Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-5652 | 9 (v3.1) | Authorization Bypass Through User-Controlled Key in Cr… |
Arcadia Technology, LLC |
Crafty Controller |
2026-04-21T16:33:56.878Z | 2026-04-21T17:22:27.276Z |
| cve-2026-35451 | Twenty: Stored XSS via BlockNote FileBlock |
twentyhq |
twenty |
2026-04-21T16:22:30.378Z | 2026-04-21T16:56:02.097Z | |
| cve-2026-40576 | Improper Limitation of a Pathname to a Restricted Dire… |
haris-musa |
excel-mcp-server |
2026-04-21T16:35:15.592Z | 2026-04-21T16:50:25.987Z | |
| cve-2026-25542 | Tekton Pipelines: VerificationPolicy regex pattern byp… |
tektoncd |
pipeline |
2026-04-21T16:05:43.217Z | 2026-04-21T16:48:15.671Z | |
| cve-2026-29179 | October: Editor Sub-Permission Bypass for Asset and Bl… |
octobercms |
october |
2026-04-21T16:19:52.447Z | 2026-04-21T16:46:47.873Z | |
| cve-2026-24176 | 4.3 (v3.1) | NVIDIA KAI Scheduler contains a vulnerability whe… |
NVIDIA |
KAI Scheduler |
2026-04-21T16:17:00.601Z | 2026-04-21T16:43:30.471Z |
| cve-2026-24177 | 7.7 (v3.1) | NVIDIA KAI Scheduler contains a vulnerability whe… |
NVIDIA |
KAI Scheduler |
2026-04-21T16:17:26.431Z | 2026-04-21T16:42:36.727Z |
| cve-2026-24189 | 8.2 (v3.1) | NVIDIA CUDA-Q contains a vulnerability in an endp… |
NVIDIA |
CUDA-Q |
2026-04-21T16:17:54.323Z | 2026-04-21T16:41:23.992Z |
| cve-2026-6703 | Responsive Blocks <= 2.2.1 - Missing Authorization to … |
cyberchimps |
Responsive Blocks – Page Builder for Blocks & Patterns |
2026-04-21T06:43:58.955Z | 2026-04-21T16:36:19.694Z | |
| cve-2026-5754 | N/A | Radware Alteon has a reflected XSS vulnerability |
Radware |
Alteon vADC |
2026-04-14T17:51:12.616Z | 2026-04-21T16:25:02.461Z |
| cve-2025-15638 | N/A | Net::Dropbear versions before 0.14 for Perl contains a… |
ATRODO |
Net::Dropbear |
2026-04-21T15:34:18.988Z | 2026-04-21T16:23:17.147Z |
| cve-2025-41029 | 9.3 (v4.0) | SQL injection in Zeon Academy Pro by Zeon Global Tech |
Zeon Global Tech |
Zeon Academy Pro |
2026-04-21T14:59:40.481Z | 2026-04-21T16:23:02.186Z |
| cve-2025-41011 | 5.1 (v4.0) | HTML injection in PHP Point Of Sale |
PHP Point Of Sale |
PHP Point Of Sale |
2026-04-21T15:15:31.708Z | 2026-04-21T16:21:50.544Z |
| cve-2026-3505 | 8.7 (v4.0) | Unbounded PGP AEAD chunk size leads to pre-auth resour… |
Legion of the Bouncy Castle Inc. |
BC-JAVA |
2026-04-15T09:06:37.939Z | 2026-04-21T16:04:10.293Z |
| cve-2026-2436 | 6.5 (v3.1) | Libsoup: libsoup: denial of service via use-after-free… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-26T19:31:34.270Z | 2026-04-21T16:00:28.482Z |
| cve-2026-5588 | 6.3 (v4.0) | PKIX draft CompositeVerifier accepts empty signature s… |
Legion of the Bouncy Castle Inc. |
BC-JAVA |
2026-04-15T09:06:15.617Z | 2026-04-21T15:43:55.191Z |
| cve-2026-2271 | 3.3 (v3.1) | Gimp: gimp: denial of service via crafted psp image file |
Red Hat |
Red Hat Enterprise Linux 6 |
2026-03-26T20:00:09.397Z | 2026-04-21T15:33:40.712Z |
| cve-2026-2100 | 5.3 (v3.1) | P11-kit: p11-kit: null dereference via c_derivekey wit… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-26T20:01:46.174Z | 2026-04-21T15:33:37.011Z |
| cve-2026-31018 | N/A | In Dolibarr ERP & CRM <= 22.0.4, PHP code detecti… |
n/a |
n/a |
2026-04-21T00:00:00.000Z | 2026-04-21T15:31:23.441Z |
| cve-2026-32640 | (SimpleEval) Objects (including modules) can leak dang… |
danthedeckie |
simpleeval |
2026-03-13T21:03:53.435Z | 2026-04-21T15:29:09.693Z | |
| cve-2026-1089 | 6.5 (v3.1) | User‑Controlled HTTP Header In Fortra's GoAnywhere MFT… |
Fortra |
GoAnywhere MFT |
2026-04-21T14:14:58.244Z | 2026-04-21T15:00:35.492Z |
| cve-2026-5752 | N/A | CVE-2026-5752 |
Cohere |
cohere-terrarium |
2026-04-14T17:53:10.330Z | 2026-04-21T14:34:54.223Z |
| cve-2026-4852 | Image Source Control Lite – Show Image Credits and Cap… |
webzunft |
Image Source Control Lite – Show Image Credits and Captions |
2026-04-20T20:26:53.256Z | 2026-04-21T13:53:14.507Z | |
| cve-2026-6711 | Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting |
ryhowa |
Website LLMs.txt |
2026-04-21T06:43:59.951Z | 2026-04-21T13:51:33.148Z | |
| cve-2026-40496 | FreeScout has Predictable Attachment Token that Allows… |
freescout-help-desk |
freescout |
2026-04-21T01:38:50.117Z | 2026-04-21T13:50:39.454Z | |
| cve-2026-39886 | OpenEXR has HTJ2K Signed Integer Overflow in ht_undo_impl() |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:27:01.371Z | 2026-04-21T13:49:21.573Z | |
| cve-2026-6712 | Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Sto… |
ryhowa |
Website LLMs.txt |
2026-04-21T06:43:59.539Z | 2026-04-21T13:47:53.867Z | |
| cve-2026-39861 | Claude Code: Sandbox Escape via Symlink Following Allo… |
anthropics |
claude-code |
2026-04-21T00:56:39.062Z | 2026-04-21T13:44:49.618Z | |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-21T13:44:08.776Z | |
| cve-2026-39378 | nbconvert has an Arbitrary File Read via Path Traversa… |
jupyter |
nbconvert |
2026-04-21T00:17:00.684Z | 2026-04-21T13:43:29.081Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2021-002282 | Multiple vulnerabilities in Navigate CMS | 2021-08-20T14:25+09:00 | 2021-08-20T14:25+09:00 |
| jvndb-2021-002279 | Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises | 2021-08-19T15:01+09:00 | 2021-08-19T15:01+09:00 |
| jvndb-2021-000077 | Huawei EchoLife HG8045Q vulnerable to OS command injection | 2021-08-17T14:24+09:00 | 2021-08-17T14:24+09:00 |
| jvndb-2021-002273 | Multiple vulnerabilities in D-Link router DSL-2750U | 2021-08-17T14:09+09:00 | 2021-08-17T14:09+09:00 |
| jvndb-2021-000076 | Plone vulnerable to open redirect | 2021-08-12T14:05+09:00 | 2021-08-12T14:05+09:00 |
| jvndb-2021-000075 | WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting | 2021-08-10T14:40+09:00 | 2021-08-10T14:40+09:00 |
| jvndb-2021-002077 | Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises | 2021-08-04T11:15+09:00 | 2021-08-04T11:15+09:00 |
| jvndb-2020-000071 | Cybozu Garoon vulnerable to improper input validation | 2020-11-05T11:43+09:00 | 2021-08-02T11:08+09:00 |
| jvndb-2020-000087 | Management software for NEC Storage disk array system vulnerable to improper server certificate verification | 2020-12-18T17:00+09:00 | 2021-07-21T16:21+09:00 |
| jvndb-2021-000072 | Minecraft Java Edition vulnerable to directory traversal | 2021-07-21T15:12+09:00 | 2021-07-21T15:12+09:00 |
| jvndb-2021-002005 | Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting | 2021-07-19T16:53+09:00 | 2021-07-19T16:53+09:00 |
| jvndb-2021-000069 | Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery | 2021-07-14T17:13+09:00 | 2021-07-14T17:13+09:00 |
| jvndb-2021-001977 | Multiple vulnerabilities in Elecom routers | 2021-07-07T14:03+09:00 | 2021-07-12T16:04+09:00 |
| jvndb-2021-000067 | voidtools "Everything" vulnerable to HTTP header injection | 2021-07-09T14:40+09:00 | 2021-07-09T14:40+09:00 |
| jvndb-2021-000065 | WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery | 2021-07-08T14:29+09:00 | 2021-07-08T14:29+09:00 |
| jvndb-2021-000066 | WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery | 2021-07-08T13:45+09:00 | 2021-07-08T13:45+09:00 |
| jvndb-2021-000064 | GU App for Android fails to restrict access permissions | 2021-07-07T13:16+09:00 | 2021-07-07T13:16+09:00 |
| jvndb-2021-001968 | Multiple vulnerabilities in Trend Micro Password Manager | 2021-07-06T16:08+09:00 | 2021-07-06T16:08+09:00 |
| jvndb-2021-000063 | WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery | 2021-07-06T14:50+09:00 | 2021-07-06T14:50+09:00 |
| jvndb-2021-000062 | WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery | 2021-07-06T14:11+09:00 | 2021-07-06T14:11+09:00 |
| jvndb-2021-000061 | A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass | 2021-07-05T14:28+09:00 | 2021-07-05T14:28+09:00 |
| jvndb-2021-000059 | EC-CUBE fails to restrict access permissions | 2021-07-01T15:49+09:00 | 2021-07-01T15:49+09:00 |
| jvndb-2007-002102 | boastMachine vulnerable to cross-site scripting | 2021-06-30T14:32+09:00 | 2021-06-30T14:32+09:00 |
| jvndb-2021-000058 | IkaIka RSS Reader vulnerable to cross-site scripting | 2021-06-30T14:21+09:00 | 2021-06-30T14:21+09:00 |
| jvndb-2021-000056 | WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting | 2021-06-30T11:36+09:00 | 2021-06-30T11:36+09:00 |
| jvndb-2021-000057 | Multiple cross-site scripting vulnerabilities in EC-CUBE | 2021-06-23T15:15+09:00 | 2021-06-23T15:15+09:00 |
| jvndb-2021-000055 | WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting | 2021-06-22T15:06+09:00 | 2021-06-22T15:06+09:00 |
| jvndb-2021-000054 | Inkdrop vulnerable to OS command injection | 2021-06-22T15:06+09:00 | 2021-06-22T15:06+09:00 |
| jvndb-2021-000053 | Hitachi Virtual File Platform vulnerable to OS command injection | 2021-06-18T15:45+09:00 | 2021-06-18T15:45+09:00 |
| jvndb-2021-000052 | Hitachi Application Server Help vulnerable cross-site scripting | 2021-06-17T15:11+09:00 | 2021-06-17T15:11+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0703 | Vulnérabilité dans Synology BeeDrive | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0702 | Multiples vulnérabilités dans PostgreSQL | 2025-08-18T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-avi-0701 | Vulnérabilité dans IBM WebSphere | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0700 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0699 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0698 | Multiples vulnérabilités dans le noyau Linux de Debian | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0697 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0696 | Vulnérabilité dans Spring Framework | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0695 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0694 | Vulnérabilité dans Apache Tomcat | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0693 | Multiples vulnérabilités dans VMware Tanzu | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0692 | Multiples vulnérabilités dans Ruby on Rails | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0691 | Vulnérabilité dans Nginx | 2025-08-14T00:00:00.000000 | 2025-08-14T00:00:00.000000 |
| certfr-2025-avi-0690 | Multiples vulnérabilités dans GitLab | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0689 | Multiples vulnérabilités dans les produits Microsoft | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0688 | Multiples vulnérabilités dans Microsoft Azure | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0687 | Multiples vulnérabilités dans Microsoft Windows | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0686 | Multiples vulnérabilités dans Microsoft Office | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0685 | Multiples vulnérabilités dans Microsoft Edge | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0684 | Multiples vulnérabilités dans les produits Intel | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0683 | Multiples vulnérabilités dans les produits Ivanti | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0682 | Multiples vulnérabilités dans Liferay | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0681 | Multiples vulnérabilités dans Google Chrome | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0680 | Multiples vulnérabilités dans les produits FoxIT | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0679 | Multiples vulnérabilités dans les produits Fortinet | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0678 | Multiples vulnérabilités dans les produits Adobe | 2025-08-13T00:00:00.000000 | 2025-08-13T00:00:00.000000 |
| certfr-2025-avi-0677 | Multiples vulnérabilités dans les produits Siemens | 2025-08-12T00:00:00.000000 | 2025-08-12T00:00:00.000000 |
| certfr-2025-avi-0676 | Multiples vulnérabilités dans les produits Schneider Electric | 2025-08-12T00:00:00.000000 | 2025-08-12T00:00:00.000000 |
| certfr-2025-avi-0675 | Vulnérabilité dans Liferay | 2025-08-12T00:00:00.000000 | 2025-08-12T00:00:00.000000 |
| certfr-2025-avi-0674 | Multiples vulnérabilités dans les produits SAP | 2025-08-12T00:00:00.000000 | 2025-08-12T00:00:00.000000 |