Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-26391 | 5.4 (v3.1) | SolarWinds Observability Self-Hosted XSS Vulnerability |
SolarWinds |
SolarWinds Observability Self-Hosted |
2025-11-18T08:53:01.036Z | 2025-11-18T08:53:01.036Z |
| cve-2025-32049 | 7.5 (v3.1) | Libsoup: denial of service attack to websocket server |
|
|
2025-04-03T13:36:13.035Z | 2025-11-18T08:36:53.872Z |
| cve-2025-32914 | 7.4 (v3.1) | Libsoup: oob read on libsoup through function "soup_m… |
|
|
2025-04-14T14:45:46.300Z | 2025-11-18T08:36:48.023Z |
| cve-2025-2784 | 7 (v3.1) | Libsoup: heap buffer over-read in `skip_insignificant_… |
|
|
2025-04-03T01:40:12.164Z | 2025-11-18T08:36:15.526Z |
| cve-2025-4035 | 4.3 (v3.1) | Libsoup: cookie domain validation bypass via uppercase… |
Red Hat |
Red Hat Enterprise Linux 10 |
2025-04-29T12:56:22.726Z | 2025-11-18T08:35:54.319Z |
| cve-2025-32907 | 5.3 (v3.1) | Libsoup: denial of service in server when client reque… |
|
|
2025-04-14T14:00:09.723Z | 2025-11-18T08:35:33.088Z |
| cve-2025-46421 | 6.8 (v3.1) | Libsoup: information disclosure may leads libsoup clie… |
|
|
2025-04-24T13:01:24.589Z | 2025-11-18T08:35:16.184Z |
| cve-2025-32913 | 7.5 (v3.1) | Libsoup: null pointer dereference in soup_message_hea… |
|
|
2025-04-14T13:37:36.587Z | 2025-11-18T08:35:03.846Z |
| cve-2025-32911 | 9 (v3.1) | Libsoup: double free on soup_message_headers_get_cont… |
|
|
2025-04-15T15:39:34.919Z | 2025-11-18T08:34:54.179Z |
| cve-2025-32906 | 7.5 (v3.1) | Libsoup: out of bounds reads in soup_headers_parse_request() |
|
|
2025-04-14T13:58:39.718Z | 2025-11-18T08:34:40.834Z |
| cve-2025-4948 | 7.5 (v3.1) | Libsoup: integer underflow in soup_multipart_new_from_… |
|
|
2025-05-19T15:55:46.230Z | 2025-11-18T08:34:19.758Z |
| cve-2025-12078 | ArtiBot Free Chat Bot for WebSites <= 1.1.7 - Reflecte… |
artibot |
ArtiBot Free Chat Bot for WebSites |
2025-11-18T08:27:37.836Z | 2025-11-18T08:27:37.836Z | |
| cve-2025-12406 | Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Requ… |
awensley |
Project Honey Pot Spam Trap |
2025-11-18T08:27:37.486Z | 2025-11-18T08:27:37.486Z | |
| cve-2025-12961 | Download Panel <= 1.3.3 - Missing Authorization to Aut… |
arkadiykilesso |
Download Panel (Biggiko Team) |
2025-11-18T08:27:37.109Z | 2025-11-18T08:27:37.109Z | |
| cve-2025-13088 | Category and Product Woocommerce Tabs <= 1.0 - Authent… |
ikhodal |
Category and Product Woocommerce Tabs |
2025-11-18T08:27:36.700Z | 2025-11-18T08:27:36.700Z | |
| cve-2025-12372 | The Permalinks Cascade <= 2.2 - Missing Authorization … |
_luigi |
The Permalinks Cascade |
2025-11-18T08:27:36.112Z | 2025-11-18T08:27:36.112Z | |
| cve-2025-12775 | WP Dropzone <= 1.1.0 - Authenticated (Subscriber+) Arb… |
nazsabuz |
WP Dropzone |
2025-11-18T08:27:35.732Z | 2025-11-18T08:27:35.732Z | |
| cve-2025-8727 | 7.2 (v3.1) | A stack buffer overflow vulnerability exists in the Su… |
SMCI |
X13SEDW-F |
2025-11-18T07:52:09.494Z | 2025-11-18T07:52:09.494Z |
| cve-2025-8404 | 5.5 (v3.1) | Stack buffer overflow vulnerability exists in the Supe… |
SMCI |
MBD-X13SEDW-F |
2025-11-18T07:43:15.191Z | 2025-11-18T07:43:15.191Z |
| cve-2025-11265 | VK All in One Expansion Unit <= 9.112.1 - Authenticate… |
kurudrive |
VK All in One Expansion Unit |
2025-11-18T07:30:37.308Z | 2025-11-18T07:30:37.308Z | |
| cve-2025-11267 | VK All in One Expansion Unit <= 9.112.1 - Authenticate… |
kurudrive |
VK All in One Expansion Unit |
2025-11-18T07:30:36.752Z | 2025-11-18T07:30:36.752Z | |
| cve-2025-13226 | N/A | Type Confusion in V8 in Google Chrome prior to 14… |
Google |
Chrome |
2025-11-17T23:19:52.070Z | 2025-11-18T04:55:30.639Z |
| cve-2025-13227 | N/A | Type Confusion in V8 in Google Chrome prior to 14… |
Google |
Chrome |
2025-11-17T23:19:52.765Z | 2025-11-18T04:55:29.939Z |
| cve-2025-13228 | N/A | Type Confusion in V8 in Google Chrome prior to 14… |
Google |
Chrome |
2025-11-17T23:19:53.123Z | 2025-11-18T04:55:29.124Z |
| cve-2025-13229 | N/A | Type Confusion in V8 in Google Chrome prior to 14… |
Google |
Chrome |
2025-11-17T23:19:53.436Z | 2025-11-18T04:55:28.431Z |
| cve-2025-13230 | N/A | Type Confusion in V8 in Google Chrome prior to 14… |
Google |
Chrome |
2025-11-17T23:19:53.786Z | 2025-11-18T04:55:27.563Z |
| cve-2025-13224 | N/A | Type Confusion in V8 in Google Chrome prior to 14… |
Google |
Chrome |
2025-11-17T23:03:39.401Z | 2025-11-18T04:55:26.510Z |
| cve-2025-13223 | N/A | Type Confusion in V8 in Google Chrome prior to 14… |
Google |
Chrome |
2025-11-17T23:03:38.938Z | 2025-11-18T04:55:25.335Z |
| cve-2025-36357 | 8 (v3.1) | IBM Planning Analytics Local Directory Traversal |
IBM |
IBM Planning Analytics Local |
2025-11-17T20:07:00.856Z | 2025-11-18T04:55:24.326Z |
| cve-2025-34323 | 8.5 (v4.0) | Nagios Log Server < 2026R1.0.1 Local Privilege Escalat… |
Nagios |
Log Server |
2025-11-17T17:48:28.973Z | 2025-11-18T04:55:23.236Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-005167 | EL Injection Vulnerability in Hitachi Tuning Manager | 2024-08-15T09:38+09:00 | 2024-08-15T09:38+09:00 |
| jvndb-2016-000124 | WAON service app for Android fails to verify SSL server certificates | 2024-08-15T09:36+09:00 | 2024-08-15T09:36+09:00 |
| jvndb-2024-000083 | Firmware update for RICOH JavaTM Platform resets the TLS configuration | 2024-08-06T15:13+09:00 | 2024-08-06T15:13+09:00 |
| jvndb-2024-000079 | Cybozu Office vulnerable to bypass browsing restrictions in Custom App | 2024-08-06T14:59+09:00 | 2024-08-06T14:59+09:00 |
| jvndb-2024-000082 | Pimax Play and PiTool accept WebSocket connections from unintended endpoints | 2024-08-05T13:58+09:00 | 2024-08-05T13:58+09:00 |
| jvndb-2024-000084 | Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN | 2024-08-05T13:46+09:00 | 2024-08-05T13:46+09:00 |
| jvndb-2024-000074 | Multiple vulnerabilities in SKYSEA Client View | 2024-07-29T15:28+09:00 | 2024-07-31T14:12+09:00 |
| jvndb-2024-000077 | FFRI AMC vulnerable to OS command injection | 2024-07-30T16:40+09:00 | 2024-07-30T16:40+09:00 |
| jvndb-2024-000081 | EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting | 2024-07-30T14:06+09:00 | 2024-07-30T14:06+09:00 |
| jvndb-2024-000080 | EC-CUBE 4 Series improper input validation when installing plugins | 2024-07-30T13:56+09:00 | 2024-07-30T13:56+09:00 |
| jvndb-2024-000028 | Multiple vulnerabilities in SKYSEA Client View | 2024-03-07T16:09+09:00 | 2024-07-29T18:13+09:00 |
| jvndb-2024-000076 | SDoP contains a stack-based buffer overflow vulnerability. | 2024-07-29T17:24+09:00 | 2024-07-29T17:24+09:00 |
| jvndb-2024-003242 | OMRON NJ/NX series vulnerable to insufficient verification of data authenticity | 2024-05-28T12:28+09:00 | 2024-07-26T16:27+09:00 |
| jvndb-2021-000105 | PowerCMS XMLRPC API vulnerable to OS command injection | 2021-11-24T15:47+09:00 | 2024-07-26T15:22+09:00 |
| jvndb-2024-000075 | ORC vulnerable to stack-based buffer overflow | 2024-07-26T13:55+09:00 | 2024-07-26T13:55+09:00 |
| jvndb-2022-000030 | Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM | 2022-05-09T15:02+09:00 | 2024-07-18T16:30+09:00 |
| jvndb-2024-000073 | Assimp vulnerable to heap-based buffer overflow | 2024-07-18T13:44+09:00 | 2024-07-18T13:44+09:00 |
| jvndb-2024-000072 | Cybozu Garoon vulnerable to cross-site scripting | 2024-07-16T16:14+09:00 | 2024-07-16T16:14+09:00 |
| jvndb-2024-000071 | FUJITSU Network Edgiot GW1500 vulnerable to path traversal | 2024-07-16T14:41+09:00 | 2024-07-16T14:41+09:00 |
| jvndb-2023-007150 | Multiple vulnerabilities in First Corporation's DVRs | 2023-11-17T17:31+09:00 | 2024-07-11T17:05+09:00 |
| jvndb-2023-000094 | Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce" | 2023-09-22T13:51+09:00 | 2024-07-11T16:49+09:00 |
| jvndb-2024-000007 | Multiple Dahua Technology products vulnerable to authentication bypass | 2024-01-18T13:43+09:00 | 2024-07-11T16:10+09:00 |
| jvndb-2024-001882 | Sharp NEC Display Solutions' public displays vulnerable to local file inclusion | 2024-02-07T14:25+09:00 | 2024-07-11T14:27+09:00 |
| jvndb-2024-000070 | Out-of-bounds write vulnerability in Ricoh MFPs and printers | 2024-07-10T14:16+09:00 | 2024-07-10T14:16+09:00 |
| jvndb-2024-000059 | Multiple vulnerabilities in multiple Webmin products | 2024-07-09T14:27+09:00 | 2024-07-09T14:27+09:00 |
| jvndb-2024-000069 | Cleartext transmission issue in TONE store App to TONE store | 2024-07-08T13:43+09:00 | 2024-07-08T13:43+09:00 |
| jvndb-2024-000068 | JP1/Extensible SNMP Agent fails to restrict access permissions | 2024-07-03T14:57+09:00 | 2024-07-03T14:57+09:00 |
| jvndb-2017-000194 | WSR-300HP vulnerable to arbitrary code execution | 2017-08-08T18:07+09:00 | 2024-07-02T17:55+09:00 |
| jvndb-2024-003831 | Multiple TP-Link products vulnerable to OS command injection | 2024-06-28T17:38+09:00 | 2024-06-28T17:38+09:00 |
| jvndb-2024-000067 | "Piccoma" App uses a hard-coded API key for an external service | 2024-06-28T13:18+09:00 | 2024-06-28T13:18+09:00 |