Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-35525 | LiquidJS has a root restriction bypass for partial and… |
harttle |
liquidjs |
2026-04-08T19:30:24.802Z | 2026-04-08T19:53:00.573Z | |
| cve-2026-35479 | InvenTree Plugin Installation - Insufficient Permissions |
inventree |
InvenTree |
2026-04-08T19:27:57.320Z | 2026-04-09T14:16:36.423Z | |
| cve-2026-35476 | InvenTree Affected by Privilege Escalation via API |
inventree |
InvenTree |
2026-04-08T19:26:12.692Z | 2026-04-08T19:53:28.982Z | |
| cve-2026-35478 | InvenTree has Arbitrary API Token Creation |
inventree |
InvenTree |
2026-04-08T19:24:05.044Z | 2026-04-08T20:12:15.181Z | |
| cve-2026-35477 | InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-20… |
inventree |
InvenTree |
2026-04-08T19:20:58.967Z | 2026-04-10T20:43:12.243Z | |
| cve-2026-23869 | 7.5 (v3.1) | A denial of service vulnerability exists in React… |
Meta |
react-server-dom-turbopack |
2026-04-08T19:11:08.418Z | 2026-04-08T19:56:22.791Z |
| cve-2026-35455 | immich has Stored XSS via OCR Text in 360° Panorama Viewer |
immich-app |
immich |
2026-04-08T18:31:27.418Z | 2026-04-13T15:36:26.045Z | |
| cve-2026-35446 | LORIS has a path traversal in FilesDownloadHandler |
aces |
Loris |
2026-04-08T18:28:30.405Z | 2026-04-08T20:13:54.835Z | |
| cve-2026-35403 | LORIS has potential cross-site scripting in survey_acc… |
aces |
Loris |
2026-04-08T18:27:17.221Z | 2026-04-10T20:42:38.101Z | |
| cve-2026-35400 | LORIS incorrectly trusts user input in publication module |
aces |
Loris |
2026-04-08T18:26:09.890Z | 2026-04-08T19:52:33.071Z | |
| cve-2026-35169 | LORIS has potential cross-site scripting in help_edito… |
aces |
Loris |
2026-04-08T18:24:27.757Z | 2026-04-09T14:21:17.788Z | |
| cve-2026-35165 | LORIS has incorrect access checks in document_repository |
aces |
Loris |
2026-04-08T18:23:34.101Z | 2026-04-08T20:13:29.831Z | |
| cve-2026-34985 | LORIS has incorrect access checks in media module |
aces |
Loris |
2026-04-08T18:22:09.927Z | 2026-04-10T20:41:48.430Z | |
| cve-2026-20709 | 6.6 (v3.1) 5.8 (v4.0) | Use of Default Cryptographic Key in the hardware … |
n/a |
Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts. |
2026-04-08T18:20:48.374Z | 2026-04-08T19:50:31.560Z |
| cve-2026-34837 | Zammad is miissing authorization in AI assistance cont… |
zammad |
zammad |
2026-04-08T18:20:00.977Z | 2026-04-08T19:52:03.644Z | |
| cve-2026-34782 | Zammad has improper access control in AI assistance co… |
zammad |
zammad |
2026-04-08T18:18:32.044Z | 2026-04-09T14:22:06.575Z | |
| cve-2026-34724 | Zammad has a server-side template injection leading to… |
zammad |
zammad |
2026-04-08T18:17:30.178Z | 2026-04-09T16:17:29.350Z | |
| cve-2026-34723 | Zammad has incorrect access control in getting_started… |
zammad |
zammad |
2026-04-08T18:14:08.582Z | 2026-04-10T20:40:49.909Z | |
| cve-2026-34722 | Zammad is missing authorization in ticket create endpoint |
zammad |
zammad |
2026-04-08T18:13:20.927Z | 2026-04-08T19:51:42.966Z | |
| cve-2026-34721 | Zammad has Cross-site request forgery (CSRF) in OAuth … |
zammad |
zammad |
2026-04-08T18:12:32.504Z | 2026-04-09T14:22:33.535Z | |
| cve-2026-34720 | Zammad has an origin validation error in SSO mechanism |
zammad |
zammad |
2026-04-08T18:11:23.538Z | 2026-04-09T16:17:34.878Z | |
| cve-2026-34719 | Zammad has a Server-side request forgery (SSRF) via webhooks |
zammad |
zammad |
2026-04-08T18:02:16.224Z | 2026-04-10T20:38:50.653Z | |
| cve-2026-34718 | Zammad improperly neutralizes of script-related HTML t… |
zammad |
zammad |
2026-04-08T18:01:20.870Z | 2026-04-08T19:51:19.873Z | |
| cve-2026-34248 | Zammad has an information disclosure in ticket detail … |
zammad |
zammad |
2026-04-08T18:00:09.868Z | 2026-04-09T16:17:40.442Z | |
| cve-2026-34392 | LORIS has a path traversal in static router |
aces |
Loris |
2026-04-08T17:57:35.927Z | 2026-04-09T14:23:46.526Z | |
| cve-2026-30818 | 8.5 (v4.0) | OS Command Injection Vulnerability in dnsmasq Module i… |
TP-Link Systems Inc. |
AX53 v1.0 |
2026-04-08T17:54:44.175Z | 2026-04-09T03:56:18.130Z |
| cve-2026-30817 | 6.8 (v4.0) | Arbitrary File Reading Vulnerability in dnsmasq Module… |
TP-Link Systems Inc. |
AX53 v1.0 |
2026-04-08T17:53:58.495Z | 2026-04-08T19:21:49.676Z |
| cve-2026-30816 | 6.8 (v4.0) | Arbitrary File Reading Vulnerability in OpenVPN Module… |
TP-Link Systems Inc. |
AX53 v1.0 |
2026-04-08T17:53:20.560Z | 2026-04-08T19:21:56.624Z |
| cve-2026-30815 | 8.5 (v4.0) | OS Command Injection Vulnerability in OpenVPN Module i… |
TP-Link Systems Inc. |
AX53 v1.0 |
2026-04-08T17:52:29.336Z | 2026-04-09T03:56:16.458Z |
| cve-2026-34166 | LiquidJS has a Memory Limit Bypass via Quadratic Ampli… |
harttle |
liquidjs |
2026-04-08T17:52:05.849Z | 2026-04-10T20:37:03.164Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2022-avi-880 | Multiples vulnérabilités dans Microsoft Edge | 2022-10-04T00:00:00.000000 | 2022-10-04T00:00:00.000000 |
| certfr-2022-avi-879 | Vulnérabilité dans strongSwan | 2022-10-04T00:00:00.000000 | 2022-10-04T00:00:00.000000 |
| certfr-2022-avi-878 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2022-10-04T00:00:00.000000 | 2022-10-04T00:00:00.000000 |
| certfr-2022-avi-877 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-10-04T00:00:00.000000 | 2022-10-04T00:00:00.000000 |
| certfr-2022-avi-876 | Multiples vulnérabilités dans Microsoft Exchange Server | 2022-10-03T00:00:00.000000 | 2022-10-03T00:00:00.000000 |
| certfr-2022-avi-875 | Multiples vulnérabilités dans le noyau Linux de Debian | 2022-10-03T00:00:00.000000 | 2022-10-03T00:00:00.000000 |
| certfr-2022-avi-874 | Multiples vulnérabilités dans Google Chrome | 2022-10-03T00:00:00.000000 | 2022-10-04T00:00:00.000000 |
| certfr-2022-avi-873 | Multiples vulnérabilités dans les produits GitLab | 2022-09-30T00:00:00.000000 | 2022-09-30T00:00:00.000000 |
| certfr-2022-avi-872 | Multiples vulnérabilités dans PHP | 2022-09-30T00:00:00.000000 | 2022-09-30T00:00:00.000000 |
| certfr-2022-avi-871 | Multiples vulnérabilités dans les produits IBM | 2022-09-30T00:00:00.000000 | 2022-09-30T00:00:00.000000 |
| certfr-2022-avi-870 | Vulnérabilité dans le noyau Linux de Red Hat | 2022-09-30T00:00:00.000000 | 2022-09-30T00:00:00.000000 |
| certfr-2022-avi-869 | Multiples vulnérabilités dans Thunderbird | 2022-09-30T00:00:00.000000 | 2022-09-30T00:00:00.000000 |
| certfr-2022-avi-868 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-09-30T00:00:00.000000 | 2022-09-30T00:00:00.000000 |
| certfr-2022-avi-867 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2022-09-30T00:00:00.000000 | 2022-09-30T00:00:00.000000 |
| certfr-2022-avi-866 | Vulnérabilité dans Drupal core | 2022-09-29T00:00:00.000000 | 2022-09-29T00:00:00.000000 |
| certfr-2022-avi-865 | Vulnérabilité dans Elastic Cloud Enterprise | 2022-09-29T00:00:00.000000 | 2022-09-29T00:00:00.000000 |
| certfr-2022-avi-864 | Multiples vulnérabilités dans les produits SolarWinds | 2022-09-29T00:00:00.000000 | 2022-09-29T00:00:00.000000 |
| certfr-2022-avi-863 | Multiples vulnérabilités dans les produits Cisco | 2022-09-29T00:00:00.000000 | 2022-09-29T00:00:00.000000 |
| certfr-2022-avi-862 | Multiples vulnérabilités dans Aruba Access Points | 2022-09-28T00:00:00.000000 | 2022-09-28T00:00:00.000000 |
| certfr-2022-avi-861 | Vulnérabilité dans Moodle | 2022-09-28T00:00:00.000000 | 2022-09-28T00:00:00.000000 |
| certfr-2022-avi-860 | Vulnérabilité dans Pulse Connect Secure | 2022-09-28T00:00:00.000000 | 2022-09-28T00:00:00.000000 |
| certfr-2022-avi-859 | Multiples vulnérabilités dans Google Chrome | 2022-09-28T00:00:00.000000 | 2022-09-28T00:00:00.000000 |
| certfr-2022-avi-858 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2022-09-28T00:00:00.000000 | 2022-09-28T00:00:00.000000 |
| certfr-2022-avi-857 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-09-28T00:00:00.000000 | 2022-09-28T00:00:00.000000 |
| certfr-2022-avi-855 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-09-26T00:00:00.000000 | 2022-09-26T00:00:00.000000 |
| certfr-2022-avi-854 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2022-09-26T00:00:00.000000 | 2022-09-26T00:00:00.000000 |
| certfr-2022-avi-853 | Vulnérabilité dans Sophos Firewall | 2022-09-26T00:00:00.000000 | 2023-12-13T00:00:00.000000 |
| certfr-2022-avi-852 | Multiples vulnérabilités dans TrendMicro Deep Security Agent | 2022-09-23T00:00:00.000000 | 2022-09-23T00:00:00.000000 |
| certfr-2022-avi-851 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2022-09-23T00:00:00.000000 | 2022-09-23T00:00:00.000000 |
| certfr-2022-avi-850 | Multiples vulnérabilités dans les produits IBM | 2022-09-22T00:00:00.000000 | 2022-09-22T00:00:00.000000 |