CVE Vulnerabilities - 18 April 2026

A security issue in Movary versions prior to 0.71.1 allowed authenticated users to access internal server targets, potentially allowing them to discover internal hosts, test network ports, and access ...

SecureDrop Client, used by journalists to communicate with sources, is at risk if the server they rely on is compromised. A hacker could use a security weakness to alter or delete sensitive files. Upd...

The Easy Appointments plugin for WordPress exposes sensitive customer information on all sites using versions up to 3.12.21. This means attackers can access names, emails, phone numbers, and other det...

A flaw in Zebra's transaction verification system allows a malicious miner to trick some nodes into accepting an invalid block, potentially disrupting the network and allowing double-spend attacks. Th...

The ChurchCRM system is vulnerable to a security risk that could allow hackers to access sensitive information. If left unpatched, this could lead to unauthorized access to financial and member data. ...

In older versions of ChurchCRM, any user with limited access can view sensitive personal information of other members. This is fixed in version 7.2.0. Update to the latest version to ensure secure acc...

An authenticated client can crash a Zebra node by disconnecting during a request. This can happen if a client sends only part of a request and then drops the connection. To protect your Zebra nodes, m...

The AsyncHttpClient library for Java applications shares sensitive login credentials when sending HTTP requests to a new website. This can allow an attacker to steal your login details if they control...

If you use outdated versions of gdown to download files from Google Drive, an attacker could create a malicious archive that overwrites important files on your system. This could lead to data loss or ...

### Summary A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL...

### Summary A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL...

A security issue in the AWS EFS CSI Driver allows authenticated users to inject malicious options when creating a persistent volume. This could potentially lead to unauthorized access or data corrupti...

The Youzify plugin for WordPress has a security weakness that allows attackers to inject malicious code into pages. This could happen when an attacker with a basic account accesses a page. To protect ...

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request act...

Zebra's software can run out of memory when processing large address lists, potentially crashing the node. This issue affects all versions of Zebra prior to 4.3.1. To fix, update to version 4.3.1 or l...

If a user clicks on a malicious link, attackers can inject scripts that can harm a website. This affects all versions of the Hostel plugin for WordPress up to 1.1.6. To protect your site, update the p...

An attacker can send fake emails that appear to come from a legitimate email address, potentially phishing victims. This can happen when a user with a malicious account name is reset by an unsuspectin...

A security issue in libgphoto2's camera library could allow an attacker to access sensitive information from cameras. This issue affects versions up to and including 2.5.33. To stay secure, update to ...

In libgphoto2 versions up to 2.5.33, some functions can read data from cameras without checking the amount of data being read. This could allow an attacker to access more data than intended, potential...

### Summary > [!IMPORTANT] > There is no plan to fix this issue as `OpenTelemetry.Exporter.Jaeger` was deprecated in 2023. It is for informational purposes only. `OpenTelemetry.Exporter.Jaeger` ma...

A security issue affects ChurchCRM's Pledge Editor in versions older than 7.2.0. An attacker with Finance permissions can inject malicious code into donation comments, which can harm other users who o...

ChurchCRM versions prior to 7.2.0 leak valid usernames through the public API login endpoint, making it easier for attackers to guess valid usernames. This can lead to unauthorized access to sensitive...

The Python multipart library can be exploited to cause a slowdown in file uploads, making it harder for legitimate users to access the system. This issue affects how the library handles certain types ...

Libgphoto2, a library that helps access and control cameras, has a bug in its code that could allow an attacker to access sensitive data. This vulnerability affects camera handling in libgphoto2 versi...

A bug in the libgphoto2 library for accessing and controlling cameras can allow an attacker to read sensitive information from Sony cameras. This issue affects versions up to 2.5.33. To fix the issue,...