Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-21T13:44:08.776Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-21T19:50:26.897Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-21T17:35:30.317Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-21T13:31:13.580Z |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| cve-2026-23757 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module |
GFI Software |
HelpDesk |
2026-04-20T17:27:56.067Z | 2026-04-20T18:07:01.630Z |
| cve-2026-6662 | ericc-ch copilot-api Token Endpoint server.ts cors cro… |
ericc-ch |
copilot-api |
2026-04-20T17:00:17.800Z | 2026-04-20T18:09:27.691Z | |
| cve-2026-35154 | 6.3 (v3.1) | Dell PowerProtect Data Domain appliances, version… |
Dell |
PowerProtect Data Domain appliances |
2026-04-20T16:50:56.856Z | 2026-04-22T03:56:08.697Z |
| cve-2026-26951 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:44:49.612Z | 2026-04-22T03:56:07.580Z |
| cve-2026-22761 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:39:40.268Z | 2026-04-22T03:56:06.445Z |
| cve-2026-26942 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:34:43.219Z | 2026-04-22T03:56:05.261Z |
| cve-2026-26943 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:28:53.110Z | 2026-04-22T03:56:04.147Z |
| cve-2026-28684 | python-dotenv: Symlink following in set_key allows arb… |
theskumar |
python-dotenv |
2026-04-20T16:25:12.302Z | 2026-04-20T17:43:09.477Z | |
| cve-2026-40488 | OpenMage LTS has Customer File Upload Extension Blockl… |
OpenMage |
magento-lts |
2026-04-20T16:23:07.429Z | 2026-04-20T16:55:05.724Z | |
| cve-2026-24506 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:22:37.689Z | 2026-04-22T03:56:02.944Z |
| cve-2026-40098 | OpenMage LTS imports cross-user wishlist item via shar… |
OpenMage |
magento-lts |
2026-04-20T16:19:55.157Z | 2026-04-20T18:10:44.490Z | |
| cve-2026-41445 | 8.7 (v4.0) 8.8 (v3.1) | KissFFT Integer Overflow Heap Buffer Overflow via kiss… |
mborgerding |
kissfft |
2026-04-20T16:18:50.371Z | 2026-04-20T17:57:10.156Z |
| cve-2026-24505 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:15:46.863Z | 2026-04-22T03:56:00.561Z |
| cve-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataf… |
OpenMage |
magento-lts |
2026-04-20T16:14:14.366Z | 2026-04-21T13:27:55.707Z | |
| cve-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Co… |
OpenMage |
magento-lts |
2026-04-20T16:11:16.922Z | 2026-04-20T16:54:43.603Z | |
| cve-2026-24504 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:08:35.314Z | 2026-04-22T03:55:59.007Z |
| cve-2026-25883 | Vexa Webhook Feature has a SSRF Vulnerability |
Vexa-ai |
vexa |
2026-04-20T16:04:36.584Z | 2026-04-20T16:36:21.221Z | |
| cve-2026-25058 | Vexa's unauthenticated internal transcript endpoint ex… |
Vexa-ai |
vexa |
2026-04-20T16:03:06.639Z | 2026-04-20T16:12:27.988Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-001062 | Yamaha wireless LAN access point devices vulnerable to active debug code | 2024-01-24T17:16+09:00 | 2024-03-13T17:24+09:00 |
| jvndb-2024-001061 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-01-24T17:16+09:00 | 2025-02-13T14:31+09:00 |
| jvndb-2024-000014 | Oracle WebLogic Server vulnerable to HTTP header injection | 2024-01-24T13:53+09:00 | 2024-01-24T13:53+09:00 |
| jvndb-2024-000005 | "Mercari" App for Android fails to restrict custom URL schemes properly | 2024-01-24T13:46+09:00 | 2024-03-04T18:01+09:00 |
| jvndb-2024-000008 | Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" | 2024-01-23T16:57+09:00 | 2024-03-13T17:40+09:00 |
| jvndb-2024-000013 | Android App "Spoon" uses a hard-coded API key for an external service | 2024-01-23T16:53+09:00 | 2024-03-14T17:44+09:00 |
| jvndb-2024-000010 | Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)" | 2024-01-23T15:25+09:00 | 2024-03-14T17:33+09:00 |
| jvndb-2024-000009 | Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense | 2024-01-23T15:13+09:00 | 2024-03-13T17:46+09:00 |
| jvndb-2024-000012 | Access analysis CGI An-Analyzer vulnerable to open redirect | 2024-01-22T15:57+09:00 | 2024-03-13T17:34+09:00 |
| jvndb-2024-000011 | Multiple vulnerabilities in a-blog cms | 2024-01-22T15:08+09:00 | 2024-03-13T17:50+09:00 |
| jvndb-2024-000006 | FusionPBX vulnerable to cross-site scripting | 2024-01-19T12:30+09:00 | 2024-03-12T17:31+09:00 |
| jvndb-2024-000007 | Multiple Dahua Technology products vulnerable to authentication bypass | 2024-01-18T13:43+09:00 | 2024-07-11T16:10+09:00 |
| jvndb-2024-000004 | Drupal vulnerable to improper handling of structural elements | 2024-01-16T13:41+09:00 | 2024-03-12T17:33+09:00 |
| jvndb-2024-000003 | Pleasanter vulnerable to cross-site scripting | 2024-01-15T15:59+09:00 | 2024-01-15T15:59+09:00 |
| jvndb-2024-000002 | Thermal camera TMC series vulnerable to insufficient technical documentation | 2024-01-15T15:19+09:00 | 2024-03-11T18:17+09:00 |
| jvndb-2024-000001 | Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin" | 2024-01-12T13:51+09:00 | 2024-03-14T12:28+09:00 |
| jvndb-2024-001002 | Multiple TP-Link products vulnerable to OS command injection | 2024-01-10T13:57+09:00 | 2024-03-14T13:52+09:00 |
| jvndb-2024-001001 | Multiple vulnerabilities in Panasonic Control FPWIN Pro7 | 2024-01-10T13:46+09:00 | 2024-01-10T13:46+09:00 |
| jvndb-2023-000126 | Multiple vulnerabilities in PowerCMS | 2023-12-26T16:46+09:00 | 2024-03-18T17:58+09:00 |
| jvndb-2023-000125 | Multiple vulnerabilities in BUFFALO VR-S1000 | 2023-12-26T15:51+09:00 | 2024-03-19T17:56+09:00 |
| jvndb-2023-014781 | Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access | 2023-12-26T09:27+09:00 | 2024-03-18T18:05+09:00 |
| jvndb-2023-012042 | WordPress plugin "MW WP Form" vulnerable to arbitrary file upload | 2023-12-15T15:17+09:00 | 2024-03-26T17:39+09:00 |
| jvndb-2023-000123 | Multiple vulnerabilities in GROWI | 2023-12-13T15:30+09:00 | 2024-03-19T17:46+09:00 |
| jvndb-2023-011403 | ELECOM wireless LAN routers vulnerable to OS command injection | 2023-12-13T15:06+09:00 | 2024-04-18T17:22+09:00 |
| jvndb-2023-000122 | Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series | 2023-12-11T14:12+09:00 | 2024-04-22T16:55+09:00 |
| jvndb-2023-009966 | FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection Critical | 2023-12-07T15:09+09:00 | 2023-12-25T16:54+09:00 |
| jvndb-2023-009619 | OS command injection vulnerability in DT900 | 2023-12-06T14:43+09:00 | 2023-12-06T14:43+09:00 |
| jvndb-2023-000121 | RakRak Document Plus vulnerable to path traversal | 2023-12-04T13:45+09:00 | 2024-01-24T12:06+09:00 |
| jvndb-2023-000119 | Ruckus Access Point contains a cross-site scripting vulnerability. | 2023-12-01T14:58+09:00 | 2024-04-23T17:51+09:00 |
| jvndb-2023-000117 | Multiple vulnerabilities in LuxCal Web Calendar | 2023-11-20T17:15+09:00 | 2023-11-20T17:15+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-1128 | Multiples vulnérabilités dans Mozilla Firefox | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1127 | Multiples vulnérabilités dans Centreon Web | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1126 | Multiples vulnérabilités dans PHP | 2025-12-19T00:00:00.000000 | 2025-12-22T00:00:00.000000 |
| certfr-2025-avi-1125 | Vulnérabilité dans les produits NetApp | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1124 | Multiples vulnérabilités dans Microsoft Edge | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1123 | Multiples vulnérabilités dans les produits Elastic | 2025-12-19T00:00:00.000000 | 2025-12-19T00:00:00.000000 |
| certfr-2025-avi-1122 | Multiples vulnérabilités dans Mattermost Server | 2025-12-18T00:00:00.000000 | 2026-01-16T00:00:00.000000 |
| certfr-2025-avi-1121 | Vulnérabilité dans Sonicwall Secure Mobile Access | 2025-12-18T00:00:00.000000 | 2025-12-18T00:00:00.000000 |
| certfr-2025-avi-1120 | Vulnérabilité dans les produits Cisco | 2025-12-18T00:00:00.000000 | 2025-12-18T00:00:00.000000 |
| certfr-2025-avi-1119 | Multiples vulnérabilités dans les produits Synology | 2025-12-17T00:00:00.000000 | 2025-12-17T00:00:00.000000 |
| certfr-2025-avi-1118 | Vulnérabilité dans Mozilla Firefox | 2025-12-17T00:00:00.000000 | 2025-12-17T00:00:00.000000 |
| certfr-2025-avi-1117 | Multiples vulnérabilités dans GLPI | 2025-12-17T00:00:00.000000 | 2025-12-17T00:00:00.000000 |
| certfr-2025-avi-1116 | Multiples vulnérabilités dans Google Chrome | 2025-12-17T00:00:00.000000 | 2025-12-17T00:00:00.000000 |
| certfr-2025-avi-1115 | Vulnérabilité dans Trend Micro Apex One | 2025-12-16T00:00:00.000000 | 2025-12-16T00:00:00.000000 |
| certfr-2025-avi-1114 | Multiples vulnérabilités dans Tenable Nessus | 2025-12-16T00:00:00.000000 | 2025-12-16T00:00:00.000000 |
| certfr-2025-avi-1113 | Multiples vulnérabilités dans Moodle | 2025-12-16T00:00:00.000000 | 2025-12-16T00:00:00.000000 |
| certfr-2025-avi-1112 | Multiples vulnérabilités dans les produits Elastic | 2025-12-15T00:00:00.000000 | 2025-12-15T00:00:00.000000 |
| certfr-2025-avi-1111 | Multiples vulnérabilités dans Roundcube | 2025-12-15T00:00:00.000000 | 2026-01-05T00:00:00.000000 |
| certfr-2025-avi-1110 | Multiples vulnérabilités dans les produits Apple | 2025-12-15T00:00:00.000000 | 2025-12-15T00:00:00.000000 |
| certfr-2025-avi-1109 | Vulnérabilité dans strongSwan | 2025-12-15T00:00:00.000000 | 2025-12-15T00:00:00.000000 |
| certfr-2025-avi-1108 | Multiples vulnérabilités dans les produits IBM | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1107 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1106 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1105 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1104 | Vulnérabilité dans Microsoft Windows Admin Center | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1103 | Multiples vulnérabilités dans Microsoft Edge | 2025-12-12T00:00:00.000000 | 2025-12-15T00:00:00.000000 |
| certfr-2025-avi-1102 | Multiples vulnérabilités dans les produits NetApp | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1101 | Multiples vulnérabilités dans les produits Netgate | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1100 | Multiples vulnérabilités dans les produits Atlassian | 2025-12-12T00:00:00.000000 | 2025-12-12T00:00:00.000000 |
| certfr-2025-avi-1099 | Multiples vulnérabilités dans les produits Mozilla | 2025-12-11T00:00:00.000000 | 2025-12-11T00:00:00.000000 |