Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40496 | FreeScout has Predictable Attachment Token that Allows… |
freescout-help-desk |
freescout |
2026-04-21T01:38:50.117Z | 2026-04-21T13:50:39.454Z | |
| cve-2026-39973 | Apktool: Path Traversal to Arbitrary File Write |
iBotPeaches |
Apktool |
2026-04-21T01:35:22.396Z | 2026-04-21T13:33:14.677Z | |
| cve-2026-40250 | OpenEXR has integer overflow in DWA decoder outBufferE… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:33:00.212Z | 2026-04-21T19:49:07.457Z | |
| cve-2026-40244 | OpenEXR has integer overflow in DWA setupChannelData p… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:30:55.061Z | 2026-04-21T19:31:39.166Z | |
| cve-2026-39886 | OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl() |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:27:01.371Z | 2026-04-21T13:49:21.573Z | |
| cve-2026-39866 | Lawnchair vulnerable to Command Injection via unquoted… |
LawnchairLauncher |
lawnchair |
2026-04-21T01:19:47.510Z | 2026-04-21T19:49:12.997Z | |
| cve-2026-39861 | Claude Code: Sandbox Escape via Symlink Following Allo… |
anthropics |
claude-code |
2026-04-21T00:56:39.062Z | 2026-04-21T13:44:49.618Z | |
| cve-2026-39386 | Neko has Self-service Privilege Escalation for Authent… |
m1k1o |
neko |
2026-04-21T00:50:34.656Z | 2026-04-22T03:56:19.795Z | |
| cve-2026-40264 | OpenBao's Token Store Allows Cross-Namespace Renewal, … |
openbao |
openbao |
2026-04-21T00:47:38.156Z | 2026-04-21T19:30:51.975Z | |
| cve-2026-39396 | OpenBao has Decompression Bomb via Unbounded Copy in O… |
openbao |
openbao |
2026-04-21T00:44:53.943Z | 2026-04-21T19:49:18.821Z | |
| cve-2026-39388 | OpenBao's Certificate Authentication Allows Token Rene… |
openbao |
openbao |
2026-04-21T00:43:22.920Z | 2026-04-21T19:36:07.865Z | |
| cve-2026-39946 | OpenBao allows SQL Injection in PostgreSQL database se… |
openbao |
openbao |
2026-04-21T00:19:39.578Z | 2026-04-21T13:34:21.088Z | |
| cve-2026-39378 | nbconvert has an Arbitrary File Read via Path Traversa… |
jupyter |
nbconvert |
2026-04-21T00:17:00.684Z | 2026-04-21T13:43:29.081Z | |
| cve-2026-39377 | nbconvert has an Arbitrary File Write via Path Travers… |
jupyter |
nbconvert |
2026-04-21T00:14:59.937Z | 2026-04-21T19:49:24.475Z | |
| cve-2026-39320 | Signal K Server has an Unauthenticated Regular Express… |
SignalK |
signalk-server |
2026-04-21T00:07:10.371Z | 2026-04-21T19:36:54.787Z | |
| cve-2026-41527 | KDE Kleopatra before 26.08.0 on Windows allows lo… |
KDE |
Kleopatra |
2026-04-21T00:00:00.000Z | 2026-04-21T21:19:44.293Z | |
| cve-2026-40706 | 8.4 (v3.1) | In NTFS-3G 2022.10.3 before 2026.2.25, a heap buf… |
Tuxera |
NTFS-3G |
2026-04-21T00:00:00.000Z | 2026-04-21T21:20:00.477Z |
| cve-2026-38835 | N/A | Tenda W30E V2.0 V16.01.0.21 was found to contain … |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T16:59:46.480Z |
| cve-2026-38834 | N/A | Tenda W30E V2.0 V16.01.0.21 was found to contain … |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T19:23:17.157Z |
| cve-2026-37748 | N/A | Visitor Management System 1.0 by sanjay1313 is vu… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:25:24.762Z |
| cve-2026-31019 | N/A | In the Website module of Dolibarr ERP & CRM 22.0.… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:23:33.693Z |
| cve-2026-31018 | N/A | In Dolibarr ERP & CRM <= 22.0.4, PHP code detecti… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T15:31:23.441Z |
| cve-2026-31014 | N/A | Dovestones Softwares AD Self Update <4.0.0.5 is v… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:21:08.828Z |
| cve-2026-31013 | N/A | Dovestones Softwares ADPhonebook <4.0.1.1 has a r… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:19:12.306Z |
| cve-2026-30452 | N/A | Textpattern CMS 4.9.0 contains a Broken Access Co… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T16:32:19.608Z |
| cve-2026-29644 | N/A | XiangShan (open-source high-performance RISC-V pr… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T17:59:06.506Z |
| cve-2025-70420 | N/A | A SQL injection vulnerability exists in Genesys L… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T20:48:54.120Z |
| cve-2026-35570 | OpenClaude has Sandbox Bypass via Early-Exit Logic Fla… |
Gitlawb |
openclaude |
2026-04-20T23:24:08.324Z | 2026-04-21T19:49:30.148Z | |
| cve-2026-35588 | Glances has CQL Injection in its Cassandra Export Modu… |
nicolargo |
glances |
2026-04-20T23:20:34.998Z | 2026-04-21T13:35:04.526Z | |
| cve-2026-35587 | Glances IP Plugin has SSRF via public_api that leads t… |
nicolargo |
glances |
2026-04-20T23:19:02.908Z | 2026-04-22T14:01:47.583Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-000098 | e-Gov Client Application fails to restrict custom URL schemes properly | 2023-10-06T14:57+09:00 | 2024-05-17T17:55+09:00 |
| jvndb-2023-003771 | File and Directory Permissions Vulnerability in JP1/Performance Management | 2023-10-04T15:23+09:00 | 2023-10-04T15:23+09:00 |
| jvndb-2023-003770 | DoS Vulnerability in Hitachi Ops Center Common Services | 2023-10-04T15:23+09:00 | 2024-05-22T15:31+09:00 |
| jvndb-2023-003769 | Information Exposure Vulnerability in Hitachi Ops Center Administrator | 2023-10-04T15:23+09:00 | 2024-05-22T15:20+09:00 |
| jvndb-2023-000097 | Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility | 2023-10-04T14:07+09:00 | 2024-05-21T17:08+09:00 |
| jvndb-2023-003767 | Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode | 2023-10-03T14:26+09:00 | 2024-05-22T18:01+09:00 |
| jvndb-2023-000096 | Improper restriction of XML external entity references (XXE) in FD Application | 2023-10-02T12:36+09:00 | 2024-05-22T15:37+09:00 |
| jvndb-2023-003764 | Multiple vulnerabilities in Panasonic KW Watcher | 2023-09-27T14:44+09:00 | 2023-09-27T14:44+09:00 |
| jvndb-2023-000095 | Shihonkanri Plus vulnerable to relative path traversal | 2023-09-27T13:49+09:00 | 2024-05-21T17:16+09:00 |
| jvndb-2023-003757 | Trend Micro Mobile Security vulnerable to cross-site scripting | 2023-09-26T11:30+09:00 | 2024-03-13T18:07+09:00 |
| jvndb-2023-000094 | Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce" | 2023-09-22T13:51+09:00 | 2024-07-11T16:49+09:00 |
| jvndb-2023-003721 | Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution | 2023-09-20T13:58+09:00 | 2024-05-09T18:22+09:00 |
| jvndb-2023-003592 | Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software | 2023-09-13T15:02+09:00 | 2023-09-13T15:02+09:00 |
| jvndb-2023-000093 | Pyramid vulnerable to directory traversal | 2023-09-11T13:53+09:00 | 2024-05-16T16:52+09:00 |
| jvndb-2023-003335 | Vulnerability in JP1/VERITAS | 2023-09-06T15:35+09:00 | 2023-09-06T15:35+09:00 |
| jvndb-2023-000092 | "direct" Desktop App for macOS fails to restrict access permissions | 2023-09-06T14:33+09:00 | 2023-09-06T14:33+09:00 |
| jvndb-2023-000091 | Multiple vulnerabilities in F-RevoCRM | 2023-09-05T15:51+09:00 | 2024-05-14T18:06+09:00 |
| jvndb-2023-000090 | Multiple vulnerabilities in CGIs of PMailServer and PMailServer2 | 2023-09-05T14:55+09:00 | 2023-09-05T14:55+09:00 |
| jvndb-2023-000088 | Multiple vulnerabilities in SHIRASAGI | 2023-09-04T13:41+09:00 | 2024-05-14T17:58+09:00 |
| jvndb-2023-000089 | Multiple vulnerabilities in i-PRO VI Web Client | 2023-08-31T14:13+09:00 | 2024-05-14T18:05+09:00 |
| jvndb-2023-003028 | Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL | 2023-08-30T10:05+09:00 | 2024-04-24T11:43+09:00 |
| jvndb-2023-003023 | Vulnerability in HiRDB | 2023-08-29T15:55+09:00 | 2023-09-06T15:45+09:00 |
| jvndb-2023-000087 | SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS) | 2023-08-24T14:12+09:00 | 2024-05-15T17:12+09:00 |
| jvndb-2023-000085 | "Skylark" App fails to restrict custom URL schemes properly | 2023-08-24T13:34+09:00 | 2024-12-03T15:51+09:00 |
| jvndb-2023-000086 | Rakuten WiFi Pocket vulnerable to improper authentication | 2023-08-23T12:42+09:00 | 2024-03-27T13:43+09:00 |
| jvndb-2023-002906 | Multiple vulnerabilities in Panasonic Control FPWIN Pro7 | 2023-08-22T18:02+09:00 | 2024-04-18T17:31+09:00 |
| jvndb-2023-002905 | Multiple vulnerabilities in CBC digital video recorders | 2023-08-22T17:35+09:00 | 2024-04-10T17:39+09:00 |
| jvndb-2023-000084 | WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting | 2023-08-21T14:05+09:00 | 2024-03-25T17:55+09:00 |
| jvndb-2023-000083 | Multiple vulnerabilities in LuxCal Web Calendar | 2023-08-21T13:29+09:00 | 2024-03-26T17:09+09:00 |
| jvndb-2023-000078 | Multiple vulnerabilities in Proself | 2023-08-18T13:47+09:00 | 2024-03-28T17:43+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-1068 | Vulnérabilité dans Python | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1067 | Vulnérabilité dans Apache Struts | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1066 | Multiples vulnérabilités dans les produits Nextcloud | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1065 | Multiples vulnérabilités dans NetApp ONTAP | 2025-12-05T00:00:00.000000 | 2025-12-05T00:00:00.000000 |
| certfr-2025-avi-1064 | Multiples vulnérabilités dans les produits Microsoft | 2025-12-04T00:00:00.000000 | 2025-12-04T00:00:00.000000 |
| certfr-2025-avi-1063 | Multiples vulnérabilités dans les produits Splunk | 2025-12-04T00:00:00.000000 | 2025-12-04T00:00:00.000000 |
| certfr-2025-avi-1062 | Multiples vulnérabilités dans Wireshark | 2025-12-04T00:00:00.000000 | 2025-12-04T00:00:00.000000 |
| certfr-2025-avi-1061 | Vulnérabilité dans PostgreSQL PgBouncer | 2025-12-04T00:00:00.000000 | 2025-12-04T00:00:00.000000 |
| certfr-2025-avi-1060 | Multiples vulnérabilités dans Python | 2025-12-03T00:00:00.000000 | 2025-12-03T00:00:00.000000 |
| certfr-2025-avi-1059 | Multiples vulnérabilités dans Google Pixel | 2025-12-03T00:00:00.000000 | 2025-12-03T00:00:00.000000 |
| certfr-2025-avi-1058 | Multiples vulnérabilités dans Google Chrome | 2025-12-03T00:00:00.000000 | 2025-12-03T00:00:00.000000 |
| certfr-2025-avi-1057 | Multiples vulnérabilités dans les produits VMware | 2025-12-02T00:00:00.000000 | 2025-12-02T00:00:00.000000 |
| certfr-2025-avi-1056 | Multiples vulnérabilités dans Google Android | 2025-12-02T00:00:00.000000 | 2025-12-02T00:00:00.000000 |
| certfr-2025-avi-1055 | Multiples vulnérabilités dans Zabbix | 2025-12-01T00:00:00.000000 | 2025-12-01T00:00:00.000000 |
| certfr-2025-avi-1054 | Multiples vulnérabilités dans les produits VMware | 2025-12-01T00:00:00.000000 | 2025-12-01T00:00:00.000000 |
| certfr-2025-avi-1053 | Vulnérabilité dans Stormshield Network VPN Client | 2025-12-01T00:00:00.000000 | 2025-12-01T00:00:00.000000 |
| certfr-2025-avi-1052 | Vulnérabilité dans Mattermost Server | 2025-12-01T00:00:00.000000 | 2025-12-01T00:00:00.000000 |
| certfr-2025-avi-1051 | Multiples vulnérabilités dans les produits IBM | 2025-11-28T00:00:00.000000 | 2025-11-28T00:00:00.000000 |
| certfr-2025-avi-1050 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-11-28T00:00:00.000000 | 2025-11-28T00:00:00.000000 |
| certfr-2025-avi-1049 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-11-28T00:00:00.000000 | 2025-11-28T00:00:00.000000 |
| certfr-2025-avi-1048 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2025-11-28T00:00:00.000000 | 2025-11-28T00:00:00.000000 |
| certfr-2025-avi-1047 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-11-28T00:00:00.000000 | 2025-11-28T00:00:00.000000 |
| certfr-2025-avi-1046 | Multiples vulnérabilités dans les produits Moxa | 2025-11-28T00:00:00.000000 | 2025-11-28T00:00:00.000000 |
| certfr-2025-avi-1045 | Vulnérabilité dans MISP | 2025-11-27T00:00:00.000000 | 2025-11-28T00:00:00.000000 |
| certfr-2025-avi-1044 | Vulnérabilité dans Mattermost Server | 2025-11-27T00:00:00.000000 | 2025-11-27T00:00:00.000000 |
| certfr-2025-avi-1043 | Multiples vulnérabilités dans les produits Splunk | 2025-11-27T00:00:00.000000 | 2025-11-27T00:00:00.000000 |
| certfr-2025-avi-1042 | Multiples vulnérabilités dans GitLab | 2025-11-27T00:00:00.000000 | 2025-11-27T00:00:00.000000 |
| certfr-2025-avi-1041 | Vulnérabilité dans Synology ActiveProtect Agent | 2025-11-26T00:00:00.000000 | 2025-11-26T00:00:00.000000 |
| certfr-2025-avi-1040 | Vulnérabilité dans Postfix | 2025-11-26T00:00:00.000000 | 2025-11-26T00:00:00.000000 |
| certfr-2025-avi-1039 | Vulnérabilité dans Kaspersky Security Center | 2025-11-25T00:00:00.000000 | 2025-11-25T00:00:00.000000 |