Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-39941 | ChurchCRM has an XSS vulnerability |
ChurchCRM |
CRM |
2026-04-09T15:38:07.444Z | 2026-04-10T14:05:39.204Z | |
| cve-2026-5960 | code-projects Patient Record Management System SQL Dat… |
code-projects |
Patient Record Management System |
2026-04-09T15:15:11.648Z | 2026-04-10T14:04:51.221Z | |
| cve-2026-35205 | Helm's plugin verification fails open when .prov is mi… |
helm |
helm |
2026-04-09T15:06:41.052Z | 2026-04-09T16:05:00.744Z | |
| cve-2025-14551 | 2.7 (v4.0) | Senstive information disclosure was affecting subiquity |
Canonical |
Ubuntu |
2026-04-09T15:03:58.798Z | 2026-04-10T13:54:40.369Z |
| cve-2026-35204 | Helm has a path traversal in plugin metadata version e… |
helm |
helm |
2026-04-09T15:03:28.668Z | 2026-04-09T17:46:15.811Z | |
| cve-2025-15480 | 2.7 (v4.0) | Senstive information disclosure was affecting ubuntu-d… |
Canonical |
Ubuntu |
2026-04-09T15:02:14.066Z | 2026-04-10T13:57:17.350Z |
| cve-2026-35041 | ReDoS in fast-jwt when using RegExp in allowed* leadin… |
nearform |
fast-jwt |
2026-04-09T14:55:22.807Z | 2026-04-09T16:15:25.352Z | |
| cve-2026-35040 | fast-jwt: Stateful RegExp (/g or /y) causes non-determ… |
nearform |
fast-jwt |
2026-04-09T14:52:56.436Z | 2026-04-13T20:03:41.746Z | |
| cve-2026-4878 | 6.7 (v3.1) | Libcap: libcap: privilege escalation via toctou race c… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-04-09T14:49:02.942Z | 2026-04-30T19:01:57.197Z |
| cve-2026-5439 | N/A | Memory Exhaustion via Forged ZIP Metadata |
Orthanc |
DICOM Server |
2026-04-09T14:44:37.078Z | 2026-04-14T16:34:14.439Z |
| cve-2026-5437 | N/A | Out-of-Bounds Read in DicomStreamReader |
Orthanc |
DICOM Server |
2026-04-09T14:44:17.972Z | 2026-04-14T16:34:20.487Z |
| cve-2026-5438 | N/A | Gzip Decompression Bomb via Content-Encoding Header |
Orthanc |
DICOM Server |
2026-04-09T14:44:05.375Z | 2026-04-14T16:34:26.623Z |
| cve-2026-5440 | N/A | Memory Exhaustion via Unbounded Content-Length |
Orthanc |
DICOM Server |
2026-04-09T14:43:55.684Z | 2026-04-14T16:34:31.991Z |
| cve-2026-5442 | N/A | Heap Buffer Overflow in DICOM Image Decoder via VR UL … |
Orthanc |
DICOM Server |
2026-04-09T14:43:43.571Z | 2026-04-14T16:34:39.322Z |
| cve-2026-5443 | N/A | Heap Buffer Overflow in DICOM Image Decoder (Palette C… |
Orthanc |
DICOM Server |
2026-04-09T14:43:15.227Z | 2026-04-14T16:34:45.930Z |
| cve-2026-5445 | N/A | Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable) |
Orthanc |
DICOM Server |
2026-04-09T14:42:51.673Z | 2026-04-14T16:34:52.024Z |
| cve-2026-5444 | N/A | Heap Buffer Overflow in PAM Image Buffer Allocation |
Orthanc |
DICOM Server |
2026-04-09T14:42:30.696Z | 2026-04-14T16:34:57.706Z |
| cve-2026-5441 | N/A | Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 De… |
Orthanc |
DICOM Server |
2026-04-09T14:42:04.597Z | 2026-04-14T16:35:04.748Z |
| cve-2026-34757 | LIBPNG has a yse-after-free in png_set_PLTE, png_set_t… |
pnggroup |
libpng |
2026-04-09T14:41:18.195Z | 2026-04-09T16:07:31.052Z | |
| cve-2026-34578 | OPNsense has an LDAP Injection via Unsanitized Usernam… |
opnsense |
core |
2026-04-09T14:34:20.158Z | 2026-04-09T17:45:23.099Z | |
| cve-2025-62718 | Axios has a NO_PROXY Hostname Normalization Bypass tha… |
axios |
axios |
2026-04-09T14:31:46.067Z | 2026-04-16T18:44:20.705Z | |
| cve-2026-5959 | GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Rese… |
GL.iNet |
GL-RM1 |
2026-04-09T14:30:14.351Z | 2026-04-13T20:01:57.939Z | |
| cve-2026-4116 | N/A | Improper handling of Unicode encoding in SonicWal… |
SonicWall |
SMA1000 |
2026-04-09T14:27:29.341Z | 2026-04-13T18:26:18.229Z |
| cve-2026-4114 | N/A | Improper handling of Unicode encoding in SonicWal… |
SonicWall |
SMA1000 |
2026-04-09T14:25:41.059Z | 2026-04-13T13:04:16.553Z |
| cve-2026-4113 | N/A | An observable response discrepancy vulnerability … |
SonicWall |
SMA1000 |
2026-04-09T14:23:53.270Z | 2026-04-13T18:27:04.538Z |
| cve-2026-4112 | N/A | Improper neutralization of special elements used … |
SonicWall |
SMA1000 |
2026-04-09T14:22:21.018Z | 2026-04-13T13:04:16.689Z |
| cve-2026-4660 | 7.5 (v3.1) | Go-getter may allow to arbitrary filesystem reads thro… |
HashiCorp |
Tooling |
2026-04-09T13:47:46.953Z | 2026-04-17T17:57:55.534Z |
| cve-2026-2519 | Online Scheduling and Appointment Booking System – Boo… |
ladela |
Online Scheduling and Appointment Booking System – Bookly |
2026-04-09T12:28:06.471Z | 2026-04-13T15:15:09.493Z | |
| cve-2026-3005 | List category posts <= 0.94.0 - Authenticated (Author+… |
fernandobt |
List category posts |
2026-04-09T12:28:05.799Z | 2026-04-09T17:41:29.900Z | |
| cve-2025-57735 | Apache Airflow: Airflow Logout Not Invalidating JWT |
Apache Software Foundation |
Apache Airflow |
2026-04-09T11:12:41.735Z | 2026-04-09T17:25:08.801Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2022-avi-1111 | Vulnérabilité dans Tenable.ad | 2022-12-16T00:00:00.000000 | 2022-12-16T00:00:00.000000 |
| certfr-2022-avi-1110 | Multiples vulnérabilités dans VMware vRealize Operations | 2022-12-16T00:00:00.000000 | 2022-12-16T00:00:00.000000 |
| certfr-2022-avi-1109 | Multiples vulnérabilités dans Google Chrome | 2022-12-15T00:00:00.000000 | 2023-01-11T00:00:00.000000 |
| certfr-2022-avi-1108 | Multiples vulnérabilités dans les produits Apple | 2022-12-15T00:00:00.000000 | 2022-12-15T00:00:00.000000 |
| certfr-2022-avi-1107 | Multiples vulnérabilités dans Bluetooth Core Specification | 2022-12-15T00:00:00.000000 | 2022-12-15T00:00:00.000000 |
| certfr-2022-avi-1106 | Multiples vulnérabilités dans les produits Microsoft | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1105 | Multiples vulnérabilités dans Microsoft Azure | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1104 | Vulnérabilité dans Microsoft .Net | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1103 | Multiples vulnérabilités dans Microsoft Windows | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1102 | Multiples vulnérabilités dans Microsoft Office | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1101 | Multiples vulnérabilités dans les produits SAP | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1100 | Multiples vulnérabilités dans Aruba EdgeConnect Enterprise Orchestrator | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1099 | Vulnérabilité dans OpenSSL | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1098 | Vulnérabilité dans Sonicwall SentinelOne Agent | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1097 | Multiples vulnérabilités dans Typo3 cms-core | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1096 | Multiples vulnérabilités dans les produits VMware | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1095 | Multiples vulnérabilités dans les produits Mozilla | 2022-12-14T00:00:00.000000 | 2022-12-14T00:00:00.000000 |
| certfr-2022-avi-1094 | Multiples vulnérabilités dans les produits Siemens | 2022-12-13T00:00:00.000000 | 2022-12-13T00:00:00.000000 |
| certfr-2022-avi-1093 | Multiples vulnérabilités dans les produits Schneider | 2022-12-13T00:00:00.000000 | 2022-12-13T00:00:00.000000 |
| certfr-2022-avi-1092 | Multiples vulnérabilités dans Foxit PDF Reader et Editor | 2022-12-13T00:00:00.000000 | 2022-12-13T00:00:00.000000 |
| certfr-2022-avi-1091 | Vulnérabilité dans Citrix ADC et Gateway | 2022-12-13T00:00:00.000000 | 2022-12-13T00:00:00.000000 |
| certfr-2022-avi-1090 | Vulnérabilité dans Fortinet FortiOS SSL-VPN | 2022-12-13T00:00:00.000000 | 2022-12-13T00:00:00.000000 |
| certfr-2022-avi-1089 | Vulnérabilité dans NetApp FAS/AFF BIOS | 2022-12-13T00:00:00.000000 | 2022-12-13T00:00:00.000000 |
| certfr-2022-avi-1088 | Multiples vulnérabilités dans Synology DSM et SRM | 2022-12-12T00:00:00.000000 | 2022-12-12T00:00:00.000000 |
| certfr-2022-avi-1087 | Multiples vulnérabilités dans Intel OpenIPC | 2022-12-12T00:00:00.000000 | 2022-12-12T00:00:00.000000 |
| certfr-2022-avi-1086 | Multiples vulnérabilités dans les produits VMware | 2022-12-09T00:00:00.000000 | 2022-12-09T00:00:00.000000 |
| certfr-2022-avi-1085 | Vulnérabilité dans le produit Cisco IP Phone | 2022-12-09T00:00:00.000000 | 2023-04-28T00:00:00.000000 |
| certfr-2022-avi-1084 | Multiples vulnérabilités dans Google Android | 2022-12-08T00:00:00.000000 | 2022-12-08T00:00:00.000000 |
| certfr-2022-avi-1083 | Multiples vulnérabilités dans Xen | 2022-12-08T00:00:00.000000 | 2023-01-23T00:00:00.000000 |
| certfr-2022-avi-1082 | Multiples vulnérabilités dans Wireshark | 2022-12-08T00:00:00.000000 | 2022-12-08T00:00:00.000000 |