Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-30269 | N/A | Improper access control in Doorman v0.1.0 and v1.… |
n/a |
n/a |
2026-04-20T00:00:00.000Z | 2026-04-20T18:23:39.346Z |
| cve-2026-39111 | N/A | SQL Injection vulnerability in Apartment Visitors… |
n/a |
n/a |
2026-04-20T00:00:00.000Z | 2026-04-20T18:12:54.038Z |
| cve-2026-40098 | OpenMage LTS imports cross-user wishlist item via shar… |
OpenMage |
magento-lts |
2026-04-20T16:19:55.157Z | 2026-04-20T18:10:44.490Z | |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-6662 | ericc-ch copilot-api Token Endpoint server.ts cors cro… |
ericc-ch |
copilot-api |
2026-04-20T17:00:17.800Z | 2026-04-20T18:09:27.691Z | |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-39112 | N/A | Cross Site Scripting vulnerability in Apartment V… |
n/a |
n/a |
2026-04-20T00:00:00.000Z | 2026-04-20T18:07:53.479Z |
| cve-2026-23757 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module |
GFI Software |
HelpDesk |
2026-04-20T17:27:56.067Z | 2026-04-20T18:07:01.630Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-41445 | 8.7 (v4.0) 8.8 (v3.1) | KissFFT Integer Overflow Heap Buffer Overflow via kiss… |
mborgerding |
kissfft |
2026-04-20T16:18:50.371Z | 2026-04-20T17:57:10.156Z |
| cve-2025-11419 | 7.5 (v3.1) | Keycloak: keycloak tls client-initiated renegotiation … |
|
|
2025-12-23T20:42:38.699Z | 2026-04-20T17:45:58.307Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| cve-2026-28684 | python-dotenv: Symlink following in set_key allows arb… |
theskumar |
python-dotenv |
2026-04-20T16:25:12.302Z | 2026-04-20T17:43:09.477Z | |
| cve-2026-30266 | N/A | Insecure Permissions vulnerability in DeepCool De… |
n/a |
n/a |
2026-04-20T00:00:00.000Z | 2026-04-20T17:25:38.552Z |
| cve-2026-5747 | 7.5 (v3.1) 8.7 (v4.0) | Out-of-bounds Write in Firecracker virtio-pci Transport |
AWS |
Firecracker |
2026-04-07T23:17:23.944Z | 2026-04-20T17:24:32.674Z |
| cve-2026-33810 | N/A | Case-sensitive excludedSubtrees name constraints cause… |
Go standard library |
crypto/x509 |
2026-04-08T01:06:56.546Z | 2026-04-20T17:23:21.823Z |
| cve-2026-40917 | 5 (v3.1) | Gimp: gimp: application crashes or information disclos… |
Red Hat |
Red Hat Enterprise Linux 6 |
2026-04-15T18:59:09.003Z | 2026-04-20T17:10:53.279Z |
| cve-2026-40918 | 5.5 (v3.1) | Gimp: gimp: denial of service via crafted pvr image file |
Red Hat |
Red Hat Enterprise Linux 6 |
2026-04-15T18:59:14.823Z | 2026-04-20T17:10:52.907Z |
| cve-2026-40916 | 5 (v3.1) | Gimp: gimp: denial of service due to stack buffer over… |
Red Hat |
Red Hat Enterprise Linux 6 |
2026-04-15T18:58:57.615Z | 2026-04-20T17:10:48.850Z |
| cve-2026-40915 | 5.5 (v3.1) | Gimp: gimp: heap buffer overflow due to integer overfl… |
Red Hat |
Red Hat Enterprise Linux 6 |
2026-04-15T18:58:52.059Z | 2026-04-20T17:10:46.262Z |
| cve-2026-5720 | 7.1 (v4.0) | miniupnpd Integer Underflow SOAPAction Header Parsing |
miniupnp project |
miniupnpd |
2026-04-17T21:39:54.818Z | 2026-04-20T16:59:21.060Z |
| cve-2026-40488 | OpenMage LTS has Customer File Upload Extension Blockl… |
OpenMage |
magento-lts |
2026-04-20T16:23:07.429Z | 2026-04-20T16:55:05.724Z | |
| cve-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Co… |
OpenMage |
magento-lts |
2026-04-20T16:11:16.922Z | 2026-04-20T16:54:43.603Z | |
| cve-2025-66954 | N/A | A vulnerability exists in the Buffalo Link Statio… |
n/a |
n/a |
2026-04-20T00:00:00.000Z | 2026-04-20T16:54:28.824Z |
| cve-2026-0868 | EMC Scheduling Manager <= 4.4 - Authenticated (Contrib… |
turn2honey |
EMC – Easily Embed Calendly Scheduling |
2026-04-19T03:26:14.765Z | 2026-04-20T16:53:24.024Z | |
| cve-2026-29013 | 8.8 (v4.0) | libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling |
libcoap |
libcoap |
2026-04-17T21:11:38.137Z | 2026-04-20T16:46:56.223Z |
| cve-2026-25883 | Vexa Webhook Feature has a SSRF Vulnerability |
Vexa-ai |
vexa |
2026-04-20T16:04:36.584Z | 2026-04-20T16:36:21.221Z | |
| cve-2026-41245 | Junrar: Path Traversal (Zip-Slip) via Sibling Director… |
junrar |
junrar |
2026-04-20T15:15:24.540Z | 2026-04-20T16:35:09.317Z | |
| cve-2026-6586 | TransformerOptimus SuperAGI Budget Endpoint budget.py … |
TransformerOptimus |
SuperAGI |
2026-04-19T23:45:12.377Z | 2026-04-20T16:33:28.763Z | |
| cve-2026-6581 | H3C Magic B1 aspForm SetMobileAPInfoById buffer overflow |
H3C |
Magic B1 |
2026-04-19T22:30:15.766Z | 2026-04-20T16:30:27.926Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2020-009467 | Multiple vulnerabilities in XOOPS module "XooNIps" | 2020-11-09T15:10+09:00 | 2020-11-09T15:10+09:00 |
| jvndb-2020-009141 | Local File Inclusion vulnerability in OneThird CMS | 2020-10-21T15:21+09:00 | 2020-10-21T15:21+09:00 |
| jvndb-2020-000069 | Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor" | 2020-10-21T14:50+09:00 | 2020-10-21T14:50+09:00 |
| jvndb-2020-000068 | WordPress Plugin "Live Chat - Live support" vulnerable to cross-site request forgery | 2020-10-14T15:32+09:00 | 2020-10-14T15:32+09:00 |
| jvndb-2020-000049 | TOYOTA MOTOR's Global TechStream vulnerable to buffer overflow | 2020-07-29T14:48+09:00 | 2020-10-08T18:08+09:00 |
| jvndb-2020-008931 | Trend Micro Antivirus for Mac vulnerable to a privilege escalation | 2020-10-07T15:10+09:00 | 2020-10-07T15:10+09:00 |
| jvndb-2020-000067 | OS command injection vulnerability in multiple ELECOM LAN routers | 2020-10-05T15:33+09:00 | 2020-10-05T15:33+09:00 |
| jvndb-2020-000066 | InfoCage SiteShell installs their files with improper access permissions | 2020-09-30T15:37+09:00 | 2020-09-30T15:37+09:00 |
| jvndb-2020-008821 | CMONOS.JP vulnerable to cross-site scripting | 2020-09-28T18:10+09:00 | 2020-09-28T18:10+09:00 |
| jvndb-2020-008762 | ServerProtect for Linux vulnerable to OS command injection | 2020-09-28T15:52+09:00 | 2020-09-28T15:52+09:00 |
| jvndb-2020-000064 | Multiple vulnerabilities in Active Update function implemented in multiple Trend Micro products | 2020-09-23T15:26+09:00 | 2020-09-23T15:26+09:00 |
| jvndb-2020-000065 | Multiple access restriction bypass vulnerabilities in UNIQLO App | 2020-09-17T14:41+09:00 | 2020-09-17T14:41+09:00 |
| jvndb-2020-000063 | Multiple vulnerabilities in Buffalo AirStation WHR-G54S | 2020-09-11T15:57+09:00 | 2020-09-11T15:57+09:00 |
| jvndb-2020-000062 | Yodobashi App for Android fails to restrict access permissions | 2020-09-07T14:24+09:00 | 2020-09-07T14:24+09:00 |
| jvndb-2020-000059 | CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE) | 2020-08-31T15:10+09:00 | 2020-08-31T15:10+09:00 |
| jvndb-2020-000060 | "Shadankun Server Security Type" vulnerable to denial-of-service (DoS) | 2020-08-31T14:41+09:00 | 2020-08-31T14:41+09:00 |
| jvndb-2020-000056 | Multiple NETGEAR switching hubs vulnerable to cross-site request forgery | 2020-08-28T15:33+09:00 | 2020-08-28T15:33+09:00 |
| jvndb-2020-000058 | Multiple vulnerabilities in XOOPS module "XooNIps" | 2020-08-27T15:37+09:00 | 2020-08-27T15:37+09:00 |
| jvndb-2020-000057 | NITORI App fails to restrict access permissions | 2020-08-26T15:34+09:00 | 2020-08-26T15:34+09:00 |
| jvndb-2020-000054 | Multiple cross-site scripting vulnerabilities in Exment | 2020-08-21T14:34+09:00 | 2020-08-21T14:34+09:00 |
| jvndb-2020-000053 | Multiple vulnerabilities in CyberMail | 2020-08-11T14:20+09:00 | 2020-08-11T14:20+09:00 |
| jvndb-2020-007128 | DoS Vulnerability in HiRDB | 2020-08-03T16:37+09:00 | 2020-08-03T16:37+09:00 |
| jvndb-2020-007127 | Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center | 2020-08-03T16:36+09:00 | 2020-08-03T16:36+09:00 |
| jvndb-2020-000052 | SKYSEA Client View vulnerable to privilege escalation | 2020-08-03T14:59+09:00 | 2020-08-03T14:59+09:00 |
| jvndb-2020-000051 | Multiple vulnerabilities in multiple PHP Factory products | 2020-07-31T16:29+09:00 | 2020-07-31T16:29+09:00 |
| jvndb-2020-000050 | FANUC i Series CNC vulnerable to denial-of-service (DoS) | 2020-07-31T14:29+09:00 | 2020-07-31T14:29+09:00 |
| jvndb-2020-000047 | JavaFX WebEngine does not properly restrict Java method execution | 2020-07-28T15:47+09:00 | 2020-07-28T15:47+09:00 |
| jvndb-2020-000048 | Multiple vulnerabilities in KonaWiki2 and KonaWiki3 | 2020-07-28T15:38+09:00 | 2020-07-28T15:38+09:00 |
| jvndb-2020-000046 | WordPress Plugin "Social Sharing Plugin" vulnerable to cross-site request forgery | 2020-07-22T14:24+09:00 | 2020-07-22T14:24+09:00 |
| jvndb-2020-006617 | Cross-site Scripting Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2020-07-14T10:40+09:00 | 2020-07-14T10:40+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0582 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2025-07-10T00:00:00.000000 | 2025-07-10T00:00:00.000000 |
| certfr-2025-avi-0581 | Multiples vulnérabilités dans GitLab | 2025-07-10T00:00:00.000000 | 2025-07-10T00:00:00.000000 |
| certfr-2025-avi-0580 | Multiples vulnérabilités dans VMware Tanzu | 2025-07-10T00:00:00.000000 | 2025-07-10T00:00:00.000000 |
| certfr-2025-avi-0579 | Multiples vulnérabilités dans les produits Microsoft | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0578 | Multiples vulnérabilités dans Microsoft Azure | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0576 | Multiples vulnérabilités dans Microsoft Office | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0575 | Multiples vulnérabilités dans les produits Fortinet | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0574 | Multiples vulnérabilités dans les produits Ivanti | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0573 | Multiples vulnérabilités dans Node.js | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0572 | Multiples vulnérabilités dans Suricata | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0571 | Multiples vulnérabilités dans Xen | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0570 | Multiples vulnérabilités dans MongoDB | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0569 | Multiples vulnérabilités dans Adobe ColdFusion | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0568 | Multiples vulnérabilités dans les produits Citrix | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0567 | Multiples vulnérabilités dans HPE Aruba Networking Instant On | 2025-07-09T00:00:00.000000 | 2025-07-09T00:00:00.000000 |
| certfr-2025-avi-0566 | Multiples vulnérabilités dans les produits Siemens | 2025-07-08T00:00:00.000000 | 2025-07-08T00:00:00.000000 |
| certfr-2025-avi-0565 | Multiples vulnérabilités dans les produits Schneider Electric | 2025-07-08T00:00:00.000000 | 2025-07-08T00:00:00.000000 |
| certfr-2025-avi-0564 | Multiples vulnérabilités dans les produits SAP | 2025-07-08T00:00:00.000000 | 2025-07-08T00:00:00.000000 |
| certfr-2025-avi-0563 | Multiples vulnérabilités dans les produits Splunk | 2025-07-08T00:00:00.000000 | 2025-07-08T00:00:00.000000 |
| certfr-2025-avi-0562 | Multiples vulnérabilités dans les produits IBM | 2025-07-04T00:00:00.000000 | 2025-07-04T00:00:00.000000 |
| certfr-2025-avi-0561 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-07-04T00:00:00.000000 | 2025-07-04T00:00:00.000000 |
| certfr-2025-avi-0560 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-07-04T00:00:00.000000 | 2025-07-04T00:00:00.000000 |
| certfr-2025-avi-0559 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-07-04T00:00:00.000000 | 2025-07-04T00:00:00.000000 |
| certfr-2025-avi-0558 | Multiples vulnérabilités dans PHP | 2025-07-04T00:00:00.000000 | 2025-07-04T00:00:00.000000 |
| certfr-2025-avi-0557 | Vulnérabilité dans Microsoft Edge | 2025-07-03T00:00:00.000000 | 2025-07-03T00:00:00.000000 |
| certfr-2025-avi-0556 | Vulnérabilité dans Citrix XenServer | 2025-07-03T00:00:00.000000 | 2025-07-03T00:00:00.000000 |
| certfr-2025-avi-0555 | Multiples vulnérabilités dans Mozilla Thunderbird | 2025-07-03T00:00:00.000000 | 2025-07-03T00:00:00.000000 |
| certfr-2025-avi-0554 | Multiples vulnérabilités dans Grafana | 2025-07-03T00:00:00.000000 | 2025-07-03T00:00:00.000000 |
| certfr-2025-avi-0553 | Vulnérabilité dans les produits Cisco | 2025-07-03T00:00:00.000000 | 2025-07-03T00:00:00.000000 |
| certfr-2025-avi-0552 | Multiples vulnérabilités dans Microsoft Edge | 2025-07-02T00:00:00.000000 | 2025-07-02T00:00:00.000000 |