating system commands. This happens when the user sets the IN_FILE_ENDING or OUT_FILE_END...

Prior to version 0.71.1 of the self-hosted Movary app, any authenticated user could see a list of all users and even create new administrator accounts. This is fixed in version 0.71.1. To stay secure,...

## Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in `tools/bazar/services/EntryManager.php` at line 704. The `$data['id_fiche']` value (sourced from `$_POST['id_fi...

Before version 0.71.1, a user who has logged in to their own account could grant themselves administrator privileges by making a special request to the server. This could allow them to do things they ...

A security flaw in Pretalx allows attackers to inject malicious code into the organizer search function, potentially stealing data or making unauthorized changes. This affects any user with organizer ...

Versions up to 0.12.10 of the EditorConfig core library are vulnerable to a bug that can cause a program to crash if given a specially crafted directory and configuration file. This can happen if an a...

Zebra nodes may crash when processing certain transactions, allowing an attacker to disrupt the network. This is due to a flaw in the way Zebra verifies transactions. To fix this, update to Zebra vers...

Dagster's database integrations can be tricked into executing unauthorized SQL queries, potentially allowing users with permission to add dynamic partitions to access or modify sensitive data in conne...

Administrators can delete family records and associated data without warning. This can cause loss of important information about church members and their relationships. Update to version 7.2.0 to fix ...

A security flaw in Zebra can cause a crash if an authenticated client disconnects during a request. This can happen if a client is intentionally or accidentally interrupted while sending data to Zebra...

Attackers can influence PHP settings used in PHPUnit test runs, potentially allowing them to execute arbitrary code. This can happen if an attacker has write access to the project's phpunit.xml file o...