Yazoul Security - CVE Advisories

CVE-2026-40317: Security Advisory: CVE-2026-40317

Yazoul Security (contact@yazoul.net) — Sat, 18 Apr 2026 00:00:00 GMT

CVE-2026-40317 - CRITICAL severity (CVSS 9.3)

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers witho...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40324: Security Advisory: CVE-2026-40324

Yazoul Security (contact@yazoul.net) — Sat, 18 Apr 2026 00:00:00 GMT

CVE-2026-40324 - CRITICAL severity (CVSS 9.1)

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A cr...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40484: Security Advisory: CVE-2026-40484

Yazoul Security (contact@yazoul.net) — Sat, 18 Apr 2026 00:00:00 GMT

CVE-2026-40484 - CRITICAL severity (CVSS 9.1)

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directo...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40487: Security Advisory: CVE-2026-40487

Yazoul Security (contact@yazoul.net) — Sat, 18 Apr 2026 00:00:00 GMT

CVE-2026-40487 - HIGH severity (CVSS 8.9)

Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to th...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40572: Security Advisory: CVE-2026-40572

Yazoul Security (contact@yazoul.net) — Sat, 18 Apr 2026 00:00:00 GMT

CVE-2026-40572 - CRITICAL severity (CVSS 9)

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address r...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-37749: Security Advisory: CVE-2026-37749

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-37749 - CRITICAL severity (CVSS 9.8)

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40262: Security Advisory: CVE-2026-40262

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-40262 - HIGH severity (CVSS 8.7)

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which do...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40351: Security Advisory: CVE-2026-40351

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-40351 - CRITICAL severity (CVSS 9.8)

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attack...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40352: Security Advisory: CVE-2026-40352

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-40352 - HIGH severity (CVSS 8.8)

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verifica...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40477: Security Advisory: CVE-2026-40477

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-40477 - CRITICAL severity (CVSS 9)

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Al...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40478: Security Advisory: CVE-2026-40478

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-40478 - CRITICAL severity (CVSS 9)

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-4659: Security Advisory: CVE-2026-4659

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-4659 - HIGH severity (CVSS 7.5)

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insuffici...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-5807: Security Advisory: CVE-2026-5807

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CVE-2026-5807 - HIGH severity (CVSS 7.5)

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress ope...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-31843: Security Advisory: CVE-2026-31843

Yazoul Security (contact@yazoul.net) — Thu, 16 Apr 2026 00:00:00 GMT

CVE-2026-31843 - CRITICAL severity (CVSS 9.8)

The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment ...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-37336: Security Advisory: CVE-2026-37336

Yazoul Security (contact@yazoul.net) — Thu, 16 Apr 2026 00:00:00 GMT

CVE-2026-37336 - HIGH severity (CVSS 7.3)

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-37337: Security Advisory: CVE-2026-37337

Yazoul Security (contact@yazoul.net) — Thu, 16 Apr 2026 00:00:00 GMT

CVE-2026-37337 - HIGH severity (CVSS 7.3)

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-37338: Security Advisory: CVE-2026-37338

Yazoul Security (contact@yazoul.net) — Thu, 16 Apr 2026 00:00:00 GMT

CVE-2026-37338 - CRITICAL severity (CVSS 9.4)

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-37347: Security Advisory: CVE-2026-37347

Yazoul Security (contact@yazoul.net) — Thu, 16 Apr 2026 00:00:00 GMT

CVE-2026-37347 - CRITICAL severity (CVSS 9.1)

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-37345: Security Advisory: CVE-2026-37345

Yazoul Security (contact@yazoul.net) — Thu, 16 Apr 2026 00:00:00 GMT

CVE-2026-37345 - CRITICAL severity (CVSS 9.8)

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40322: Security Advisory: CVE-2026-40322

Yazoul Security (contact@yazoul.net) — Thu, 16 Apr 2026 00:00:00 GMT

CVE-2026-40322 - CRITICAL severity (CVSS 9)

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the ...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2025-40899: Security Advisory: CVE-2025-40899

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2025-40899 - HIGH severity (CVSS 8.9)

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges c...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-20147: Security Advisory: CVE-2026-20147

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-20147 - CRITICAL severity (CVSS 9.9)

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vul...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-20180: Security Advisory: CVE-2026-20180

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-20180 - CRITICAL severity (CVSS 9.9)

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-20184: Security Advisory: CVE-2026-20184

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-20184 - CRITICAL severity (CVSS 9.8)

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. ...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-20186: Security Advisory: CVE-2026-20186

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-20186 - CRITICAL severity (CVSS 9.9)

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-6296: Security Advisory: CVE-2026-6296

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-6296 - CRITICAL severity (CVSS 9.6)

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-6299: Security Advisory: CVE-2026-6299

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-6299 - HIGH severity (CVSS 8.8)

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-6300: Security Advisory: CVE-2026-6300

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-6300 - HIGH severity (CVSS 8.8)

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-6301: Security Advisory: CVE-2026-6301

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-6301 - HIGH severity (CVSS 8.8)

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-6302: Security Advisory: CVE-2026-6302

Yazoul Security (contact@yazoul.net) — Wed, 15 Apr 2026 00:00:00 GMT

CVE-2026-6302 - HIGH severity (CVSS 8.8)

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2025-63939: Security Advisory: CVE-2025-63939

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2025-63939 - CRITICAL severity (CVSS 9.8)

Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2025-65135: Security Advisory: CVE-2025-65135

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2025-65135 - CRITICAL severity (CVSS 9.8)

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-27243: Security Advisory: CVE-2026-27243

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-27243 - CRITICAL severity (CVSS 9.3)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerab...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-27245: Security Advisory: CVE-2026-27245

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-27245 - CRITICAL severity (CVSS 9.3)

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-27246: Security Advisory: CVE-2026-27246

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-27246 - CRITICAL severity (CVSS 9.3)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execu...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-27681: Security Advisory: CVE-2026-27681

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-27681 - CRITICAL severity (CVSS 9.9)

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete dat...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-32201: Security Advisory: CVE-2026-32201

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-32201 - MEDIUM severity (CVSS 6.5)

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network....

Affected Products: Microsoft Sharepoint Server, Microsoft Sharepoint Server, Microsoft Sharepoint Server

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-33824: Security Advisory: CVE-2026-33824

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-33824 - CRITICAL severity (CVSS 9.8)

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-34457: Security Advisory: CVE-2026-34457

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-34457 - CRITICAL severity (CVSS 9.1)

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy ...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-39399: Security Advisory: CVE-2026-39399

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-39399 - CRITICAL severity (CVSS 9.6)

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-39808: Security Advisory: CVE-2026-39808

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-39808 - CRITICAL severity (CVSS 9.8)

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code ...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-39813: Security Advisory: CVE-2026-39813

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-39813 - CRITICAL severity (CVSS 9.8)

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40288: Security Advisory: CVE-2026-40288

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-40288 - CRITICAL severity (CVSS 9.8)

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrus...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40313: Security Advisory: CVE-2026-40313

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-40313 - CRITICAL severity (CVSS 9.1)

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/chec...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-40289: Security Advisory: CVE-2026-40289

Yazoul Security (contact@yazoul.net) — Tue, 14 Apr 2026 00:00:00 GMT

CVE-2026-40289 - CRITICAL severity (CVSS 9.1)

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote ses...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-22562: Security Advisory: CVE-2026-22562

Yazoul Security (contact@yazoul.net) — Mon, 13 Apr 2026 00:00:00 GMT

CVE-2026-22562 - CRITICAL severity (CVSS 9.8)

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exec...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-25208: Security Advisory: CVE-2026-25208

Yazoul Security (contact@yazoul.net) — Mon, 13 Apr 2026 00:00:00 GMT

CVE-2026-25208 - HIGH severity (CVSS 8.1)

Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335....

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-28291: Security Advisory: CVE-2026-28291

Yazoul Security (contact@yazoul.net) — Mon, 13 Apr 2026 00:00:00 GMT

CVE-2026-28291 - HIGH severity (CVSS 8.1)

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-33858: Security Advisory: CVE-2026-33858

Yazoul Security (contact@yazoul.net) — Mon, 13 Apr 2026 00:00:00 GMT

CVE-2026-33858 - HIGH severity (CVSS 8.8)

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tru...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.

CVE-2026-35337: Security Advisory: CVE-2026-35337

Yazoul Security (contact@yazoul.net) — Mon, 13 Apr 2026 00:00:00 GMT

CVE-2026-35337 - HIGH severity (CVSS 8.8)

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deseri...

Affected Products: Multiple systems

Read the full security advisory on Yazoul Security

This advisory is published by Yazoul Security - Your trusted source for CVE intelligence and remediation guidance.