Published threat advisories for April 24, 2026

An internal attacker can exploit a flaw in Saltcorn's synchronization feature to compromise the database. This could allow them to steal administrative credentials, modify proprietary business data, or destroy critical records.

NVD published: April 24, 2026

Clerk's authentication service has a flaw that lets attackers skip security checks and access protected parts of websites. This is a critical issue because it could allow unauthorized access to your data and services.

NVD published: April 24, 2026

Budibase, a popular low-code platform, has a critical security flaw allowing anyone to bypass login and access sensitive data or disrupt services. Update immediately to protect your internal tools and applications.

NVD published: April 24, 2026

An external attacker can steal administrative credentials from Dgraph by accessing unprotected configuration data. This flaw allows them to bypass security controls to gain full unauthorized access to the database and its sensitive records.

NVD published: April 24, 2026

An external attacker can exploit a flaw in the Dgraph database to bypass security and gain full access to all stored information. This allows unauthorized parties to steal or expose sensitive organizational data, resulting in a potential total breach of critical business records.

NVD published: April 24, 2026

A flaw in the Dgraph database allows an external attacker to gain full read access to all stored information. This vulnerability creates a significant risk of exposing sensitive proprietary and customer data held within the system.

NVD published: April 24, 2026

A flaw in the Axios library allows attackers to secretly alter data from API responses, potentially leading to unauthorized access or financial manipulation. This widely used tool makes many applications vulnerable.

NVD published: April 24, 2026

An external attacker can exploit a flaw in Axios to bypass security settings, allowing them to reach private internal services that should remain isolated. This access could result in unauthorized data exposure or administrative control over critical internal systems.

NVD published: April 24, 2026

A critical flaw in AWS Ops Wheel lets anyone become an admin by faking a security token, giving them full access to your data and user accounts. This needs immediate attention due to widespread exposure.

NVD published: April 24, 2026

BridgeHead FileStore versions before 24A allow anyone to remotely take over your system using default passwords, giving them full control. This is urgent because it's an easy way for attackers to access your critical data systems.

NVD published: April 24, 2026

An external attacker can exploit a memory error in the Linux kernel via network traffic to crash the system or gain administrative control. This could lead to unexpected service outages and unauthorized access to critical infrastructure.

NVD published: April 24, 2026

An internal attacker can exploit a flaw in the Linux kernel to bypass established network security controls. This enables them to misdirect traffic, potentially leading to the interception of sensitive data or unauthorized access to restricted network segments.

NVD published: April 24, 2026

A flaw in the Linux kernel's network component can cause systems to crash if they receive oversized data responses, potentially disrupting services. This warrants attention because network stability is crucial for operations.

NVD published: April 24, 2026

An internal attacker with access to a local network using the Linux batman-adv module could trigger a system crash. This is a business risk because it allows an unauthorized user to disrupt network connectivity and force key infrastructure nodes offline.

NVD published: April 24, 2026

A flaw in the Linux kernel network driver allows an internal attacker with local access to compromise system memory. This could enable unauthorized access to sensitive information or lead to system crashes, risking both data security and business operations.

NVD published: April 24, 2026

An external attacker can exploit an error in the Linux kernel’s network authentication process by sending malicious data packets. This could allow them to crash systems or bypass security, posing a significant risk to service availability and unauthorized system access.

NVD published: April 24, 2026

An external attacker can exploit a vulnerability in the Linux kernel to access sensitive system memory. This can lead to the unauthorized exposure of confidential data and may help an attacker bypass security protections to compromise the affected system.

NVD published: April 24, 2026

An external attacker can send malicious network traffic to the Linux kernel, causing system crashes or service outages. This vulnerability could allow unauthorized code to run or grant attackers higher system access, threatening the stability and security of business operations.

NVD published: April 24, 2026

A flaw in the Linux kernel’s file sharing component could allow an internal attacker to crash the system. This could lead to unplanned service outages and instability for business operations that rely on network file storage.

NVD published: April 24, 2026

An external attacker can send malicious network requests to the Linux kernel SMB server to corrupt system memory and trigger a crash. This could result in service outages, disrupting critical file sharing and resource management capabilities essential for business operations.

NVD published: April 24, 2026

The Linux kernel USB/IP component has a flaw that allows an external attacker to crash the system or gain unauthorized control. By directing a user to a malicious server, the attacker could trigger system failures and compromise sensitive business operations.

NVD published: April 24, 2026

An internal attacker with existing system access could exploit a flaw in the Linux kernel to crash the system or gain total control. This allows them to compromise the operating system, potentially leading to unauthorized data access and significant service downtime.

NVD published: April 24, 2026

The Linux kernel contains a flaw in its file-sharing software that could allow an internal attacker to disrupt business operations. By targeting network connections, they could trigger memory errors that lead to system crashes and service outages.

NVD published: April 24, 2026

An external attacker can exploit a flaw in the CodeChecker web interface to bypass security checks and grant themselves or others elevated access rights. This could lead to unauthorized control over sensitive code analysis data and project defect information.

NVD published: April 24, 2026

Azure IoT Central has a critical flaw allowing an attacker with existing access to steal sensitive files and take control of devices. This is a serious risk for businesses using this platform.

NVD published: April 24, 2026

The Delta Electronics AS320T has a security flaw that allows an internal attacker to disrupt system operations or take control of the device by sending invalid requests. This could lead to a loss of control over critical industrial processes and halt production workflows.

NVD published: April 24, 2026

An internal attacker can exploit a file name error in the Delta Electronics AS320T to potentially gain administrative control or crash the system. This risk could lead to unauthorized modification of industrial control operations or critical service disruptions.

NVD published: April 24, 2026

Critical flaws in Delta AS320T web services allow attackers to take over devices over the network, impacting industrial control systems.

NVD published: April 24, 2026

An internal attacker can exploit a flaw in Kyverno to trick the system into sending sensitive authentication tokens to an unauthorized server. This allows them to steal administrative access and take full control of the entire computing cluster.

NVD published: April 24, 2026

A critical flaw in SenseLive X3050 devices allows unauthenticated attackers to access sensitive configuration settings over the network, potentially leading to full control.

NVD published: April 24, 2026

An unauthenticated attacker can take full administrative control of SenseLive X3050 devices over the network, allowing them to change critical settings and operational modes. This is a serious risk for devices exposed online.

NVD published: April 24, 2026

SenseLive X3050 devices may not properly update passwords after a reset, potentially allowing unauthorized access through the web interface. This issue warrants attention due to its impact on device security.

NVD published: April 24, 2026

SenseLive X3050 devices have a critical flaw in their web login that could let anyone take control by tricking the system into thinking they are an administrator. This impacts potentially many devices that offer remote management.

NVD published: April 24, 2026

An attacker can lock out SenseLive X3050 devices through their web interface, causing a complete disruption that needs expert intervention to fix. This affects critical gateway functions and connected systems.

NVD published: April 24, 2026

SenseLive X3050 devices have a critical flaw allowing anyone to update or steal their firmware. This could let attackers take full control of your equipment.

NVD published: April 24, 2026