Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-5666 | code-projects Online FIR System SQL Database Backup Fi… |
code-projects |
Online FIR System |
2026-04-06T15:30:13.502Z | 2026-04-07T16:00:58.394Z | |
| cve-2026-34402 | N/A | {'rejectedReasons': [{'lang': 'en', 'value': '** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.another CVE.'}], 'replacedBy': ['CVE-2026-39330'], 'providerMetadata': {'orgId': 'a0819718-46f1-4df5-94e2-005712e83aaa', 'shortName': 'GitHub_M', 'dateUpdated': '2026-04-09T16:52:13.843Z'}} | N/A | N/A | 2026-04-06T15:27:09.103Z | 2026-04-09T16:52:13.843Z |
| cve-2026-33405 | Pi-hole has a Stored HTML Injection in queries.js |
pi-hole |
web |
2026-04-06T15:23:32.750Z | 2026-04-06T18:37:49.276Z | |
| cve-2026-34380 | OpenEXR has a signed integer overflow (undefined behav… |
AcademySoftwareFoundation |
openexr |
2026-04-06T15:22:40.198Z | 2026-04-07T14:15:07.727Z | |
| cve-2026-34379 | OpenEXR has a misaligned write in LossyDctDecoder_exec… |
AcademySoftwareFoundation |
openexr |
2026-04-06T15:21:06.556Z | 2026-04-07T03:07:14.371Z | |
| cve-2026-34378 | OpenEXR has a signed integer overflow in generic_unpac… |
AcademySoftwareFoundation |
openexr |
2026-04-06T15:19:34.871Z | 2026-04-07T03:07:17.341Z | |
| cve-2026-5704 | 5 (v3.1) | Tar: tar: hidden file injection via crafted archives |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-04-06T15:17:27.945Z | 2026-04-22T20:15:40.736Z |
| cve-2026-34982 | Vim modeline bypass via various options affects Vim < … |
vim |
vim |
2026-04-06T15:16:48.809Z | 2026-04-07T03:56:01.436Z | |
| cve-2026-5665 | code-projects Online FIR System Login checklogin.php s… |
code-projects |
Online FIR System |
2026-04-06T15:15:12.944Z | 2026-04-06T15:34:25.071Z | |
| cve-2026-34217 | SandboxJS has a Sandbox Escape via Prop Object Leak in… |
nyariv |
SandboxJS |
2026-04-06T15:12:52.871Z | 2026-04-06T15:40:46.653Z | |
| cve-2026-34211 | SandboxJS: Stack overflow DoS via deeply nested expres… |
nyariv |
SandboxJS |
2026-04-06T15:10:42.261Z | 2026-04-07T14:09:53.356Z | |
| cve-2026-34208 | SandboxJS: Sandbox integrity escape |
nyariv |
SandboxJS |
2026-04-06T15:09:28.219Z | 2026-04-06T18:39:14.717Z | |
| cve-2026-34148 | Fedify affected by resource exhaustion caused by unbou… |
@fedify |
fedify |
2026-04-06T15:06:53.197Z | 2026-04-07T14:25:51.368Z | |
| cve-2026-33727 | Pi-hole has a Local Privilege Escalation (post-comprom… |
pi-hole |
pi-hole |
2026-04-06T15:02:19.693Z | 2026-04-07T13:06:34.177Z | |
| cve-2026-33752 | Redirect-based SSRF leading to internal network access… |
lexiforest |
curl_cffi |
2026-04-06T15:01:44.844Z | 2026-04-06T15:40:54.380Z | |
| cve-2026-33540 | Distribution affected by pull-through cache credential… |
distribution |
distribution |
2026-04-06T14:55:04.812Z | 2026-04-06T15:04:50.154Z | |
| cve-2026-33510 | DOM-Based XSS in Homarr /auth/login Redirect |
homarr-labs |
homarr |
2026-04-06T14:51:38.960Z | 2026-04-06T15:41:01.491Z | |
| cve-2026-34897 | 6.5 (v3.1) | WordPress Media LIbrary Assistant plugin <= 3.34 - Cro… |
David Lingren |
Media LIbrary Assistant |
2026-04-06T14:50:48.088Z | 2026-04-06T16:53:41.468Z |
| cve-2026-33406 | Pi-hole has a Stored HTML attribute injection |
pi-hole |
web |
2026-04-06T14:50:35.670Z | 2026-04-07T14:08:17.918Z | |
| cve-2026-33404 | Pi-hole has a Stored XSS / HTML injection in the Netwo… |
pi-hole |
web |
2026-04-06T14:48:45.348Z | 2026-04-06T18:39:53.011Z | |
| cve-2026-33403 | Pi-hole has a Reflected XSS / HTML injection in taillog.js |
pi-hole |
web |
2026-04-06T14:48:05.132Z | 2026-04-06T15:05:23.490Z | |
| cve-2026-34885 | 8.5 (v3.1) | WordPress Media LIbrary Assistant plugin <= 3.34 - SQL… |
David Lingren |
Media LIbrary Assistant |
2026-04-06T14:47:31.754Z | 2026-04-06T15:24:38.062Z |
| cve-2026-32602 | Homarr has a Race Condition in Invite Token Registrati… |
homarr-labs |
homarr |
2026-04-06T14:42:37.488Z | 2026-04-06T15:41:09.966Z | |
| cve-2026-29047 | GLPI has an Authenticated SQL Injection via log exports |
glpi-project |
glpi |
2026-04-06T14:39:15.996Z | 2026-04-07T13:06:57.659Z | |
| cve-2026-26263 | GLPI has an Unauthenticated SQL Injection via Search engine |
glpi-project |
glpi |
2026-04-06T14:36:57.028Z | 2026-04-07T03:55:42.069Z | |
| cve-2026-26027 | GLPI has an Unauthenticated Stored XSS via inventory |
glpi-project |
glpi |
2026-04-06T14:35:53.788Z | 2026-04-07T03:55:40.983Z | |
| cve-2026-26026 | GLPI has a Server-Side Template Injection via Double-C… |
glpi-project |
glpi |
2026-04-06T14:33:05.188Z | 2026-04-07T03:55:39.862Z | |
| cve-2026-25932 | GLPI has Stored XSS in Supplier 'Website' field |
glpi-project |
glpi |
2026-04-06T14:31:02.319Z | 2026-04-07T13:07:09.230Z | |
| cve-2026-5663 | OFFIS DCMTK storescp storescp.cc executeOnEndOfStudy o… |
OFFIS |
DCMTK |
2026-04-06T14:15:11.214Z | 2026-04-07T14:06:11.702Z | |
| cve-2026-5661 | Free5GC NGSetupRequest denial of service |
n/a |
Free5GC |
2026-04-06T14:08:19.647Z | 2026-04-06T14:55:09.634Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2021-avi-754 | Vulnérabilité dans Xen | 2021-10-06T00:00:00.000000 | 2021-10-06T00:00:00.000000 |
| certfr-2021-avi-753 | Multiples vulnérabilités dans Mozilla Firefox | 2021-10-06T00:00:00.000000 | 2021-10-06T00:00:00.000000 |
| certfr-2021-avi-752 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2021-10-06T00:00:00.000000 | 2021-10-06T00:00:00.000000 |
| certfr-2021-avi-751 | Multiples vulnérabilités dans Google Android | 2021-10-05T00:00:00.000000 | 2021-10-05T00:00:00.000000 |
| certfr-2021-avi-750 | Vulnérabilité dans les produits Trend Micro | 2021-10-05T00:00:00.000000 | 2021-10-05T00:00:00.000000 |
| certfr-2021-avi-749 | Multiples vulnérabilités dans Microsoft Edge | 2021-10-04T00:00:00.000000 | 2021-10-04T00:00:00.000000 |
| certfr-2021-avi-748 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2021-10-04T00:00:00.000000 | 2021-10-04T00:00:00.000000 |
| certfr-2021-avi-747 | Multiples vulnérabilités dans les produits Synology | 2021-10-01T00:00:00.000000 | 2021-10-01T00:00:00.000000 |
| certfr-2021-avi-746 | Multiples vulnérabilités dans les produits QNAP | 2021-10-01T00:00:00.000000 | 2021-10-01T00:00:00.000000 |
| certfr-2021-avi-745 | Vulnérabilité dans IBM Qradar | 2021-10-01T00:00:00.000000 | 2021-10-01T00:00:00.000000 |
| certfr-2021-avi-744 | Multiples vulnérabilités dans GitLab | 2021-10-01T00:00:00.000000 | 2021-10-01T00:00:00.000000 |
| certfr-2021-avi-743 | Multiples vulnérabilités dans Google Chrome | 2021-10-01T00:00:00.000000 | 2021-10-04T00:00:00.000000 |
| certfr-2021-avi-742 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2021-09-30T00:00:00.000000 | 2021-09-30T00:00:00.000000 |
| certfr-2021-avi-741 | Multiples vulnérabilités dans Google ChromeOS | 2021-09-30T00:00:00.000000 | 2021-09-30T00:00:00.000000 |
| certfr-2021-avi-740 | Multiples vulnérabilités dans F-Secure Internet Gatekeeper | 2021-09-28T00:00:00.000000 | 2021-09-28T00:00:00.000000 |
| certfr-2021-avi-739 | Multiples vulnérabilités dans Siemens Solid Edge | 2021-09-28T00:00:00.000000 | 2021-09-28T00:00:00.000000 |
| certfr-2021-avi-738 | Multiples vulnérabilités dans QNAP QVR | 2021-09-27T00:00:00.000000 | 2021-09-27T00:00:00.000000 |
| certfr-2021-avi-737 | Multiples vulnérabilités dans le noyau linux de Debian | 2021-09-27T00:00:00.000000 | 2021-09-27T00:00:00.000000 |
| certfr-2021-avi-736 | Multiples vulnérabilités dans Microsoft Edge | 2021-09-27T00:00:00.000000 | 2021-09-27T00:00:00.000000 |
| certfr-2021-avi-735 | Vulnérabilité dans Google Chrome | 2021-09-27T00:00:00.000000 | 2021-09-27T00:00:00.000000 |
| certfr-2021-avi-734 | Vulnérabilité dans Trendmicro ServerProtect | 2021-09-27T00:00:00.000000 | 2021-09-27T00:00:00.000000 |
| certfr-2021-avi-733 | Multiples vulnérabilités dans SonicWall SMA 100 | 2021-09-24T00:00:00.000000 | 2021-09-24T00:00:00.000000 |
| certfr-2021-avi-732 | Multiples vulnérabilités dans les produits Apple | 2021-09-24T00:00:00.000000 | 2021-09-24T00:00:00.000000 |
| certfr-2021-avi-731 | Multiples vulnérabilités dans PHP | 2021-09-24T00:00:00.000000 | 2021-09-24T00:00:00.000000 |
| certfr-2021-avi-730 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2021-09-24T00:00:00.000000 | 2021-09-24T00:00:00.000000 |
| certfr-2021-avi-729 | Multiples vulnérabilités dans Tenable | 2021-09-23T00:00:00.000000 | 2021-09-23T00:00:00.000000 |
| certfr-2021-avi-728 | Multiples vulnérabilités dans les produits Cisco | 2021-09-23T00:00:00.000000 | 2021-09-23T00:00:00.000000 |
| certfr-2021-avi-727 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2021-09-23T00:00:00.000000 | 2021-09-23T00:00:00.000000 |
| certfr-2021-avi-726 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2021-09-22T00:00:00.000000 | 2021-09-22T00:00:00.000000 |
| certfr-2021-avi-725 | Multiples vulnérabilités dans Google Chrome | 2021-09-22T00:00:00.000000 | 2021-09-22T00:00:00.000000 |