Published threat advisories for April 28, 2026

An external attacker can trick users into visiting a malicious website to exploit a flaw in Google Chrome, allowing them to bypass security protections and take control of the affected computer. This issue could lead to unauthorized system access and the potential compromise of sensitive corporate data.

NVD published: April 28, 2026

Snap One WattBox 800 and 820 series devices have a flaw that allows an internal attacker with physical label access to gain full administrative control. They could use this access to manipulate power distribution or disable connected equipment, leading to a loss of control over critical infrastructure.

NVD published: April 28, 2026

An internal attacker could exploit the OpenClaw setup process to assign themselves unauthorized administrative permissions. This allows the attacker to gain full control over the device and its associated resources.

NVD published: April 28, 2026

An external attacker can reach the Carlson VASCO-B GNSS Receiver over the network because it lacks security checks. This allows them to change device settings, which could lead to loss of control over the equipment or the disruption of industrial operations.

NVD published: April 28, 2026

An external attacker can exploit a flaw in the NVIDIA NVFlare Dashboard to bypass security controls and gain full administrative access. This allows unauthorized individuals to access restricted data, execute commands, or disrupt operations within your managed environment.

NVD published: April 28, 2026

Pony Mail has a critical flaw allowing full admin takeover via web requests; this version is unsupported and will not be fixed, so restrict access or find an alternative.

NVD published: April 28, 2026

StellarGroup HPX has a critical flaw allowing unauthenticated attackers to take control of systems by sending malicious data over the network. Act now to protect your systems.

NVD published: April 28, 2026

An external attacker could take control of systems running Mozilla Firefox and Thunderbird by luring users to a malicious website to bypass security protections. This could result in the theft of sensitive files or credentials stored on the device.

NVD published: April 28, 2026

An external attacker can exploit an unconfigured OpenCATS installation to gain full control of the underlying server. This exposes the business to potential system compromise and unauthorized access to sensitive data.

NVD published: April 28, 2026

An internal attacker can manipulate account settings in MphRx Minerva to modify another user's email address, allowing them to reset passwords and take over that account. This flaw puts sensitive user data at risk and could lead to unauthorized access to privileged accounts.

NVD published: April 28, 2026

Certain Milesight AIOT cameras have a security flaw allowing attackers to easily impersonate them, potentially accessing sensitive video feeds and data. This is a serious concern as these cameras are often connected to networks for remote monitoring.

NVD published: April 28, 2026

Spring Boot's default web security can be bypassed, allowing unauthorized access to all application endpoints for unconfigured web applications. This is a serious concern for internet-facing services.

NVD published: April 28, 2026

Spring Boot contains a flaw that could allow an internal attacker to intercept or modify data sent between the application and its database. This could expose sensitive information or lead to corrupted records, posing a significant risk to data confidentiality.

NVD published: April 28, 2026