Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-10795 | UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - … |
davidanderson |
UpdraftPlus: WP Backup & Migration Plugin |
2026-06-11T05:34:20.360Z | 2026-06-11T05:34:20.360Z | |
| cve-2026-41856 | 7.5 (v3.1) | Spring GraphQL Annotation Detection Vulnerability |
Spring |
Spring for GraphQL |
2026-06-11T05:05:00.491Z | 2026-06-11T05:05:00.491Z |
| cve-2026-41700 | 8.1 (v3.1) | Cross-Site WebSocket Hijacking in Spring for GraphQL |
Spring |
Spring for GraphQL |
2026-06-11T05:04:47.722Z | 2026-06-11T05:04:47.722Z |
| cve-2026-41699 | 8.1 (v3.1) | Unsafe Deserialization in Spring GraphQL |
Spring |
Spring for GraphQL |
2026-06-11T05:04:43.290Z | 2026-06-11T05:04:43.290Z |
| cve-2026-41001 | 5.3 (v3.1) | Predictable Temp Directory in Artemis Auto-configuration |
Spring |
Spring Boot |
2026-06-11T05:04:28.663Z | 2026-06-11T05:04:28.663Z |
| cve-2026-41000 | 3.7 (v3.1) | WSS4J validation does not use configured replay cache |
Spring |
Spring Web Services |
2026-06-11T05:04:24.413Z | 2026-06-11T05:04:24.413Z |
| cve-2026-40999 | 8.6 (v3.1) | Spring WS SSRF via unvalidated WS-Addressing reply des… |
Spring |
Spring Web Services |
2026-06-11T05:04:17.009Z | 2026-06-11T05:04:17.009Z |
| cve-2026-40998 | 8.2 (v3.1) | Jaxp13 XPath XXE via StreamSource and SAXSource |
Spring |
Spring Web Services |
2026-06-11T05:04:12.565Z | 2026-06-11T05:04:12.565Z |
| cve-2026-40997 | 5.3 (v3.1) | SOAP security faults leak Spring Security account state |
Spring |
Spring Web Services |
2026-06-11T05:04:08.960Z | 2026-06-11T05:04:08.960Z |
| cve-2026-40996 | 4.8 (v3.1) | Inbound WS-Security allows RSA PKCS#1 v1.5 key transpo… |
Spring |
Spring Web Services |
2026-06-11T05:04:05.227Z | 2026-06-11T05:04:05.227Z |
| cve-2026-40995 | 5.4 (v3.1) | X.509 authentication bypasses Spring Security account checks |
Spring |
Spring Web Services |
2026-06-11T05:04:01.695Z | 2026-06-11T05:04:01.695Z |
| cve-2026-40994 | 8.2 (v3.1) | Wss4jSecurityInterceptor disables WS-I BSP validation … |
Spring |
Spring Web Services |
2026-06-11T05:03:57.827Z | 2026-06-11T05:03:57.827Z |
| cve-2026-40992 | 5 (v3.1) | Mail Auto-Configuration Does Not Enable SSL Hostname V… |
Spring |
Spring Boot |
2026-06-11T05:03:53.539Z | 2026-06-11T05:03:53.539Z |
| cve-2026-40987 | 7.1 (v3.1) | Remote-file synchronizer in Spring Integration writes … |
Spring |
Spring Integration |
2026-06-11T05:03:32.606Z | 2026-06-11T05:03:32.606Z |
| cve-2026-40986 | 4.8 (v3.1) | Spring Web Flow JS RemotingHandler renders non-HTML Re… |
Spring |
Spring Web Flow |
2026-06-11T05:03:26.458Z | 2026-06-11T05:03:26.458Z |
| cve-2026-40985 | 6.4 (v3.1) | Data Binding Vulnerability in Spring Web Flow with Uni… |
Spring |
Spring Web Flow |
2026-06-11T05:02:53.887Z | 2026-06-11T05:02:53.887Z |
| cve-2026-35273 | Vulnerability in the PeopleSoft Enterprise People… |
Oracle Corporation |
PeopleSoft Enterprise PeopleTools |
2026-06-11T02:25:15.375Z | 2026-06-11T03:08:03.789Z | |
| cve-2026-2827 | Open User Map PRO <= 1.4.31 - Unauthenticated Stored C… |
100plugins |
Open User Map PRO |
2026-06-11T01:27:56.479Z | 2026-06-11T01:27:56.479Z | |
| cve-2026-47342 | Apache OFBiz: Privilege Escalation via updateOrRemove … |
Apache Software Foundation |
Apache OFBiz |
2026-06-10T22:29:06.793Z | 2026-06-10T22:41:59.149Z | |
| cve-2026-46645 | SQLAdmin: Authorization Bypass on `ajax_lookup` |
smithyhq |
sqladmin |
2026-06-10T22:23:57.397Z | 2026-06-10T22:23:57.397Z | |
| cve-2026-50223 | Apache OFBiz: DataResource Low-Privileged Authenticate… |
Apache Software Foundation |
Apache OFBiz |
2026-06-10T22:23:49.650Z | 2026-06-10T22:42:04.290Z | |
| cve-2026-46695 | BoxLite: Permission Bypass in boxlite Allows Modificat… |
boxlite-ai |
boxlite |
2026-06-10T22:20:44.589Z | 2026-06-10T22:20:44.589Z | |
| cve-2026-46703 | BoxLite: Path Traversal Vulnerability in boxlite Leads… |
boxlite-ai |
boxlite |
2026-06-10T22:20:24.569Z | 2026-06-10T22:20:24.569Z | |
| cve-2026-47213 | BoxLite: Timeout Bypass Vulnerability |
boxlite-ai |
boxlite |
2026-06-10T22:20:04.243Z | 2026-06-10T22:20:04.243Z | |
| cve-2026-42568 | Yamcs Vulnerable to LDAP Injection in LdapAuthModule |
yamcs |
yamcs |
2026-06-10T22:15:52.087Z | 2026-06-10T22:15:52.087Z | |
| cve-2026-52726 | Dulwich's submodule path traversal in porcelain.submod… |
jelmer |
dulwich |
2026-06-10T22:13:33.320Z | 2026-06-10T22:13:33.320Z | |
| cve-2026-44693 | Pi-hole FTL: Unauthenticated Session Hijacking via Rac… |
pi-hole |
FTL |
2026-06-10T22:11:29.237Z | 2026-06-10T22:11:29.237Z | |
| cve-2026-47734 | Dulwich has unbounded memory allocation in receive-pac… |
jelmer |
dulwich |
2026-06-10T22:11:02.704Z | 2026-06-10T22:11:02.704Z | |
| cve-2026-53465 | ImageMagick: Heap Buffer Over-Write in SF3 encoder whe… |
ImageMagick |
ImageMagick |
2026-06-10T22:07:50.597Z | 2026-06-10T22:07:50.597Z | |
| cve-2026-53464 | ImageMagick: Memory Leak in wand option parser when pr… |
ImageMagick |
ImageMagick |
2026-06-10T22:07:06.566Z | 2026-06-10T22:07:06.566Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-019378 | Mitigation for iSCSI Port Vulnerability in Hitachi Disk Array Systems | 2026-06-12T11:46+09:00 | 2026-06-12T11:46+09:00 |
| jvndb-2026-018943 | Vulnerability in Cosminexus HTTP Server and Hitachi Web Server | 2026-06-10T11:16+09:00 | 2026-06-10T11:16+09:00 |
| jvndb-2026-000083 | CamView installer insecurely loads Dynamic Link Libraries | 2026-06-09T14:07+09:00 | 2026-06-09T14:07+09:00 |
| jvndb-2026-000082 | Multiple TP-Link products vulnerable to cleartext transmission of sensitive information | 2026-06-05T14:05+09:00 | 2026-06-05T14:05+09:00 |
| jvndb-2026-018098 | Security information for Hitachi Disk Array Systems | 2026-06-04T17:26+09:00 | 2026-06-04T17:26+09:00 |
| jvndb-2026-017436 | TP-Link Archer BE450 and BE7200 vulnerable to OS command injection | 2026-06-03T17:08+09:00 | 2026-06-03T17:08+09:00 |
| jvndb-2026-000081 | WordPress Plugin "Zoho Mail for WordPress" vulnerable to cross-site request forgery | 2026-06-03T14:10+09:00 | 2026-06-03T14:10+09:00 |
| jvndb-2026-017322 | Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS | 2026-06-01T17:37+09:00 | 2026-06-01T17:37+09:00 |
| jvndb-2026-000077 | Multiple vulnerabilities in ServerView Agents for Windows | 2026-06-01T17:34+09:00 | 2026-06-01T17:34+09:00 |
| jvndb-2026-000080 | Jupyter Server vulnerable to open redirect | 2026-05-28T13:42+09:00 | 2026-05-28T13:42+09:00 |
| jvndb-2026-016983 | Multiple Vulnerabilities in Cosminexus | 2026-05-27T15:09+09:00 | 2026-05-27T15:09+09:00 |
| jvndb-2026-016982 | Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center | 2026-05-27T15:09+09:00 | 2026-05-27T15:09+09:00 |
| jvndb-2026-016981 | Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint | 2026-05-27T15:09+09:00 | 2026-05-27T15:09+09:00 |
| jvndb-2026-000079 | NEC Aterm series vulnerable to OS command injection (NV26-003) | 2026-05-25T15:35+09:00 | 2026-05-25T18:14+09:00 |
| jvndb-2026-000078 | NEC Aterm series vulnerable to cross-site scripting (NV26-002) | 2026-05-25T15:35+09:00 | 2026-05-25T18:06+09:00 |
| jvndb-2026-016976 | Security information for Hitachi Disk Array Systems | 2026-05-25T11:39+09:00 | 2026-05-25T11:39+09:00 |
| jvndb-2026-016802 | Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026) | 2026-05-22T16:44+09:00 | 2026-05-25T15:38+09:00 |
| jvndb-2026-016626 | Android App "RoboForm Password Manager" insufficient validation of Android intents | 2026-05-21T17:22+09:00 | 2026-05-21T17:22+09:00 |
| jvndb-2026-000076 | Movable Type vulnerable to missing authorization | 2026-05-20T15:21+09:00 | 2026-05-20T15:21+09:00 |
| jvndb-2026-000054 | Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE" | 2026-05-15T13:57+09:00 | 2026-05-15T13:57+09:00 |
| jvndb-2026-000074 | WPS Office improper access restriction to its named pipe | 2026-05-14T16:16+09:00 | 2026-05-14T16:16+09:00 |
| jvndb-2026-000075 | Bytello Share (Windows Edition) installer executable insecurely loads Dynamic Link Libraries | 2026-05-13T15:41+09:00 | 2026-05-13T15:41+09:00 |
| jvndb-2026-000072 | GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow | 2026-05-13T15:41+09:00 | 2026-05-15T15:37+09:00 |
| jvndb-2026-000069 | Android App "Anshin Filter for au" vulnerable to cleartext transmission of sensitive information | 2026-05-13T15:41+09:00 | 2026-05-13T15:41+09:00 |
| jvndb-2026-000073 | Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026) | 2026-05-12T15:16+09:00 | 2026-05-20T11:52+09:00 |
| jvndb-2026-015132 | Canon Production Printers and Office Multifunction Printers vulnerable to information disclosure | 2026-05-12T14:04+09:00 | 2026-05-12T14:04+09:00 |
| jvndb-2026-000071 | GROWI vulnerable to path traversal | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| jvndb-2026-000070 | libXpm vulnerable to out-of-bounds read | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| jvndb-2026-000068 | Lhaz and Lhaz+ vulnerable to path traversal | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| jvndb-2026-000067 | "Kura Sushi Official App" vulnerable to improper certificate validation | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0749 | Vulnérabilité dans Oracle PeopleSoft | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0748 | Multiples vulnérabilités dans les produits IBM | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0747 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0746 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0745 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0744 | Multiples vulnérabilités dans les produits Spring | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0743 | Vulnérabilité dans les produits Moxa | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0742 | Multiples vulnérabilités dans les produits NetApp | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0741 | Vulnérabilité dans MongoDB | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0740 | Multiples vulnérabilités dans Google Chrome | 2026-06-12T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0739 | Multiples vulnérabilités dans les produits Spring | 2026-06-11T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-avi-0738 | Vulnérabilité dans Traefik | 2026-06-11T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-avi-0737 | Multiples vulnérabilités dans les produits Microsoft | 2026-06-11T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-avi-0736 | Multiples vulnérabilités dans les produits Splunk | 2026-06-11T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-avi-0735 | Multiples vulnérabilités dans MongoDB | 2026-06-11T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-avi-0734 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2026-06-11T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-avi-0733 | Multiples vulnérabilités dans GitLab | 2026-06-11T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-avi-0732 | Vulnérabilité dans LibreNMS | 2026-06-11T00:00:00.000000 | 2026-06-12T00:00:00.000000 |
| certfr-2026-avi-0731 | Multiples vulnérabilités dans les produits Microsoft | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0730 | Multiples vulnérabilités dans Microsoft Azure | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0729 | Multiples vulnérabilités dans Microsoft .Net | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0728 | Multiples vulnérabilités dans Microsoft Windows | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0727 | Multiples vulnérabilités dans Microsoft Office | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0726 | Multiples vulnérabilités dans Microsoft Edge | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0725 | Multiples vulnérabilités dans les produits Fortinet | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0724 | Multiples vulnérabilités dans les produits Ivanti | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0723 | Vulnérabilité dans Stormshield Network Security | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0722 | Multiples vulnérabilités dans Typo3 | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0721 | Multiples vulnérabilités dans Xen | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| certfr-2026-avi-0720 | Multiples vulnérabilités dans les produits Adobe | 2026-06-10T00:00:00.000000 | 2026-06-10T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-ale-005 | [Màj] Vulnérabilité dans Microsoft Exchange Server | 2026-05-15T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-ale-004 | Vulnérabilité dans F5 BIG-IP Access Policy Manager | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-ale-003 | Note d’alerte – Ciblage des messageries instantanées | 2026-03-20T00:00:00.000000 | 2026-04-20T00:00:00.000000 |
| certfr-2026-ale-002 | [MàJ] Vulnérabilité dans Cisco Catalyst SD-WAN | 2026-02-25T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-09T00:00:00.000000 |
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-12-09T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-03T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-01-14T00:00:00.000000 | 2025-05-07T00:00:00.000000 |
| certfr-2025-ale-001 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-01-09T00:00:00.000000 | 2025-05-07T00:00:00.000000 |
| certfr-2024-ale-015 | [MàJ] Multiples vulnérabilités sur l'interface d'administration des équipements Palo Alto Networks | 2024-11-15T00:00:00.000000 | 2025-01-27T00:00:00.000000 |
| certfr-2024-ale-014 | [MàJ] Multiples vulnérabilités dans Fortinet FortiManager | 2024-10-23T00:00:00.000000 | 2025-03-31T00:00:00.000000 |
| certfr-2024-ale-013 | Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) | 2024-10-22T00:00:00.000000 | 2025-03-31T00:00:00.000000 |
| certfr-2024-ale-012 | [MàJ] Vulnérabilités affectant OpenPrinting CUPS | 2024-09-27T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-011 | Vulnérabilité dans SonicWall | 2024-09-10T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-010 | Multiples vulnérabilités dans Roundcube | 2024-08-09T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-009 | Vulnérabilité dans OpenSSH | 2024-07-01T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-008 | [MàJ] Vulnérabilité dans les produits Check Point | 2024-05-30T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-007 | Multiples vulnérabilités dans les produits Cisco | 2024-04-25T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-006 | [MàJ] Vulnérabilité dans Palo Alto Networks GlobalProtect | 2024-04-12T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-005 | [MàJ] Vulnérabilité dans Microsoft Outlook | 2024-02-15T00:00:00.000000 | 2024-04-15T00:00:00.000000 |