Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40045 | 5.9 (v4.0) 5.7 (v3.1) | OpenClaw < 2026.4.2 - Cleartext Credential Transmissio… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:07.952Z | 2026-04-21T13:37:43.951Z |
| cve-2026-34082 | Dify has IDOR in deleting someone else's chat conversation |
langgenius |
dify |
2026-04-20T23:03:18.158Z | 2026-04-21T13:36:45.614Z | |
| cve-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & … |
wpdatatables |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
2026-04-20T22:25:26.695Z | 2026-04-21T19:49:47.411Z | |
| cve-2026-6729 | 5.3 (v4.0) 6.3 (v3.1) | HKUDS OpenHarness Session Key Collision Privilege Escalation |
HKUDS |
OpenHarness |
2026-04-20T22:01:38.766Z | 2026-04-21T17:39:32.967Z |
| cve-2026-0930 | 2.3 (v4.0) | Potential wolfSSHd Buffer out-of-bounds Read on Window… |
wolfSSL |
wolfSSH |
2026-04-20T21:28:33.227Z | 2026-04-21T13:37:15.647Z |
| cve-2026-22051 | 2.3 (v4.0) | StorageGRID (formerly StorageGRID Webscale) versi… |
NETAPP |
StorageGRID (formerly StorageGRID Webscale) |
2026-04-20T21:27:36.822Z | 2026-04-21T13:40:46.948Z |
| cve-2026-5450 | N/A | scanf %mc off-by-one heap buffer overflow |
The GNU C Library |
glibc |
2026-04-20T20:55:41.170Z | 2026-04-21T19:49:53.221Z |
| cve-2026-5928 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:31.743Z | 2026-04-21T19:49:59.071Z |
| cve-2026-5358 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:23.178Z | 2026-04-21T19:50:06.251Z |
| cve-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SS… |
InternLM |
lmdeploy |
2026-04-20T20:29:19.558Z | 2026-04-21T19:50:13.326Z | |
| cve-2026-4852 | Image Source Control Lite – Show Image Credits and Cap… |
webzunft |
Image Source Control Lite – Show Image Credits and Captions |
2026-04-20T20:26:53.256Z | 2026-04-21T13:53:14.507Z | |
| cve-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Lea… |
roxy-wi |
roxy-wi |
2026-04-20T20:26:52.217Z | 2026-04-21T17:38:09.523Z | |
| cve-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Rea… |
roxy-wi |
roxy-wi |
2026-04-20T20:24:15.319Z | 2026-04-21T13:42:19.802Z | |
| cve-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking … |
0xJacky |
nginx-ui |
2026-04-20T20:16:47.597Z | 2026-04-21T13:36:46.510Z | |
| cve-2026-33031 | Nginx-UI: Disabled users retain full API access throug… |
0xJacky |
nginx-ui |
2026-04-20T20:12:07.905Z | 2026-04-21T13:35:20.144Z | |
| cve-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due… |
spinnaker |
spinnaker |
2026-04-20T20:07:24.697Z | 2026-04-22T03:56:18.686Z | |
| cve-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifac… |
spinnaker |
spinnaker |
2026-04-20T20:00:57.517Z | 2026-04-22T03:56:17.486Z | |
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-21T13:43:17.635Z |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-21T13:44:08.776Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-21T19:50:26.897Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-21T17:35:30.317Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-21T13:31:13.580Z |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-003254 | Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection | 2024-06-03T14:53+09:00 | 2024-06-03T14:53+09:00 |
| jvndb-2024-003253 | Multiple vulnerabilities in Sharp and Toshiba Tec MFPs | 2024-06-03T14:36+09:00 | 2024-06-03T14:36+09:00 |
| jvndb-2024-000056 | awkblog vulnerable to OS command injection | 2024-05-30T14:39+09:00 | 2024-05-30T14:39+09:00 |
| jvndb-2024-000055 | Redmine DMSF Plugin vulnerable to path traversal | 2024-05-29T14:13+09:00 | 2024-05-29T14:13+09:00 |
| jvndb-2024-000054 | EC-Orange vulnerable to authorization bypass | 2024-05-29T14:06+09:00 | 2024-05-29T14:06+09:00 |
| jvndb-2024-003249 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-05-29T12:33+09:00 | 2024-05-29T12:33+09:00 |
| jvndb-2024-000053 | Multiple vulnerabilities in Unifier and Unifier Cast | 2024-05-28T14:47+09:00 | 2024-05-28T14:47+09:00 |
| jvndb-2024-000052 | Multiple vulnerabilities in UTAU | 2024-05-28T14:23+09:00 | 2024-05-28T14:23+09:00 |
| jvndb-2024-003242 | OMRON NJ/NX series vulnerable to insufficient verification of data authenticity | 2024-05-28T12:28+09:00 | 2024-07-26T16:27+09:00 |
| jvndb-2024-000051 | Splunk Config Explorer vulnerable to cross-site scripting | 2024-05-24T13:50+09:00 | 2024-05-24T13:50+09:00 |
| jvndb-2024-000050 | WordPress Plugin "WP Booking" vulnerable to cross-site scripting | 2024-05-24T13:41+09:00 | 2024-05-24T13:41+09:00 |
| jvndb-2024-000046 | Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification | 2024-05-21T13:33+09:00 | 2024-05-21T13:33+09:00 |
| jvndb-2024-003188 | Panasonic KW Watcher vulnerable to memory buffer error | 2024-05-17T15:46+09:00 | 2024-05-17T15:46+09:00 |
| jvndb-2023-021762 | Ruijie BCR810W/BCR860 vulnerable to OS command injection | 2024-05-17T13:54+09:00 | 2024-05-17T13:54+09:00 |
| jvndb-2024-000049 | WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal | 2024-05-17T13:33+09:00 | 2024-05-17T13:33+09:00 |
| jvndb-2024-003187 | Multiple vulnerabilities in Field Logic DataCube | 2024-05-17T12:05+09:00 | 2024-05-17T12:05+09:00 |
| jvndb-2024-002342 | Central Dogma vulnerable to cross-site scripting | 2024-05-13T17:27+09:00 | 2024-05-13T17:27+09:00 |
| jvndb-2024-000047 | Multiple vulnerabilities in Cybozu Garoon | 2024-05-13T15:19+09:00 | 2024-05-13T15:19+09:00 |
| jvndb-2024-000045 | "OfferBox" App uses a hard-coded secret key | 2024-05-10T15:11+09:00 | 2024-05-10T15:11+09:00 |
| jvndb-2024-003181 | Hidden Functionality vulnerability in DT900 | 2024-05-10T13:59+09:00 | 2024-05-10T13:59+09:00 |
| jvndb-2024-000048 | Phormer vulnerable to cross-site scripting | 2024-05-10T13:48+09:00 | 2024-05-10T13:48+09:00 |
| jvndb-2024-000043 | Multiple vulnerabilities in MosP kintai kanri | 2024-05-09T14:10+09:00 | 2024-05-09T14:10+09:00 |
| jvndb-2024-000044 | WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting | 2024-05-08T13:43+09:00 | 2024-05-08T13:43+09:00 |
| jvndb-2024-003178 | Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849) | 2024-05-08T10:19+09:00 | 2024-05-08T10:19+09:00 |
| jvndb-2024-003119 | NETGEAR routers vulnerable to buffer overflow | 2024-04-25T11:21+09:00 | 2024-04-25T11:21+09:00 |
| jvndb-2024-000042 | Multiple vulnerabilities in RoamWiFi R10 | 2024-04-24T13:44+09:00 | 2024-04-24T13:44+09:00 |
| jvndb-2024-003116 | Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer | 2024-04-24T10:13+09:00 | 2024-04-24T10:13+09:00 |
| jvndb-2024-000901 | TvRock vulnerable to cross-site request forgery | 2024-04-23T18:22+09:00 | 2024-04-23T18:22+09:00 |
| jvndb-2024-000903 | TvRock vulnerable to denial-of-service (DoS) | 2024-04-23T18:21+09:00 | 2024-04-23T18:21+09:00 |
| jvndb-2024-003108 | Armeria-saml improperly handles SAML messages | 2024-04-22T17:28+09:00 | 2024-04-22T17:28+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0076 | Vulnérabilité dans les produits Cisco | 2026-01-22T00:00:00.000000 | 2026-01-22T00:00:00.000000 |
| certfr-2026-avi-0075 | Multiples vulnérabilités dans GitLab | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0074 | Multiples vulnérabilités dans Oracle Weblogic | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0073 | Multiples vulnérabilités dans Oracle Virtualization | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0072 | Multiples vulnérabilités dans Oracle Systems | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0071 | Multiples vulnérabilités dans Oracle PeopleSoft | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0070 | Multiples vulnérabilités dans Oracle MySQL | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0069 | Multiples vulnérabilités dans Oracle Java SE | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0068 | Multiples vulnérabilités dans Oracle Database Server | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0067 | Multiples vulnérabilités dans Python | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0066 | Vulnérabilité dans Google Chrome | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0065 | Multiples vulnérabilités dans les produits Atlassian | 2026-01-21T00:00:00.000000 | 2026-01-21T00:00:00.000000 |
| certfr-2026-avi-0064 | Vulnérabilité Microsoft Power Apps | 2026-01-19T00:00:00.000000 | 2026-01-19T00:00:00.000000 |
| certfr-2026-avi-0063 | Multiples vulnérabilités dans Microsoft Edge | 2026-01-19T00:00:00.000000 | 2026-01-19T00:00:00.000000 |
| certfr-2026-avi-0062 | Vulnérabilité dans Mattermost Desktop App | 2026-01-19T00:00:00.000000 | 2026-01-19T00:00:00.000000 |
| certfr-2026-avi-0061 | Multiples vulnérabilités dans les produits IBM | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0060 | Vulnérabilité dans Apache Struts | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0059 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0058 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0057 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0056 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0055 | Multiples vulnérabilités dans GLPI | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0054 | Multiples vulnérabilités dans Centreon Infra Monitoring | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0053 | Vulnérabilité dans Traefik | 2026-01-16T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2026-avi-0052 | Multiples vulnérabilités dans Mattermost Server | 2026-01-16T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0051 | Multiples vulnérabilités dans les produits Mozilla | 2026-01-15T00:00:00.000000 | 2026-01-15T00:00:00.000000 |
| certfr-2026-avi-0050 | Multiples vulnérabilités dans les produits Juniper Networks | 2026-01-15T00:00:00.000000 | 2026-01-15T00:00:00.000000 |
| certfr-2026-avi-0049 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2026-01-15T00:00:00.000000 | 2026-01-15T00:00:00.000000 |
| certfr-2026-avi-0048 | Multiples vulnérabilités dans Wireshark | 2026-01-15T00:00:00.000000 | 2026-01-15T00:00:00.000000 |
| certfr-2026-avi-0047 | Vulnérabilité dans F5 NGINX Ingress Controller | 2026-01-15T00:00:00.000000 | 2026-01-15T00:00:00.000000 |