Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40045 | 5.9 (v4.0) 5.7 (v3.1) | OpenClaw < 2026.4.2 - Cleartext Credential Transmissio… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:07.952Z | 2026-04-21T13:37:43.951Z |
| cve-2026-34082 | Dify has IDOR in deleting someone else's chat conversation |
langgenius |
dify |
2026-04-20T23:03:18.158Z | 2026-04-21T13:36:45.614Z | |
| cve-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & … |
wpdatatables |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
2026-04-20T22:25:26.695Z | 2026-04-21T19:49:47.411Z | |
| cve-2026-6729 | 5.3 (v4.0) 6.3 (v3.1) | HKUDS OpenHarness Session Key Collision Privilege Escalation |
HKUDS |
OpenHarness |
2026-04-20T22:01:38.766Z | 2026-04-21T17:39:32.967Z |
| cve-2026-0930 | 2.3 (v4.0) | Potential wolfSSHd Buffer out-of-bounds Read on Window… |
wolfSSL |
wolfSSH |
2026-04-20T21:28:33.227Z | 2026-04-21T13:37:15.647Z |
| cve-2026-22051 | 2.3 (v4.0) | StorageGRID (formerly StorageGRID Webscale) versi… |
NETAPP |
StorageGRID (formerly StorageGRID Webscale) |
2026-04-20T21:27:36.822Z | 2026-04-21T13:40:46.948Z |
| cve-2026-5450 | N/A | scanf %mc off-by-one heap buffer overflow |
The GNU C Library |
glibc |
2026-04-20T20:55:41.170Z | 2026-04-21T19:49:53.221Z |
| cve-2026-5928 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:31.743Z | 2026-04-21T19:49:59.071Z |
| cve-2026-5358 | N/A | {'providerMetadata': {'orgId': '3ff69d7a-14f2-4f67-a097-88dee7810d18', 'shortName': 'glibc', 'dateUpdated': '2026-04-22T13:04:20.656Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been\xa0discovered that no NIS+ client or server was ever released for any\xa0Linux-based OS distributions and as such this makes the API provisional\xa0and unused. Secondly it has been discovered that the NIS+ cold start\xa0cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API\xa0can only be called with a trusted server from the pre-populated cache.\xa0The use of a trusted server means no trust boundary is crossed and this\xa0is therefore considered a normal bug.', 'supportingMedia': [{'type': 'text/html', 'base64': False, 'value': '<div><span>REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been </span><span>discovered that no NIS+ client or server was ever released for any </span><span>Linux-based OS distributions and as such this makes the API provisional </span><span>and unused. Secondly it has been discovered that the NIS+ cold start </span><span>cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API </span><span>can only be called with a trusted server from the pre-populated cache. </span><span>The use of a trusted server means no trust boundary is crossed and this </span><span>is therefore considered a normal bug.</span></div><div><span><br></span></div><div><span><br></span></div>'}]}], 'x_generator': {'engine': 'Vulnogram 1.0.1'}} | N/A | N/A | 2026-04-20T20:37:23.178Z | 2026-04-22T13:04:20.656Z |
| cve-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SS… |
InternLM |
lmdeploy |
2026-04-20T20:29:19.558Z | 2026-04-21T19:50:13.326Z | |
| cve-2026-4852 | Image Source Control Lite – Show Image Credits and Cap… |
webzunft |
Image Source Control Lite – Show Image Credits and Captions |
2026-04-20T20:26:53.256Z | 2026-04-21T13:53:14.507Z | |
| cve-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Lea… |
roxy-wi |
roxy-wi |
2026-04-20T20:26:52.217Z | 2026-04-21T17:38:09.523Z | |
| cve-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Rea… |
roxy-wi |
roxy-wi |
2026-04-20T20:24:15.319Z | 2026-04-21T13:42:19.802Z | |
| cve-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking … |
0xJacky |
nginx-ui |
2026-04-20T20:16:47.597Z | 2026-04-21T13:36:46.510Z | |
| cve-2026-33031 | Nginx-UI: Disabled users retain full API access throug… |
0xJacky |
nginx-ui |
2026-04-20T20:12:07.905Z | 2026-04-21T13:35:20.144Z | |
| cve-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due… |
spinnaker |
spinnaker |
2026-04-20T20:07:24.697Z | 2026-04-22T03:56:18.686Z | |
| cve-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifac… |
spinnaker |
spinnaker |
2026-04-20T20:00:57.517Z | 2026-04-22T03:56:17.486Z | |
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-21T13:43:17.635Z |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-21T13:44:08.776Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-21T19:50:26.897Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-21T17:35:30.317Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-21T13:31:13.580Z |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-000023 | Multiple vulnerabilities in PostgreSQL extension module pg_ivm | 2023-03-06T15:22+09:00 | 2024-06-10T16:41+09:00 |
| jvndb-2023-001291 | Multiple vulnerabilities in Trend Micro Maximum Security | 2023-03-03T11:10+09:00 | 2024-06-13T17:06+09:00 |
| jvndb-2023-001292 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2023-03-02T17:33+09:00 | 2024-06-07T16:59+09:00 |
| jvndb-2023-001269 | File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center | 2023-03-01T16:59+09:00 | 2024-06-11T16:42+09:00 |
| jvndb-2023-000021 | Multiple vulnerabilities in SS1 and Rakuraku PC Cloud | 2023-03-01T15:57+09:00 | 2024-06-06T18:02+09:00 |
| jvndb-2023-000019 | Multiple cross-site scripting vulnerabilities in EC-CUBE | 2023-02-28T16:38+09:00 | 2024-06-10T17:28+09:00 |
| jvndb-2023-000020 | web2py development tool vulnerable to open redirect | 2023-02-28T15:00+09:00 | 2024-06-07T16:31+09:00 |
| jvndb-2023-000018 | Multiple cross-site scripting vulnerabilities in SHIRASAGI | 2023-02-22T15:16+09:00 | 2024-06-10T17:18+09:00 |
| jvndb-2023-000017 | Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools | 2023-02-14T17:00+09:00 | 2024-06-12T11:15+09:00 |
| jvndb-2023-000016 | The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries | 2023-02-14T17:00+09:00 | 2023-02-14T17:00+09:00 |
| jvndb-2023-000015 | Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G | 2023-02-13T14:48+09:00 | 2024-06-12T17:03+09:00 |
| jvndb-2023-001215 | Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers | 2023-02-13T14:18+09:00 | 2024-06-14T15:45+09:00 |
| jvndb-2023-000014 | NEC PC Settings Tool vulnerable to missing authentication for critical function | 2023-02-10T14:43+09:00 | 2024-06-10T18:13+09:00 |
| jvndb-2023-001212 | Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2 | 2023-02-08T12:46+09:00 | 2024-06-10T17:25+09:00 |
| jvndb-2023-000013 | Ichiran App vulnerable to improper server certificate verification | 2023-02-06T14:31+09:00 | 2024-06-12T14:25+09:00 |
| jvndb-2023-000012 | Vulnerability in Driver Distributor where passwords are stored in a recoverable format | 2023-01-31T14:14+09:00 | 2024-06-12T11:07+09:00 |
| jvndb-2023-000011 | SUSHIRO App for Android outputs sensitive information to the log file | 2023-01-31T14:10+09:00 | 2024-06-11T17:35+09:00 |
| jvndb-2023-001110 | Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro | 2023-01-25T14:28+09:00 | 2023-01-25T14:28+09:00 |
| jvndb-2023-000010 | pgAdmin 4 vulnerable to directory traversal | 2023-01-24T16:00+09:00 | 2024-06-05T16:22+09:00 |
| jvndb-2023-000009 | EasyMail vulnerable to cross-site scripting | 2023-01-24T16:00+09:00 | 2023-01-24T16:00+09:00 |
| jvndb-2023-001108 | Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections | 2023-01-24T13:38+09:00 | 2023-01-24T13:38+09:00 |
| jvndb-2023-000008 | Pgpool-II vulnerable to information disclosure | 2023-01-23T16:35+09:00 | 2024-06-20T17:54+09:00 |
| jvndb-2023-001008 | File and Directory Permissions Vulnerability in Hitachi Tuning Manager | 2023-01-18T13:51+09:00 | 2023-01-18T13:51+09:00 |
| jvndb-2023-000007 | WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal | 2023-01-17T14:17+09:00 | 2023-01-17T14:17+09:00 |
| jvndb-2023-001005 | Active debug code vulnerability in OMRON CP1L-EL20DR-D | 2023-01-12T15:53+09:00 | 2023-01-12T15:53+09:00 |
| jvndb-2023-001003 | Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH | 2023-01-12T15:06+09:00 | 2023-01-12T15:06+09:00 |
| jvndb-2023-000006 | Multiple vulnerabilities in PIXELA PIX-RT100 | 2023-01-12T14:50+09:00 | 2023-01-12T14:50+09:00 |
| jvndb-2023-001002 | OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal | 2023-01-11T17:07+09:00 | 2023-01-11T17:07+09:00 |
| jvndb-2023-000005 | Multiple vulnerabilities in MAHO-PBX NetDevancer series | 2023-01-11T16:11+09:00 | 2023-01-11T16:11+09:00 |
| jvndb-2023-000003 | TP-Link SG105PE vulnerable to authentication bypass | 2023-01-11T15:04+09:00 | 2023-01-11T15:04+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0962 | Vulnérabilité dans Dovecot | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0961 | Multiples vulnérabilités dans les produits Apple | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0960 | Multiples vulnérabilités dans VMware Tanzu | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0959 | Vulnérabilité dans Python | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0958 | Multiples vulnérabilités dans Tenable Identity Exposure | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0957 | Multiples vulnérabilités dans Moodle | 2025-11-03T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0956 | Multiples vulnérabilités dans MariaDB | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0955 | Multiples vulnérabilités dans Microsoft Edge | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0954 | Multiples vulnérabilités dans Liferay | 2025-11-03T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-0953 | Vulnérabilité dans Elastic Cloud Enterprise | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0952 | Vulnérabilité dans Mattermost Server | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0951 | Multiples vulnérabilités dans Axis OS | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0950 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0949 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0948 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0947 | Multiples vulnérabilités dans les produits IBM | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0946 | Vulnérabilité dans Sonicwall Secure Mobile Access | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0945 | Vulnérabilité dans Qnap NetBak PC Agent | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0944 | Vulnérabilité dans Liferay | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0943 | Multiples vulnérabilités dans les produits Centreon | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0942 | Vulnérabilité dans Dovecot | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |
| certfr-2025-avi-0941 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0940 | Vulnérabilité dans Liferay | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0939 | Multiples vulnérabilités dans les produits Splunk | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0938 | Multiples vulnérabilités dans les produits VMware | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0937 | Multiples vulnérabilités dans Google Chrome | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0936 | Multiples vulnérabilités dans Mattermost Server | 2025-10-29T00:00:00.000000 | 2025-12-01T00:00:00.000000 |
| certfr-2025-avi-0935 | Multiples vulnérabilités dans les produits VMware | 2025-10-29T00:00:00.000000 | 2025-10-29T00:00:00.000000 |
| certfr-2025-avi-0934 | Vulnérabilité dans les produits Mozilla | 2025-10-29T00:00:00.000000 | 2025-10-29T00:00:00.000000 |
| certfr-2025-avi-0933 | Multiples vulnérabilités dans Apache Tomcat | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |