Published threat advisories for April 15, 2026

An internal attacker can exploit a weakness in ArgoCD Image Updater to bypass security controls and modify applications belonging to other tenants. This unauthorized access allows them to force the deployment of unauthorized software, which compromises the integrity of critical business applications.

NVD published: April 15, 2026

An external attacker can access an unprotected part of the Dgraph database to steal security credentials. This gives them full administrative control over the system, allowing them to change sensitive configurations and operations.

NVD published: April 15, 2026

An external attacker could exploit a flaw in Google Chrome to access sensitive memory and potentially take control of a user's session by tricking them into visiting a malicious website. This matters as it could lead to unauthorized access and control of user data.

NVD published: April 15, 2026

A critical flaw in Google Chrome on Android could allow attackers to steal your information by tricking you into visiting a malicious website. Update Chrome immediately.

NVD published: April 15, 2026

An external attacker could trick users into visiting a malicious website to execute unauthorized code on their Android devices. This could lead to sensitive information being exposed or the device being controlled.

NVD published: April 15, 2026

An external attacker can trick users into visiting a malicious webpage to execute malicious code on their computer, potentially leading to the compromise of sensitive files. This impacts widely used Google Chrome browsers.

NVD published: April 15, 2026

By tricking employees into visiting a malicious website, an external attacker can exploit a flaw in Google Chrome to seize control of their devices. This allows the attacker to bypass security, gaining full access to business systems and sensitive data located on those computers.

NVD published: April 15, 2026

An external attacker can exploit a flaw in the Pyroscope API to steal secret keys used for cloud storage. This could allow unauthorized access to sensitive profiling data within the organization's cloud environment.

NVD published: April 15, 2026

A hard-coded security flaw in Sonatype Nexus Repository Manager allows an external attacker to access internal databases and run commands on the server. This could lead to the theft of proprietary software, sabotage of development pipelines, and complete loss of control over the repository server.

NVD published: April 15, 2026

Velociraptor has a flaw where an internal attacker with access to one organization can run unauthorized queries to access data in other restricted areas. This allows unauthorized access to sensitive information and compromises the security of segregated business environments.

NVD published: April 15, 2026

A critical flaw in Slah CMS lets anyone run commands on your server, potentially giving them full control of your website and its data. This needs immediate attention because it’s easily exploitable over the internet.

NVD published: April 15, 2026

An internal attacker with existing administrative access to Cisco Identity Services Engine could gain full system control. This allows them to compromise security policies or completely shut down network access for the entire organization.

NVD published: April 15, 2026

A critical flaw in Cisco Webex single sign-on could let attackers impersonate any user, granting them unauthorized access to your sensitive business communications.

NVD published: April 15, 2026

An internal attacker with limited administrative access to Cisco Identity Services Engine (ISE) can gain full control of the system by executing unauthorized commands. This could allow them to disrupt network connectivity or gain deeper access to critical security infrastructure.

NVD published: April 15, 2026

An internal attacker with valid administrative credentials can exploit Cisco ISE to take full control of the system. This access to critical network management allows the attacker to disrupt or disable all enterprise network connectivity.

NVD published: April 15, 2026

An external attacker can exploit OpenText RightFax to take full control of the server. This could allow them to steal sensitive stored fax documents and administrative credentials, leading to a complete system compromise.

NVD published: April 15, 2026

An external attacker could gain unauthorized administrative access to AVEVA simulation software by bypassing security checks. This allows them to alter sensitive training records and system settings, potentially compromising training data integrity and simulation operations.

NVD published: April 15, 2026

An internal attacker with access to the Upsonic management interface can run unauthorized system commands. This allows them to execute malicious code, which could result in full server control and exposure of sensitive data.

NVD published: April 15, 2026

Critical security flaw in Fastify proxy software allows attackers to bypass security rules, potentially exposing services to unauthorized access. Upgrade immediately.

NVD published: April 15, 2026

A security flaw in @fastify/express lets attackers bypass authentication on web applications by manipulating URLs, potentially exposing protected routes.

NVD published: April 15, 2026

A flaw in @fastify/express can let attackers bypass security checks like logins on your public-facing web services, giving them unauthorized access.

NVD published: April 15, 2026

An external attacker could exploit a flaw in BC-JAVA's cryptography to weaken encryption, potentially exposing confidential data. This matters to the business as it could lead to unauthorized access to sensitive information.

NVD published: April 15, 2026

A critical flaw in the Visa Acceptance Solutions WordPress plugin lets anyone take over your website by just knowing a user's email address. This means attackers can gain complete control of your site without needing a password.

NVD published: April 15, 2026

OpenRemote allows an internal attacker with existing permissions to run unauthorized code, resulting in stolen database credentials and full server control. This flaw risks exposing sensitive data across the entire platform and lets the attacker bypass critical security safeguards.

NVD published: April 15, 2026

The WebStack WordPress theme allows attackers to upload any file, potentially letting them take over your website. This issue is open to anyone on the internet and could lead to unauthorized code execution.

NVD published: April 15, 2026