Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-23757 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module |
GFI Software |
HelpDesk |
2026-04-20T17:27:56.067Z | 2026-04-20T18:07:01.630Z |
| cve-2026-6662 | ericc-ch copilot-api Token Endpoint server.ts cors cro… |
ericc-ch |
copilot-api |
2026-04-20T17:00:17.800Z | 2026-04-20T18:09:27.691Z | |
| cve-2026-35154 | 6.3 (v3.1) | Dell PowerProtect Data Domain appliances, version… |
Dell |
PowerProtect Data Domain appliances |
2026-04-20T16:50:56.856Z | 2026-04-22T03:56:08.697Z |
| cve-2026-26951 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:44:49.612Z | 2026-04-22T03:56:07.580Z |
| cve-2026-22761 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:39:40.268Z | 2026-04-22T03:56:06.445Z |
| cve-2026-26942 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:34:43.219Z | 2026-04-22T03:56:05.261Z |
| cve-2026-26943 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:28:53.110Z | 2026-04-22T03:56:04.147Z |
| cve-2026-28684 | python-dotenv: Symlink following in set_key allows arb… |
theskumar |
python-dotenv |
2026-04-20T16:25:12.302Z | 2026-04-20T17:43:09.477Z | |
| cve-2026-40488 | OpenMage LTS has Customer File Upload Extension Blockl… |
OpenMage |
magento-lts |
2026-04-20T16:23:07.429Z | 2026-04-20T16:55:05.724Z | |
| cve-2026-24506 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:22:37.689Z | 2026-04-22T03:56:02.944Z |
| cve-2026-40098 | OpenMage LTS imports cross-user wishlist item via shar… |
OpenMage |
magento-lts |
2026-04-20T16:19:55.157Z | 2026-04-20T18:10:44.490Z | |
| cve-2026-41445 | 8.7 (v4.0) 8.8 (v3.1) | KissFFT Integer Overflow Heap Buffer Overflow via kiss… |
mborgerding |
kissfft |
2026-04-20T16:18:50.371Z | 2026-04-20T17:57:10.156Z |
| cve-2026-24505 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:15:46.863Z | 2026-04-22T03:56:00.561Z |
| cve-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataf… |
OpenMage |
magento-lts |
2026-04-20T16:14:14.366Z | 2026-04-21T13:27:55.707Z | |
| cve-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Co… |
OpenMage |
magento-lts |
2026-04-20T16:11:16.922Z | 2026-04-20T16:54:43.603Z | |
| cve-2026-24504 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:08:35.314Z | 2026-04-22T03:55:59.007Z |
| cve-2026-25883 | Vexa Webhook Feature has a SSRF Vulnerability |
Vexa-ai |
vexa |
2026-04-20T16:04:36.584Z | 2026-04-20T16:36:21.221Z | |
| cve-2026-25058 | Vexa's unauthenticated internal transcript endpoint ex… |
Vexa-ai |
vexa |
2026-04-20T16:03:06.639Z | 2026-04-20T16:12:27.988Z | |
| cve-2026-23774 | 7.2 (v3.1) | Dell PowerProtect Data Domain with Data Domain Op… |
Dell |
PowerProtect Data Domain |
2026-04-20T15:58:46.965Z | 2026-04-22T03:55:57.514Z |
| cve-2026-26944 | 8.8 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T15:51:30.118Z | 2026-04-22T03:55:56.073Z |
| cve-2026-24468 | OpenAEV Vulnerable to Username/Email Enumeration Throu… |
OpenAEV-Platform |
openaev |
2026-04-20T15:45:48.572Z | 2026-04-20T16:24:44.061Z | |
| cve-2026-24467 | OpenAEV's Improper Password Reset Token Management Lea… |
OpenAEV-Platform |
openaev |
2026-04-20T15:40:56.203Z | 2026-04-20T16:21:50.299Z | |
| cve-2026-6066 | 7.1 (v3.1) | Unencrypted Client‑Server Communication in ConnectWise… |
ConnectWise |
Automate |
2026-04-20T15:26:31.843Z | 2026-04-20T16:13:06.767Z |
| cve-2026-41245 | Junrar: Path Traversal (Zip-Slip) via Sibling Director… |
junrar |
junrar |
2026-04-20T15:15:24.540Z | 2026-04-20T16:35:09.317Z | |
| cve-2026-40896 | OpenProject has Cross-Project Meeting Agenda Item Inje… |
opf |
openproject |
2026-04-20T15:12:52.279Z | 2026-04-20T16:13:10.714Z | |
| cve-2026-6652 | Pagekit CMS StringStorage Template PhpEngine.php evalu… |
Pagekit |
CMS |
2026-04-20T15:00:22.525Z | 2026-04-20T16:14:56.950Z | |
| cve-2026-3219 | 4.6 (v4.0) | pip doesn't reject concatenated ZIP and tar archives |
Python Packaging Authority |
pip |
2026-04-20T14:55:38.282Z | 2026-04-20T20:15:23.710Z |
| cve-2026-39918 | 9.2 (v4.0) 9.8 (v3.1) | Vvveb < 1.0.8.1 Code Injection via Installation Endpoint |
givanz |
Vvveb |
2026-04-20T14:46:33.549Z | 2026-04-20T15:36:55.619Z |
| cve-2026-6651 | erponline.xyz ERP Online Inventory Edit Item cross sit… |
erponline.xyz |
ERP Online |
2026-04-20T14:45:11.560Z | 2026-04-20T15:21:57.084Z | |
| cve-2026-6650 | Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload |
n/a |
Z-BlogPHP |
2026-04-20T14:30:13.825Z | 2026-04-20T16:23:25.105Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-000004 | pgAdmin 4 vulnerable to open redirect | 2023-01-11T14:23+09:00 | 2023-01-11T14:23+09:00 |
| jvndb-2023-000002 | Digital Arts m-FILTER vulnerable to improper authentication | 2023-01-06T14:57+09:00 | 2023-01-06T14:57+09:00 |
| jvndb-2023-000001 | Multiple code injection vulnerabilities in ruby-git | 2023-01-05T15:51+09:00 | 2023-01-05T15:51+09:00 |
| jvndb-2022-002838 | Multiple vulnerabilities in Fuji Electric V-Server | 2023-01-04T14:21+09:00 | 2023-01-04T14:21+09:00 |
| jvndb-2022-002837 | Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS | 2023-01-04T14:16+09:00 | 2023-01-04T14:16+09:00 |
| jvndb-2022-002836 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2022-12-26T16:21+09:00 | 2024-05-30T17:47+09:00 |
| jvndb-2022-000102 | Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries | 2022-12-21T14:23+09:00 | 2022-12-21T14:23+09:00 |
| jvndb-2022-000101 | +Message App improper handling of Unicode control characters | 2022-12-21T14:13+09:00 | 2022-12-21T14:13+09:00 |
| jvndb-2022-002783 | Use-after-free vulnerability in Omron CX-Drive | 2022-12-20T15:32+09:00 | 2022-12-20T15:32+09:00 |
| jvndb-2022-002780 | Command injection vulnerability in SHARP Multifunctional Products (MFP) | 2022-12-20T12:12+09:00 | 2022-12-20T12:12+09:00 |
| jvndb-2022-000099 | Corel Roxio Creator LJB starts a program with an unquoted file path | 2022-12-19T13:47+09:00 | 2022-12-19T13:47+09:00 |
| jvndb-2022-000098 | Zenphoto vulnerable to cross-site scripting | 2022-12-19T13:39+09:00 | 2022-12-19T13:39+09:00 |
| jvndb-2022-002779 | Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS) | 2022-12-16T13:29+09:00 | 2023-01-11T16:55+09:00 |
| jvndb-2022-000097 | Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM | 2022-12-15T15:18+09:00 | 2024-05-29T17:40+09:00 |
| jvndb-2022-000096 | Redmine vulnerable to cross-site scripting | 2022-12-13T14:05+09:00 | 2024-06-03T16:47+09:00 |
| jvndb-2022-002775 | Multiple vulnerabilities in Buffalo network devices | 2022-12-12T15:28+09:00 | 2024-02-14T15:45+09:00 |
| jvndb-2022-002771 | Information Exposure Vulnerability in JP1/Automatic Operation | 2022-12-07T17:30+09:00 | 2022-12-07T17:30+09:00 |
| jvndb-2022-002770 | Contec SolarView Compact vulnerable to cross-site scripting | 2022-12-06T15:08+09:00 | 2024-06-04T17:13+09:00 |
| jvndb-2022-002768 | Multiple vulnerabilities in UNIMO Technology digital video recorders | 2022-12-02T14:57+09:00 | 2024-06-03T16:55+09:00 |
| jvndb-2022-002765 | Multiple vulnerabilities in OMRON CX-Programmer | 2022-11-28T15:40+09:00 | 2024-04-05T18:15+09:00 |
| jvndb-2022-000095 | Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption | 2022-11-25T14:15+09:00 | 2024-06-03T16:08+09:00 |
| jvndb-2022-000094 | Multiple cross-site scripting vulnerabilities in baserCMS | 2022-11-25T13:42+09:00 | 2024-05-31T18:17+09:00 |
| jvndb-2022-000093 | TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input | 2022-11-24T14:46+09:00 | 2024-06-03T16:41+09:00 |
| jvndb-2022-002761 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2022-11-21T18:25+09:00 | 2024-05-31T17:43+09:00 |
| jvndb-2022-000092 | Typora fails to properly neutralize JavaScript code. | 2022-11-21T15:31+09:00 | 2024-06-03T15:13+09:00 |
| jvndb-2022-000091 | WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables | 2022-11-18T15:14+09:00 | 2022-11-18T15:14+09:00 |
| jvndb-2022-000089 | RICOH Aficio SP 4210N vulnerable to cross-site scripting | 2022-11-17T11:15+09:00 | 2022-11-17T11:15+09:00 |
| jvndb-2022-000090 | Multiple vulnerabilities in Movable Type | 2022-11-16T17:07+09:00 | 2024-06-03T15:31+09:00 |
| jvndb-2022-000088 | TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation | 2022-11-14T16:45+09:00 | 2024-06-06T16:11+09:00 |
| jvndb-2022-000086 | Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure | 2022-11-10T13:40+09:00 | 2024-06-06T17:37+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0932 | Multiples vulnérabilités dans Liferay | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0931 | Vulnérabilité dans StrongSwan | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0930 | Vulnérabilité dans Microsoft Windows Server Update Service | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0929 | Vulnérabilité dans le client VPN de TheGreenBow | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0928 | Vulnérabilité dans Microsoft Configuration Manager | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0927 | Vulnérabilité dans Xen | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0926 | Vulnérabilité dans le pilote ODBC de MongoDB | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0925 | Vulnérabilité dans les produits Belden | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0924 | Multiples vulnérabilités dans les produits IBM | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0923 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0922 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0921 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0920 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0919 | Multiples vulnérabilités dans Microsoft Azure | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0918 | Multiples vulnérabilités dans Liferay | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0917 | Multiples vulnérabilités dans les produits Moxa | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0916 | Vulnérabilité dans le pilote MongoDB Pilote Atlas SQL ODBC | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0915 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0914 | Multiples vulnérabilités dans les produits Centreon | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0913 | Multiples vulnérabilités dans ISC BIND | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0912 | Vulnérabilité dans SolarWinds Observability | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0911 | Multiples vulnérabilités dans Oracle Weblogic | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0910 | Multiples vulnérabilités dans Oracle Virtualization | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0909 | Multiples vulnérabilités dans Oracle Systems | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0908 | Multiples vulnérabilités dans Oracle PeopleSoft | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0907 | Multiples vulnérabilités dans Oracle MySQL | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0906 | Multiples vulnérabilités dans Oracle Java SE | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0905 | Multiples vulnérabilités dans Oracle Database Server | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0904 | Multiples vulnérabilités dans GitLab | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0903 | Multiples vulnérabilités dans les produits Atlassian | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |