Recent vulnerabilities

ID CVSS Description Vendor Product Published Updated
cve-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via '… prasunsen
 Hostel
 2026-04-18T01:26:04.643Z 2026-04-20T14:19:29.627Z
cve-2026-40489 editorconfig-core-c has incomplete fix for CVE-2023-0341 editorconfig
 editorconfig-core-c
 2026-04-18T01:24:57.278Z 2026-04-20T16:15:31.570Z
cve-2026-40487 Postiz Has Unrestricted File Upload via MIME Type Spoo… gitroomhq
 postiz-app
 2026-04-18T01:19:06.588Z 2026-04-20T15:25:40.893Z
cve-2026-35582 Emissary has an OS Command Injection via Unvalidated I… NationalSecurityAgency
 emissary
 2026-04-18T01:16:27.661Z 2026-04-20T15:48:51.543Z
cve-2026-35465 SecureDrop Client has path injection in read_gzip_head… freedomofpress
 securedrop-client
 2026-04-18T00:41:16.594Z 2026-04-20T15:47:43.822Z
cve-2026-40572 NovumOS has Arbitrary Memory Mapping via Syscall 15 (M… MinecAnton209
 NovumOS
 2026-04-18T00:16:02.590Z 2026-04-20T14:55:57.521Z
cve-2026-40317 NovumOS has Privilege Escalation in the Syscall Interface MinecAnton209
 NovumOS
 2026-04-18T00:12:10.368Z 2026-04-20T15:26:25.222Z
cve-2026-40350 Movary User Management (/settings/users) has Authoriza… leepeuker
 movary
 2026-04-18T00:07:33.324Z 2026-04-20T16:15:39.915Z
cve-2026-40349 Authenticated Movary User Can Self-Escalate to Adminis… leepeuker
 movary
 2026-04-18T00:05:46.360Z 2026-04-20T16:15:49.844Z
cve-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field ChurchCRM
 CRM
 2026-04-18T00:02:59.606Z 2026-04-20T14:56:05.666Z
cve-2026-40348 Movary has Authenticated SSRF via Jellyfin Server URL … leepeuker
 movary
 2026-04-18T00:01:09.725Z 2026-04-20T16:11:32.779Z
cve-2026-40347 Python-Multipart affected by Denial of Service via lar… Kludex
 python-multipart
 2026-04-17T23:56:50.777Z 2026-04-20T15:46:40.011Z
cve-2026-40346 NocoBase has SSRF in Workflow HTTP Request and Custom … nocobase
 @nocobase/plugin-workflow-request
 2026-04-17T23:54:34.829Z 2026-04-20T14:56:12.829Z
cve-2026-40581 ChurchCRM: Cross-Site Request Forgery (CSRF) in Select… ChurchCRM
 CRM
 2026-04-17T23:51:32.765Z 2026-04-20T16:15:58.183Z
cve-2026-40337 Sentry kernel has incomplete ownership check for IRQ l… camelot-os
 sentry-kernel
 2026-04-17T23:51:09.866Z 2026-04-20T16:13:48.908Z
cve-2026-40341 libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx gphoto
 libgphoto2
 2026-04-17T23:48:36.644Z 2026-04-20T16:14:19.107Z
cve-2026-40340 libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack… gphoto
 libgphoto2
 2026-04-17T23:45:17.467Z 2026-04-20T13:36:05.149Z
cve-2026-40339 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() FormF… gphoto
 libgphoto2
 2026-04-17T23:42:32.586Z 2026-04-20T14:56:21.979Z
cve-2026-40338 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enume… gphoto
 libgphoto2
 2026-04-17T23:40:10.097Z 2026-04-20T16:16:08.585Z
cve-2026-40485 ChurchCRM: Username Enumeration via Differential Respo… ChurchCRM
 CRM
 2026-04-17T23:29:35.884Z 2026-04-20T13:36:05.319Z
cve-2026-40336 libgphoto2 has memory leak in ptp_unpack_Sony_DPD() se… gphoto
 libgphoto2
 2026-04-17T23:27:42.868Z 2026-04-20T16:14:53.071Z
cve-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensiti… easyappointments
 Easy Appointments
 2026-04-17T23:26:48.863Z 2026-04-20T13:51:28.513Z
cve-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unr… ChurchCRM
 CRM
 2026-04-17T23:25:06.319Z 2026-04-20T14:56:29.684Z
cve-2026-40483 ChurchCRM: Stored XSS in PledgeEditor.php via Donation… ChurchCRM
 CRM
 2026-04-17T23:20:44.900Z 2026-04-20T16:16:17.841Z
cve-2026-40335 libgphoto2 has OOB read in ptp_unpack_DPV() UINT128/IN… gphoto
 libgphoto2
 2026-04-17T23:19:16.935Z 2026-04-20T13:36:05.542Z
cve-2026-40334 libgphoto2 missing null termination in ptp_unpack_Cano… gphoto
 libgphoto2
 2026-04-17T23:16:38.751Z 2026-04-20T13:36:05.703Z
cve-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/… ChurchCRM
 CRM
 2026-04-17T23:16:13.862Z 2026-04-20T14:56:36.921Z
cve-2026-40333 libgphoto2 has OOB read in ptp_unpack_EOS_ImageFormat(… gphoto
 libgphoto2
 2026-04-17T23:11:11.073Z 2026-04-20T14:56:44.091Z
cve-2026-40480 ChurchCRM has Missing Object-Level Authorization / IDO… ChurchCRM
 CRM
 2026-04-17T23:07:30.126Z 2026-04-20T16:16:00.433Z
cve-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow v… ChilliCream
 graphql-platform
 2026-04-17T23:05:26.217Z 2026-04-20T16:16:25.151Z
ID CVSS Description Vendor Product Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Package Published Updated
ID Description Type
ID Description Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Updated
ID Description Published Updated
jvndb-2021-000094 WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting 2021-11-10T14:26+09:00 2021-11-10T14:26+09:00
jvndb-2021-003811 File Permission Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center 2021-11-05T15:04+09:00 2021-11-05T15:04+09:00
jvndb-2021-003660 Authentication Bypass Vulnerability in Hitachi Device Manager 2021-11-01T15:56+09:00 2021-11-01T15:56+09:00
jvndb-2021-000097 Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X 2021-10-29T15:22+09:00 2022-04-20T14:03+09:00
jvndb-2021-000096 Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent 2021-10-29T15:11+09:00 2021-10-29T15:11+09:00
jvndb-2021-000098 ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS) 2021-10-29T14:58+09:00 2021-10-29T14:58+09:00
jvndb-2021-000095 Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter 2021-10-28T15:03+09:00 2021-10-28T15:03+09:00
jvndb-2021-003385 Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation 2021-10-26T12:35+09:00 2021-10-26T12:35+09:00
jvndb-2021-000093 Movable Type XMLRPC API vulnerable to OS command injection 2021-10-20T17:38+09:00 2021-12-17T17:36+09:00
jvndb-2021-003080 OMRON CX-Supervisor vulnerable to out-of-bounds read 2021-10-18T15:26+09:00 2021-11-01T15:37+09:00
jvndb-2021-000091 128 Technology Session Smart Router vulnerable to authentication bypass 2021-10-18T14:58+09:00 2021-10-18T14:58+09:00
jvndb-2021-000090 Apache HTTP Server vulnerable to directory traversal 2021-10-11T18:07+09:00 2021-10-11T18:07+09:00
jvndb-2021-000089 Nike App fails to restrict custom URL schemes properly 2021-10-08T14:32+09:00 2021-10-08T14:32+09:00
jvndb-2021-002810 Information Disclosure Vulnerability in Hitachi Tuning Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer 2021-10-05T15:37+09:00 2021-10-05T15:37+09:00
jvndb-2021-002774 Trend Micro ServerProtect family vulnerable to authentication bypass 2021-10-01T14:42+09:00 2021-10-01T14:42+09:00
jvndb-2021-000088 Multiple vulnerabilities in Cybozu Remote Service 2021-09-30T16:03+09:00 2024-04-08T18:09+09:00
jvndb-2021-002752 Trend Micro HouseCall for Home Networks vulnerable to privilege escalation 2021-09-30T13:56+09:00 2021-09-30T13:56+09:00
jvndb-2021-000085 SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification 2021-09-28T15:18+09:00 2021-09-28T15:18+09:00
jvndb-2021-000086 WordPress Plugin "OG Tags" vulnerable to cross-site request forgery 2021-09-28T15:11+09:00 2021-09-28T15:11+09:00
jvndb-2021-000084 InBody App vulnerable to information disclosure 2021-09-28T14:27+09:00 2021-09-28T14:27+09:00
jvndb-2021-000081 Multiple vulnerabilities in Sharp NEC Display Solutions' public displays 2021-09-17T15:13+09:00 2025-12-10T10:24+09:00
jvndb-2021-000083 EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting 2021-09-16T14:33+09:00 2021-09-16T14:33+09:00
jvndb-2021-000082 EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting 2021-09-13T14:24+09:00 2021-09-13T14:24+09:00
jvndb-2021-000074 Multiple vulnerabilities in RevoWorks Browser 2021-09-10T15:44+09:00 2021-09-10T15:44+09:00
jvndb-2021-002342 Trend Micro Security family vulnerable to improper handling of Directory Junction 2021-09-03T16:10+09:00 2021-09-03T16:10+09:00
jvndb-2021-000080 baserCMS vulnerable to cross-site scripting 2021-08-27T13:29+09:00 2021-08-27T13:29+09:00
jvndb-2021-000079 Multiple cross-site scripting vulnerabilities in Movable Type 2021-08-25T14:54+09:00 2021-08-25T14:54+09:00
jvndb-2021-000078 The installers of multiple Sony products may insecurely load Dynamic Link Libraries 2021-08-24T14:30+09:00 2021-08-24T14:30+09:00
jvndb-2021-002282 Multiple vulnerabilities in Navigate CMS 2021-08-20T14:25+09:00 2021-08-20T14:25+09:00
jvndb-2021-002279 Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises 2021-08-19T15:01+09:00 2021-08-19T15:01+09:00
ID Description Updated
ID Description
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
certfr-2025-avi-0752 Multiples vulnérabilités dans Google Pixel 2025-09-04T00:00:00.000000 2025-09-04T00:00:00.000000
certfr-2025-avi-0751 Multiples vulnérabilités dans les produits VMware 2025-09-03T00:00:00.000000 2025-09-03T00:00:00.000000
certfr-2025-avi-0750 Multiples vulnérabilités dans Google Android 2025-09-03T00:00:00.000000 2025-09-03T00:00:00.000000
certfr-2025-avi-0749 Multiples vulnérabilités dans Google Chrome 2025-09-03T00:00:00.000000 2025-09-03T00:00:00.000000
certfr-2025-avi-0748 Vulnérabilité dans les produits Liferay 2025-09-02T00:00:00.000000 2025-09-02T00:00:00.000000
certfr-2025-avi-0747 Multiples vulnérabilités dans les produits Qnap 2025-09-01T00:00:00.000000 2025-09-01T00:00:00.000000
certfr-2025-avi-0746 Multiples vulnérabilités dans les produits IBM 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0745 Multiples vulnérabilités dans le noyau Linux de SUSE 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0744 Multiples vulnérabilités dans le noyau Linux de Red Hat 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0743 Multiples vulnérabilités dans le noyau Linux d'Ubuntu 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0742 Vulnérabilité dans Microsoft Edge 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0741 Vulnérabilité dans Wireshark 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0740 Multiples vulnérabilités dans Tenable Security Center 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0739 Multiples vulnérabilités dans Asterisk 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0738 Multiples vulnérabilités dans les produits Elastic 2025-08-29T00:00:00.000000 2025-08-29T00:00:00.000000
certfr-2025-avi-0737 Multiples vulnérabilités dans les produits Cisco 2025-08-28T00:00:00.000000 2025-08-28T00:00:00.000000
certfr-2025-avi-0736 Multiples vulnérabilités dans GitLab 2025-08-28T00:00:00.000000 2025-08-28T00:00:00.000000
certfr-2025-avi-0735 Vulnérabilité dans GLPI 2025-08-28T00:00:00.000000 2025-08-28T00:00:00.000000
certfr-2025-avi-0734 Vulnérabilité dans ISC Kea DHCP 2025-08-28T00:00:00.000000 2025-08-28T00:00:00.000000
certfr-2025-avi-0733 Vulnérabilité dans Nagios XI 2025-08-28T00:00:00.000000 2025-08-28T00:00:00.000000
certfr-2025-avi-0732 Vulnérabilité dans Google Chrome 2025-08-27T00:00:00.000000 2025-08-27T00:00:00.000000
certfr-2025-avi-0731 Vulnérabilité dans Shibboleth Identity Provider 2025-08-27T00:00:00.000000 2025-08-27T00:00:00.000000
certfr-2025-avi-0730 Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway 2025-08-26T00:00:00.000000 2025-08-26T00:00:00.000000
certfr-2025-avi-0729 Multiples vulnérabilités dans Qnap File Station 2025-08-26T00:00:00.000000 2025-08-26T00:00:00.000000
certfr-2025-avi-0728 Vulnérabilité dans Centreon Web 2025-08-25T00:00:00.000000 2025-08-25T00:00:00.000000
certfr-2025-avi-0727 Multiples vulnérabilités dans les produits ESET 2025-08-25T00:00:00.000000 2025-08-25T00:00:00.000000
certfr-2025-avi-0726 Vulnérabilité dans les produits Moxa 2025-08-25T00:00:00.000000 2025-08-25T00:00:00.000000
certfr-2025-avi-0725 Vulnérabilité dans Liferay 2025-08-25T00:00:00.000000 2025-08-25T00:00:00.000000
certfr-2025-avi-0724 Multiples vulnérabilités dans les produits IBM 2025-08-22T00:00:00.000000 2025-08-22T00:00:00.000000
certfr-2025-avi-0723 Multiples vulnérabilités dans le noyau Linux de SUSE 2025-08-22T00:00:00.000000 2025-08-22T00:00:00.000000
ID Description Published Updated