Common Vulnerabilities and Exposures (CVE)

CVE-2026-37602

Apr 14, 2026 15:24:23 UTC

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

CVE-2026-31280

Apr 14, 2026 15:23:22 UTC

An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.

CVE-2026-1253

Apr 14, 2026 15:21:58 UTC

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat_update_auth_ajax' and 'atomchat_update_layout_ajax' functions in all versions...

CVE-2025-70936

Apr 14, 2026 15:21:22 UTC

Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a specially crafted, double URL-encoded payload to be refle...

CVE-2026-40175

Apr 14, 2026 15:21:10 UTC

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated i...

CVE-2026-38533

Apr 14, 2026 15:21:08 UTC

An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users...

CVE-2026-39464

Apr 14, 2026 15:19:39 UTC

Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Mainte...

CVE-2026-33865

Apr 14, 2026 15:13:57 UTC

MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when a...

CVE-2026-39469

Apr 14, 2026 15:13:46 UTC

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.

CVE-2026-33866

Apr 14, 2026 15:12:44 UTC

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint ...

CVE-2026-1499

Apr 14, 2026 15:12:22 UTC

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the `process_add_site()` AJAX action combi...

CVE-2026-2757

Apr 14, 2026 15:11:01 UTC

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-1055

Apr 14, 2026 15:10:31 UTC

The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2026-1999

Apr 14, 2026 15:09:57 UTC

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_au...

CVE-2026-2032

Apr 14, 2026 15:09:28 UTC

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for ...