NVD disclosure day

Published threat advisories for April 7, 2026

CVE advisoryCRITICAL

CVE-2026-33816

pgx Go library could allow external attacker to cause application outages

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

An external attacker can target the pgx Go library by sending specially crafted data to applications communicating with a database. This can corrupt memory and trigger repeated system crashes, leading to severe service outages and disrupted operations for all users.

NVD published:

CVE advisoryCRITICAL

CVE-2026-33815

jackc/pgx database library could allow external attacker to cause service outages

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

An external attacker can send malicious data to applications using the jackc/pgx database library to trigger system crashes. This can result in persistent service outages, taking down critical business functions by disabling database connectivity.

NVD published:

CVE advisoryKnown Exploit

CVE-2026-34197

Apache ActiveMQ could allow an internal attacker to take full control of the server

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An internal attacker with administrative credentials could take full control of the Apache ActiveMQ server by running malicious commands. This flaw poses a critical business risk, as it could lead to total system compromise and unauthorized access to sensitive message data.

NVD published: • CISA KEV