Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-21T13:43:17.635Z |
| cve-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Rea… |
roxy-wi |
roxy-wi |
2026-04-20T20:24:15.319Z | 2026-04-21T13:42:19.802Z | |
| cve-2026-41297 | 4.8 (v4.0) 7.6 (v3.1) | OpenClaw < 2026.3.31 - Server-Side Request Forgery via… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:10.955Z | 2026-04-21T13:41:34.057Z |
| cve-2026-22051 | 2.3 (v4.0) | StorageGRID (formerly StorageGRID Webscale) versi… |
NETAPP |
StorageGRID (formerly StorageGRID Webscale) |
2026-04-20T21:27:36.822Z | 2026-04-21T13:40:46.948Z |
| cve-2026-41330 | 2 (v4.0) 4.4 (v3.1) | OpenClaw < 2026.3.31 - Environment Variable Override v… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:16.941Z | 2026-04-21T13:39:27.598Z |
| cve-2026-41299 | 7.1 (v4.0) 7.1 (v3.1) | OpenClaw < 2026.3.28 - Client Identity Spoofing in cha… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:12.586Z | 2026-04-21T13:38:25.512Z |
| cve-2026-40045 | 5.9 (v4.0) 5.7 (v3.1) | OpenClaw < 2026.4.2 - Cleartext Credential Transmissio… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:07.952Z | 2026-04-21T13:37:43.951Z |
| cve-2026-0930 | 2.3 (v4.0) | Potential wolfSSHd Buffer out-of-bounds Read on Window… |
wolfSSL |
wolfSSH |
2026-04-20T21:28:33.227Z | 2026-04-21T13:37:15.647Z |
| cve-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking … |
0xJacky |
nginx-ui |
2026-04-20T20:16:47.597Z | 2026-04-21T13:36:46.510Z | |
| cve-2026-34082 | Dify has IDOR in deleting someone else's chat conversation |
langgenius |
dify |
2026-04-20T23:03:18.158Z | 2026-04-21T13:36:45.614Z | |
| cve-2026-41303 | 8.7 (v4.0) 8.8 (v3.1) | OpenClaw < 2026.3.28 - Authorization Bypass in Discord… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:15.511Z | 2026-04-21T13:35:55.924Z |
| cve-2026-41295 | 8.5 (v4.0) 7.8 (v3.1) | OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shad… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:09.503Z | 2026-04-21T13:35:47.883Z |
| cve-2026-33031 | Nginx-UI: Disabled users retain full API access throug… |
0xJacky |
nginx-ui |
2026-04-20T20:12:07.905Z | 2026-04-21T13:35:20.144Z | |
| cve-2026-35588 | Glances has CQL Injection in its Cassandra Export Modu… |
nicolargo |
glances |
2026-04-20T23:20:34.998Z | 2026-04-21T13:35:04.526Z | |
| cve-2026-40525 | 9.1 (v4.0) 9.1 (v3.1) | OpenViking < 0.3.9 Authentication Bypass via VikingBot… |
volcengine |
OpenViking |
2026-04-17T18:19:12.315Z | 2026-04-21T13:34:32.327Z |
| cve-2026-39946 | OpenBao allows SQL Injection in PostgreSQL database se… |
openbao |
openbao |
2026-04-21T00:19:39.578Z | 2026-04-21T13:34:21.088Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-41301 | 6.9 (v4.0) 5.3 (v3.1) | OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairi… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:14.023Z | 2026-04-21T13:33:53.554Z |
| cve-2026-39973 | Apktool: Path Traversal to Arbitrary File Write |
iBotPeaches |
Apktool |
2026-04-21T01:35:22.396Z | 2026-04-21T13:33:14.677Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-40520 | 8.6 (v4.0) 7.2 (v3.1) | FreePBX api module Command Injection via GraphQL |
FreePBX |
api |
2026-04-21T12:41:05.281Z | 2026-04-21T13:32:06.116Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-21T13:31:13.580Z |
| cve-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataf… |
OpenMage |
magento-lts |
2026-04-20T16:14:14.366Z | 2026-04-21T13:27:55.707Z | |
| cve-2026-41285 | In OpenBSD through 7.8, the slaacd and rad daemon… |
OpenBSD |
OpenBSD |
2026-04-20T00:00:00.000Z | 2026-04-21T13:27:42.310Z | |
| cve-2026-6058 | 4.5 (v3.1) | ** UNSUPPORTED WHEN ASSIGNED ** An improper encod… |
Zyxel |
WRE6505 v2 firmware |
2026-04-21T01:42:07.433Z | 2026-04-21T13:26:29.283Z |
| cve-2026-31370 | 6.3 (v3.1) | Information Leak Vulnerability in Honor E |
Honor |
Honor E |
2026-04-21T06:30:53.883Z | 2026-04-21T13:25:53.570Z |
| cve-2026-40497 | FreeScout Vulnerable to CSS Injection via Stored Style… |
freescout-help-desk |
freescout |
2026-04-21T01:45:55.492Z | 2026-04-21T13:25:21.103Z | |
| cve-2026-31368 | 7.8 (v3.1) | Privilege Bypass in AiAssistant |
Honor |
AIAssistant |
2026-04-21T06:40:08.446Z | 2026-04-21T13:23:57.396Z |
| cve-2025-13826 | 8.2 (v4.0) | Incorrect input validation on the Zervit portable HTTP… |
Zervit |
portable HTTP/Web server |
2026-04-21T08:19:57.983Z | 2026-04-21T13:23:30.712Z |
| cve-2026-3317 | 5.1 (v4.0) | Reflected Cross-Site Scripting in Navigate CMS application |
Navigate |
Navigate CMS |
2026-04-21T09:03:59.773Z | 2026-04-21T13:22:03.438Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2021-000051 | Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE | 2021-06-16T16:18+09:00 | 2021-06-16T16:18+09:00 |
| jvndb-2021-000049 | Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting | 2021-06-15T16:09+09:00 | 2021-06-16T11:52+09:00 |
| jvndb-2021-000050 | Multiple vulnerabilities in GROWI | 2021-06-14T15:10+09:00 | 2021-06-14T15:10+09:00 |
| jvndb-2021-000048 | Asken App for Android fails to restrict custom URL schemes properly | 2021-06-14T15:10+09:00 | 2021-06-14T15:10+09:00 |
| jvndb-2021-000047 | WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting | 2021-06-11T15:24+09:00 | 2021-06-11T15:24+09:00 |
| jvndb-2021-001756 | urllib3 vulnerable to Regular expression Denial-of-Service (ReDoS) | 2021-06-08T12:21+09:00 | 2021-06-08T12:21+09:00 |
| jvndb-2021-000044 | Zettlr vulnerable to cross-site scripting | 2021-05-26T14:50+09:00 | 2021-06-03T16:21+09:00 |
| jvndb-2021-000046 | ATOM - Smart life App vulnerable to improper server certificate verification | 2021-06-03T14:05+09:00 | 2021-06-03T14:05+09:00 |
| jvndb-2021-000045 | goo blog App fails to restrict custom URL schemes properly | 2021-06-02T15:46+09:00 | 2021-06-02T15:46+09:00 |
| jvndb-2021-001575 | Multiple vulnerabilities in Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers | 2021-06-01T15:18+09:00 | 2021-06-01T15:18+09:00 |
| jvndb-2021-001506 | Hitachi Ops Center Analyzer vulnerability of communication using a certificate not intended by the user | 2021-05-25T14:11+09:00 | 2021-05-25T14:11+09:00 |
| jvndb-2021-000041 | The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries | 2021-05-21T16:34+09:00 | 2021-05-21T16:34+09:00 |
| jvndb-2021-000043 | Installer of Overwolf may insecurely load Dynamic Link Libraries | 2021-05-21T16:07+09:00 | 2021-05-21T16:07+09:00 |
| jvndb-2021-000042 | Multiple cross-site scripting vulnerabilities in multiple PHP Factory products | 2021-05-21T15:38+09:00 | 2021-05-21T15:38+09:00 |
| jvndb-2021-000040 | QND vulnerable to privilege escalation | 2021-05-21T14:21+09:00 | 2021-05-21T14:21+09:00 |
| jvndb-2021-000037 | mod_auth_openidc vulnerable to denial-of-service (DoS) | 2021-05-14T15:35+09:00 | 2021-05-14T15:35+09:00 |
| jvndb-2021-000038 | Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points | 2021-05-14T15:26+09:00 | 2021-05-14T15:26+09:00 |
| jvndb-2021-000039 | RFNTPS vulnerable to OS command injection | 2021-05-13T16:05+09:00 | 2021-05-13T16:05+09:00 |
| jvndb-2021-000036 | Multiple vulnerabilities in KonaWiki2 | 2021-05-13T16:05+09:00 | 2021-05-13T16:05+09:00 |
| jvndb-2021-000035 | EC-CUBE vulnerable to cross-site scripting | 2021-05-10T18:08+09:00 | 2021-05-10T18:08+09:00 |
| jvndb-2021-001381 | Multiple vulnerabilities in Buffalo broadband routers | 2021-04-28T16:14+09:00 | 2021-05-07T16:28+09:00 |
| jvndb-2021-001380 | Multiple Buffalo network devices contain hidden functionality | 2021-04-28T16:15+09:00 | 2021-05-07T16:16+09:00 |
| jvndb-2021-000034 | WordPress plugin "WP Fastest Cache" vulnerable to directory traversal | 2021-04-27T17:12+09:00 | 2021-04-27T17:12+09:00 |
| jvndb-2021-000909 | yappa-ng vulnerable to cross-site scripting | 2021-04-22T16:33+09:00 | 2021-04-22T16:33+09:00 |
| jvndb-2021-001374 | Trend Micro Password Manager may insecurely load Dynamic Link Libraries | 2021-04-20T12:25+09:00 | 2021-04-20T12:25+09:00 |
| jvndb-2021-001345 | Information Disclosure Vulnerability in Cosminexus | 2021-04-13T16:46+09:00 | 2021-04-13T16:46+09:00 |
| jvndb-2021-001344 | Vulnerability in JP1/VERITAS | 2021-04-13T16:42+09:00 | 2021-04-13T16:42+09:00 |
| jvndb-2021-001343 | D-Link DAP-1880AC contains multiple vulnerabilities | 2021-04-12T15:32+09:00 | 2021-04-12T15:32+09:00 |
| jvndb-2021-000026 | Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS) | 2021-03-19T15:32+09:00 | 2021-04-12T13:30+09:00 |
| jvndb-2020-000008 | AWMS Mobile App vulnerable to improper server certificate verification | 2020-01-31T12:30+09:00 | 2021-04-12T13:30+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0673 | Vulnérabilité dans Centreon Gorgone | 2025-08-12T00:00:00.000000 | 2025-08-12T00:00:00.000000 |
| certfr-2025-avi-0672 | Multiples vulnérabilités dans Liferay | 2025-08-11T00:00:00.000000 | 2025-08-11T00:00:00.000000 |
| certfr-2025-avi-0671 | Multiples vulnérabilités dans les produits IBM | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0670 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0669 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0668 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0667 | Multiples vulnérabilités dans Juniper Secure Analytics | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0666 | Multiples vulnérabilités dans Microsoft Azure | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0665 | Multiples vulnérabilités dans Microsoft Office | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0664 | Multiples vulnérabilités dans Microsoft Edge | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0663 | Multiples vulnérabilités dans GnuTLS | 2025-08-08T00:00:00.000000 | 2025-08-08T00:00:00.000000 |
| certfr-2025-avi-0662 | Multiples vulnérabilités dans les produits Centreon | 2025-08-07T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-avi-0661 | Multiples vulnérabilités dans les produits Splunk | 2025-08-07T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-avi-0660 | Vulnérabilité dans Tenable Identity Exposure | 2025-08-07T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-avi-0659 | Vulnérabilité dans Microsoft Exchange Server | 2025-08-07T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-avi-0658 | Multiples vulnérabilités dans Trend Micro Apex One | 2025-08-06T00:00:00.000000 | 2025-08-06T00:00:00.000000 |
| certfr-2025-avi-0657 | Multiples vulnérabilités dans Google Chrome | 2025-08-06T00:00:00.000000 | 2025-08-06T00:00:00.000000 |
| certfr-2025-avi-0656 | Vulnérabilité dans Google Pixel | 2025-08-06T00:00:00.000000 | 2025-08-06T00:00:00.000000 |
| certfr-2025-avi-0655 | Multiples vulnérabilités dans les produits Liferay | 2025-08-05T00:00:00.000000 | 2025-08-05T00:00:00.000000 |
| certfr-2025-avi-0654 | Multiples vulnérabilités dans les produits Netgate | 2025-08-05T00:00:00.000000 | 2025-08-05T00:00:00.000000 |
| certfr-2025-avi-0653 | Multiples vulnérabilités dans Google Android | 2025-08-05T00:00:00.000000 | 2025-08-05T00:00:00.000000 |
| certfr-2025-avi-0652 | Vulnérabilité dans le greffon "WASM Client" pour Traefik | 2025-08-04T00:00:00.000000 | 2025-08-04T00:00:00.000000 |
| certfr-2025-avi-0651 | Multiples vulnérabilités dans les produits IBM | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |
| certfr-2025-avi-0650 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |
| certfr-2025-avi-0649 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |
| certfr-2025-avi-0648 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |
| certfr-2025-avi-0647 | Vulnérabilité dans Squid | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |
| certfr-2025-avi-0646 | Vulnérabilité dans Microsoft Edge | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |
| certfr-2025-avi-0645 | Multiples vulnérabilités dans Asterisk | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |
| certfr-2025-avi-0644 | Vulnérabilité dans Progress MOVEit Transfer | 2025-08-01T00:00:00.000000 | 2025-08-01T00:00:00.000000 |