Published threat advisories for April 27, 2026

An internal attacker can exploit a flaw in Spring Boot to impersonate a messaging server, allowing them to intercept or tamper with sensitive business data. This could lead to unauthorized data exposure and the disruption of critical application services.

NVD published: April 27, 2026

NASA's Earth Observing system is exposed by a critical vulnerability allowing unauthorized access to data or disruption of services. This SQL injection flaw in MODAPS v8.1 warrants immediate attention due to its potential for broad impact on public-facing systems.

NVD published: April 27, 2026

MERCURY MIPC252W IP cameras have a critical flaw allowing unauthorized control and video access over the network. This could let anyone with access hijack your camera feeds.

NVD published: April 27, 2026

An external attacker can exploit Tenda AC18 routers to run unauthorized commands and take full control of the device. This allows intruders to potentially intercept sensitive traffic or gain unauthorized access to the internal network.

NVD published: April 27, 2026

ProjeQtor versions 7.0 through 12.4.3 have a login flaw. Attackers can inject code to steal data or take control of your systems without needing a password.

NVD published: April 27, 2026

An external attacker can use a flaw in leonvanzyl autocoder to run unauthorized commands on the server. This could allow them to gain full control of the system and access sensitive business data.

NVD published: April 27, 2026

An external attacker can send malicious requests to Apache Camel to execute unauthorized commands on the host server. This vulnerability allows the attacker to gain full control over the affected system, risking data exposure and unauthorized access to business operations.

NVD published: April 27, 2026

A critical flaw in Directorist Social Login could let someone gain full control of your website by exploiting how users log in with social accounts. Patching is urgent.

NVD published: April 27, 2026

A critical flaw in Directorist Booking could let attackers steal customer data or disrupt services by tricking the system with malicious input. This impacts online booking systems and requires immediate attention.

NVD published: April 27, 2026

An external attacker can exploit a flaw in Apache MINA by sending malicious network data to run unauthorized code on the system. This could allow them to gain full control of affected systems, access sensitive data, and compromise the business environment.

NVD published: April 27, 2026

Apache Camel's mail processing can be tricked by malicious emails, letting attackers change how your applications run and potentially execute unauthorized code. This is a critical issue for systems handling inbound mail.

NVD published: April 27, 2026

An external attacker can exploit a flaw in Apache MINA to bypass security protections by sending malicious network data. This allows them to execute unauthorized commands and potentially gain complete administrative control over the affected servers.

NVD published: April 27, 2026

Because of a security flaw in Apache Camel, an internal attacker can run unauthorized code on application servers. This issue could lead to a full system compromise, granting them control over critical business infrastructure.

NVD published: April 27, 2026

A flaw in Apache Camel could allow an internal attacker to inject malicious commands, enabling them to run unauthorized code and modify system files. This could lead to a full system compromise or unauthorized changes to your server environment.

NVD published: April 27, 2026

An internal attacker on your network can exploit how GeoVision GV-IP Device Utility handles authentication to steal administrative credentials. This access allows them to take control of devices, potentially causing service disruptions or unauthorized configuration changes.

NVD published: April 27, 2026