Common Vulnerabilities and Exposures (CVE)

CVE-2026-33948

Apr 13, 2026 23:51:04 UTC

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses str...

CVE-2026-40164

Apr 13, 2026 23:40:12 UTC

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to pr...

CVE-2026-26221

Apr 13, 2026 23:37:31 UTC

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channe...

CVE-2025-0921

Apr 13, 2026 23:06:00 UTC

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97...

CVE-2026-5086

Apr 13, 2026 22:54:53 UTC

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret pas...

CVE-2024-1573

Apr 13, 2026 22:47:17 UTC

Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper...

CVE-2026-6203

Apr 13, 2026 22:25:54 UTC

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter ...

CVE-2026-34621

Apr 13, 2026 22:20:26 UTC

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the c...

CVE-2026-21643

Apr 13, 2026 22:20:26 UTC

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted H...

CVE-2020-9715

Apr 13, 2026 22:20:25 UTC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

CVE-2023-36424

Apr 13, 2026 22:20:25 UTC

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2023-21529

Apr 13, 2026 22:20:24 UTC

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2025-60710

Apr 13, 2026 22:20:24 UTC

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2012-1854

Apr 13, 2026 22:20:24 UTC

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users ...

CVE-2026-39979

Apr 13, 2026 22:18:56 UTC

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buf...