CVE Vulnerabilities - 19 April 2026

Older versions of Authlib, a library used to build OAuth and OpenID Connect servers, can be tricked into accepting fake security tokens. This could allow attackers to bypass security checks. Update to...

A security flaw in Authlib's JWS (JSON Web Signature) feature allows attackers to create fake tokens that can trick servers into accepting them as genuine. This bypasses authentication and authorizati...

A security flaw in H3C Magic B1 allows an attacker to execute malicious code on the device by manipulating a specific argument. This could give the attacker control over the device. The vendor has not...

A security flaw in H3C Magic B0 allows an attacker to potentially access sensitive data remotely. This can happen if an attacker manipulates certain data sent to the router. We recommend that H3C Magi...

Thunderbird users should update to the latest version to prevent hackers from executing malicious code or stealing sensitive information. This update fixes several security bugs that could allow attac...

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation ...

New versions of .NET are available to fix four serious security issues, including the ability for attackers to bypass security, cause denial of service, or inject malicious code into email. The update...

.NET version 9.0 has security updates to protect against malicious attacks and system crashes. These updates are important for anyone using .NET to prevent data breaches and ensure smooth system opera...

FreeRDP, a tool for connecting to remote desktops, has a security weakness that could allow hackers to inject malicious code or crash the connection. This could happen if a hacker sends a specially cr...

If you're using .NET, update to .NET SDK 8.0.126 and .NET Runtime 8.0.26 to fix four security risks that could allow hackers to crash your system or bypass security controls. This update is available ...

Libarchive, used in popular file managers and tools like bsdtar, contains two security flaws that could allow attackers to access sensitive information or execute malicious code. This affects users wh...

A security issue in LightPicture's API Upload Endpoint can leak hardcoded credentials. This affects versions up to 1.2.2. To protect your data, update to a fixed version of LightPicture as soon as pos...

An outdated version of KodExplorer (up to 4.52) makes it possible for attackers to access files without authentication. This is a serious issue because it could allow unauthorized access to sensitive ...

A weakness in KodExplorer's share feature allows hackers to access files outside of the intended path. This means they could read or modify sensitive data on your server. Update to KodExplorer version...

A security flaw in Dameng100 muucmf 1.9.5.20260309 allows an attacker to manipulate search results by injecting malicious code. This could potentially allow unauthorized access to sensitive data. We r...

The Authlib library in certain configurations allows attackers to determine the validity of JSON Web Encryption (JWE) padding, potentially exposing sensitive data. This issue is present in any Authlib...

The EMC Calendly Plugin for WordPress is not properly securing user input, allowing an attacker with contributor-level access to inject malicious code into pages. This could lead to unauthorized actio...

The PHPEMS 11.0 Instant Exam Creation Handler can be tricked into accepting and processing malicious files, allowing an attacker to control the server remotely. This could potentially lead to unauthor...

A security flaw in KodExplorer 4.52 allows hackers to bypass access controls and gain unauthorized access to sensitive data. This could be exploited remotely by an attacker. Users should update to the...

Collabora KodExplorer's file upload feature has a security flaw that allows unauthorized access. This means that someone could upload files without permission, potentially leading to data breaches or ...

An attacker can upload any file to EyouCMS without restrictions, which could allow them to install malware or disrupt the website's functionality. This is a serious issue because it could lead to unau...

EMQX Enterprise versions up to 6.1.0 have a security issue that could allow unauthorized access to user sessions. This means an attacker may be able to perform actions on behalf of other users without...

A security flaw in the login page of the Wavlink WL-WN579A3 router can allow hackers to inject malicious code into the page. This could potentially let them take control of the router or steal sensiti...

The KodExplorer software up to version 4.52 has a security flaw that allows attackers to bypass security checks. This means that hackers can potentially access parts of the system they shouldn't be ab...