Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-5928 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:31.743Z | 2026-04-21T19:49:59.071Z |
| cve-2026-5450 | N/A | scanf %mc off-by-one heap buffer overflow |
The GNU C Library |
glibc |
2026-04-20T20:55:41.170Z | 2026-04-21T19:49:53.221Z |
| cve-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & … |
wpdatatables |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
2026-04-20T22:25:26.695Z | 2026-04-21T19:49:47.411Z | |
| cve-2026-41296 | 8.8 (v4.0) 8.2 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:10.194Z | 2026-04-21T19:49:41.570Z |
| cve-2026-41302 | 4.8 (v4.0) 7.6 (v3.1) | OpenClaw < 2026.3.31 - Server-Side Request Forgery via… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:14.782Z | 2026-04-21T19:49:35.930Z |
| cve-2026-35570 | OpenClaude has Sandbox Bypass via Early-Exit Logic Fla… |
Gitlawb |
openclaude |
2026-04-20T23:24:08.324Z | 2026-04-21T19:49:30.148Z | |
| cve-2026-39377 | nbconvert has an Arbitrary File Write via Path Travers… |
jupyter |
nbconvert |
2026-04-21T00:14:59.937Z | 2026-04-21T19:49:24.475Z | |
| cve-2026-39396 | OpenBao has Decompression Bomb via Unbounded Copy in O… |
openbao |
openbao |
2026-04-21T00:44:53.943Z | 2026-04-21T19:49:18.821Z | |
| cve-2026-39866 | Lawnchair vulnerable to Command Injection via unquoted… |
LawnchairLauncher |
lawnchair |
2026-04-21T01:19:47.510Z | 2026-04-21T19:49:12.997Z | |
| cve-2026-40250 | OpenEXR has integer overflow in DWA decoder outBufferE… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:33:00.212Z | 2026-04-21T19:49:07.457Z | |
| cve-2026-40565 | FreeScout has Stored XSS / CSS Injection via linkify()… |
freescout-help-desk |
freescout |
2026-04-21T15:52:39.118Z | 2026-04-21T19:48:40.654Z | |
| cve-2026-40888 | Frappe HR vulnerable to Improper Access Control |
frappe |
hrms |
2026-04-21T19:28:28.849Z | 2026-04-21T19:43:37.506Z | |
| cve-2026-40873 | mailcow: dockerized vulnerable to stored XSS in Quaran… |
mailcow |
mailcow-dockerized |
2026-04-21T19:15:39.046Z | 2026-04-21T19:39:19.981Z | |
| cve-2026-41329 | 9 (v4.0) 9.9 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Co… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:16.222Z | 2026-04-21T19:38:16.140Z |
| cve-2026-40879 | Nest: DoS via Recursive handleData in JsonSocket (TCP … |
nestjs |
nest |
2026-04-21T19:14:17.894Z | 2026-04-21T19:38:04.805Z | |
| cve-2026-34839 | Glances Vulnerable to Cross-Origin Information Disclos… |
nicolargo |
glances |
2026-04-20T23:09:02.551Z | 2026-04-21T19:37:42.399Z | |
| cve-2026-39320 | Signal K Server has an Unauthenticated Regular Express… |
SignalK |
signalk-server |
2026-04-21T00:07:10.371Z | 2026-04-21T19:36:54.787Z | |
| cve-2026-39388 | OpenBao's Certificate Authentication Allows Token Rene… |
openbao |
openbao |
2026-04-21T00:43:22.920Z | 2026-04-21T19:36:07.865Z | |
| cve-2026-40869 | Decidim amendments can be accepted or rejected by anyone |
decidim |
decidim |
2026-04-21T19:08:28.239Z | 2026-04-21T19:35:55.139Z | |
| cve-2025-14362 | 7.3 (v3.1) | GoAnywhere MFT SFTP Service Login Vulnerable to Brute … |
Fortra |
GoAnywhere MFT |
2026-04-21T14:14:08.492Z | 2026-04-21T19:33:35.079Z |
| cve-2025-1241 | 5.8 (v3.1) | Encryption vulnerable to brute-force decryption in GoA… |
Fortra |
GoAnywhere MFT |
2026-04-21T14:10:09.505Z | 2026-04-21T19:33:03.005Z |
| cve-2025-31958 | 3.7 (v3.1) | HCL BigFix Service Management (SM) is susceptible to H… |
HCLSoftware |
BigFix Service Management (SM) |
2026-04-21T13:59:14.787Z | 2026-04-21T19:32:20.831Z |
| cve-2026-40244 | OpenEXR has integer overflow in DWA setupChannelData p… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:30:55.061Z | 2026-04-21T19:31:39.166Z | |
| cve-2026-40264 | OpenBao's Token Store Allows Cross-Namespace Renewal, … |
openbao |
openbao |
2026-04-21T00:47:38.156Z | 2026-04-21T19:30:51.975Z | |
| cve-2026-40866 | Horilla: Unauthorized Document Overwrite via File Uplo… |
horilla-opensource |
horilla |
2026-04-21T18:15:30.126Z | 2026-04-21T19:29:21.663Z | |
| cve-2025-31981 | 5.3 (v3.1) | HCL BigFix Service Management (SM) Discovery is vulner… |
HCLSoftware |
BigFix Service Management (SM) |
2026-04-21T14:26:39.400Z | 2026-04-21T19:28:19.397Z |
| cve-2026-5789 | 8.5 (v4.0) | Search path without quotes in CivetWeb |
CivetWeb |
CivetWeb |
2026-04-21T14:22:05.872Z | 2026-04-21T19:27:53.853Z |
| cve-2026-0971 | 4.3 (v3.1) | GoAnywhere MFT SAML Sessions do not redirect to logout… |
Fortra |
GoAnywhere MFT |
2026-04-21T14:14:23.423Z | 2026-04-21T19:26:58.470Z |
| cve-2025-10354 | 5.1 (v4.0) | Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki |
Semantic MediaWiki |
Semantic MediaWiki |
2026-04-21T14:42:38.305Z | 2026-04-21T19:25:40.964Z |
| cve-2026-38834 | N/A | Tenda W30E V2.0 V16.01.0.21 was found to contain … |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T19:23:17.157Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-000079 | Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API | 2023-08-07T15:15+09:00 | 2024-03-28T18:08+09:00 |
| jvndb-2023-000081 | "Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly | 2023-08-09T12:45+09:00 | 2024-03-28T18:01+09:00 |
| jvndb-2023-000080 | "FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly | 2023-08-07T17:39+09:00 | 2024-03-28T17:54+09:00 |
| jvndb-2023-000078 | Multiple vulnerabilities in Proself | 2023-08-18T13:47+09:00 | 2024-03-28T17:43+09:00 |
| jvndb-2024-003047 | SEEnergy SVR-116 vulnerable to OS command injection | 2024-03-28T11:38+09:00 | 2024-03-28T11:38+09:00 |
| jvndb-2024-003026 | Security information for Hitachi Disk Array Systems | 2024-03-27T15:52+09:00 | 2024-03-27T15:52+09:00 |
| jvndb-2024-000035 | Multiple vulnerabilities in WordPress Plugin "Survey Maker" | 2024-03-27T14:48+09:00 | 2024-03-27T14:48+09:00 |
| jvndb-2024-000034 | SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries | 2024-03-27T14:31+09:00 | 2024-03-27T14:31+09:00 |
| jvndb-2023-000086 | Rakuten WiFi Pocket vulnerable to improper authentication | 2023-08-23T12:42+09:00 | 2024-03-27T13:43+09:00 |
| jvndb-2024-000905 | Mini Thread vulnerable to cross-site scripting | 2024-03-26T17:43+09:00 | 2024-03-26T17:43+09:00 |
| jvndb-2023-012042 | WordPress plugin "MW WP Form" vulnerable to arbitrary file upload | 2023-12-15T15:17+09:00 | 2024-03-26T17:39+09:00 |
| jvndb-2023-000083 | Multiple vulnerabilities in LuxCal Web Calendar | 2023-08-21T13:29+09:00 | 2024-03-26T17:09+09:00 |
| jvndb-2024-000906 | ffBull vulnerable to OS command injection | 2024-03-26T16:07+09:00 | 2024-03-26T16:07+09:00 |
| jvndb-2024-000900 | "EasyRange" may insecurely load executable files | 2024-03-26T15:50+09:00 | 2024-03-26T15:50+09:00 |
| jvndb-2024-000907 | 0ch BBS Script (0ch) vulnerable to cross-site scripting | 2024-03-26T15:35+09:00 | 2024-03-26T15:35+09:00 |
| jvndb-2024-000902 | TvRock vulnerable to cross-site scripting | 2024-03-26T14:27+09:00 | 2024-03-26T14:27+09:00 |
| jvndb-2024-000904 | WebProxy vulnerable to OS command injection | 2024-03-26T14:19+09:00 | 2024-03-26T14:19+09:00 |
| jvndb-2023-025113 | BUFFALO LinkStation 200 series vulnerable to arbitrary code execution | 2024-03-25T18:16+09:00 | 2024-03-25T18:16+09:00 |
| jvndb-2023-000082 | EC-CUBE 2 series vulnerable to cross-site scripting | 2023-08-17T15:12+09:00 | 2024-03-25T18:07+09:00 |
| jvndb-2023-000084 | WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting | 2023-08-21T14:05+09:00 | 2024-03-25T17:55+09:00 |
| jvndb-2024-000033 | WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery | 2024-03-25T13:31+09:00 | 2024-03-25T13:31+09:00 |
| jvndb-2023-000055 | ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal | 2023-05-26T13:58+09:00 | 2024-03-21T17:15+09:00 |
| jvndb-2023-000053 | Tornado vulnerable to open redirect | 2023-05-22T13:30+09:00 | 2024-03-21T17:05+09:00 |
| jvndb-2023-000058 | Pleasanter vulnerable to cross-site scripting | 2023-05-31T15:34+09:00 | 2024-03-19T18:17+09:00 |
| jvndb-2023-002002 | Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS) | 2023-06-01T13:48+09:00 | 2024-03-19T18:13+09:00 |
| jvndb-2023-000072 | Improper restriction of XML external entity references (XXE) in XBRL data create application | 2023-07-18T15:22+09:00 | 2024-03-19T18:11+09:00 |
| jvndb-2023-000056 | Starlette vulnerable to directory traversal | 2023-05-30T13:34+09:00 | 2024-03-19T18:08+09:00 |
| jvndb-2023-000125 | Multiple vulnerabilities in BUFFALO VR-S1000 | 2023-12-26T15:51+09:00 | 2024-03-19T17:56+09:00 |
| jvndb-2023-000123 | Multiple vulnerabilities in GROWI | 2023-12-13T15:30+09:00 | 2024-03-19T17:46+09:00 |
| jvndb-2023-000052 | DataSpider Servista uses a hard-coded cryptographic key | 2023-05-31T15:34+09:00 | 2024-03-19T17:44+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0939 | Multiples vulnérabilités dans les produits Splunk | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0938 | Multiples vulnérabilités dans les produits VMware | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0937 | Multiples vulnérabilités dans Google Chrome | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0935 | Multiples vulnérabilités dans les produits VMware | 2025-10-29T00:00:00.000000 | 2025-10-29T00:00:00.000000 |
| certfr-2025-avi-0934 | Vulnérabilité dans les produits Mozilla | 2025-10-29T00:00:00.000000 | 2025-10-29T00:00:00.000000 |
| certfr-2025-avi-0933 | Multiples vulnérabilités dans Apache Tomcat | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0932 | Multiples vulnérabilités dans Liferay | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0931 | Vulnérabilité dans StrongSwan | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0930 | Vulnérabilité dans Microsoft Windows Server Update Service | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0929 | Vulnérabilité dans le client VPN de TheGreenBow | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0928 | Vulnérabilité dans Microsoft Configuration Manager | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0927 | Vulnérabilité dans Xen | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0926 | Vulnérabilité dans le pilote ODBC de MongoDB | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0925 | Vulnérabilité dans les produits Belden | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0924 | Multiples vulnérabilités dans les produits IBM | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0923 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0922 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0921 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0920 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0919 | Multiples vulnérabilités dans Microsoft Azure | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0918 | Multiples vulnérabilités dans Liferay | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0917 | Multiples vulnérabilités dans les produits Moxa | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0916 | Vulnérabilité dans le pilote MongoDB Pilote Atlas SQL ODBC | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0915 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0914 | Multiples vulnérabilités dans les produits Centreon | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0913 | Multiples vulnérabilités dans ISC BIND | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0912 | Vulnérabilité dans SolarWinds Observability | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0911 | Multiples vulnérabilités dans Oracle Weblogic | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0910 | Multiples vulnérabilités dans Oracle Virtualization | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0909 | Multiples vulnérabilités dans Oracle Systems | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |