Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-1307 | Ninja Forms <= 3.14.1 - Authenticated (Contributor+) S… |
kstover |
Ninja Forms – The Contact Form Builder That Grows With You |
2026-03-28T06:46:08.915Z | 2026-04-08T17:28:30.418Z | |
| cve-2025-15445 | N/A | Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary … |
Unknown |
Restaurant Cafeteria |
2026-03-28T06:00:07.103Z | 2026-04-02T12:39:55.597Z |
| cve-2025-12886 | Oxygen <= 6.0.8 - Unauthenticated Server-Side Request … |
Laborator |
Oxygen - WooCommerce WordPress Theme |
2026-03-28T02:26:37.080Z | 2026-04-08T17:06:00.297Z | |
| cve-2026-4987 | SureForms <= 2.5.2 - Unauthenticated Payment Amount Va… |
brainstormforce |
SureForms – Contact Form, Payment Form & Other Custom Form Builder |
2026-03-28T01:25:46.475Z | 2026-04-08T17:20:42.042Z | |
| cve-2026-1679 | 7.3 (v3.1) | net: eswifi socket send payload length not bounded |
zephyrproject-rtos |
Zephyr |
2026-03-27T23:21:18.399Z | 2026-04-01T13:52:01.510Z |
| cve-2026-4248 | Ultimate Member <= 2.11.2 - Authenticated (Contributor… |
ultimatemember |
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
2026-03-27T22:26:22.535Z | 2026-04-08T17:18:18.777Z | |
| cve-2026-33996 | LibJWT has NULL/bounds validation in JWK octet and RSA… |
benmcollins |
libjwt |
2026-03-27T22:21:21.465Z | 2026-03-31T18:53:51.741Z | |
| cve-2026-33994 | Locutus Prototype Pollution due to incomplete fix for … |
locutusjs |
locutus |
2026-03-27T22:15:47.131Z | 2026-04-01T13:45:55.451Z | |
| cve-2026-33993 | Locutus has Prototype Pollution via __proto__ Key Inje… |
locutusjs |
locutus |
2026-03-27T22:14:03.495Z | 2026-03-30T15:45:18.660Z | |
| cve-2026-33992 | pyLoad: Server-Side Request Forgery via Download Link … |
pyload |
pyload |
2026-03-27T22:12:39.606Z | 2026-03-30T18:29:06.744Z | |
| cve-2026-33991 | WeGIA has SQL Injection in deletar_tag.php |
LabRedesCefetRJ |
WeGIA |
2026-03-27T22:10:51.350Z | 2026-03-31T19:09:51.018Z | |
| cve-2026-33936 | python-ecdsa: Denial of Service via improper DER lengt… |
tlsfuzzer |
python-ecdsa |
2026-03-27T22:08:22.868Z | 2026-04-01T13:44:46.297Z | |
| cve-2026-4992 | wandb OpenUI HTMLAnnotator server.py get_share HTML in… |
wandb |
OpenUI |
2026-03-27T22:03:46.340Z | 2026-03-30T14:53:55.953Z | |
| cve-2026-4991 | QDOCS Smart School Management System Admission Enquiry… |
QDOCS |
Smart School Management System |
2026-03-27T22:03:43.432Z | 2026-03-30T18:32:32.719Z | |
| cve-2026-33989 | @mobilenext/mobile-mcp alllows arbitrary file write vi… |
mobile-next |
mobile-mcp |
2026-03-27T22:03:01.801Z | 2026-03-30T15:47:00.925Z | |
| cve-2026-33981 | Changedetection.io Discloses Environment Variables via… |
dgtlmoon |
changedetection.io |
2026-03-27T22:01:13.719Z | 2026-03-30T18:36:23.805Z | |
| cve-2026-33980 | Azure Data Explorer MCP Server: KQL Injection in multi… |
pab1it0 |
adx-mcp-server |
2026-03-27T21:32:57.541Z | 2026-03-27T21:56:16.579Z | |
| cve-2026-33979 | Express XSS Sanitizer: allowedTags/allowedAttributes b… |
AhmedAdelFahim |
express-xss-sanitizer |
2026-03-27T21:29:19.759Z | 2026-03-31T14:29:43.694Z | |
| cve-2026-33955 | Notesnook vulnerable to RCE via stored XSS in Note His… |
streetwriters |
Notesnook Web/Desktop |
2026-03-27T21:27:31.554Z | 2026-04-03T13:02:56.898Z | |
| cve-2026-4990 | chatwoot Signup Endpoint login improper authorization |
n/a |
chatwoot |
2026-03-27T21:27:18.090Z | 2026-03-31T14:28:07.910Z | |
| cve-2026-4988 | Open5GS CCA Message smf_s6b denial of service |
n/a |
Open5GS |
2026-03-27T21:27:16.379Z | 2026-03-30T17:42:11.269Z | |
| cve-2026-4985 | dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow |
dloebl |
CGIF |
2026-03-27T21:27:13.537Z | 2026-03-30T15:48:41.448Z | |
| cve-2026-33976 | Notesnook vulnerable to RCE via stored XSS in Web Clip… |
streetwriters |
Notesnook Web/Desktop |
2026-03-27T21:26:10.127Z | 2026-04-03T03:55:22.486Z | |
| cve-2026-33954 | LinkAce discloses private notesto unauthorized authent… |
Kovah |
LinkAce |
2026-03-27T21:23:30.148Z | 2026-03-27T21:57:41.206Z | |
| cve-2026-33953 | LinkAce's SSRF protection can be bypassed via internal… |
Kovah |
LinkAce |
2026-03-27T21:22:03.963Z | 2026-03-30T15:39:58.365Z | |
| cve-2026-27309 | 7.8 (v3.1) | Substance3D - Stager | Use After Free (CWE-416) |
Adobe |
Substance3D - Stager |
2026-03-27T21:21:37.004Z | 2026-03-31T03:55:40.195Z |
| cve-2026-33946 | MCP Ruby SDK: Insufficient Session Binding Allows SSE … |
modelcontextprotocol |
ruby-sdk |
2026-03-27T21:20:07.900Z | 2026-03-30T18:42:43.387Z | |
| cve-2019-25652 | 7.6 (v4.0) 7.5 (v3.1) | UniFi Network Controller Improper Certificate Validati… |
Ubiquiti |
UniFi Network Controller |
2026-03-27T21:19:26.490Z | 2026-03-30T13:56:58.156Z |
| cve-2026-34226 | Happy DOM's fetch credentials include uses page-origin… |
capricorn86 |
happy-dom |
2026-03-27T21:17:24.777Z | 2026-03-31T14:25:27.402Z | |
| cve-2019-25651 | 8.7 (v4.0) 8.3 (v3.1) | Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recov… |
Ubiquiti |
UniFi Network Controller |
2026-03-27T21:16:30.611Z | 2026-03-30T17:55:00.222Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2018-avi-484 | Multiples vulnérabilités dans Microsoft Windows | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-483 | Multiples vulnérabilités dans Microsoft Office | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-482 | Multiples vulnérabilités dans Microsoft Edge | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-481 | Multiples vulnérabilités dans Microsoft IE | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-480 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-479 | Multiples vulnérabilités dans Joomla! | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-478 | Multiples vulnérabilités dans le noyau Linux de RedHat | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-477 | Multiples vulnérabilités dans Google Chrome OS | 2018-10-10T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-avi-476 | Multiples vulnérabilités dans SCADA Siemens | 2018-10-09T00:00:00.000000 | 2018-10-09T00:00:00.000000 |
| certfr-2018-avi-475 | Multiples vulnérabilités dans Apple iOS | 2018-10-09T00:00:00.000000 | 2018-10-09T00:00:00.000000 |
| certfr-2018-avi-474 | Multiples vulnérabilités dans Apple iCloud | 2018-10-09T00:00:00.000000 | 2018-10-09T00:00:00.000000 |
| certfr-2018-avi-473 | Vulnérabilité dans Moxa EDR-810 | 2018-10-08T00:00:00.000000 | 2018-10-08T00:00:00.000000 |
| certfr-2018-avi-472 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-10-08T00:00:00.000000 | 2018-10-08T00:00:00.000000 |
| certfr-2018-avi-471 | Vulnérabilité dans VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) | 2018-10-05T00:00:00.000000 | 2018-10-05T00:00:00.000000 |
| certfr-2018-avi-470 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-10-05T00:00:00.000000 | 2018-10-05T00:00:00.000000 |
| certfr-2018-avi-469 | Multiples vulnérabilités dans Mozilla Thunderbird | 2018-10-05T00:00:00.000000 | 2018-10-05T00:00:00.000000 |
| certfr-2018-avi-468 | Multiples vulnérabilités dans les produits Cisco | 2018-10-04T00:00:00.000000 | 2018-10-04T00:00:00.000000 |
| certfr-2018-avi-467 | Multiples vulnérabilités dans Mozilla Firefox | 2018-10-03T00:00:00.000000 | 2018-10-03T00:00:00.000000 |
| certfr-2018-avi-466 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-10-03T00:00:00.000000 | 2018-10-03T00:00:00.000000 |
| certfr-2018-avi-465 | Multiples vulnérabilités dans Google Android | 2018-10-02T00:00:00.000000 | 2018-10-02T00:00:00.000000 |
| certfr-2018-avi-464 | Multiples vulnérabilités dans Adobe Acrobat et Reader | 2018-10-02T00:00:00.000000 | 2018-10-02T00:00:00.000000 |
| certfr-2018-avi-463 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-10-02T00:00:00.000000 | 2018-10-02T00:00:00.000000 |
| certfr-2018-avi-462 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2018-10-02T00:00:00.000000 | 2018-10-03T00:00:00.000000 |
| certfr-2018-avi-461 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-10-01T00:00:00.000000 | 2018-10-01T00:00:00.000000 |
| certfr-2018-avi-460 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-09-28T00:00:00.000000 | 2018-09-28T00:00:00.000000 |
| certfr-2018-avi-459 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-09-27T00:00:00.000000 | 2018-09-27T00:00:00.000000 |
| certfr-2018-avi-458 | Multiples vulnérabilités dans les produits Cisco | 2018-09-27T00:00:00.000000 | 2018-09-27T00:00:00.000000 |
| certfr-2018-avi-457 | Multiples vulnérabilités dans le noyau linux de RedHat | 2018-09-26T00:00:00.000000 | 2018-09-26T00:00:00.000000 |
| certfr-2018-avi-456 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2018-09-26T00:00:00.000000 | 2018-09-26T00:00:00.000000 |
| certfr-2018-avi-455 | Multiples vulnérabilités dans Apple macOS | 2018-09-25T00:00:00.000000 | 2018-09-25T00:00:00.000000 |