Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-34039 | 10 (v4.0) | Yonyou NC BeanShell Command Injection |
Yonyou Co., Ltd. |
UFIDA NC |
2025-06-24T01:07:05.619Z | 2025-11-17T21:54:19.579Z |
| cve-2025-13302 | code-projects Courier Management System add-new-office… |
code-projects |
Courier Management System |
2025-11-17T21:32:05.929Z | 2025-11-17T21:49:59.914Z | |
| cve-2025-64766 | NixOS has hardcoded credentials in Onlyoffice module |
NixOS |
nixpkgs |
2025-11-17T21:38:10.023Z | 2025-11-17T21:49:28.642Z | |
| cve-2025-34298 | 8.7 (v4.0) | Nagios Log Server < 2024R1.3.2 Set Email Privilege Esc… |
Nagios |
Log Server |
2025-10-30T21:25:52.056Z | 2025-11-17T21:36:25.925Z |
| cve-2025-34280 | 8.6 (v4.0) | Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certi… |
Nagios |
Network Analyzer |
2025-10-30T21:27:41.203Z | 2025-11-17T21:36:25.762Z |
| cve-2025-34278 | 5.1 (v4.0) | Nagios Network Analyzer < 2024R1 Source Groups / Perce… |
Nagios |
Network Analyzer |
2025-10-30T21:28:11.933Z | 2025-11-17T21:36:25.596Z |
| cve-2025-34277 | 9.4 (v4.0) | Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashb… |
Nagios |
Log Server |
2025-10-30T21:25:32.852Z | 2025-11-17T21:36:25.444Z |
| cve-2025-34274 | 9.3 (v4.0) | Nagios Log Server < 2024R2.0.3 Logstash Process Root P… |
Nagios |
Log Server |
2025-10-30T21:23:54.741Z | 2025-11-17T21:36:25.216Z |
| cve-2025-34273 | 7.1 (v4.0) | Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion |
Nagios |
Log Server |
2025-10-30T21:24:43.451Z | 2025-11-17T21:36:24.971Z |
| cve-2025-34272 | 5.3 (v4.0) | Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashb… |
Nagios |
Log Server |
2025-10-30T21:25:10.601Z | 2025-11-17T21:36:24.794Z |
| cve-2025-34271 | 8.7 (v4.0) | Nagios Log Server < 2024R2.0.2 Cluster Manager Credent… |
Nagios |
Log Server |
2025-10-30T21:22:51.043Z | 2025-11-17T21:36:24.505Z |
| cve-2025-34270 | 6.9 (v4.0) | Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password… |
Nagios |
Log Server |
2025-10-30T21:22:28.949Z | 2025-11-17T21:36:24.190Z |
| cve-2024-58273 | 8.5 (v4.0) | Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend… |
Nagios |
Log Server |
2025-10-30T21:24:15.621Z | 2025-11-17T21:36:24.008Z |
| cve-2023-7323 | 5.1 (v4.0) | Nagios Log Server < 2024R1 XSS via Create User Function |
Nagios |
Log Server |
2025-10-30T21:27:03.493Z | 2025-11-17T21:36:23.836Z |
| cve-2023-7322 | 8.7 (v4.0) | Nagios Log Server < 2024R1 Incorrect Authorization Gra… |
Nagios |
Log Server |
2025-10-30T21:23:34.547Z | 2025-11-17T21:36:23.640Z |
| cve-2023-7321 | 5.1 (v4.0) | Nagios Log Server < 2.1.14 XSS via Snapshots Page |
Nagios |
Log Server |
2025-10-30T21:27:23.232Z | 2025-11-17T21:36:23.480Z |
| cve-2023-7319 | 5.1 (v4.0) | Nagios Network Analyzer < 2024R1 XSS via Percentile Ca… |
Nagios |
Network Analyzer |
2025-10-30T21:28:29.373Z | 2025-11-17T21:36:23.299Z |
| cve-2023-7312 | 6.2 (v4.0) | Nagios Fusion < 4.2.0 Email Settings Stored XSS via SM… |
Nagios |
Fusion |
2025-10-30T21:19:51.723Z | 2025-11-17T21:36:23.135Z |
| cve-2023-53690 | 6.2 (v4.0) | Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS |
Nagios |
Fusion |
2025-10-30T21:20:37.543Z | 2025-11-17T21:36:22.933Z |
| cve-2023-53689 | 6 (v4.0) | Nagios Fusion < 4.2.0 License Information Reflected XSS |
Nagios |
Fusion |
2025-10-30T21:20:59.302Z | 2025-11-17T21:36:22.771Z |
| cve-2020-36858 | 5.1 (v4.0) | Nagios Log Server < 2.1.6 XSS via Create User, Edit Us… |
Nagios |
Log Server |
2025-10-30T21:26:38.984Z | 2025-11-17T21:36:22.598Z |
| cve-2018-25119 | 5.1 (v4.0) | Nagios Fusion < 4.1.5 XSS via fusionwindow Parameter |
Nagios |
Fusion |
2025-10-30T21:21:46.769Z | 2025-11-17T21:36:22.437Z |
| cve-2017-20209 | 5.1 (v4.0) | Nagios Fusion < 4.0.1 XSS via Users/Servers Page |
Nagios |
Fusion |
2025-10-30T21:22:07.861Z | 2025-11-17T21:36:22.243Z |
| cve-2016-15049 | 5.1 (v4.0) | Nagios Log Server < 1.4.2 Dashboards Logs Table XSS |
Nagios |
Log Server |
2025-10-30T21:23:13.241Z | 2025-11-17T21:36:22.045Z |
| cve-2025-34043 | 10 (v4.0) | Vacron NVR Remote Command Execution |
Vacron |
Network Video Recorder (NVR) |
2025-06-26T15:51:22.357Z | 2025-11-17T21:35:24.831Z |
| cve-2025-34040 | 10 (v4.0) | Seeyon Zhiyuan OA System Path Traversal File Upload |
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.) |
Zhiyuan OA Web Application System |
2025-06-24T01:12:22.769Z | 2025-11-17T21:34:13.511Z |
| cve-2025-34041 | 10 (v4.0) | Sangfor Endpoint Detection and Response OS Command Injection |
Sangfor Technologies Co., Ltd. |
Endpoint Detection and Response Platform |
2025-06-24T01:39:59.289Z | 2025-11-17T21:30:42.653Z |
| cve-2025-13301 | itsourcecode Web-Based Internet Laboratory Management … |
itsourcecode |
Web-Based Internet Laboratory Management System |
2025-11-17T21:02:06.509Z | 2025-11-17T21:28:56.955Z | |
| cve-2025-34042 | 9.4 (v4.0) | Beward N100 IP Camera Remote Command Execution |
Beward |
N100 IP Camera |
2025-06-26T15:51:13.423Z | 2025-11-17T21:28:31.145Z |
| cve-2025-55055 | 6.8 (v3.1) | CWE-78 Improper Neutralization of Special Element… |
Rumpus |
FTP Server |
2025-11-17T17:25:36.697Z | 2025-11-17T21:24:53.295Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2022-000055 | Booked vulnerable to open redirect | 2022-07-22T13:40+09:00 | 2024-06-14T17:43+09:00 |
| jvndb-2022-002265 | Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation | 2022-08-18T15:45+09:00 | 2024-06-14T17:11+09:00 |
| jvndb-2022-000056 | Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001 | 2022-07-29T13:43+09:00 | 2024-06-14T16:27+09:00 |
| jvndb-2023-001215 | Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers | 2023-02-13T14:18+09:00 | 2024-06-14T15:45+09:00 |
| jvndb-2022-002112 | CONTEC SolarView Compact vulnerable to insufficient verification in uploading files | 2022-08-03T17:40+09:00 | 2024-06-14T15:21+09:00 |
| jvndb-2022-000059 | "Hulu" App for Android uses a hard-coded API key for an external service | 2022-07-28T09:14+09:00 | 2024-06-14T14:42+09:00 |
| jvndb-2022-002338 | PLANEX MZK-DP150N contains hidden administrative functionality | 2022-08-23T15:02+09:00 | 2024-06-14T14:06+09:00 |
| jvndb-2022-000054 | Multiple vulnerabilities in Cybozu Office | 2022-07-20T17:28+09:00 | 2024-06-14T14:02+09:00 |
| jvndb-2022-000060 | "Hulu" App for iOS vulnerable to improper server certificate verification | 2022-07-28T09:51+09:00 | 2024-06-14T12:25+09:00 |
| jvndb-2022-000063 | PukiWiki vulnerable to cross-site scripting | 2022-08-23T14:40+09:00 | 2024-06-14T12:00+09:00 |
| jvndb-2022-002339 | Multiple vulnerabilities in PukiWiki | 2022-08-24T14:17+09:00 | 2024-06-14T11:55+09:00 |
| jvndb-2022-000065 | Multiple vulnerabilities in Exment | 2022-08-24T14:23+09:00 | 2024-06-14T11:09+09:00 |
| jvndb-2022-002337 | UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions | 2022-08-23T14:31+09:00 | 2024-06-14T10:24+09:00 |
| jvndb-2022-000064 | Movable Type XMLRPC API vulnerable to command injection | 2022-08-24T15:58+09:00 | 2024-06-13T18:11+09:00 |
| jvndb-2023-001291 | Multiple vulnerabilities in Trend Micro Maximum Security | 2023-03-03T11:10+09:00 | 2024-06-13T17:06+09:00 |
| jvndb-2022-000045 | FreeBSD vulnerable to denial-of-service (DoS) | 2022-06-15T12:28+09:00 | 2024-06-13T16:31+09:00 |
| jvndb-2022-000066 | Multiple vulnerabilities in CentreCOM AR260S V2 | 2022-08-29T17:37+09:00 | 2024-06-13T16:21+09:00 |
| jvndb-2023-000044 | JINS MEME CORE uses a hard-coded cryptographic key | 2023-05-08T15:13+09:00 | 2024-06-13T16:19+09:00 |
| jvndb-2023-000042 | WordPress Plugin "Newsletter" vulnerable to cross-site scripting | 2023-05-09T14:42+09:00 | 2024-06-13T16:14+09:00 |
| jvndb-2022-000068 | SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure | 2022-09-05T15:22+09:00 | 2024-06-13T16:00+09:00 |
| jvndb-2022-002448 | Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows | 2022-10-11T17:02+09:00 | 2024-06-13T14:30+09:00 |
| jvndb-2022-002544 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2022-10-20T16:18+09:00 | 2024-06-13T13:58+09:00 |
| jvndb-2022-000067 | Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries | 2022-08-29T15:57+09:00 | 2024-06-13T13:53+09:00 |
| jvndb-2022-000070 | Movable Type plugin A-Form vulnerable to cross-site scripting | 2022-09-09T15:01+09:00 | 2024-06-13T13:49+09:00 |
| jvndb-2022-000069 | PowerCMS XMLRPC API vulnerable to command injection | 2022-09-02T15:49+09:00 | 2024-06-13T11:44+09:00 |
| jvndb-2022-002367 | OpenAM (OpenAM Consortium Edition) vulnerable to open redirect | 2022-09-16T15:30+09:00 | 2024-06-13T11:39+09:00 |
| jvndb-2022-000071 | Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service | 2022-09-14T18:15+09:00 | 2024-06-13T11:34+09:00 |
| jvndb-2022-000073 | Multiple vulnerabilities in EC-CUBE | 2022-09-15T16:30+09:00 | 2024-06-13T11:09+09:00 |
| jvndb-2022-000072 | EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files | 2022-09-15T16:13+09:00 | 2024-06-13T11:03+09:00 |
| jvndb-2023-000015 | Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G | 2023-02-13T14:48+09:00 | 2024-06-12T17:03+09:00 |