Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-41064 | AVideo has an incomplete fix for CVE-2026-33502 (Comma… |
WWBN |
AVideo |
2026-04-21T23:04:32.047Z | 2026-04-21T23:04:32.047Z | |
| cve-2024-0456 | 4.3 (v3.1) | Direct Request ('Forced Browsing') in GitLab |
GitLab |
GitLab |
2024-01-26T01:02:43.953Z | 2026-04-21T23:00:40.986Z |
| cve-2023-6955 | 6.6 (v3.1) | Missing Authorization in GitLab |
GitLab |
GitLab |
2024-01-12T13:56:31.881Z | 2026-04-21T23:00:40.813Z |
| cve-2026-41062 | WWBN/AVideo has an incomplete fix for a directory trav… |
WWBN |
AVideo |
2026-04-21T22:57:26.304Z | 2026-04-21T22:57:26.304Z | |
| cve-2026-39369 | WWBN AVideo's GIF poster fetch bypasses traversal scru… |
WWBN |
AVideo |
2026-04-07T19:24:33.421Z | 2026-04-21T22:55:50.454Z | |
| cve-2026-41058 | AVideo has an incomplete fix for CVE-2026-33293 (Path … |
WWBN |
AVideo |
2026-04-21T22:43:17.095Z | 2026-04-21T22:43:17.095Z | |
| cve-2026-5845 | 7.2 (v4.0) | Improper authorization fallback allows scoped user-to-… |
GitHub |
Enterprise Server |
2026-04-21T22:42:13.198Z | 2026-04-21T22:42:13.198Z |
| cve-2026-41057 | AVideo has CORS Origin Reflection Bypass via plugin/AP… |
WWBN |
AVideo |
2026-04-21T22:37:15.582Z | 2026-04-21T22:37:15.582Z | |
| cve-2026-3307 | 5.3 (v4.0) | Authorization bypass in GitHub Enterprise Server secre… |
GitHub |
Enterprise Server |
2026-04-21T22:23:25.045Z | 2026-04-21T22:23:25.045Z |
| cve-2026-40935 | WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled… |
WWBN |
AVideo |
2026-04-21T22:21:17.009Z | 2026-04-21T22:21:17.009Z | |
| cve-2026-4872 | N/A | {'providerMetadata': {'orgId': 'ceab7361-8a18-47b1-92ba-4d7d25f6715a', 'shortName': 'GitLab', 'dateUpdated': '2026-04-21T22:19:46.598Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.'}]} | N/A | N/A | 2026-04-21T22:19:46.598Z | |
| cve-2026-40929 | WWBN AVideo's missing CSRF protection in objects/comme… |
WWBN |
AVideo |
2026-04-21T22:16:54.781Z | 2026-04-21T22:16:54.781Z | |
| cve-2026-5512 | 5.3 (v4.0) | Improper authorization vulnerability in GitHub Enterpr… |
GitHub |
Enterprise Server |
2026-04-21T22:12:58.344Z | 2026-04-21T22:14:01.033Z |
| cve-2026-6832 | 7.2 (v4.0) 8.1 (v3.1) | Nesquena Hermes WebUI Arbitrary File Deletion via Unva… |
nesquena |
hermes-webui |
2026-04-21T21:44:55.301Z | 2026-04-21T21:44:55.301Z |
| cve-2026-1354 | 6.4 (v3.1) 5.9 (v4.0) | Zero Motorcycles Firmware Key Exchange without Entity … |
Zero Motorcycles |
Zero Motorcycles firmware |
2026-04-21T21:43:53.276Z | 2026-04-21T21:43:53.276Z |
| cve-2026-40946 | Oxia: OIDC token audience validation bypass via SkipCl… |
oxia-db |
oxia |
2026-04-21T21:18:12.103Z | 2026-04-21T21:18:12.103Z | |
| cve-2026-40945 | Oxia: Bearer token exposed in debug log messages on au… |
oxia-db |
oxia |
2026-04-21T21:16:28.138Z | 2026-04-21T21:16:28.138Z | |
| cve-2026-40942 | DSF: Inverted Time Comparison in OIDC JWKS and Token Cache |
datasharingframework |
dsf |
2026-04-21T21:09:44.537Z | 2026-04-21T21:09:44.537Z | |
| cve-2026-40939 | DSF: Missing Session Timeout for OIDC Sessions |
datasharingframework |
dsf |
2026-04-21T21:07:10.503Z | 2026-04-21T21:07:10.503Z | |
| cve-2026-40927 | Docmost: XSS in Comments with JavaScript URI |
docmost |
docmost |
2026-04-21T20:52:29.313Z | 2026-04-21T20:52:29.313Z | |
| cve-2026-40938 | Tekton Pipelines: Git Resolver Unsanitized Revision Pa… |
tektoncd |
pipeline |
2026-04-21T20:45:24.658Z | 2026-04-21T20:45:24.658Z | |
| cve-2026-33812 | N/A | Excessive memory allocation when decoding malicious SF… |
golang.org/x/image |
golang.org/x/image/font/sfnt |
2026-04-21T19:21:28.556Z | 2026-04-21T20:43:11.915Z |
| cve-2026-6796 | Sanluan PublicCMS Failed Login LoginAdminController.ja… |
Sanluan |
PublicCMS |
2026-04-21T20:30:18.556Z | 2026-04-21T20:40:36.437Z | |
| cve-2026-40568 | FreeScout Vulnerable to XSS via Mailbox Signature Due … |
freescout-help-desk |
freescout |
2026-04-21T16:08:37.296Z | 2026-04-21T20:37:44.431Z | |
| cve-2019-25714 | 9.3 (v4.0) | Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitra… |
Seeyon Internet Software |
A8-V5 Collaborative Management Software |
2026-04-21T16:11:54.961Z | 2026-04-21T20:37:38.941Z |
| cve-2026-27937 | October: Reflected XSS via DataTable Form Widget |
octobercms |
october |
2026-04-21T16:17:06.973Z | 2026-04-21T20:37:33.620Z | |
| cve-2026-40574 | OAuth2 Proxy has an Authorization Bypass in Email Doma… |
oauth2-proxy |
oauth2-proxy |
2026-04-21T16:32:34.537Z | 2026-04-21T20:37:28.072Z | |
| cve-2026-40589 | FreeScout has Customer Edit Cross-Mailbox Email Takeover |
freescout-help-desk |
freescout |
2026-04-21T16:50:22.119Z | 2026-04-21T20:37:22.372Z | |
| cve-2026-40583 | UltraDAG: SmartOp Vote Path Triggers Fatal Supply Inva… |
UltraDAGcom |
core |
2026-04-21T16:57:42.100Z | 2026-04-21T20:37:16.729Z | |
| cve-2026-41183 | FreeScout allows non-folder conversation queries to di… |
freescout-help-desk |
freescout |
2026-04-21T17:00:39.033Z | 2026-04-21T20:37:11.192Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-000049 | WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal | 2024-05-17T13:33+09:00 | 2024-05-17T13:33+09:00 |
| jvndb-2024-003187 | Multiple vulnerabilities in Field Logic DataCube | 2024-05-17T12:05+09:00 | 2024-05-17T12:05+09:00 |
| jvndb-2023-003913 | Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2 | 2023-10-18T14:13+09:00 | 2024-05-16T17:28+09:00 |
| jvndb-2023-003788 | Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER | 2023-10-11T15:23+09:00 | 2024-05-16T17:09+09:00 |
| jvndb-2023-000093 | Pyramid vulnerable to directory traversal | 2023-09-11T13:53+09:00 | 2024-05-16T16:52+09:00 |
| jvndb-2023-000102 | Multiple vulnerabilities in JustSystems products | 2023-10-19T15:16+09:00 | 2024-05-16T16:44+09:00 |
| jvndb-2023-000087 | SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS) | 2023-08-24T14:12+09:00 | 2024-05-15T17:12+09:00 |
| jvndb-2023-000104 | Improper restriction of XML external entity references (XXE) in Proself | 2023-10-18T18:00+09:00 | 2024-05-15T17:08+09:00 |
| jvndb-2014-000006 | EC-CUBE vulnerable to authorization bypass | 2014-01-22T15:28+09:00 | 2024-05-15T14:59+09:00 |
| jvndb-2023-000091 | Multiple vulnerabilities in F-RevoCRM | 2023-09-05T15:51+09:00 | 2024-05-14T18:06+09:00 |
| jvndb-2023-000089 | Multiple vulnerabilities in i-PRO VI Web Client | 2023-08-31T14:13+09:00 | 2024-05-14T18:05+09:00 |
| jvndb-2023-000088 | Multiple vulnerabilities in SHIRASAGI | 2023-09-04T13:41+09:00 | 2024-05-14T17:58+09:00 |
| jvndb-2014-000123 | GIGAPOD vulnerable to denial-of-service (DoS) | 2014-10-16T13:51+09:00 | 2024-05-13T18:10+09:00 |
| jvndb-2024-002342 | Central Dogma vulnerable to cross-site scripting | 2024-05-13T17:27+09:00 | 2024-05-13T17:27+09:00 |
| jvndb-2024-000047 | Multiple vulnerabilities in Cybozu Garoon | 2024-05-13T15:19+09:00 | 2024-05-13T15:19+09:00 |
| jvndb-2023-003956 | Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer | 2023-10-24T16:11+09:00 | 2024-05-10T17:47+09:00 |
| jvndb-2023-000105 | Movable Type vulnerable to cross-site scripting | 2023-10-25T15:18+09:00 | 2024-05-10T17:47+09:00 |
| jvndb-2024-000045 | "OfferBox" App uses a hard-coded secret key | 2024-05-10T15:11+09:00 | 2024-05-10T15:11+09:00 |
| jvndb-2024-003181 | Hidden Functionality vulnerability in DT900 | 2024-05-10T13:59+09:00 | 2024-05-10T13:59+09:00 |
| jvndb-2024-000048 | Phormer vulnerable to cross-site scripting | 2024-05-10T13:48+09:00 | 2024-05-10T13:48+09:00 |
| jvndb-2023-003721 | Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution | 2023-09-20T13:58+09:00 | 2024-05-09T18:22+09:00 |
| jvndb-2015-000040 | LINE vulnerable to script injection | 2015-03-20T16:16+09:00 | 2024-05-09T18:15+09:00 |
| jvndb-2015-000095 | LINE@ vulnerable to script injection | 2015-07-10T14:50+09:00 | 2024-05-09T18:05+09:00 |
| jvndb-2023-000116 | Redmine vulnerable to cross-site scripting | 2023-11-17T14:32+09:00 | 2024-05-09T17:55+09:00 |
| jvndb-2023-000107 | EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution | 2023-11-07T13:47+09:00 | 2024-05-09T17:17+09:00 |
| jvndb-2024-000043 | Multiple vulnerabilities in MosP kintai kanri | 2024-05-09T14:10+09:00 | 2024-05-09T14:10+09:00 |
| jvndb-2023-000111 | Remarshal unlimitedly expanding YAML alias nodes | 2023-11-10T14:41+09:00 | 2024-05-08T17:53+09:00 |
| jvndb-2024-000044 | WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting | 2024-05-08T13:43+09:00 | 2024-05-08T13:43+09:00 |
| jvndb-2024-003178 | Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849) | 2024-05-08T10:19+09:00 | 2024-05-08T10:19+09:00 |
| jvndb-2023-002725 | Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers | 2023-07-28T18:24+09:00 | 2024-05-07T18:15+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-1015 | Multiples vulnérabilités dans les produits NetApp | 2025-11-17T00:00:00.000000 | 2025-11-17T00:00:00.000000 |
| certfr-2025-avi-1014 | Vulnérabilité dans Fortinet FortiWeb | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1013 | Multiples vulnérabilités dans les produits IBM | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1012 | Vulnérabilité dans Microsoft Edge | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1011 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1010 | Multiples vulnérabilités dans le noyau Linux de Debian | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1009 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1008 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1007 | Multiples vulnérabilités dans PostgreSQL | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1006 | Vulnérabilité dans Cisco Catalyst Center | 2025-11-14T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-0954 | Multiples vulnérabilités dans Liferay | 2025-11-03T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-0888 | Multiples vulnérabilités dans les produits Mattermost | 2025-10-16T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-1005 | Multiples vulnérabilités dans les produits Siemens | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-1004 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-1003 | Multiples vulnérabilités dans Drupal | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-1002 | Multiples vulnérabilités dans GitLab | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-1001 | Multiples vulnérabilités dans Elastic Kibana | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-1000 | Multiples vulnérabilités dans les produits Splunk | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-0999 | Vulnérabilité dans les produits Symfony | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-0998 | Multiples vulnérabilités dans les produits Microsoft | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0997 | Multiples vulnérabilités dans Microsoft Azure | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0996 | Multiples vulnérabilités dans Microsoft Windows | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0995 | Multiples vulnérabilités dans Microsoft Office | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0994 | Multiples vulnérabilités dans Microsoft Edge | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0993 | Multiples vulnérabilités dans les produits Intel | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0992 | Multiples vulnérabilités dans Apache OpenOffice | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0991 | Multiples vulnérabilités dans les produits Mozilla | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0990 | Vulnérabilité dans Google Chrome | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0989 | Vulnérabilité dans Nagios XI | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0988 | Vulnérabilité dans Ivanti Endpoint Manager (EPM) | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |