Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-6745 | Bagisto Custom Scripts cross site scripting |
n/a |
Bagisto |
2026-04-21T18:30:17.803Z | 2026-04-21T18:45:13.321Z | |
| cve-2026-22751 | 4.8 (v3.1) | Spring Security JdbcOneTimeTokenService allows a one-t… |
Spring |
Spring Security |
2026-04-21T18:30:35.428Z | 2026-04-21T18:44:34.841Z |
| cve-2026-40608 | Next AI Draw.io: Unbounded HTTP Body — Denial of Service |
DayuanJiang |
next-ai-draw-io |
2026-04-21T17:56:35.046Z | 2026-04-21T18:36:25.819Z | |
| cve-2026-40599 | ClearanceKit: Ad-hoc signed binaries can spoof Apple p… |
craigjbass |
clearancekit |
2026-04-21T17:37:05.064Z | 2026-04-21T18:35:04.258Z | |
| cve-2026-37748 | N/A | Visitor Management System 1.0 by sanjay1313 is vu… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:25:24.762Z |
| cve-2026-31019 | N/A | In the Website module of Dolibarr ERP & CRM 22.0.… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:23:33.693Z |
| cve-2025-69662 | N/A | SQL injection vulnerability in geopandas before v… |
n/a |
n/a |
2026-01-30T00:00:00.000Z | 2026-04-21T18:22:26.627Z |
| cve-2017-20230 | N/A | Storable versions before 3.05 for Perl has a stack overflow |
NWCLARK |
Storable |
2026-04-21T15:26:18.216Z | 2026-04-21T18:22:25.354Z |
| cve-2026-31014 | N/A | Dovestones Softwares AD Self Update <4.0.0.5 is v… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:21:08.828Z |
| cve-2026-31013 | N/A | Dovestones Softwares ADPhonebook <4.0.1.1 has a r… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T18:19:12.306Z |
| cve-2026-40594 | pyLoad: Session Cookie Security Downgrade via Untruste… |
pyload |
pyload |
2026-04-21T17:14:03.627Z | 2026-04-21T18:01:30.556Z | |
| cve-2026-6743 | WebSystems WebTOTUM Calendar cross site scripting |
WebSystems |
WebTOTUM |
2026-04-21T16:30:14.358Z | 2026-04-21T17:59:15.584Z | |
| cve-2026-29644 | N/A | XiangShan (open-source high-performance RISC-V pr… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T17:59:06.506Z |
| cve-2026-40585 | blueprintUE: Password Reset Tokens Have No Expiry Window |
blueprintue |
blueprintue-self-hosted-edition |
2026-04-21T17:09:17.982Z | 2026-04-21T17:48:47.758Z | |
| cve-2026-41190 | FreeScout has assigned-only visibility bypass via save… |
freescout-help-desk |
freescout |
2026-04-21T17:06:31.785Z | 2026-04-21T17:48:06.353Z | |
| cve-2026-40591 | FreeScout: Improper Authorization in Phone Conversatio… |
freescout-help-desk |
freescout |
2026-04-21T16:54:14.113Z | 2026-04-21T17:46:38.202Z | |
| cve-2026-40569 | FreeScout's Mass Assignment in Mailbox Connection Sett… |
freescout-help-desk |
freescout |
2026-04-21T16:46:15.796Z | 2026-04-21T17:45:31.659Z | |
| cve-2026-40161 | Tekton Pipelines: Git resolver API mode leaks system-c… |
tektoncd |
pipeline |
2026-04-21T16:26:27.381Z | 2026-04-21T17:41:38.895Z | |
| cve-2026-6729 | 5.3 (v4.0) 6.3 (v3.1) | HKUDS OpenHarness Session Key Collision Privilege Escalation |
HKUDS |
OpenHarness |
2026-04-20T22:01:38.766Z | 2026-04-21T17:39:32.967Z |
| cve-2026-40590 | FreeScout's Customer AJAX Create Modifies Hidden Exist… |
freescout-help-desk |
freescout |
2026-04-21T16:52:27.992Z | 2026-04-21T17:39:21.865Z | |
| cve-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Lea… |
roxy-wi |
roxy-wi |
2026-04-20T20:26:52.217Z | 2026-04-21T17:38:09.523Z | |
| cve-2026-41189 | FreeScout has assigned-only visibility bypass that all… |
freescout-help-desk |
freescout |
2026-04-21T17:04:07.469Z | 2026-04-21T17:37:13.107Z | |
| cve-2025-69993 | Leaflet versions up to and including 1.9.4 are vu… |
n/a |
n/a |
2026-04-14T00:00:00.000Z | 2026-04-21T17:36:25.753Z | |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-21T17:35:30.317Z | |
| cve-2026-26067 | October: Safe Mode Bypass via CSS Preprocessor Compilers |
octobercms |
october |
2026-04-21T16:16:03.293Z | 2026-04-21T17:35:19.882Z | |
| cve-2026-41298 | 5.3 (v4.0) 5.4 (v3.1) | OpenClaw < 2026.4.2 - Authorization Bypass in Session … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:11.787Z | 2026-04-21T17:34:23.419Z |
| cve-2026-40566 | FreeScout vulnerable to SSRF via IMAP/SMTP Connection … |
freescout-help-desk |
freescout |
2026-04-21T16:04:35.587Z | 2026-04-21T17:33:11.528Z | |
| cve-2026-40584 | RansomLook - Improper Filtering of Private Location En… |
RansomLook |
RansomLook |
2026-04-21T17:05:25.349Z | 2026-04-21T17:29:55.759Z | |
| cve-2026-40050 | 9.8 (v3.1) | CrowdStrike LogScale Unauthenticated Path Traversal |
CrowdStrike |
LogScale Self-Hosted |
2026-04-21T16:48:24.722Z | 2026-04-21T17:25:29.299Z |
| cve-2026-21571 | This Critical severity OS Command Injection vulne… |
Atlassian |
Bamboo Data Center |
2026-04-21T17:00:05.524Z | 2026-04-21T17:24:23.557Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2021-000102 | rwtxt vulnerable to cross-site scripting | 2021-11-16T13:38+09:00 | 2021-11-16T13:38+09:00 |
| jvndb-2021-000101 | Unlimited Sitemap Generator vulnerable to cross-site request forgery | 2021-11-12T15:07+09:00 | 2021-11-12T15:07+09:00 |
| jvndb-2021-003840 | Cross-site Scripting Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2021-11-12T11:41+09:00 | 2021-11-12T11:41+09:00 |
| jvndb-2021-000100 | Multiple vulnerabilities in EC-CUBE 2 series | 2021-11-11T15:09+09:00 | 2021-11-11T15:09+09:00 |
| jvndb-2021-000094 | WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting | 2021-11-10T14:26+09:00 | 2021-11-10T14:26+09:00 |
| jvndb-2021-003811 | File Permission Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center | 2021-11-05T15:04+09:00 | 2021-11-05T15:04+09:00 |
| jvndb-2021-003660 | Authentication Bypass Vulnerability in Hitachi Device Manager | 2021-11-01T15:56+09:00 | 2021-11-01T15:56+09:00 |
| jvndb-2021-003080 | OMRON CX-Supervisor vulnerable to out-of-bounds read | 2021-10-18T15:26+09:00 | 2021-11-01T15:37+09:00 |
| jvndb-2021-000096 | Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent | 2021-10-29T15:11+09:00 | 2021-10-29T15:11+09:00 |
| jvndb-2021-000098 | ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS) | 2021-10-29T14:58+09:00 | 2021-10-29T14:58+09:00 |
| jvndb-2021-000095 | Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter | 2021-10-28T15:03+09:00 | 2021-10-28T15:03+09:00 |
| jvndb-2021-003385 | Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation | 2021-10-26T12:35+09:00 | 2021-10-26T12:35+09:00 |
| jvndb-2021-000091 | 128 Technology Session Smart Router vulnerable to authentication bypass | 2021-10-18T14:58+09:00 | 2021-10-18T14:58+09:00 |
| jvndb-2021-000090 | Apache HTTP Server vulnerable to directory traversal | 2021-10-11T18:07+09:00 | 2021-10-11T18:07+09:00 |
| jvndb-2021-000089 | Nike App fails to restrict custom URL schemes properly | 2021-10-08T14:32+09:00 | 2021-10-08T14:32+09:00 |
| jvndb-2021-002810 | Information Disclosure Vulnerability in Hitachi Tuning Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2021-10-05T15:37+09:00 | 2021-10-05T15:37+09:00 |
| jvndb-2021-002774 | Trend Micro ServerProtect family vulnerable to authentication bypass | 2021-10-01T14:42+09:00 | 2021-10-01T14:42+09:00 |
| jvndb-2021-002752 | Trend Micro HouseCall for Home Networks vulnerable to privilege escalation | 2021-09-30T13:56+09:00 | 2021-09-30T13:56+09:00 |
| jvndb-2021-000085 | SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification | 2021-09-28T15:18+09:00 | 2021-09-28T15:18+09:00 |
| jvndb-2021-000086 | WordPress Plugin "OG Tags" vulnerable to cross-site request forgery | 2021-09-28T15:11+09:00 | 2021-09-28T15:11+09:00 |
| jvndb-2021-000084 | InBody App vulnerable to information disclosure | 2021-09-28T14:27+09:00 | 2021-09-28T14:27+09:00 |
| jvndb-2021-001123 | Multiple vulnerabilities in GROWI | 2021-03-09T14:17+09:00 | 2021-09-24T13:34+09:00 |
| jvndb-2021-000083 | EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting | 2021-09-16T14:33+09:00 | 2021-09-16T14:33+09:00 |
| jvndb-2021-000082 | EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting | 2021-09-13T14:24+09:00 | 2021-09-13T14:24+09:00 |
| jvndb-2021-000074 | Multiple vulnerabilities in RevoWorks Browser | 2021-09-10T15:44+09:00 | 2021-09-10T15:44+09:00 |
| jvndb-2021-002342 | Trend Micro Security family vulnerable to improper handling of Directory Junction | 2021-09-03T16:10+09:00 | 2021-09-03T16:10+09:00 |
| jvndb-2020-000085 | Multiple vulnerabilities in GROWI | 2020-12-15T15:41+09:00 | 2021-08-30T16:29+09:00 |
| jvndb-2021-000080 | baserCMS vulnerable to cross-site scripting | 2021-08-27T13:29+09:00 | 2021-08-27T13:29+09:00 |
| jvndb-2021-000079 | Multiple cross-site scripting vulnerabilities in Movable Type | 2021-08-25T14:54+09:00 | 2021-08-25T14:54+09:00 |
| jvndb-2021-000078 | The installers of multiple Sony products may insecurely load Dynamic Link Libraries | 2021-08-24T14:30+09:00 | 2021-08-24T14:30+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0728 | Vulnérabilité dans Centreon Web | 2025-08-25T00:00:00.000000 | 2025-08-25T00:00:00.000000 |
| certfr-2025-avi-0727 | Multiples vulnérabilités dans les produits ESET | 2025-08-25T00:00:00.000000 | 2025-08-25T00:00:00.000000 |
| certfr-2025-avi-0726 | Vulnérabilité dans les produits Moxa | 2025-08-25T00:00:00.000000 | 2025-08-25T00:00:00.000000 |
| certfr-2025-avi-0725 | Vulnérabilité dans Liferay | 2025-08-25T00:00:00.000000 | 2025-08-25T00:00:00.000000 |
| certfr-2025-avi-0643 | Vulnérabilité dans Mattermost Server | 2025-07-31T00:00:00.000000 | 2025-08-25T00:00:00.000000 |
| certfr-2025-avi-0724 | Multiples vulnérabilités dans les produits IBM | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0723 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0722 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0721 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0720 | Multiples vulnérabilités dans Microsoft Windows | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0719 | Vulnérabilité dans Microsoft Edge | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0718 | Multiples vulnérabilités dans les produits Liferay | 2025-08-22T00:00:00.000000 | 2025-08-22T00:00:00.000000 |
| certfr-2025-avi-0717 | Vulnérabilité dans Elastic Beats | 2025-08-21T00:00:00.000000 | 2025-08-21T00:00:00.000000 |
| certfr-2025-avi-0716 | Vulnérabilité dans les produits Apple | 2025-08-21T00:00:00.000000 | 2025-08-21T00:00:00.000000 |
| certfr-2025-avi-0715 | Multiples vulnérabilités dans les produits Liferay | 2025-08-21T00:00:00.000000 | 2025-08-21T00:00:00.000000 |
| certfr-2025-avi-0614 | Multiples vulnérabilités dans les produits Mattermost | 2025-07-23T00:00:00.000000 | 2025-08-21T00:00:00.000000 |
| certfr-2025-avi-0714 | Multiples vulnérabilités dans les produits Mozilla | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0713 | Multiples vulnérabilités dans les produits Liferay | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0712 | Vulnérabilité dans Apereo CAS | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0711 | Vulnérabilité dans Google Chrome | 2025-08-20T00:00:00.000000 | 2025-08-20T00:00:00.000000 |
| certfr-2025-avi-0710 | Multiples vulnérabilités dans les produits F5 | 2025-08-19T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0709 | Multiples vulnérabilités dans les produits Liferay | 2025-08-19T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0525 | Multiples vulnérabilités dans Mattermost Server | 2025-06-19T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0453 | Vulnérabilité dans Mattermost Server | 2025-05-27T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0441 | Vulnérabilité dans Mattermost Server | 2025-05-22T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0355 | Multiples vulnérabilités dans Mattermost Server | 2025-04-30T00:00:00.000000 | 2025-08-19T00:00:00.000000 |
| certfr-2025-avi-0708 | Multiples vulnérabilités dans les produits Cisco | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0706 | Multiples vulnérabilités dans Matrix | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0705 | Multiples vulnérabilités dans Microsoft Edge | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0704 | Vulnérabilité dans les produits Siemens | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |