Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-25058 | Vexa's unauthenticated internal transcript endpoint ex… |
Vexa-ai |
vexa |
2026-04-20T16:03:06.639Z | 2026-04-20T16:12:27.988Z | |
| cve-2026-23774 | 7.2 (v3.1) | Dell PowerProtect Data Domain with Data Domain Op… |
Dell |
PowerProtect Data Domain |
2026-04-20T15:58:46.965Z | 2026-04-22T03:55:57.514Z |
| cve-2026-26944 | 8.8 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T15:51:30.118Z | 2026-04-22T03:55:56.073Z |
| cve-2026-24468 | OpenAEV Vulnerable to Username/Email Enumeration Throu… |
OpenAEV-Platform |
openaev |
2026-04-20T15:45:48.572Z | 2026-04-20T16:24:44.061Z | |
| cve-2026-24467 | OpenAEV's Improper Password Reset Token Management Lea… |
OpenAEV-Platform |
openaev |
2026-04-20T15:40:56.203Z | 2026-04-20T16:21:50.299Z | |
| cve-2026-6066 | 7.1 (v3.1) | Unencrypted Client‑Server Communication in ConnectWise… |
ConnectWise |
Automate |
2026-04-20T15:26:31.843Z | 2026-04-20T16:13:06.767Z |
| cve-2026-41245 | Junrar: Path Traversal (Zip-Slip) via Sibling Director… |
junrar |
junrar |
2026-04-20T15:15:24.540Z | 2026-04-20T16:35:09.317Z | |
| cve-2026-40896 | OpenProject has Cross-Project Meeting Agenda Item Inje… |
opf |
openproject |
2026-04-20T15:12:52.279Z | 2026-04-20T16:13:10.714Z | |
| cve-2026-6652 | Pagekit CMS StringStorage Template PhpEngine.php evalu… |
Pagekit |
CMS |
2026-04-20T15:00:22.525Z | 2026-04-20T16:14:56.950Z | |
| cve-2026-3219 | 4.6 (v4.0) | pip doesn't reject concatenated ZIP and tar archives |
Python Packaging Authority |
pip |
2026-04-20T14:55:38.282Z | 2026-04-20T20:15:23.710Z |
| cve-2026-39918 | 9.2 (v4.0) 9.8 (v3.1) | Vvveb < 1.0.8.1 Code Injection via Installation Endpoint |
givanz |
Vvveb |
2026-04-20T14:46:33.549Z | 2026-04-20T15:36:55.619Z |
| cve-2026-6651 | erponline.xyz ERP Online Inventory Edit Item cross sit… |
erponline.xyz |
ERP Online |
2026-04-20T14:45:11.560Z | 2026-04-20T15:21:57.084Z | |
| cve-2026-6650 | Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload |
n/a |
Z-BlogPHP |
2026-04-20T14:30:13.825Z | 2026-04-20T16:23:25.105Z | |
| cve-2026-34428 | 8.3 (v4.0) 7.7 (v3.1) | Vvveb < 1.0.8.1 SSRF via oEmbedProxy |
givanz |
Vvveb |
2026-04-20T13:55:36.802Z | 2026-04-20T14:49:33.646Z |
| cve-2026-34427 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save |
givanz |
Vvveb |
2026-04-20T13:55:15.311Z | 2026-04-20T14:51:12.245Z |
| cve-2026-34429 | 5.1 (v4.0) 5.4 (v3.1) | Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename |
givanz |
Vvveb |
2026-04-20T13:54:37.019Z | 2026-04-20T14:56:19.205Z |
| cve-2026-5760 | N/A | CVE-2026-5760 |
SGLang |
SGLang |
2026-04-20T13:46:23.603Z | 2026-04-20T15:29:54.098Z |
| cve-2026-6369 | 5.7 (v4.0) | Exposed Session Token in canonical-livepatch client snap |
Canonical |
canonical-livepatch |
2026-04-20T13:38:13.691Z | 2026-04-20T14:06:18.537Z |
| cve-2026-4048 | 8.4 (v3.1) | OS Command Injection Remote Code Execution Vulnerabili… |
Progress Software |
LoadMaster |
2026-04-20T13:36:49.475Z | 2026-04-22T03:55:54.495Z |
| cve-2026-3519 | 8.4 (v3.1) | OS Command Injection Remote Code Execution Vulnerabili… |
Progress Software |
LoadMaster |
2026-04-20T13:32:50.259Z | 2026-04-22T03:55:53.355Z |
| cve-2026-6649 | Qibo CMS headers server-side request forgery |
Qibo |
CMS |
2026-04-20T13:30:41.191Z | 2026-04-20T14:14:18.603Z | |
| cve-2026-3518 | 8.4 (v3.1) | OS Command Injection Remote Code Execution Vulnerabili… |
Progress Software |
LoadMaster |
2026-04-20T13:29:33.794Z | 2026-04-22T03:55:52.242Z |
| cve-2026-33557 | Apache Kafka: Missing JWT token validation in OAUTHBEA… |
Apache Software Foundation |
Apache Kafka |
2026-04-20T13:28:43.669Z | 2026-04-20T14:30:30.936Z | |
| cve-2025-66335 | Apache Doris MCP Server: MCP SQL inject |
Apache Software Foundation |
Apache Doris MCP Server |
2026-04-20T13:27:27.764Z | 2026-04-20T14:17:11.395Z | |
| cve-2026-3517 | 8.4 (v3.1) | OS Command Injection Remote Code Execution Vulnerabili… |
Progress Software |
LoadMaster |
2026-04-20T13:22:54.867Z | 2026-04-22T03:55:51.123Z |
| cve-2026-33558 | Apache Kafka, Apache Kafka Clients: Information Exposu… |
Apache Software Foundation |
Apache Kafka |
2026-04-20T13:20:38.059Z | 2026-04-20T14:20:41.640Z | |
| cve-2026-6648 | Qibo CMS Internal Message cross site scripting |
Qibo |
CMS |
2026-04-20T13:00:44.627Z | 2026-04-20T14:51:00.368Z | |
| cve-2026-6636 | p2r3 convert API buildCache.js Bun.serve path traversal |
p2r3 |
convert |
2026-04-20T12:00:17.473Z | 2026-04-20T14:58:24.131Z | |
| cve-2026-5958 | 2.1 (v4.0) | Race Condition in GNU Sed |
GNU |
Sed |
2026-04-20T11:59:32.214Z | 2026-04-20T13:25:59.530Z |
| cve-2026-6635 | rowboatlabs rowboat tools_webhook app.py tool_call imp… |
rowboatlabs |
rowboat |
2026-04-20T11:45:12.769Z | 2026-04-20T13:26:31.802Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-007152 | Multiple vulnerabilities in EXPRESSCLUSTER X | 2023-11-20T14:09+09:00 | 2024-05-01T18:10+09:00 |
| jvndb-2023-007150 | Multiple vulnerabilities in First Corporation's DVRs | 2023-11-17T17:31+09:00 | 2024-07-11T17:05+09:00 |
| jvndb-2023-000116 | Redmine vulnerable to cross-site scripting | 2023-11-17T14:32+09:00 | 2024-05-09T17:55+09:00 |
| jvndb-2023-000118 | Multiple vulnerabilities in CubeCart | 2023-11-17T14:22+09:00 | 2024-04-30T18:15+09:00 |
| jvndb-2023-006588 | Multiple vulnerabilities in ELECOM and LOGITEC routers | 2023-11-15T18:27+09:00 | 2024-04-26T15:22+09:00 |
| jvndb-2023-006578 | ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control | 2023-11-15T17:44+09:00 | 2024-04-30T18:08+09:00 |
| jvndb-2023-000115 | OSS Calendar vulnerable to SQL injection | 2023-11-14T14:05+09:00 | 2024-05-01T17:38+09:00 |
| jvndb-2023-006199 | Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023) | 2023-11-13T17:28+09:00 | 2024-03-13T17:28+09:00 |
| jvndb-2023-000112 | Multiple vulnerabilities in Pleasanter | 2023-11-13T15:57+09:00 | 2024-04-22T17:56+09:00 |
| jvndb-2023-000114 | Multiple vulnerabilities in Cisco Firepower Management Center Software | 2023-11-13T14:01+09:00 | 2024-05-07T15:07+09:00 |
| jvndb-2023-000113 | HOTELDRUID vulnerable to cross-site scripting | 2023-11-10T14:41+09:00 | 2024-05-01T17:47+09:00 |
| jvndb-2023-000111 | Remarshal unlimitedly expanding YAML alias nodes | 2023-11-10T14:41+09:00 | 2024-05-08T17:53+09:00 |
| jvndb-2023-000107 | EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution | 2023-11-07T13:47+09:00 | 2024-05-09T17:17+09:00 |
| jvndb-2023-004919 | FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength | 2023-11-02T17:21+09:00 | 2024-05-07T15:25+09:00 |
| jvndb-2023-000110 | Improper restriction of XML external entity references (XXE) in e-Tax software | 2023-11-02T13:38+09:00 | 2024-05-01T18:41+09:00 |
| jvndb-2023-004790 | Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2023-11-02T12:14+09:00 | 2023-11-02T12:14+09:00 |
| jvndb-2023-004754 | MCL Technologies MCL-Net vulnerable to directory traversal | 2023-11-01T16:49+09:00 | 2023-11-01T16:49+09:00 |
| jvndb-2023-000109 | Cybozu Remote Service vulnerable to uncontrolled resource consumption | 2023-10-31T13:43+09:00 | 2024-05-07T15:51+09:00 |
| jvndb-2023-000108 | Inkdrop vulnerable to code injection | 2023-10-30T13:48+09:00 | 2024-05-07T16:09+09:00 |
| jvndb-2023-004294 | Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL | 2023-10-27T16:10+09:00 | 2024-05-20T17:49+09:00 |
| jvndb-2023-000106 | Multiple vulnerabilities in baserCMS | 2023-10-27T14:46+09:00 | 2024-05-07T15:59+09:00 |
| jvndb-2023-000105 | Movable Type vulnerable to cross-site scripting | 2023-10-25T15:18+09:00 | 2024-05-10T17:47+09:00 |
| jvndb-2023-003956 | Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer | 2023-10-24T16:11+09:00 | 2024-05-10T17:47+09:00 |
| jvndb-2023-000103 | HP ThinUpdate vulnerable to improper server certificate verification | 2023-10-23T14:26+09:00 | 2023-10-23T14:26+09:00 |
| jvndb-2023-000102 | Multiple vulnerabilities in JustSystems products | 2023-10-19T15:16+09:00 | 2024-05-16T16:44+09:00 |
| jvndb-2023-000104 | Improper restriction of XML external entity references (XXE) in Proself | 2023-10-18T18:00+09:00 | 2024-05-15T17:08+09:00 |
| jvndb-2023-003913 | Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2 | 2023-10-18T14:13+09:00 | 2024-05-16T17:28+09:00 |
| jvndb-2023-000101 | web2py vulnerable to OS command injection | 2023-10-16T16:11+09:00 | 2024-05-22T17:58+09:00 |
| jvndb-2023-000100 | Scanning evasion issue in Cisco Secure Email Gateway | 2023-10-16T16:11+09:00 | 2023-10-27T15:52+09:00 |
| jvndb-2023-003788 | Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER | 2023-10-11T15:23+09:00 | 2024-05-16T17:09+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-1098 | Vulnérabilité dans Broadcom Carbon Black Cloud | 2025-12-11T00:00:00.000000 | 2025-12-11T00:00:00.000000 |
| certfr-2025-avi-1097 | Vulnérabilité dans les produits Mitel | 2025-12-11T00:00:00.000000 | 2026-01-06T00:00:00.000000 |
| certfr-2025-avi-1096 | Multiples vulnérabilités dans Google Chrome | 2025-12-11T00:00:00.000000 | 2025-12-15T00:00:00.000000 |
| certfr-2025-avi-1095 | Multiples vulnérabilités dans GitLab | 2025-12-11T00:00:00.000000 | 2025-12-11T00:00:00.000000 |
| certfr-2025-avi-1094 | Multiples vulnérabilités dans les produits Microsoft | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1093 | Vulnérabilité dans Microsoft Azure Monitor Agent | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1092 | Multiples vulnérabilités dans Microsoft Windows | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1091 | Multiples vulnérabilités dans Microsoft Office | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1090 | Vulnérabilité dans les produits Moxa | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1089 | Vulnérabilité dans les produits Bitdefender | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1088 | Multiples vulnérabilités dans Ivanti Endpoint Manager (EPM) | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1087 | Multiples vulnérabilités dans les produits Mozilla | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1086 | Multiples vulnérabilités dans les produits Intel | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1085 | Multiples vulnérabilités dans les produits Adobe | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1084 | Multiples vulnérabilités dans les produits Fortinet | 2025-12-10T00:00:00.000000 | 2025-12-10T00:00:00.000000 |
| certfr-2025-avi-1083 | Multiples vulnérabilités dans les produits Siemens | 2025-12-09T00:00:00.000000 | 2025-12-09T00:00:00.000000 |
| certfr-2025-avi-1082 | Multiples vulnérabilités dans les produits Microsoft | 2025-12-09T00:00:00.000000 | 2025-12-09T00:00:00.000000 |
| certfr-2025-avi-1081 | Vulnérabilité dans Citrix XenServer | 2025-12-09T00:00:00.000000 | 2025-12-09T00:00:00.000000 |
| certfr-2025-avi-1080 | Multiples vulnérabilités dans VMware Tanzu RabbitMQ | 2025-12-09T00:00:00.000000 | 2025-12-09T00:00:00.000000 |
| certfr-2025-avi-1079 | Multiples vulnérabilités dans les produits SAP | 2025-12-09T00:00:00.000000 | 2025-12-09T00:00:00.000000 |
| certfr-2025-avi-1078 | Multiples vulnérabilités dans les produits Microsoft | 2025-12-08T00:00:00.000000 | 2025-12-08T00:00:00.000000 |
| certfr-2025-avi-1077 | Multiples vulnérabilités dans Traefik | 2025-12-08T00:00:00.000000 | 2025-12-08T00:00:00.000000 |
| certfr-2025-avi-1076 | Multiples vulnérabilités dans MISP | 2025-12-08T00:00:00.000000 | 2025-12-24T00:00:00.000000 |
| certfr-2025-avi-1075 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1074 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1073 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1072 | Multiples vulnérabilités dans les produits IBM | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1071 | Multiples vulnérabilités dans Apache HTTP Server | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1070 | Multiples vulnérabilités dans Microsoft CBL Mariner | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1069 | Multiples vulnérabilités dans Microsoft Edge | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |