Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40482 | ChurchCRM has Authenticated SQL Injection in `/api/fam… |
ChurchCRM |
CRM |
2026-04-17T22:58:48.528Z | 2026-04-20T16:16:32.247Z | |
| cve-2026-40323 | SP1 V6 Recursion Circuit Row-Count Binding Gap |
succinctlabs |
sp1 |
2026-04-17T22:58:42.580Z | 2026-04-20T16:16:41.143Z | |
| cve-2026-40481 | monetr: Unauthenticated Stripe webhook reads attacker-… |
monetr |
monetr |
2026-04-17T22:54:57.545Z | 2026-04-20T13:36:05.862Z | |
| cve-2026-40486 | Kimai's User Preferences API allows standard users to … |
kimai |
kimai |
2026-04-17T22:35:53.543Z | 2026-04-20T14:56:51.165Z | |
| cve-2026-40479 | Kimai: Stored XSS via Incomplete HTML Attribute Escapi… |
kimai |
kimai |
2026-04-17T22:31:29.930Z | 2026-04-20T16:16:41.880Z | |
| cve-2026-2434 | Pz-LinkCard <= 2.5.8.1 - Authenticated (Contributor+) … |
poporon |
Pz-LinkCard |
2026-04-17T22:27:13.525Z | 2026-04-20T13:36:06.124Z | |
| cve-2026-40478 | Improper neutralization of specific syntax patterns fo… |
thymeleaf |
thymeleaf |
2026-04-17T21:57:01.560Z | 2026-04-22T03:55:42.682Z | |
| cve-2026-40477 | Improper restriction of the scope of accessible object… |
thymeleaf |
thymeleaf |
2026-04-17T21:53:47.271Z | 2026-04-22T03:55:41.093Z | |
| cve-2026-40476 | graphql-php: Denial of Service via quadratic complexit… |
webonyx |
graphql-php |
2026-04-17T21:42:59.511Z | 2026-04-20T14:56:57.812Z | |
| cve-2026-5720 | 7.1 (v4.0) | miniupnpd Integer Underflow SOAPAction Header Parsing |
miniupnp project |
miniupnpd |
2026-04-17T21:39:54.818Z | 2026-04-20T16:59:21.060Z |
| cve-2026-40474 | wger has Broken Access Control in the Global Gym Confi… |
wger-project |
wger |
2026-04-17T21:39:03.677Z | 2026-04-20T16:08:12.427Z | |
| cve-2026-40353 | wger: Stored XSS via Unescaped License Attribution Fields |
wger-project |
wger |
2026-04-17T21:16:12.401Z | 2026-04-20T16:17:52.305Z | |
| cve-2026-40258 | Gramps Web API has Zip Slip Path Traversal in Media Ar… |
gramps-project |
gramps-web-api |
2026-04-17T21:12:54.226Z | 2026-04-20T15:48:41.690Z | |
| cve-2026-29013 | 8.8 (v4.0) | libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling |
libcoap |
libcoap |
2026-04-17T21:11:38.137Z | 2026-04-20T16:46:56.223Z |
| cve-2026-40321 | DotNetNuke.Core has stored cross-site-scripting (XSS) … |
dnnsoftware |
Dnn.Platform |
2026-04-17T21:10:33.192Z | 2026-04-22T03:55:44.141Z | |
| cve-2026-40352 | FastGPT: NoSQL Injection in updatePasswordByOld Leads … |
labring |
FastGPT |
2026-04-17T21:09:32.913Z | 2026-04-20T13:36:06.464Z | |
| cve-2026-40306 | DNN has same HostGUID for all new installs |
dnnsoftware |
Dnn.Platform |
2026-04-17T21:09:30.317Z | 2026-04-20T16:18:27.508Z | |
| cve-2026-40305 | DNN has Force Friend Request Acceptance |
dnnsoftware |
Dnn.Platform |
2026-04-17T21:06:09.237Z | 2026-04-20T13:36:06.644Z | |
| cve-2026-40351 | FastGPT: NoSQL Injection in loginByPassword leads to A… |
labring |
FastGPT |
2026-04-17T21:05:05.911Z | 2026-04-20T14:57:15.664Z | |
| cve-2026-40304 | zrok's broken ownership check in DELETE /api/v2/unacce… |
openziti |
zrok |
2026-04-17T21:04:23.648Z | 2026-04-20T14:57:24.486Z | |
| cve-2026-40303 | zrok allows unauthenticated DoS via unbounded memory a… |
openziti |
zrok |
2026-04-17T21:01:51.899Z | 2026-04-20T16:19:07.291Z | |
| cve-2026-40196 | HomeBox has Unauthorized API Access via Retained defau… |
sysadminsmedia |
homebox |
2026-04-17T21:01:18.530Z | 2026-04-20T13:36:06.776Z | |
| cve-2026-40302 | zrok has reflected XSS in GitHub OAuth callback via un… |
openziti |
zrok |
2026-04-17T20:56:08.368Z | 2026-04-18T03:07:10.092Z | |
| cve-2026-40155 | Auth0 Next.js SDK has Improper Proxy Cache Lookup |
auth0 |
nextjs-auth0 |
2026-04-17T20:54:38.958Z | 2026-04-20T14:57:32.023Z | |
| cve-2026-40301 | rhukster/dom-sanitizer: SVG <style> tag allows CSS inj… |
rhukster |
dom-sanitizer |
2026-04-17T20:51:37.226Z | 2026-04-20T14:57:39.192Z | |
| cve-2026-40299 | next-intl has an open redirect vulnerability |
amannn |
next-intl |
2026-04-17T20:49:05.642Z | 2026-04-20T15:58:51.149Z | |
| cve-2026-40293 | OpenFGA Playground Preshared Key Exposure |
openfga |
openfga |
2026-04-17T20:47:06.804Z | 2026-04-20T16:19:40.914Z | |
| cve-2026-35603 | Claude Code: Insecure System-Wide Configuration Loadin… |
anthropics |
claude-code |
2026-04-17T20:38:49.901Z | 2026-04-20T14:57:47.669Z | |
| cve-2026-35402 | mcp-neo4j-cypher: SSRF and Data Modification via read_… |
neo4j-contrib |
mcp-neo4j |
2026-04-17T20:34:06.510Z | 2026-04-20T15:51:06.164Z | |
| cve-2026-33436 | Stirling-PDF: Reflected XSS through crafted filename i… |
Stirling-Tools |
Stirling-PDF |
2026-04-17T20:29:43.262Z | 2026-04-20T16:20:16.137Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2021-000077 | Huawei EchoLife HG8045Q vulnerable to OS command injection | 2021-08-17T14:24+09:00 | 2021-08-17T14:24+09:00 |
| jvndb-2021-002273 | Multiple vulnerabilities in D-Link router DSL-2750U | 2021-08-17T14:09+09:00 | 2021-08-17T14:09+09:00 |
| jvndb-2021-000076 | Plone vulnerable to open redirect | 2021-08-12T14:05+09:00 | 2021-08-12T14:05+09:00 |
| jvndb-2021-000075 | WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting | 2021-08-10T14:40+09:00 | 2021-08-10T14:40+09:00 |
| jvndb-2021-002077 | Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises | 2021-08-04T11:15+09:00 | 2021-08-04T11:15+09:00 |
| jvndb-2021-000073 | Multiple vulnerabilities in Cybozu Garoon | 2021-08-02T16:42+09:00 | 2022-05-24T15:16+09:00 |
| jvndb-2021-000072 | Minecraft Java Edition vulnerable to directory traversal | 2021-07-21T15:12+09:00 | 2021-07-21T15:12+09:00 |
| jvndb-2021-002005 | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting | 2021-07-19T16:53+09:00 | 2021-07-19T16:53+09:00 |
| jvndb-2021-000070 | Multiple vulnerabilities in GroupSession | 2021-07-19T15:41+09:00 | 2023-03-08T17:02+09:00 |
| jvndb-2021-000069 | Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery | 2021-07-14T17:13+09:00 | 2021-07-14T17:13+09:00 |
| jvndb-2021-000068 | Multiple vulnerabilities in Retty App | 2021-07-13T14:34+09:00 | 2023-03-08T17:02+09:00 |
| jvndb-2021-000067 | voidtools "Everything" vulnerable to HTTP header injection | 2021-07-09T14:40+09:00 | 2021-07-09T14:40+09:00 |
| jvndb-2021-000065 | WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery | 2021-07-08T14:29+09:00 | 2021-07-08T14:29+09:00 |
| jvndb-2021-000066 | WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery | 2021-07-08T13:45+09:00 | 2021-07-08T13:45+09:00 |
| jvndb-2021-001977 | Multiple vulnerabilities in Elecom routers | 2021-07-07T14:03+09:00 | 2021-07-12T16:04+09:00 |
| jvndb-2021-000064 | GU App for Android fails to restrict access permissions | 2021-07-07T13:16+09:00 | 2021-07-07T13:16+09:00 |
| jvndb-2021-001968 | Multiple vulnerabilities in Trend Micro Password Manager | 2021-07-06T16:08+09:00 | 2021-07-06T16:08+09:00 |
| jvndb-2021-000063 | WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery | 2021-07-06T14:50+09:00 | 2021-07-06T14:50+09:00 |
| jvndb-2021-000062 | WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery | 2021-07-06T14:11+09:00 | 2021-07-06T14:11+09:00 |
| jvndb-2021-000061 | A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass | 2021-07-05T14:28+09:00 | 2021-07-05T14:28+09:00 |
| jvndb-2021-000059 | EC-CUBE fails to restrict access permissions | 2021-07-01T15:49+09:00 | 2021-07-01T15:49+09:00 |
| jvndb-2007-002102 | boastMachine vulnerable to cross-site scripting | 2021-06-30T14:32+09:00 | 2021-06-30T14:32+09:00 |
| jvndb-2021-000058 | IkaIka RSS Reader vulnerable to cross-site scripting | 2021-06-30T14:21+09:00 | 2021-06-30T14:21+09:00 |
| jvndb-2021-000056 | WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting | 2021-06-30T11:36+09:00 | 2021-06-30T11:36+09:00 |
| jvndb-2021-000057 | Multiple cross-site scripting vulnerabilities in EC-CUBE | 2021-06-23T15:15+09:00 | 2021-06-23T15:15+09:00 |
| jvndb-2021-000055 | WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting | 2021-06-22T15:06+09:00 | 2021-06-22T15:06+09:00 |
| jvndb-2021-000054 | Inkdrop vulnerable to OS command injection | 2021-06-22T15:06+09:00 | 2021-06-22T15:06+09:00 |
| jvndb-2021-000053 | Hitachi Virtual File Platform vulnerable to OS command injection | 2021-06-18T15:45+09:00 | 2021-06-18T15:45+09:00 |
| jvndb-2021-000052 | Hitachi Application Server Help vulnerable cross-site scripting | 2021-06-17T15:11+09:00 | 2021-06-17T15:11+09:00 |
| jvndb-2021-000051 | Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE | 2021-06-16T16:18+09:00 | 2021-06-16T16:18+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0722 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0721 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0720 | Multiples vulnérabilités dans Microsoft Windows | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0719 | Vulnérabilité dans Microsoft Edge | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0718 | Multiples vulnérabilités dans les produits Liferay | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0717 | Vulnérabilité dans Elastic Beats | 2025-08-21T00:00:00.000000 | 2025-08-21T00:00:00.000000 |
| certfr-2025-avi-0716 | Vulnérabilité dans les produits Apple | 2025-08-21T00:00:00.000000 | 2025-08-21T00:00:00.000000 |
| certfr-2025-avi-0715 | Multiples vulnérabilités dans les produits Liferay | 2025-08-21T00:00:00.000000 | 2025-08-21T00:00:00.000000 |
| certfr-2025-avi-0714 | Multiples vulnérabilités dans les produits Mozilla | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0713 | Multiples vulnérabilités dans les produits Liferay | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0712 | Vulnérabilité dans Apereo CAS | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0711 | Vulnérabilité dans Google Chrome | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0710 | Multiples vulnérabilités dans les produits F5 | 2025-08-19T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0709 | Multiples vulnérabilités dans les produits Liferay | 2025-08-19T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0708 | Multiples vulnérabilités dans les produits Cisco | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0707 | Multiples vulnérabilités dans Mattermost Server | 2025-08-18T00:00:00.000000 | 2025-09-16T00:00:00.000000 |
| certfr-2025-avi-0706 | Multiples vulnérabilités dans Matrix | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0705 | Multiples vulnérabilités dans Microsoft Edge | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0704 | Vulnérabilité dans les produits Siemens | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0703 | Vulnérabilité dans Synology BeeDrive | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0702 | Multiples vulnérabilités dans PostgreSQL | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0701 | Vulnérabilité dans IBM WebSphere | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0700 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0699 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0698 | Multiples vulnérabilités dans le noyau Linux de Debian | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0697 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0696 | Vulnérabilité dans Spring Framework | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0695 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0694 | Vulnérabilité dans Apache Tomcat | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0693 | Multiples vulnérabilités dans VMware Tanzu | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |