Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-21T13:43:17.635Z |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-21T13:44:08.776Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-21T19:50:26.897Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-21T17:35:30.317Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-21T13:31:13.580Z |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| cve-2026-23757 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module |
GFI Software |
HelpDesk |
2026-04-20T17:27:56.067Z | 2026-04-20T18:07:01.630Z |
| cve-2026-6662 | ericc-ch copilot-api Token Endpoint server.ts cors cro… |
ericc-ch |
copilot-api |
2026-04-20T17:00:17.800Z | 2026-04-20T18:09:27.691Z | |
| cve-2026-35154 | 6.3 (v3.1) | Dell PowerProtect Data Domain appliances, version… |
Dell |
PowerProtect Data Domain appliances |
2026-04-20T16:50:56.856Z | 2026-04-22T03:56:08.697Z |
| cve-2026-26951 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:44:49.612Z | 2026-04-22T03:56:07.580Z |
| cve-2026-22761 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:39:40.268Z | 2026-04-22T03:56:06.445Z |
| cve-2026-26942 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:34:43.219Z | 2026-04-22T03:56:05.261Z |
| cve-2026-26943 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:28:53.110Z | 2026-04-22T03:56:04.147Z |
| cve-2026-28684 | python-dotenv: Symlink following in set_key allows arb… |
theskumar |
python-dotenv |
2026-04-20T16:25:12.302Z | 2026-04-20T17:43:09.477Z | |
| cve-2026-40488 | OpenMage LTS has Customer File Upload Extension Blockl… |
OpenMage |
magento-lts |
2026-04-20T16:23:07.429Z | 2026-04-20T16:55:05.724Z | |
| cve-2026-24506 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:22:37.689Z | 2026-04-22T03:56:02.944Z |
| cve-2026-40098 | OpenMage LTS imports cross-user wishlist item via shar… |
OpenMage |
magento-lts |
2026-04-20T16:19:55.157Z | 2026-04-20T18:10:44.490Z | |
| cve-2026-41445 | 8.7 (v4.0) 8.8 (v3.1) | KissFFT Integer Overflow Heap Buffer Overflow via kiss… |
mborgerding |
kissfft |
2026-04-20T16:18:50.371Z | 2026-04-20T17:57:10.156Z |
| cve-2026-24505 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:15:46.863Z | 2026-04-22T03:56:00.561Z |
| cve-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataf… |
OpenMage |
magento-lts |
2026-04-20T16:14:14.366Z | 2026-04-21T13:27:55.707Z | |
| cve-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Co… |
OpenMage |
magento-lts |
2026-04-20T16:11:16.922Z | 2026-04-20T16:54:43.603Z | |
| cve-2026-24504 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:08:35.314Z | 2026-04-22T03:55:59.007Z |
| cve-2026-25883 | Vexa Webhook Feature has a SSRF Vulnerability |
Vexa-ai |
vexa |
2026-04-20T16:04:36.584Z | 2026-04-20T16:36:21.221Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-014491 | LINE client for iOS vulnerable to improper server certificate verification | 2024-04-22T15:27+09:00 | 2024-04-22T15:27+09:00 |
| jvndb-2024-000041 | Multiple vulnerabilities in WordPress Plugin "Forminator" | 2024-04-18T13:53+09:00 | 2024-04-18T13:53+09:00 |
| jvndb-2022-017175 | Proscend Communications M330-W and M330-W5 vulnerable to OS command injection | 2024-04-16T14:30+09:00 | 2024-04-16T14:30+09:00 |
| jvndb-2024-000040 | Multiple vulnerabilities in BUFFALO wireless LAN routers | 2024-04-15T16:29+09:00 | 2024-04-15T16:29+09:00 |
| jvndb-2024-000039 | Multiple vulnerabilities in a-blog cms | 2024-04-10T13:55+09:00 | 2024-04-10T13:55+09:00 |
| jvndb-2024-000038 | Multiple vulnerabilities in WordPress Plugin "Ninja Forms" | 2024-04-08T13:44+09:00 | 2024-04-08T13:44+09:00 |
| jvndb-2024-003068 | Multiple vulnerabilities in Cente middleware | 2024-04-05T15:36+09:00 | 2024-09-24T15:00+09:00 |
| jvndb-2024-000037 | Multiple vulnerabilities in NEC Aterm series | 2024-04-05T14:53+09:00 | 2024-04-05T14:53+09:00 |
| jvndb-2024-003067 | Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN routers | 2024-04-05T14:17+09:00 | 2024-04-05T14:17+09:00 |
| jvndb-2024-003051 | FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password | 2024-04-02T18:03+09:00 | 2024-04-02T18:03+09:00 |
| jvndb-2024-003050 | KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries | 2024-04-01T14:44+09:00 | 2024-04-01T14:44+09:00 |
| jvndb-2024-003049 | Multiple vulnerabilities in KEYENCE KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12 | 2024-04-01T12:31+09:00 | 2024-09-25T13:51+09:00 |
| jvndb-2024-000036 | "Yahoo! JAPAN" App vulnerable to cross-site scripting | 2024-03-29T13:28+09:00 | 2024-03-29T13:28+09:00 |
| jvndb-2024-003047 | SEEnergy SVR-116 vulnerable to OS command injection | 2024-03-28T11:38+09:00 | 2024-03-28T11:38+09:00 |
| jvndb-2024-003026 | Security information for Hitachi Disk Array Systems | 2024-03-27T15:52+09:00 | 2024-03-27T15:52+09:00 |
| jvndb-2024-000035 | Multiple vulnerabilities in WordPress Plugin "Survey Maker" | 2024-03-27T14:48+09:00 | 2024-03-27T14:48+09:00 |
| jvndb-2024-000034 | SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries | 2024-03-27T14:31+09:00 | 2024-03-27T14:31+09:00 |
| jvndb-2024-003025 | Multiple vulnerabilities in ELECOM wireless LAN routers | 2024-03-27T14:26+09:00 | 2024-11-27T14:34+09:00 |
| jvndb-2024-000905 | Mini Thread vulnerable to cross-site scripting | 2024-03-26T17:43+09:00 | 2024-03-26T17:43+09:00 |
| jvndb-2024-000906 | ffBull vulnerable to OS command injection | 2024-03-26T16:07+09:00 | 2024-03-26T16:07+09:00 |
| jvndb-2024-000900 | "EasyRange" may insecurely load executable files | 2024-03-26T15:50+09:00 | 2024-03-26T15:50+09:00 |
| jvndb-2024-000907 | 0ch BBS Script (0ch) vulnerable to cross-site scripting | 2024-03-26T15:35+09:00 | 2024-03-26T15:35+09:00 |
| jvndb-2024-000902 | TvRock vulnerable to cross-site scripting | 2024-03-26T14:27+09:00 | 2024-03-26T14:27+09:00 |
| jvndb-2024-000904 | WebProxy vulnerable to OS command injection | 2024-03-26T14:19+09:00 | 2024-03-26T14:19+09:00 |
| jvndb-2023-025113 | BUFFALO LinkStation 200 series vulnerable to arbitrary code execution | 2024-03-25T18:16+09:00 | 2024-03-25T18:16+09:00 |
| jvndb-2024-003016 | Multiple vulnerabilities in home gateway HGW BL1500HM | 2024-03-25T17:28+09:00 | 2025-03-28T12:01+09:00 |
| jvndb-2024-000033 | WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery | 2024-03-25T13:31+09:00 | 2024-03-25T13:31+09:00 |
| jvndb-2024-003008 | Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL | 2024-03-22T13:50+09:00 | 2024-04-24T11:45+09:00 |
| jvndb-2024-000032 | Multiple vulnerabilities in FitNesse | 2024-03-18T14:08+09:00 | 2024-03-19T11:02+09:00 |
| jvndb-2024-000031 | "ABEMA" App for Android fails to restrict access permissions | 2024-03-15T16:37+09:00 | 2024-03-15T16:37+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0046 | Multiples vulnérabilités dans les produits Microsoft | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0045 | Multiples vulnérabilités dans Microsoft Azure | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0044 | Multiples vulnérabilités dans Microsoft Windows | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0043 | Multiples vulnérabilités dans Microsoft Office | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0042 | Multiples vulnérabilités dans les produits HPE Aruba Networking | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0041 | Multiples vulnérabilités dans les produits Elastic | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0040 | Multiples vulnérabilités dans Google Chrome | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0039 | Multiples vulnérabilités dans Node.js | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0038 | Multiples vulnérabilités dans les produits Mozilla | 2026-01-14T00:00:00.000000 | 2026-01-15T00:00:00.000000 |
| certfr-2026-avi-0037 | Multiples vulnérabilités dans Typo3 | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0036 | Multiples vulnérabilités dans Suricata | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0035 | Multiples vulnérabilités dans les produits Fortinet | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0034 | Multiples vulnérabilités dans les produits SAP | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0033 | Multiples vulnérabilités dans les produits Schneider Electric | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0032 | Multiples vulnérabilités dans les produits Siemens | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0031 | Vulnérabilité dans le greffon VSCode pour Spring CLI | 2026-01-14T00:00:00.000000 | 2026-01-14T00:00:00.000000 |
| certfr-2026-avi-0030 | Vulnérabilité dans MISP | 2026-01-13T00:00:00.000000 | 2026-01-13T00:00:00.000000 |
| certfr-2026-avi-0029 | Multiples vulnérabilités dans VMware Tanzu Gemfire | 2026-01-13T00:00:00.000000 | 2026-01-13T00:00:00.000000 |
| certfr-2026-avi-0028 | Multiples vulnérabilités dans MariaDB | 2026-01-13T00:00:00.000000 | 2026-01-13T00:00:00.000000 |
| certfr-2026-avi-0027 | Vulnérabilité dans NetApp ONTAP | 2026-01-13T00:00:00.000000 | 2026-01-13T00:00:00.000000 |
| certfr-2026-avi-0026 | Vulnérabilité dans Google Pixel | 2026-01-13T00:00:00.000000 | 2026-01-13T00:00:00.000000 |
| certfr-2026-avi-0025 | Vulnérabilité dans Microsoft Edge | 2026-01-12T00:00:00.000000 | 2026-01-12T00:00:00.000000 |
| certfr-2026-avi-0024 | Multiples vulnérabilités dans VMware Tanzu Greenplum Backup and Restore | 2026-01-12T00:00:00.000000 | 2026-01-12T00:00:00.000000 |
| certfr-2026-avi-0023 | Multiples vulnérabilités dans les produits Axis | 2026-01-12T00:00:00.000000 | 2026-01-12T00:00:00.000000 |
| certfr-2026-avi-0022 | Multiples vulnérabilités dans les produits Microsoft | 2026-01-09T00:00:00.000000 | 2026-01-09T00:00:00.000000 |
| certfr-2026-avi-0021 | Vulnérabilité dans Microsoft Edge | 2026-01-09T00:00:00.000000 | 2026-01-09T00:00:00.000000 |
| certfr-2026-avi-0020 | Multiples vulnérabilités dans les produits IBM | 2026-01-09T00:00:00.000000 | 2026-01-09T00:00:00.000000 |
| certfr-2026-avi-0019 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-01-09T00:00:00.000000 | 2026-01-09T00:00:00.000000 |
| certfr-2026-avi-0018 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-01-09T00:00:00.000000 | 2026-01-09T00:00:00.000000 |
| certfr-2026-avi-0017 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-01-09T00:00:00.000000 | 2026-01-09T00:00:00.000000 |