Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-39844 | NiceGUI has a Path Traversal in NiceGUI Upload Filenam… |
zauberzeug |
nicegui |
2026-04-08T20:13:31.935Z | 2026-04-09T16:17:11.748Z | |
| cve-2026-39416 | Stored XSS in modal item preview for long item content… |
ail-project |
ail-framework |
2026-04-08T20:11:03.757Z | 2026-04-09T20:22:54.635Z | |
| cve-2026-39415 | Frappe Learning Management System has Client-Side Mani… |
frappe |
lms |
2026-04-08T20:07:45.729Z | 2026-04-09T13:52:12.103Z | |
| cve-2026-39414 | MinIO affected a DoS via Unbounded Memory Allocation i… |
minio |
minio |
2026-04-08T20:05:11.377Z | 2026-04-09T16:17:17.322Z | |
| cve-2026-39880 | Remnawave Backend has a race condition in HWID device … |
remnawave |
backend |
2026-04-08T20:01:21.673Z | 2026-04-10T20:48:07.233Z | |
| cve-2026-5802 | idachev mcp-javadc HTTP os command injection |
idachev |
mcp-javadc |
2026-04-08T20:00:24.876Z | 2026-04-10T20:47:03.503Z | |
| cve-2026-39864 | Kamailio Auth: Processing Vulnerability For Additional… |
kamailio |
kamailio |
2026-04-08T19:58:08.565Z | 2026-04-08T20:19:53.226Z | |
| cve-2026-39863 | Kamailio Core: TCP Data Processing Vulnerability |
kamailio |
kamailio |
2026-04-08T19:55:56.632Z | 2026-04-09T13:52:38.030Z | |
| cve-2026-39862 | Tophat has a Command Injection Vulnerability When Acce… |
Shopify |
tophat |
2026-04-08T19:50:05.156Z | 2026-04-09T16:17:23.139Z | |
| cve-2026-39859 | LiquidJS has a renderFile() / parseFile() bypass confi… |
harttle |
liquidjs |
2026-04-08T19:45:21.747Z | 2026-04-10T20:45:55.071Z | |
| cve-2026-39413 | LightRAG has a JWT Algorithm Confusion Vulnerability i… |
HKUDS |
LightRAG |
2026-04-08T19:41:23.909Z | 2026-04-22T15:28:31.845Z | |
| cve-2026-39412 | LiquidJS has an ownPropertyOnly bypass via sort_natura… |
harttle |
liquidjs |
2026-04-08T19:39:17.780Z | 2026-04-09T13:53:27.859Z | |
| cve-2026-39411 | LobeHub has an unauthenticated authentication bypass o… |
lobehub |
lobehub |
2026-04-08T19:37:43.814Z | 2026-04-08T20:15:22.363Z | |
| cve-2026-39362 | InvenTree has SSRF via Remote Image Download — No IP/H… |
inventree |
InvenTree |
2026-04-08T19:32:46.744Z | 2026-04-10T20:44:13.278Z | |
| cve-2026-35525 | LiquidJS has a root restriction bypass for partial and… |
harttle |
liquidjs |
2026-04-08T19:30:24.802Z | 2026-04-08T19:53:00.573Z | |
| cve-2026-35479 | InvenTree Plugin Installation - Insufficient Permissions |
inventree |
InvenTree |
2026-04-08T19:27:57.320Z | 2026-04-09T14:16:36.423Z | |
| cve-2026-35476 | InvenTree Affected by Privilege Escalation via API |
inventree |
InvenTree |
2026-04-08T19:26:12.692Z | 2026-04-08T19:53:28.982Z | |
| cve-2026-35478 | InvenTree has Arbitrary API Token Creation |
inventree |
InvenTree |
2026-04-08T19:24:05.044Z | 2026-04-08T20:12:15.181Z | |
| cve-2026-35477 | InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-20… |
inventree |
InvenTree |
2026-04-08T19:20:58.967Z | 2026-04-10T20:43:12.243Z | |
| cve-2026-23869 | 7.5 (v3.1) | A denial of service vulnerability exists in React… |
Meta |
react-server-dom-turbopack |
2026-04-08T19:11:08.418Z | 2026-04-08T19:56:22.791Z |
| cve-2026-35455 | immich has Stored XSS via OCR Text in 360° Panorama Viewer |
immich-app |
immich |
2026-04-08T18:31:27.418Z | 2026-04-13T15:36:26.045Z | |
| cve-2026-35446 | LORIS has a path traversal in FilesDownloadHandler |
aces |
Loris |
2026-04-08T18:28:30.405Z | 2026-04-08T20:13:54.835Z | |
| cve-2026-35403 | LORIS has potential cross-site scripting in survey_acc… |
aces |
Loris |
2026-04-08T18:27:17.221Z | 2026-04-10T20:42:38.101Z | |
| cve-2026-35400 | LORIS incorrectly trusts user input in publication module |
aces |
Loris |
2026-04-08T18:26:09.890Z | 2026-04-08T19:52:33.071Z | |
| cve-2026-35169 | LORIS has potential cross-site scripting in help_edito… |
aces |
Loris |
2026-04-08T18:24:27.757Z | 2026-04-09T14:21:17.788Z | |
| cve-2026-35165 | LORIS has incorrect access checks in document_repository |
aces |
Loris |
2026-04-08T18:23:34.101Z | 2026-04-08T20:13:29.831Z | |
| cve-2026-34985 | LORIS has incorrect access checks in media module |
aces |
Loris |
2026-04-08T18:22:09.927Z | 2026-04-10T20:41:48.430Z | |
| cve-2026-20709 | 6.6 (v3.1) 5.8 (v4.0) | Use of Default Cryptographic Key in the hardware … |
n/a |
Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts. |
2026-04-08T18:20:48.374Z | 2026-04-08T19:50:31.560Z |
| cve-2026-34837 | Zammad is miissing authorization in AI assistance cont… |
zammad |
zammad |
2026-04-08T18:20:00.977Z | 2026-04-08T19:52:03.644Z | |
| cve-2026-34782 | Zammad has improper access control in AI assistance co… |
zammad |
zammad |
2026-04-08T18:18:32.044Z | 2026-04-09T14:22:06.575Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2022-avi-669 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2022-07-22T00:00:00.000000 | 2022-07-22T00:00:00.000000 |
| certfr-2022-avi-668 | Vulnérabilité dans les produits WithSecure | 2022-07-21T00:00:00.000000 | 2022-07-21T00:00:00.000000 |
| certfr-2022-avi-667 | Multiples vulnérabilités dans Drupal | 2022-07-21T00:00:00.000000 | 2022-07-21T00:00:00.000000 |
| certfr-2022-avi-666 | Multiples vulnérabilités dans Cisco Nexus Dashboard | 2022-07-21T00:00:00.000000 | 2022-07-21T00:00:00.000000 |
| certfr-2022-avi-665 | Multiples vulnérabilités dans les produits Apple | 2022-07-21T00:00:00.000000 | 2022-07-21T00:00:00.000000 |
| certfr-2022-avi-664 | Multiples vulnérabilités dans Google ChromeOS | 2022-07-21T00:00:00.000000 | 2022-07-21T00:00:00.000000 |
| certfr-2022-avi-663 | Multiples vulnérabilités dans IBM QRadar | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-662 | Multiples vulnérabilités dans Google Chrome | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-661 | Multiples vulnérabilités dans Oracle Virtualization | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-660 | Multiples vulnérabilités dans Oracle Systems | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-659 | Multiples vulnérabilités dans Oracle WebLogic | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-658 | Multiples vulnérabilités dans Oracle PeopleSoft | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-657 | Multiples vulnérabilités dans Oracle E-Business Suite | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-656 | Multiples vulnérabilités dans Oracle Java SE | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-655 | Multiples vulnérabilités dans Oracle MySQL | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-654 | Multiples vulnérabilités dans Oracle Database Server | 2022-07-20T00:00:00.000000 | 2022-07-20T00:00:00.000000 |
| certfr-2022-avi-653 | Multiples vulnérabilités dans Moodle | 2022-07-18T00:00:00.000000 | 2022-07-18T00:00:00.000000 |
| certfr-2022-avi-652 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-07-18T00:00:00.000000 | 2022-07-18T00:00:00.000000 |
| certfr-2022-avi-651 | Vulnérabilité dans SonicWall Switch | 2022-07-18T00:00:00.000000 | 2022-07-18T00:00:00.000000 |
| certfr-2022-avi-650 | Multiples vulnérabilités dans les produits Juniper | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-649 | Multiples vulnérabilités dans Grafana | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-648 | Multiples vulnérabilités dans les produits SonicWall | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-647 | Vulnérabilité dans IBM Tivoli Netcool/OMNIbus | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-646 | Multiples vulnérabilités dans les produits Schneider Electric | 2022-07-15T00:00:00.000000 | 2022-08-19T00:00:00.000000 |
| certfr-2022-avi-645 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-644 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-643 | Vulnérabilité dans le noyau Linux de Red Hat | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-642 | Vulnérabilité dans les produits F-Secure | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-641 | Multiples vulnérabilités dans Xen | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |
| certfr-2022-avi-640 | Multiples vulnérabilités dans les produits Citrix | 2022-07-15T00:00:00.000000 | 2022-07-15T00:00:00.000000 |