Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-39839 | 6.3 (v4.0) | Stored XSS through URLs in Cargo's map format |
Wikimedia Foundation |
Mediawiki - Cargo Extension |
2026-04-07T19:29:11.025Z | 2026-04-07T20:42:43.130Z |
| cve-2026-39371 | RedwoodSDK has a CSRF vulnerability in server function… |
redwoodjs |
sdk |
2026-04-07T19:28:30.941Z | 2026-04-08T17:46:55.661Z | |
| cve-2026-39370 | WWBN AVideo has an Allowlisted downloadURL media exte… |
WWBN |
AVideo |
2026-04-07T19:26:27.478Z | 2026-04-08T19:22:58.480Z | |
| cve-2026-39369 | WWBN AVideo's GIF poster fetch bypasses traversal scru… |
WWBN |
AVideo |
2026-04-07T19:24:33.421Z | 2026-04-21T22:55:50.454Z | |
| cve-2026-39368 | WWBN AVideo has a Live restream log callback flow enab… |
WWBN |
AVideo |
2026-04-07T19:23:29.790Z | 2026-04-07T20:02:21.185Z | |
| cve-2026-39367 | WWBN AVideo has Stored XSS via Malicious EPG XML Progr… |
WWBN |
AVideo |
2026-04-07T19:22:07.732Z | 2026-04-08T17:47:40.548Z | |
| cve-2026-39366 | WWBN AVideo Affected by a PayPal IPN Replay Attack Ena… |
WWBN |
AVideo |
2026-04-07T19:21:12.156Z | 2026-04-08T19:23:04.265Z | |
| cve-2026-39838 | 6.9 (v4.0) | ProofreadPage improperly sanitizes multiline styles us… |
Wikimedia Foundation |
MediaWiki - ProofreadPage Extension |
2026-04-07T19:17:51.638Z | 2026-04-08T18:48:41.035Z |
| cve-2026-5739 | PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvalua… |
n/a |
PowerJob |
2026-04-07T19:15:11.183Z | 2026-04-07T20:03:03.560Z | |
| cve-2026-39365 | Vite has a Path Traversal in Optimized Deps `.map` Handling |
vitejs |
vite |
2026-04-07T19:13:50.927Z | 2026-04-15T14:23:24.501Z | |
| cve-2026-39364 | Vite has a `server.fs.deny` bypass with queries |
vitejs |
vite |
2026-04-07T19:12:47.577Z | 2026-04-07T20:01:56.564Z | |
| cve-2026-39363 | Vite Affected by Arbitrary File Read via Vite Dev Serv… |
vitejs |
vite |
2026-04-07T19:10:44.916Z | 2026-04-08T17:52:58.420Z | |
| cve-2026-39322 | PolarLearn: Any password authenticates banned accounts… |
polarnl |
PolarLearn |
2026-04-07T19:03:28.999Z | 2026-04-09T16:16:51.970Z | |
| cve-2026-39361 | OpenObserve has a SSRF Protection Bypass via IPv6 Brac… |
openobserve |
openobserve |
2026-04-07T19:02:12.816Z | 2026-04-09T16:17:46.139Z | |
| cve-2026-39360 | RustFS has an authorization bypass in multipart Upload… |
rustfs |
rustfs |
2026-04-07T18:58:29.974Z | 2026-04-07T19:28:22.541Z | |
| cve-2026-39355 | Genealogy is Missing Authorization in `TeamController:… |
MGeurts |
genealogy |
2026-04-07T18:56:06.385Z | 2026-04-08T18:10:34.141Z | |
| cve-2026-39354 | Scoold has an Authenticated Arbitrary Question Overwri… |
Erudika |
scoold |
2026-04-07T18:54:36.133Z | 2026-04-09T16:17:51.713Z | |
| cve-2026-39351 | Frappe allows unrestricted Doctype access via API exploit |
frappe |
frappe |
2026-04-07T18:52:01.531Z | 2026-04-09T16:10:37.051Z | |
| cve-2026-5736 | PowerJob detailPlus Endpoint InstanceController.java s… |
n/a |
PowerJob |
2026-04-07T18:45:15.491Z | 2026-04-08T16:15:07.755Z | |
| cve-2026-5762 | 5.3 (v4.0) | ReportIncident DiscussionTools integration causes slow… |
Wikimedia Foundation |
MediaWiki - ReportIncident Extension |
2026-04-07T18:42:35.336Z | 2026-04-08T19:12:52.328Z |
| cve-2026-22711 | 6.9 (v4.0) | Stored XSS through system messages in WikiLove |
The Wikimedia Foundation |
Mediawiki - Wikilove Extension |
2026-04-07T18:39:37.410Z | 2026-04-08T22:02:16.476Z |
| cve-2026-39349 | OrangeHRM Uses AES-ECB for Sensitive Data Encryption E… |
orangehrm |
orangehrm |
2026-04-07T18:22:38.242Z | 2026-04-07T19:27:43.612Z | |
| cve-2026-39348 | OrangeHRM is Missing Authorization Checks in AbstractF… |
orangehrm |
orangehrm |
2026-04-07T18:21:29.837Z | 2026-04-08T18:43:33.902Z | |
| cve-2026-39347 | OrangeHRM's Self‑Appraisal Submission of Admin Users C… |
orangehrm |
orangehrm |
2026-04-07T18:20:35.788Z | 2026-04-09T16:17:56.930Z | |
| cve-2026-39346 | OrangeHRM has Improper Access Control Allowing Access … |
orangehrm |
orangehrm |
2026-04-07T18:19:24.388Z | 2026-04-09T16:05:10.333Z | |
| cve-2026-39345 | OrangeHRM Affected by Arbitrary File Read via Path Tra… |
orangehrm |
orangehrm |
2026-04-07T18:17:35.223Z | 2026-04-07T19:27:15.409Z | |
| cve-2026-39324 | Rack::Session::Cookie secrets: decrypt failure fallbac… |
rack |
rack-session |
2026-04-07T18:13:28.639Z | 2026-04-08T18:44:07.145Z | |
| cve-2026-39321 | Parse Server has a login timing side-channel reveals u… |
parse-community |
parse-server |
2026-04-07T18:11:10.514Z | 2026-04-07T19:58:57.199Z | |
| cve-2026-39337 | ChurchCRM Affected by Unauthenticated RCE in Install Wizard |
ChurchCRM |
CRM |
2026-04-07T18:08:27.227Z | 2026-04-07T18:41:52.764Z | |
| cve-2026-39319 | ChurchCRM has a Second Order SQLI via FundRaiserEditor.php |
ChurchCRM |
CRM |
2026-04-07T18:05:18.331Z | 2026-04-08T14:39:12.132Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2022-avi-159 | Vulnérabilité dans Moxa MGate | 2022-02-17T00:00:00.000000 | 2022-02-17T00:00:00.000000 |
| certfr-2022-avi-158 | Multiples vulnérabilités dans Drupal core | 2022-02-17T00:00:00.000000 | 2022-02-17T00:00:00.000000 |
| certfr-2022-avi-157 | Multiples vulnérabilités dans Microsoft Edge | 2022-02-17T00:00:00.000000 | 2022-02-17T00:00:00.000000 |
| certfr-2022-avi-156 | Vulnérabilité dans Cisco Email Security Appliance | 2022-02-17T00:00:00.000000 | 2022-02-17T00:00:00.000000 |
| certfr-2022-avi-155 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-02-17T00:00:00.000000 | 2022-02-17T00:00:00.000000 |
| certfr-2022-avi-154 | Vulnérabilité dans IBM Integrated Analytics System | 2022-02-16T00:00:00.000000 | 2022-02-16T00:00:00.000000 |
| certfr-2022-avi-153 | Vulnérabilité dans Mozilla Thunderbird | 2022-02-16T00:00:00.000000 | 2022-02-16T00:00:00.000000 |
| certfr-2022-avi-152 | Multiples vulnérabilités dans Trend Micro Apex One | 2022-02-16T00:00:00.000000 | 2022-02-16T00:00:00.000000 |
| certfr-2022-avi-151 | Vulnérabilité dans VMware NSX Data Center | 2022-02-16T00:00:00.000000 | 2022-02-16T00:00:00.000000 |
| certfr-2022-avi-150 | Vulnérabilité dans Ivanti Service Manager | 2022-02-15T00:00:00.000000 | 2022-02-15T00:00:00.000000 |
| certfr-2022-avi-149 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2022-02-15T00:00:00.000000 | 2022-02-15T00:00:00.000000 |
| certfr-2022-avi-148 | Multiples vulnérabilités dans les produits VMware | 2022-02-15T00:00:00.000000 | 2022-02-15T00:00:00.000000 |
| certfr-2022-avi-147 | Multiples vulnérabilités dans Google Chrome | 2022-02-15T00:00:00.000000 | 2022-02-15T00:00:00.000000 |
| certfr-2022-avi-146 | Vulnérabilité dans Axis IP Utility | 2022-02-14T00:00:00.000000 | 2022-02-14T00:00:00.000000 |
| certfr-2022-avi-145 | Multiples vulnérabilités dans Mozilla Thunderbird | 2022-02-14T00:00:00.000000 | 2022-02-14T00:00:00.000000 |
| certfr-2022-avi-144 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-02-14T00:00:00.000000 | 2022-02-14T00:00:00.000000 |
| certfr-2022-avi-143 | Vulnérabilité dans Ruby on Rails | 2022-02-14T00:00:00.000000 | 2022-02-14T00:00:00.000000 |
| certfr-2022-avi-142 | Multiples vulnérabilités dans les produits Moxa | 2022-02-11T00:00:00.000000 | 2022-02-11T00:00:00.000000 |
| certfr-2022-avi-141 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-02-11T00:00:00.000000 | 2022-02-11T00:00:00.000000 |
| certfr-2022-avi-140 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2022-02-11T00:00:00.000000 | 2022-02-11T00:00:00.000000 |
| certfr-2022-avi-139 | Multiples vulnérabilités dans Wireshark | 2022-02-11T00:00:00.000000 | 2022-02-11T00:00:00.000000 |
| certfr-2022-avi-138 | Vulnérabilité dans Microsoft Edge | 2022-02-11T00:00:00.000000 | 2022-02-11T00:00:00.000000 |
| certfr-2022-avi-137 | Vulnérabilité dans les produits Apple | 2022-02-11T00:00:00.000000 | 2022-02-11T00:00:00.000000 |
| certfr-2022-avi-136 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2022-02-10T00:00:00.000000 | 2022-02-10T00:00:00.000000 |
| certfr-2022-avi-135 | Multiples vulnérabilités dans Stormshield Network Security | 2022-02-10T00:00:00.000000 | 2022-02-10T00:00:00.000000 |
| certfr-2022-avi-134 | Multiples vulnérabilités dans Tenable Nessus | 2022-02-10T00:00:00.000000 | 2022-02-10T00:00:00.000000 |
| certfr-2022-avi-133 | Multiples vulnérabilités dans Citrix Hypervisor | 2022-02-10T00:00:00.000000 | 2022-02-10T00:00:00.000000 |
| certfr-2022-avi-132 | Multiples vulnérabilités dans les produits Microsoft | 2022-02-09T00:00:00.000000 | 2022-02-09T00:00:00.000000 |
| certfr-2022-avi-131 | Vulnérabilité dans Microsoft .Net | 2022-02-09T00:00:00.000000 | 2022-02-09T00:00:00.000000 |
| certfr-2022-avi-130 | Multiples vulnérabilités dans Microsoft Windows | 2022-02-09T00:00:00.000000 | 2022-02-09T00:00:00.000000 |