Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40938 | Tekton Pipelines: Git Resolver Unsanitized Revision Pa… |
tektoncd |
pipeline |
2026-04-21T20:45:24.658Z | 2026-04-21T20:45:24.658Z | |
| cve-2026-33812 | N/A | Excessive memory allocation when decoding malicious SF… |
golang.org/x/image |
golang.org/x/image/font/sfnt |
2026-04-21T19:21:28.556Z | 2026-04-21T20:43:11.915Z |
| cve-2026-6796 | Sanluan PublicCMS Failed Login LoginAdminController.ja… |
Sanluan |
PublicCMS |
2026-04-21T20:30:18.556Z | 2026-04-21T20:40:36.437Z | |
| cve-2026-40568 | FreeScout Vulnerable to XSS via Mailbox Signature Due … |
freescout-help-desk |
freescout |
2026-04-21T16:08:37.296Z | 2026-04-21T20:37:44.431Z | |
| cve-2019-25714 | 9.3 (v4.0) | Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitra… |
Seeyon Internet Software |
A8-V5 Collaborative Management Software |
2026-04-21T16:11:54.961Z | 2026-04-21T20:37:38.941Z |
| cve-2026-27937 | October: Reflected XSS via DataTable Form Widget |
octobercms |
october |
2026-04-21T16:17:06.973Z | 2026-04-21T20:37:33.620Z | |
| cve-2026-40574 | OAuth2 Proxy has an Authorization Bypass in Email Doma… |
oauth2-proxy |
oauth2-proxy |
2026-04-21T16:32:34.537Z | 2026-04-21T20:37:28.072Z | |
| cve-2026-40589 | FreeScout has Customer Edit Cross-Mailbox Email Takeover |
freescout-help-desk |
freescout |
2026-04-21T16:50:22.119Z | 2026-04-21T20:37:22.372Z | |
| cve-2026-40583 | UltraDAG: SmartOp Vote Path Triggers Fatal Supply Inva… |
UltraDAGcom |
core |
2026-04-21T16:57:42.100Z | 2026-04-21T20:37:16.729Z | |
| cve-2026-41183 | FreeScout allows non-folder conversation queries to di… |
freescout-help-desk |
freescout |
2026-04-21T17:00:39.033Z | 2026-04-21T20:37:11.192Z | |
| cve-2026-40587 | blueprintUE: Active Sessions Are Not Invalidated After… |
blueprintue |
blueprintue-self-hosted-edition |
2026-04-21T17:11:23.740Z | 2026-04-21T20:37:05.304Z | |
| cve-2026-41193 | FreeScout has Zip Slip path traversal in module instal… |
freescout-help-desk |
freescout |
2026-04-21T17:15:26.236Z | 2026-04-21T20:36:59.036Z | |
| cve-2026-40604 | ClearanceKit: opfilter system extension can be suspend… |
craigjbass |
clearancekit |
2026-04-21T17:41:53.580Z | 2026-04-21T20:36:53.181Z | |
| cve-2026-40613 | Coturn: Misaligned Memory Access in coturn STUN Attrib… |
coturn |
coturn |
2026-04-21T18:00:53.342Z | 2026-04-21T20:36:46.136Z | |
| cve-2026-40867 | Horilla: Unauthorized Helpdesk Attachment Access via A… |
horilla-opensource |
horilla |
2026-04-21T18:16:29.345Z | 2026-04-21T20:36:38.138Z | |
| cve-2026-40871 | mailcow: dockerized vulnerable to Second Order SQL Inj… |
mailcow |
mailcow-dockerized |
2026-04-21T19:12:52.781Z | 2026-04-21T20:36:30.751Z | |
| cve-2026-40875 | mailcow: dockerized vulnerable to stored XSS in user l… |
mailcow |
mailcow-dockerized |
2026-04-21T19:19:55.768Z | 2026-04-21T20:36:24.334Z | |
| cve-2026-40881 | Zebra: addr/addrv2 Deserialization Resource Exhaustion |
ZcashFoundation |
zebrad |
2026-04-21T19:20:53.416Z | 2026-04-21T20:36:18.824Z | |
| cve-2026-40883 | goshs: CSRF in state-changing GET routes enables authe… |
patrickhener |
goshs |
2026-04-21T19:35:37.652Z | 2026-04-21T20:36:13.233Z | |
| cve-2026-40890 | github.com/gomarkdown/markdown: Out-of-bounds Read in … |
gomarkdown |
markdown |
2026-04-21T19:51:53.237Z | 2026-04-21T20:36:07.854Z | |
| cve-2026-40909 | WWBN AVideo has a Path Traversal in Locale Save Endpoi… |
WWBN |
AVideo |
2026-04-21T19:54:07.257Z | 2026-04-21T20:36:00.797Z | |
| cve-2026-40925 | WWBN AVideo has CSRF in configurationUpdate.json.php E… |
WWBN |
AVideo |
2026-04-21T19:58:29.854Z | 2026-04-21T20:35:55.243Z | |
| cve-2026-40905 | LinkAce: Password Reset Poisoning via X-Forwarded-Host… |
Kovah |
LinkAce |
2026-04-21T20:02:35.006Z | 2026-04-21T20:35:49.598Z | |
| cve-2026-40910 | frp: Authentication bypass in frp HTTP vhost routing w… |
fatedier |
frp |
2026-04-21T20:09:00.893Z | 2026-04-21T20:28:48.579Z | |
| cve-2026-41331 | 6.9 (v4.0) 5.3 (v3.1) | OpenClaw < 2026.3.31 - Resource Consumption via Unauth… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:17.653Z | 2026-04-21T20:27:46.881Z |
| cve-2026-40730 | N/A | WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 -… |
ThemeGrill |
ThemeGrill Demo Importer |
2026-04-15T10:21:33.831Z | 2026-04-21T20:27:31.615Z |
| cve-2026-40892 | PJSIP: Stack buffer overflow in pjsip_auth_create_digest2() |
pjsip |
pjproject |
2026-04-21T19:55:26.876Z | 2026-04-21T20:27:29.133Z | |
| cve-2026-34627 | 7.8 (v3.1) | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
Adobe |
InDesign Desktop |
2026-04-14T17:05:07.592Z | 2026-04-21T20:27:06.909Z |
| cve-2026-39486 | N/A | WordPress Download Monitor plugin <= 5.1.8 - SQL Injec… |
WP Chill |
Download Monitor |
2026-04-08T08:30:11.488Z | 2026-04-21T20:26:30.663Z |
| cve-2026-3298 | 8.8 (v4.0) | Out-of-bounds write in Windows asyncio.ProacterEventLo… |
Python Software Foundation |
CPython |
2026-04-21T14:45:01.919Z | 2026-04-21T20:19:01.610Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-000108 | Inkdrop vulnerable to code injection | 2023-10-30T13:48+09:00 | 2024-05-07T16:09+09:00 |
| jvndb-2023-000106 | Multiple vulnerabilities in baserCMS | 2023-10-27T14:46+09:00 | 2024-05-07T15:59+09:00 |
| jvndb-2023-000109 | Cybozu Remote Service vulnerable to uncontrolled resource consumption | 2023-10-31T13:43+09:00 | 2024-05-07T15:51+09:00 |
| jvndb-2023-004919 | FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength | 2023-11-02T17:21+09:00 | 2024-05-07T15:25+09:00 |
| jvndb-2023-000114 | Multiple vulnerabilities in Cisco Firepower Management Center Software | 2023-11-13T14:01+09:00 | 2024-05-07T15:07+09:00 |
| jvndb-2023-000060 | Multiple vulnerabilities in Pleasanter | 2023-06-22T15:49+09:00 | 2024-05-07T14:10+09:00 |
| jvndb-2023-000110 | Improper restriction of XML external entity references (XXE) in e-Tax software | 2023-11-02T13:38+09:00 | 2024-05-01T18:41+09:00 |
| jvndb-2023-007152 | Multiple vulnerabilities in EXPRESSCLUSTER X | 2023-11-20T14:09+09:00 | 2024-05-01T18:10+09:00 |
| jvndb-2023-000113 | HOTELDRUID vulnerable to cross-site scripting | 2023-11-10T14:41+09:00 | 2024-05-01T17:47+09:00 |
| jvndb-2023-000115 | OSS Calendar vulnerable to SQL injection | 2023-11-14T14:05+09:00 | 2024-05-01T17:38+09:00 |
| jvndb-2023-000118 | Multiple vulnerabilities in CubeCart | 2023-11-17T14:22+09:00 | 2024-04-30T18:15+09:00 |
| jvndb-2023-000068 | "NewsPicks" App uses a hard-coded API key for an external service | 2023-06-30T15:06+09:00 | 2024-04-30T18:09+09:00 |
| jvndb-2023-006578 | ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control | 2023-11-15T17:44+09:00 | 2024-04-30T18:08+09:00 |
| jvndb-2023-000064 | SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS) | 2023-06-20T14:48+09:00 | 2024-04-26T18:03+09:00 |
| jvndb-2023-000067 | WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal | 2023-06-27T17:05+09:00 | 2024-04-26T17:56+09:00 |
| jvndb-2023-000033 | Trend Micro Security may insecurely load Dynamic Link Libraries | 2023-04-14T15:44+09:00 | 2024-04-26T17:48+09:00 |
| jvndb-2023-006588 | Multiple vulnerabilities in ELECOM and LOGITEC routers | 2023-11-15T18:27+09:00 | 2024-04-26T15:22+09:00 |
| jvndb-2023-002511 | File and Directory Permissions Vulnerability in Hitachi Command Suite | 2023-07-19T14:48+09:00 | 2024-04-26T12:29+09:00 |
| jvndb-2023-002512 | EL Injection Vulnerability in Hitachi Replication Manager | 2023-07-19T14:48+09:00 | 2024-04-26T12:24+09:00 |
| jvndb-2024-003119 | NETGEAR routers vulnerable to buffer overflow | 2024-04-25T11:21+09:00 | 2024-04-25T11:21+09:00 |
| jvndb-2024-000042 | Multiple vulnerabilities in RoamWiFi R10 | 2024-04-24T13:44+09:00 | 2024-04-24T13:44+09:00 |
| jvndb-2024-003008 | Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL | 2024-03-22T13:50+09:00 | 2024-04-24T11:45+09:00 |
| jvndb-2023-003028 | Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL | 2023-08-30T10:05+09:00 | 2024-04-24T11:43+09:00 |
| jvndb-2024-003116 | Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer | 2024-04-24T10:13+09:00 | 2024-04-24T10:13+09:00 |
| jvndb-2024-000901 | TvRock vulnerable to cross-site request forgery | 2024-04-23T18:22+09:00 | 2024-04-23T18:22+09:00 |
| jvndb-2024-000903 | TvRock vulnerable to denial-of-service (DoS) | 2024-04-23T18:21+09:00 | 2024-04-23T18:21+09:00 |
| jvndb-2023-000119 | Ruckus Access Point contains a cross-site scripting vulnerability. | 2023-12-01T14:58+09:00 | 2024-04-23T17:51+09:00 |
| jvndb-2023-000112 | Multiple vulnerabilities in Pleasanter | 2023-11-13T15:57+09:00 | 2024-04-22T17:56+09:00 |
| jvndb-2024-003108 | Armeria-saml improperly handles SAML messages | 2024-04-22T17:28+09:00 | 2024-04-22T17:28+09:00 |
| jvndb-2023-000122 | Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series | 2023-12-11T14:12+09:00 | 2024-04-22T16:55+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-1001 | Multiples vulnérabilités dans Elastic Kibana | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-1000 | Multiples vulnérabilités dans les produits Splunk | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-0999 | Vulnérabilité dans les produits Symfony | 2025-11-13T00:00:00.000000 | 2025-11-13T00:00:00.000000 |
| certfr-2025-avi-0998 | Multiples vulnérabilités dans les produits Microsoft | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0997 | Multiples vulnérabilités dans Microsoft Azure | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0996 | Multiples vulnérabilités dans Microsoft Windows | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0995 | Multiples vulnérabilités dans Microsoft Office | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0994 | Multiples vulnérabilités dans Microsoft Edge | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0993 | Multiples vulnérabilités dans les produits Intel | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0992 | Multiples vulnérabilités dans Apache OpenOffice | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0991 | Multiples vulnérabilités dans les produits Mozilla | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0990 | Vulnérabilité dans Google Chrome | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0989 | Vulnérabilité dans Nagios XI | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0988 | Vulnérabilité dans Ivanti Endpoint Manager (EPM) | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0987 | Vulnérabilité dans les produits Citrix | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0986 | Vulnérabilité dans Schneider Electric EcoStruxure | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0985 | Multiples vulnérabilités dans les produits Axis | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0984 | Vulnérabilité dans Bitdefender Endpoint Security Tools pour Mac | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0983 | Vulnérabilité dans Synology BeeStation | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0982 | Multiples vulnérabilités dans les produits SAP | 2025-11-12T00:00:00.000000 | 2025-11-12T00:00:00.000000 |
| certfr-2025-avi-0981 | Multiples vulnérabilités dans les produits Qnap | 2025-11-10T00:00:00.000000 | 2025-11-10T00:00:00.000000 |
| certfr-2025-avi-0980 | Multiples vulnérabilités dans les produits IBM | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0979 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0978 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0977 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0976 | Multiples vulnérabilités dans Microsoft Edge | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0975 | Vulnérabilité dans Elastic Defend | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0974 | Multiples vulnérabilités dans Apple iOS et iPadOS | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0973 | Multiples vulnérabilités dans Google Chrome | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0972 | Multiples vulnérabilités dans Suricata | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |