Common Vulnerabilities and Exposures (CVE)

CVE-2026-20930

Apr 24, 2026 12:49:09 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-33102

Apr 24, 2026 12:49:04 UTC

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-4078

Apr 24, 2026 12:36:35 UTC

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to and including 1.8.2. This is due to insuff...

CVE-2026-25775

Apr 24, 2026 12:16:24 UTC

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host an...

CVE-2026-6043

Apr 24, 2026 12:13:03 UTC

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts...

CVE-2026-41325

Apr 24, 2026 12:11:41 UTC

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint (`sit...

CVE-2026-33078

Apr 24, 2026 12:10:25 UTC

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/config/routes.py. The server_ip parameter...

CVE-2026-40254

Apr 24, 2026 12:06:22 UTC

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()` function catches `../` and `..\` mid-...

CVE-2026-41317

Apr 24, 2026 12:05:33 UTC

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database an...

CVE-2026-41323

Apr 24, 2026 12:05:00 UTC

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccou...

CVE-2026-6947

Apr 24, 2026 12:04:06 UTC

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the dev...

CVE-2026-5347

Apr 24, 2026 12:03:11 UTC

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admin_init hook that handles the permalink...

CVE-2026-3569

Apr 24, 2026 12:02:32 UTC

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions_read() permission callback unconditionally ...

CVE-2026-4313

Apr 24, 2026 12:01:12 UTC

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScr...

CVE-2024-8676

Apr 24, 2026 11:31:00 UTC

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of...