Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-35575 | ChurchCRM has Stored XSS in Group Name |
ChurchCRM |
CRM |
2026-04-07T17:08:43.354Z | 2026-04-07T18:35:14.962Z | |
| cve-2026-22680 | 6.9 (v4.0) 5.3 (v3.1) | OpenViking < 0.3.3 Missing Authorization via Task Polling |
Volcengine |
OpenViking |
2026-04-07T17:08:30.835Z | 2026-04-08T18:49:10.725Z |
| cve-2026-35572 | SSRF via Referer header in ChurchCRM allows server-sid… |
ChurchCRM |
CRM |
2026-04-07T17:07:57.506Z | 2026-04-07T19:59:43.438Z | |
| cve-2026-35573 | ChurchCRM has a Path traversal leads to RCE |
ChurchCRM |
CRM |
2026-04-07T17:06:07.161Z | 2026-04-08T18:49:46.996Z | |
| cve-2026-35574 | ChurchCRM has a Stored XSS in Person Profile - Add a Note |
ChurchCRM |
CRM |
2026-04-07T17:04:21.184Z | 2026-04-07T17:26:30.431Z | |
| cve-2026-39316 | CUPS has a use-after-free in `cupsdDeleteTemporaryPrin… |
OpenPrinting |
cups |
2026-04-07T17:00:26.801Z | 2026-04-09T15:42:40.861Z | |
| cve-2026-39314 | CUPS has an integer underflow in `_ppdCreateFromIPP` c… |
OpenPrinting |
cups |
2026-04-07T16:59:23.808Z | 2026-04-07T18:34:19.683Z | |
| cve-2026-35610 | PolarLearn has a Server Action Admin Bypass in Account… |
polarnl |
PolarLearn |
2026-04-07T16:56:57.483Z | 2026-04-07T18:32:36.607Z | |
| cve-2026-39312 | Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition |
SoftEtherVPN |
SoftEtherVPN |
2026-04-07T16:52:08.172Z | 2026-04-07T17:27:16.498Z | |
| cve-2026-23696 | 9.4 (v4.0) 9.9 (v3.1) | Windmill < 1.603.3 File Ownership Handling SQLi RCE |
Windmill Labs |
Windmill CE (Community Edition) |
2026-04-07T16:50:53.231Z | 2026-04-08T03:55:43.162Z |
| cve-2026-22683 | 8.7 (v4.0) 8.8 (v3.1) | Windmill < 1.615.0 Operator Role Missing Authorization… |
Windmill Labs |
Windmill CE (Community Edition) |
2026-04-07T16:50:30.297Z | 2026-04-13T13:04:17.928Z |
| cve-2026-39307 | PraisonAI has an Arbitrary File Write (Zip Slip) in Te… |
MervinPraison |
PraisonAI |
2026-04-07T16:49:29.885Z | 2026-04-09T15:40:37.560Z | |
| cve-2026-39308 | PraisonAI recipe registry publish path traversal allow… |
MervinPraison |
PraisonAI |
2026-04-07T16:48:42.322Z | 2026-04-09T16:18:05.184Z | |
| cve-2026-39306 | PraisonAI recipe registry pull path traversal writes f… |
MervinPraison |
PraisonAI |
2026-04-07T16:48:05.722Z | 2026-04-07T18:31:31.939Z | |
| cve-2026-39305 | Arbitrary File Write / Path Traversal in Action Orchestrator |
MervinPraison |
PraisonAI |
2026-04-07T16:47:18.102Z | 2026-04-07T17:27:47.512Z | |
| cve-2026-35615 | PraisonAI has a Path Traversal in FileTools |
MervinPraison |
PraisonAI |
2026-04-07T16:46:15.192Z | 2026-04-09T16:18:10.919Z | |
| cve-2026-32588 | Apache Cassandra: Authenticated DoS via ALTER ROLE Pas… |
Apache Software Foundation |
Apache Cassandra |
2026-04-07T16:42:52.361Z | 2026-04-09T14:43:57.808Z | |
| cve-2026-35614 | Frappe has a SQL injection in bulk_update |
frappe |
frappe |
2026-04-07T16:42:12.740Z | 2026-04-09T14:41:12.703Z | |
| cve-2026-27315 | Apache Cassandra: cqlsh history sensitive information leak |
Apache Software Foundation |
Apache Cassandra |
2026-04-07T16:40:51.836Z | 2026-04-09T14:38:23.271Z | |
| cve-2026-35613 | Path traversal in coursevault-preview due to improper … |
moritzmyrz |
coursevault-preview |
2026-04-07T16:39:44.237Z | 2026-04-09T16:18:16.501Z | |
| cve-2026-35611 | Addressable has a Regular Expression Denial of Service… |
sporkmonger |
addressable |
2026-04-07T16:38:08.707Z | 2026-04-09T14:36:18.529Z | |
| cve-2026-35608 | QuickDrop has stored XSS in SVG file preview endpoint … |
RoastSlav |
quickdrop |
2026-04-07T16:35:08.606Z | 2026-04-07T18:30:02.117Z | |
| cve-2025-14821 | 7.8 (v3.1) | Libssh: libssh: insecure default configuration leads t… |
Red Hat |
Red Hat Hardened Images |
2026-04-07T16:34:10.718Z | 2026-04-28T20:27:10.104Z |
| cve-2026-27314 | Apache Cassandra: Privilege escalation via ADD IDENTIT… |
Apache Software Foundation |
Apache Cassandra |
2026-04-07T16:33:44.448Z | 2026-04-08T03:55:52.335Z | |
| cve-2026-35607 | File Browser: Proxy auth auto-provisioned users inheri… |
filebrowser |
filebrowser |
2026-04-07T16:31:21.522Z | 2026-04-08T18:50:24.867Z | |
| cve-2026-4631 | 9.8 (v3.1) | Cockpit: cockpit: unauthenticated remote code executio… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-04-07T16:30:28.069Z | 2026-04-10T21:05:16.830Z |
| cve-2026-35606 | File Browser discloses text file content via /api/reso… |
filebrowser |
filebrowser |
2026-04-07T16:29:03.565Z | 2026-04-09T16:18:22.881Z | |
| cve-2025-14944 | Backup Migration <= 2.0.0 - Missing Authorization to U… |
inisev |
BackupBliss – Backup & Migration with Free Cloud Storage |
2026-04-07T16:26:24.676Z | 2026-04-08T17:12:41.782Z | |
| cve-2026-35605 | File Browser has an access rule bypass via HasPrefix w… |
filebrowser |
filebrowser |
2026-04-07T16:24:52.307Z | 2026-04-09T14:32:02.764Z | |
| cve-2026-35604 | File Browser share links remain accessible after Share… |
filebrowser |
filebrowser |
2026-04-07T16:22:51.557Z | 2026-04-07T18:26:43.881Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2022-avi-099 | Vulnérabilité dans Tenable Nessus | 2022-02-01T00:00:00.000000 | 2022-02-01T00:00:00.000000 |
| certfr-2022-avi-098 | Vulnérabilité dans VMware Cloud Foundation | 2022-02-01T00:00:00.000000 | 2022-02-01T00:00:00.000000 |
| certfr-2022-avi-097 | Multiples vulnérabilités dans IBM Spectrum Protect Plus | 2022-02-01T00:00:00.000000 | 2022-02-01T00:00:00.000000 |
| certfr-2022-avi-096 | Multiples vulnérabilités dans Samba | 2022-02-01T00:00:00.000000 | 2022-02-01T00:00:00.000000 |
| certfr-2022-avi-095 | Vulnérabilité dans les produits ESET | 2022-01-31T00:00:00.000000 | 2022-01-31T00:00:00.000000 |
| certfr-2022-avi-094 | Vulnérabilité dans Symfony | 2022-01-31T00:00:00.000000 | 2022-02-08T00:00:00.000000 |
| certfr-2022-avi-093 | Vulnérabilité dans OpenSSL pour MIPS | 2022-01-31T00:00:00.000000 | 2022-01-31T00:00:00.000000 |
| certfr-2022-avi-092 | Multiples vulnérabilités dans IBM Spectrum Protect Plus | 2022-01-31T00:00:00.000000 | 2022-01-31T00:00:00.000000 |
| certfr-2022-avi-091 | Vulnérabilité dans Synology DiskStation Manager | 2022-01-31T00:00:00.000000 | 2022-04-06T00:00:00.000000 |
| certfr-2022-avi-090 | Multiples vulnérabilités dans Foxit PDF Reader et Foxit PDF Editor | 2022-01-28T00:00:00.000000 | 2022-01-28T00:00:00.000000 |
| certfr-2022-avi-089 | Vulnérabilité dans Trend Micro Worry-Free Business Security Server | 2022-01-28T00:00:00.000000 | 2022-01-28T00:00:00.000000 |
| certfr-2022-avi-088 | Multiples vulnérabilités dans les produits Apple | 2022-01-27T00:00:00.000000 | 2022-01-27T00:00:00.000000 |
| certfr-2022-avi-087 | Vulnérabilité dans Nextcloud pour Android | 2022-01-27T00:00:00.000000 | 2022-01-27T00:00:00.000000 |
| certfr-2022-avi-086 | Vulnérabilité dans pkexec de PolicyKit sur SUSE | 2022-01-27T00:00:00.000000 | 2022-01-27T00:00:00.000000 |
| certfr-2022-avi-085 | Vulnérabilité dans pkexec de PolicyKit sur Debian | 2022-01-27T00:00:00.000000 | 2022-01-27T00:00:00.000000 |
| certfr-2022-avi-084 | Vulnérabilité dans pkexec de PolicyKit sur Red Hat | 2022-01-27T00:00:00.000000 | 2022-01-27T00:00:00.000000 |
| certfr-2022-avi-083 | Vulnérabilité dans pkexec de PolicyKit sur Ubuntu | 2022-01-27T00:00:00.000000 | 2022-01-27T00:00:00.000000 |
| certfr-2022-avi-082 | Multiples vulnérabilités dans Apache Tomcat | 2022-01-26T00:00:00.000000 | 2022-01-26T00:00:00.000000 |
| certfr-2022-avi-081 | Multiples vulnérabilités dans Xen | 2022-01-26T00:00:00.000000 | 2022-01-26T00:00:00.000000 |
| certfr-2022-avi-080 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2022-01-26T00:00:00.000000 | 2022-01-26T00:00:00.000000 |
| certfr-2022-avi-079 | Vulnérabilité dans strongSwan | 2022-01-25T00:00:00.000000 | 2022-01-25T00:00:00.000000 |
| certfr-2022-avi-078 | Multiples vulnérabilités dans Foxit PDF Editor et Foxit PDF Reader versions MacOS | 2022-01-25T00:00:00.000000 | 2022-01-25T00:00:00.000000 |
| certfr-2022-avi-077 | Vulnérabilité dans IBM WebSphere | 2022-01-25T00:00:00.000000 | 2022-01-25T00:00:00.000000 |
| certfr-2022-avi-076 | Multiples vulnérabilités dans Moodle | 2022-01-24T00:00:00.000000 | 2022-01-24T00:00:00.000000 |
| certfr-2022-avi-075 | Multiples vulnérabilités dans les produits SonicWall | 2022-01-24T00:00:00.000000 | 2022-01-24T00:00:00.000000 |
| certfr-2022-avi-074 | Vulnérabilité dans Microsoft Windows | 2022-01-24T00:00:00.000000 | 2022-01-24T00:00:00.000000 |
| certfr-2022-avi-073 | Vulnérabilité dans Microsoft Edge pour Android | 2022-01-24T00:00:00.000000 | 2022-01-24T00:00:00.000000 |
| certfr-2022-avi-072 | Vulnérabilité dans IBM QRadar | 2022-01-24T00:00:00.000000 | 2022-01-24T00:00:00.000000 |
| certfr-2022-avi-071 | Multiples vulnérabilités dans le noyau Linux de Debian | 2022-01-24T00:00:00.000000 | 2022-01-24T00:00:00.000000 |
| certfr-2022-avi-070 | Vulnérabilité dans Stormshield SSOAgent | 2022-01-24T00:00:00.000000 | 2022-01-24T00:00:00.000000 |