Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-34082 | Dify has IDOR in deleting someone else's chat conversation |
langgenius |
dify |
2026-04-20T23:03:18.158Z | 2026-04-21T13:36:45.614Z | |
| cve-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & … |
wpdatatables |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
2026-04-20T22:25:26.695Z | 2026-04-21T19:49:47.411Z | |
| cve-2026-6729 | 5.3 (v4.0) 6.3 (v3.1) | HKUDS OpenHarness Session Key Collision Privilege Escalation |
HKUDS |
OpenHarness |
2026-04-20T22:01:38.766Z | 2026-04-21T17:39:32.967Z |
| cve-2026-0930 | 2.3 (v4.0) | Potential wolfSSHd Buffer out-of-bounds Read on Window… |
wolfSSL |
wolfSSH |
2026-04-20T21:28:33.227Z | 2026-04-21T13:37:15.647Z |
| cve-2026-22051 | 2.3 (v4.0) | StorageGRID (formerly StorageGRID Webscale) versi… |
NETAPP |
StorageGRID (formerly StorageGRID Webscale) |
2026-04-20T21:27:36.822Z | 2026-04-21T13:40:46.948Z |
| cve-2026-5450 | N/A | scanf %mc off-by-one heap buffer overflow |
The GNU C Library |
glibc |
2026-04-20T20:55:41.170Z | 2026-04-21T19:49:53.221Z |
| cve-2026-5928 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:31.743Z | 2026-04-21T19:49:59.071Z |
| cve-2026-5358 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:23.178Z | 2026-04-21T19:50:06.251Z |
| cve-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SS… |
InternLM |
lmdeploy |
2026-04-20T20:29:19.558Z | 2026-04-21T19:50:13.326Z | |
| cve-2026-4852 | Image Source Control Lite – Show Image Credits and Cap… |
webzunft |
Image Source Control Lite – Show Image Credits and Captions |
2026-04-20T20:26:53.256Z | 2026-04-21T13:53:14.507Z | |
| cve-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Lea… |
roxy-wi |
roxy-wi |
2026-04-20T20:26:52.217Z | 2026-04-21T17:38:09.523Z | |
| cve-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Rea… |
roxy-wi |
roxy-wi |
2026-04-20T20:24:15.319Z | 2026-04-21T13:42:19.802Z | |
| cve-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking … |
0xJacky |
nginx-ui |
2026-04-20T20:16:47.597Z | 2026-04-21T13:36:46.510Z | |
| cve-2026-33031 | Nginx-UI: Disabled users retain full API access throug… |
0xJacky |
nginx-ui |
2026-04-20T20:12:07.905Z | 2026-04-21T13:35:20.144Z | |
| cve-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due… |
spinnaker |
spinnaker |
2026-04-20T20:07:24.697Z | 2026-04-22T03:56:18.686Z | |
| cve-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifac… |
spinnaker |
spinnaker |
2026-04-20T20:00:57.517Z | 2026-04-22T03:56:17.486Z | |
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-21T13:43:17.635Z |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-21T13:44:08.776Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-21T19:50:26.897Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-21T17:35:30.317Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-21T13:31:13.580Z |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| cve-2026-23757 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module |
GFI Software |
HelpDesk |
2026-04-20T17:27:56.067Z | 2026-04-20T18:07:01.630Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-003008 | Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL | 2024-03-22T13:50+09:00 | 2024-04-24T11:45+09:00 |
| jvndb-2024-000032 | Multiple vulnerabilities in FitNesse | 2024-03-18T14:08+09:00 | 2024-03-19T11:02+09:00 |
| jvndb-2024-000031 | "ABEMA" App for Android fails to restrict access permissions | 2024-03-15T16:37+09:00 | 2024-03-15T16:37+09:00 |
| jvndb-2024-002961 | Information Exposure Vulnerability in Cosminexus Component Container | 2024-03-13T12:10+09:00 | 2024-03-13T12:10+09:00 |
| jvndb-2024-000030 | a-blog cms vulnerable to directory traversal | 2024-03-08T15:27+09:00 | 2024-03-08T15:27+09:00 |
| jvndb-2024-002942 | OMRON NJ/NX series vulnerable to path traversal | 2024-03-08T14:16+09:00 | 2024-03-08T14:16+09:00 |
| jvndb-2024-000028 | Multiple vulnerabilities in SKYSEA Client View | 2024-03-07T16:09+09:00 | 2024-07-29T18:13+09:00 |
| jvndb-2024-000027 | FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery | 2024-03-06T18:24+09:00 | 2024-03-06T18:24+09:00 |
| jvndb-2024-000026 | Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management | 2024-03-06T18:12+09:00 | 2024-03-06T18:12+09:00 |
| jvndb-2024-000029 | Toyoko Inn official App vulnerable to improper server certificate verification | 2024-03-06T13:53+09:00 | 2024-03-06T13:53+09:00 |
| jvndb-2024-000025 | Protection mechanism failure in RevoWorks | 2024-02-29T15:40+09:00 | 2024-02-29T15:40+09:00 |
| jvndb-2024-000024 | OET-213H-BTS1 missing authorization check in the initial configuration | 2024-02-29T14:59+09:00 | 2024-02-29T14:59+09:00 |
| jvndb-2024-000023 | OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting | 2024-02-29T13:12+09:00 | 2024-02-29T13:12+09:00 |
| jvndb-2024-000022 | Multiple vulnerabilities in baserCMS | 2024-02-27T14:25+09:00 | 2024-02-27T14:25+09:00 |
| jvndb-2024-002831 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-02-22T08:15+09:00 | 2026-02-04T12:02+09:00 |
| jvndb-2024-002832 | EL Injection Vulnerability in Hitachi Global Link Manager | 2024-02-21T15:53+09:00 | 2024-02-21T15:53+09:00 |
| jvndb-2024-000020 | Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater | 2024-02-20T14:14+09:00 | 2024-11-26T15:26+09:00 |
| jvndb-2024-002560 | Android App "Mopria Print Service" vulnerable to improper intent handling | 2024-02-15T15:26+09:00 | 2024-02-15T15:26+09:00 |
| jvndb-2024-000019 | a-blog cms vulnerable to URL spoofing | 2024-02-15T14:12+09:00 | 2024-02-15T14:12+09:00 |
| jvndb-2024-002050 | Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers | 2024-02-07T15:39+09:00 | 2024-03-08T18:05+09:00 |
| jvndb-2024-001882 | Sharp NEC Display Solutions' public displays vulnerable to local file inclusion | 2024-02-07T14:25+09:00 | 2024-07-11T14:27+09:00 |
| jvndb-2020-013805 | Zeroshell vulnerable to OS command injection | 2024-02-07T13:38+09:00 | 2024-02-07T13:38+09:00 |
| jvndb-2024-001804 | Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2 | 2024-02-06T15:02+09:00 | 2024-03-11T17:32+09:00 |
| jvndb-2024-001785 | Incorrect permission assignment vulnerability in Trend Micro uiAirSupport | 2024-02-06T14:46+09:00 | 2024-03-11T17:42+09:00 |
| jvndb-2024-000017 | Cybozu KUNAI for Android vulnerable to denial-of-service (DoS) | 2024-02-06T13:25+09:00 | 2024-06-27T13:28+09:00 |
| jvndb-2024-001462 | File and Directory Permissions Vulnerability in Hitachi Tuning Manager | 2024-02-05T14:54+09:00 | 2024-02-05T14:54+09:00 |
| jvndb-2024-000016 | Group Office vulnerable to cross-site scripting | 2024-02-01T13:48+09:00 | 2024-03-11T18:04+09:00 |
| jvndb-2024-000015 | Payment EX vulnerable to information disclosure | 2024-02-01T13:41+09:00 | 2024-03-11T17:42+09:00 |
| jvndb-2024-001161 | Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services | 2024-01-31T16:01+09:00 | 2024-01-31T16:01+09:00 |
| jvndb-2024-001160 | File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter | 2024-01-31T15:25+09:00 | 2024-03-11T17:41+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0016 | Vulnérabilité dans les produits Moxa | 2026-01-09T00:00:00.000000 | 2026-01-09T00:00:00.000000 |
| certfr-2026-avi-0015 | Multiples vulnérabilités dans les produits Centreon | 2026-01-08T00:00:00.000000 | 2026-01-08T00:00:00.000000 |
| certfr-2026-avi-0014 | Multiples vulnérabilités dans GitLab | 2026-01-08T00:00:00.000000 | 2026-01-08T00:00:00.000000 |
| certfr-2026-avi-0013 | Vulnérabilité dans Tenable Nessus Agent | 2026-01-08T00:00:00.000000 | 2026-01-08T00:00:00.000000 |
| certfr-2026-avi-0012 | Multiples vulnérabilités dans Trend Micro Apex Central | 2026-01-08T00:00:00.000000 | 2026-01-08T00:00:00.000000 |
| certfr-2026-avi-0011 | Vulnérabilité dans Google Android | 2026-01-08T00:00:00.000000 | 2026-01-08T00:00:00.000000 |
| certfr-2026-avi-0010 | Multiples vulnérabilités dans Curl | 2026-01-07T00:00:00.000000 | 2026-01-07T00:00:00.000000 |
| certfr-2026-avi-0009 | Vulnérabilité dans Google Chrome | 2026-01-07T00:00:00.000000 | 2026-01-07T00:00:00.000000 |
| certfr-2026-avi-0008 | Multiples vulnérabilités dans Joomla! | 2026-01-07T00:00:00.000000 | 2026-01-07T00:00:00.000000 |
| certfr-2026-avi-0007 | Vulnérabilité dans Stormshield Network Security | 2026-01-06T00:00:00.000000 | 2026-01-06T00:00:00.000000 |
| certfr-2026-avi-0006 | Multiples vulnérabilités dans Veeam Backup & Replication | 2026-01-06T00:00:00.000000 | 2026-01-06T00:00:00.000000 |
| certfr-2026-avi-0005 | Multiples vulnérabilités dans Centreon Open Tickets | 2026-01-06T00:00:00.000000 | 2026-01-06T00:00:00.000000 |
| certfr-2026-avi-0004 | Vulnérabilité dans MariaDB | 2026-01-05T00:00:00.000000 | 2026-01-05T00:00:00.000000 |
| certfr-2026-avi-0003 | Multiples vulnérabilités dans les produits Qnap | 2026-01-05T00:00:00.000000 | 2026-01-05T00:00:00.000000 |
| certfr-2026-avi-0002 | Multiples vulnérabilités dans les produits IBM | 2026-01-02T00:00:00.000000 | 2026-01-02T00:00:00.000000 |
| certfr-2026-avi-0001 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-01-02T00:00:00.000000 | 2026-01-02T00:00:00.000000 |
| certfr-2025-avi-1142 | Multiples vulnérabilités dans Moxa NPort | 2025-12-31T00:00:00.000000 | 2025-12-31T00:00:00.000000 |
| certfr-2025-avi-1141 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-12-26T00:00:00.000000 | 2025-12-26T00:00:00.000000 |
| certfr-2025-avi-1140 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-12-26T00:00:00.000000 | 2025-12-26T00:00:00.000000 |
| certfr-2025-avi-1139 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-12-26T00:00:00.000000 | 2025-12-26T00:00:00.000000 |
| certfr-2025-avi-1138 | Multiples vulnérabilités dans VMware Tanzu Platform | 2025-12-26T00:00:00.000000 | 2025-12-26T00:00:00.000000 |
| certfr-2025-avi-1137 | Multiples vulnérabilités dans les produits IBM | 2025-12-26T00:00:00.000000 | 2025-12-26T00:00:00.000000 |
| certfr-2025-avi-1136 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1135 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1134 | Multiples vulnérabilités dans MongoDB Server | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1133 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1132 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1131 | Multiples vulnérabilités dans les produits IBM | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1130 | Multiples vulnérabilités dans les produits Foxit | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1129 | Multiples vulnérabilités dans les produits VMware | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |