Common Vulnerabilities and Exposures (CVE)

CVE-2026-5363

Apr 15, 2026 23:45:54 UTC

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router d...

CVE-2026-4880

Apr 15, 2026 23:25:49 UTC

The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1....

CVE-2026-40245

Apr 15, 2026 23:25:11 UTC

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nud...

CVE-2026-40947

Apr 15, 2026 23:21:38 UTC

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

CVE-2026-40193

Apr 15, 2026 23:15:25 UTC

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.Replac...

CVE-2026-40192

Apr 15, 2026 22:53:56 UTC

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could c...

CVE-2026-40316

Apr 15, 2026 22:49:18 UTC

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. T...

CVE-2026-39350

Apr 15, 2026 22:42:24 UTC

Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly inter...

CVE-2026-40179

Apr 15, 2026 22:26:46 UTC

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names...

CVE-2026-4949

Apr 15, 2026 22:26:05 UTC

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due...

CVE-2026-23666

Apr 15, 2026 21:55:35 UTC

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

CVE-2026-33119

Apr 15, 2026 21:55:35 UTC

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-33118

Apr 15, 2026 21:55:34 UTC

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-32214

Apr 15, 2026 21:55:33 UTC

Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVE-2026-33829

Apr 15, 2026 21:55:33 UTC

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.