Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-6591 | ComfyUI LoadImage Node folder_paths.py folder_paths.ge… |
n/a |
ComfyUI |
2026-04-20T01:00:18.496Z | 2026-04-20T16:29:10.370Z | |
| cve-2026-6576 | liangliangyy DjangoBlog WeChat Bot commonapi.py Comman… |
liangliangyy |
DjangoBlog |
2026-04-19T19:00:16.264Z | 2026-04-20T16:28:07.032Z | |
| cve-2026-40284 | WeGIA has stored XSS in listar_despachos.php |
LabRedesCefetRJ |
WeGIA |
2026-04-17T20:24:10.282Z | 2026-04-20T16:26:32.113Z | |
| cve-2026-30912 | Apache Airflow: Exposing stack trace in case of constr… |
Apache Software Foundation |
Apache Airflow |
2026-04-18T06:20:30.254Z | 2026-04-20T16:26:07.128Z | |
| cve-2026-24468 | OpenAEV Vulnerable to Username/Email Enumeration Throu… |
OpenAEV-Platform |
openaev |
2026-04-20T15:45:48.572Z | 2026-04-20T16:24:44.061Z | |
| cve-2026-6570 | kodcloud KodExplorer systemMember.class.php initInstal… |
kodcloud |
KodExplorer |
2026-04-19T11:00:17.545Z | 2026-04-20T16:23:44.786Z | |
| cve-2026-6650 | Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload |
n/a |
Z-BlogPHP |
2026-04-20T14:30:13.825Z | 2026-04-20T16:23:25.105Z | |
| cve-2026-32105 | xrdp: RDP MAC signature (dataSignature) never verified… |
neutrinolabs |
xrdp |
2026-04-17T19:27:39.809Z | 2026-04-20T16:22:50.262Z | |
| cve-2026-32624 | xrdp: Heap buffer overflow in xrdp_sec_process_logon_i… |
neutrinolabs |
xrdp |
2026-04-17T19:58:08.687Z | 2026-04-20T16:22:13.525Z | |
| cve-2026-24467 | OpenAEV's Improper Password Reset Token Management Lea… |
OpenAEV-Platform |
openaev |
2026-04-20T15:40:56.203Z | 2026-04-20T16:21:50.299Z | |
| cve-2026-33689 | xrdp: Pre-authentication out-of-bounds reads in channe… |
neutrinolabs |
xrdp |
2026-04-17T20:16:31.248Z | 2026-04-20T16:21:39.933Z | |
| cve-2026-6618 | langgenius dify ApiBasedToolSchemaParser parser.py par… |
langgenius |
dify |
2026-04-20T07:45:16.985Z | 2026-04-20T16:21:30.799Z | |
| cve-2026-40285 | WeGIA has SQL Injection via Session Variable Override … |
LabRedesCefetRJ |
WeGIA |
2026-04-17T20:25:33.185Z | 2026-04-20T16:21:07.084Z | |
| cve-2026-33436 | Stirling-PDF: Reflected XSS through crafted filename i… |
Stirling-Tools |
Stirling-PDF |
2026-04-17T20:29:43.262Z | 2026-04-20T16:20:16.137Z | |
| cve-2026-40293 | OpenFGA Playground Preshared Key Exposure |
openfga |
openfga |
2026-04-17T20:47:06.804Z | 2026-04-20T16:19:40.914Z | |
| cve-2026-6598 | langflow-ai langflow Project Creation Endpoint project… |
langflow-ai |
langflow |
2026-04-20T02:45:15.874Z | 2026-04-20T16:19:18.233Z | |
| cve-2026-40303 | zrok allows unauthenticated DoS via unbounded memory a… |
openziti |
zrok |
2026-04-17T21:01:51.899Z | 2026-04-20T16:19:07.291Z | |
| cve-2026-40306 | DNN has same HostGUID for all new installs |
dnnsoftware |
Dnn.Platform |
2026-04-17T21:09:30.317Z | 2026-04-20T16:18:27.508Z | |
| cve-2026-6593 | ComfyUI View Endpoint server.py cross site scripting |
n/a |
ComfyUI |
2026-04-20T01:30:17.995Z | 2026-04-20T16:18:25.910Z | |
| cve-2026-40948 | Apache Airflow Providers Keycloak: OAuth Login CSRF — … |
Apache Software Foundation |
Apache Airflow Providers Keycloak |
2026-04-18T13:22:41.577Z | 2026-04-20T16:17:53.543Z | |
| cve-2026-40353 | wger: Stored XSS via Unescaped License Attribution Fields |
wger-project |
wger |
2026-04-17T21:16:12.401Z | 2026-04-20T16:17:52.305Z | |
| cve-2026-40479 | Kimai: Stored XSS via Incomplete HTML Attribute Escapi… |
kimai |
kimai |
2026-04-17T22:31:29.930Z | 2026-04-20T16:16:41.880Z | |
| cve-2026-40323 | SP1 V6 Recursion Circuit Row-Count Binding Gap |
succinctlabs |
sp1 |
2026-04-17T22:58:42.580Z | 2026-04-20T16:16:41.143Z | |
| cve-2026-40482 | ChurchCRM has Authenticated SQL Injection in `/api/fam… |
ChurchCRM |
CRM |
2026-04-17T22:58:48.528Z | 2026-04-20T16:16:32.247Z | |
| cve-2026-40324 | Hot Chocolate's Utf8GraphQLParser has Stack Overflow v… |
ChilliCream |
graphql-platform |
2026-04-17T23:05:26.217Z | 2026-04-20T16:16:25.151Z | |
| cve-2026-40483 | ChurchCRM: Stored XSS in PledgeEditor.php via Donation… |
ChurchCRM |
CRM |
2026-04-17T23:20:44.900Z | 2026-04-20T16:16:17.841Z | |
| cve-2026-40338 | libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enume… |
gphoto |
libgphoto2 |
2026-04-17T23:40:10.097Z | 2026-04-20T16:16:08.585Z | |
| cve-2026-40480 | ChurchCRM has Missing Object-Level Authorization / IDO… |
ChurchCRM |
CRM |
2026-04-17T23:07:30.126Z | 2026-04-20T16:16:00.433Z | |
| cve-2026-40581 | ChurchCRM: Cross-Site Request Forgery (CSRF) in Select… |
ChurchCRM |
CRM |
2026-04-17T23:51:32.765Z | 2026-04-20T16:15:58.183Z | |
| cve-2026-40349 | Authenticated Movary User Can Self-Escalate to Adminis… |
leepeuker |
movary |
2026-04-18T00:05:46.360Z | 2026-04-20T16:15:49.844Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2020-006586 | Server Side Request Forgery Vulnerability in Hitachi Ops Center Analyzer viewpoint | 2020-07-13T14:25+09:00 | 2020-07-13T14:25+09:00 |
| jvndb-2020-006469 | Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric GOT2000 series | 2020-07-09T15:46+09:00 | 2020-07-09T15:46+09:00 |
| jvndb-2020-000045 | SHIRASAGI vulnerable to open redirect | 2020-07-09T15:08+09:00 | 2020-07-09T15:08+09:00 |
| jvndb-2020-000043 | Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object | 2020-07-08T16:04+09:00 | 2020-07-08T16:04+09:00 |
| jvndb-2020-000042 | Multiple vulnerabilities in Cybozu Garoon | 2020-06-29T16:17+09:00 | 2020-06-29T16:17+09:00 |
| jvndb-2020-006031 | DoS Vulnerability in Hitachi Device Manager | 2020-06-29T12:25+09:00 | 2020-06-29T12:25+09:00 |
| jvndb-2019-000056 | Panasonic Video Insight VMS vulnerable to SQL injection | 2019-09-02T13:57+09:00 | 2020-06-26T12:27+09:00 |
| jvndb-2020-000032 | Panasonic Video Insight VMS vulnerable to arbitrary code execution | 2020-05-19T16:04+09:00 | 2020-06-26T12:19+09:00 |
| jvndb-2020-000040 | Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution | 2020-06-24T14:25+09:00 | 2020-06-24T14:25+09:00 |
| jvndb-2020-005854 | Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series vulnerable to cleartext transmission of sensitive information | 2020-06-24T10:32+09:00 | 2020-06-24T10:32+09:00 |
| jvndb-2020-005743 | Vulnerability in Cosminexus HTTP Server | 2020-06-22T15:40+09:00 | 2020-06-22T15:40+09:00 |
| jvndb-2020-000039 | EC-CUBE vulnerable to directory traversal | 2020-06-18T13:48+09:00 | 2020-06-18T13:48+09:00 |
| jvndb-2020-005443 | Path Traversal Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator | 2020-06-15T16:29+09:00 | 2020-06-15T16:29+09:00 |
| jvndb-2020-000038 | Multiple vulnerabilities in Zenphoto | 2020-06-11T17:17+09:00 | 2020-06-11T17:17+09:00 |
| jvndb-2020-000037 | Multiple SONY Wireless Headphones allow improper Bluetooth pairing | 2020-06-09T15:49+09:00 | 2020-06-09T15:49+09:00 |
| jvndb-2020-000036 | XACK DNS vulnerable to denial-of-service (DoS) | 2020-06-05T15:16+09:00 | 2020-06-05T15:16+09:00 |
| jvndb-2020-000035 | Multiples security updates for multiple Cybozu products | 2020-05-29T15:40+09:00 | 2020-05-29T15:40+09:00 |
| jvndb-2020-004667 | Privilege escalation vulnerability in Hitachi Ops Center Common Services | 2020-05-25T16:17+09:00 | 2020-05-25T16:17+09:00 |
| jvndb-2020-000034 | Cybozu Desktop for Windows vulenerable to arbitrary code execution | 2020-05-25T15:09+09:00 | 2020-05-25T15:09+09:00 |
| jvndb-2020-000033 | WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection | 2020-05-19T16:07+09:00 | 2020-05-19T16:07+09:00 |
| jvndb-2020-004476 | DoS Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 | 2020-05-19T10:38+09:00 | 2020-05-19T10:38+09:00 |
| jvndb-2020-004477 | Multiple Vulnerabilities in Hitachi Compute Systems Manager | 2020-05-19T10:33+09:00 | 2020-05-19T10:33+09:00 |
| jvndb-2020-000031 | BookStack vulnerable to cross-site scripting | 2020-05-13T18:06+09:00 | 2020-05-13T18:06+09:00 |
| jvndb-2020-000030 | Multiple vulnerabilities in Movable Type | 2020-05-13T17:59+09:00 | 2020-05-13T17:59+09:00 |
| jvndb-2020-000029 | PALLET CONTROL vulnerable to arbitrary code execution | 2020-05-11T15:16+09:00 | 2020-05-11T15:16+09:00 |
| jvndb-2020-000028 | Sales Force Assistant vulnerable to cross-site scripting | 2020-04-28T15:49+09:00 | 2020-04-28T15:49+09:00 |
| jvndb-2020-000027 | Cybozu Garoon contains multiple vulnerabilities | 2020-04-28T14:48+09:00 | 2020-04-28T14:48+09:00 |
| jvndb-2020-003896 | Directory Permission Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2020-04-28T12:21+09:00 | 2020-04-28T12:21+09:00 |
| jvndb-2020-000026 | Multiple SHARP Android devices vulnerable to information disclosure | 2020-04-24T15:32+09:00 | 2020-04-24T15:32+09:00 |
| jvndb-2020-000022 | Multiple vulnerabilities in EasyBlocks IPv6 | 2020-04-08T16:12+09:00 | 2020-04-08T16:12+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0551 | Vulnérabilité dans Xen | 2025-07-02T00:00:00.000000 | 2025-07-02T00:00:00.000000 |
| certfr-2025-avi-0550 | Multiples vulnérabilités dans les produits Tenable | 2025-07-01T00:00:00.000000 | 2025-07-01T00:00:00.000000 |
| certfr-2025-avi-0549 | Vulnérabilité dans Google Chrome | 2025-07-01T00:00:00.000000 | 2025-07-01T00:00:00.000000 |
| certfr-2025-avi-0548 | Multiples vulnérabilités dans MongoDB Server | 2025-06-30T00:00:00.000000 | 2025-06-30T00:00:00.000000 |
| certfr-2025-avi-0547 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-06-27T00:00:00.000000 | 2025-06-27T00:00:00.000000 |
| certfr-2025-avi-0546 | Multiples vulnérabilités dans les produits IBM | 2025-06-27T00:00:00.000000 | 2025-06-27T00:00:00.000000 |
| certfr-2025-avi-0545 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-06-27T00:00:00.000000 | 2025-06-27T00:00:00.000000 |
| certfr-2025-avi-0544 | Multiples vulnérabilités dans les produits Trend Micro | 2025-06-27T00:00:00.000000 | 2025-06-27T00:00:00.000000 |
| certfr-2025-avi-0543 | Vulnérabilité dans VMware Tanzu | 2025-06-27T00:00:00.000000 | 2025-06-27T00:00:00.000000 |
| certfr-2025-avi-0542 | Multiples vulnérabilités dans Microsoft Edge | 2025-06-27T00:00:00.000000 | 2025-06-27T00:00:00.000000 |
| certfr-2025-avi-0541 | Vulnérabilité dans Centreon Map | 2025-06-26T00:00:00.000000 | 2025-06-26T00:00:00.000000 |
| certfr-2025-avi-0540 | Multiples vulnérabilités dans les produits Citrix | 2025-06-26T00:00:00.000000 | 2025-06-26T00:00:00.000000 |
| certfr-2025-avi-0538 | Multiples vulnérabilités dans VMware Tanzu | 2025-06-26T00:00:00.000000 | 2025-06-26T00:00:00.000000 |
| certfr-2025-avi-0537 | Multiples vulnérabilités dans GitLab | 2025-06-25T00:00:00.000000 | 2025-06-25T00:00:00.000000 |
| certfr-2025-avi-0536 | Multiples vulnérabilités dans les produits Mozilla | 2025-06-25T00:00:00.000000 | 2025-06-25T00:00:00.000000 |
| certfr-2025-avi-0535 | Vulnérabilité dans VMware Tanzu | 2025-06-25T00:00:00.000000 | 2025-06-25T00:00:00.000000 |
| certfr-2025-avi-0534 | Multiples vulnérabilités dans Google Chrome | 2025-06-25T00:00:00.000000 | 2025-06-25T00:00:00.000000 |
| certfr-2025-avi-0533 | Multiples vulnérabilités dans Elastic Kibana | 2025-06-25T00:00:00.000000 | 2025-06-25T00:00:00.000000 |
| certfr-2025-avi-0532 | Multiples vulnérabilités dans les produits Splunk | 2025-06-24T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-avi-0531 | Vulnérabilité dans Bitdefender SecurePass | 2025-06-23T00:00:00.000000 | 2025-06-23T00:00:00.000000 |
| certfr-2025-avi-0530 | Multiples vulnérabilités dans les produits IBM | 2025-06-20T00:00:00.000000 | 2025-06-20T00:00:00.000000 |
| certfr-2025-avi-0529 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-06-20T00:00:00.000000 | 2025-06-20T00:00:00.000000 |
| certfr-2025-avi-0528 | Multiples vulnérabilités dans les produits Citrix | 2025-06-20T00:00:00.000000 | 2025-06-20T00:00:00.000000 |
| certfr-2025-avi-0527 | Vulnérabilité dans les produits Microsoft | 2025-06-20T00:00:00.000000 | 2025-06-20T00:00:00.000000 |
| certfr-2025-avi-0526 | Multiples vulnérabilités dans Microsoft Edge | 2025-06-20T00:00:00.000000 | 2025-06-20T00:00:00.000000 |
| certfr-2025-avi-0524 | Multiples vulnérabilités dans VMware Tanzu | 2025-06-19T00:00:00.000000 | 2025-06-19T00:00:00.000000 |
| certfr-2025-avi-0523 | Vulnérabilité dans Cisco Meraki MX | 2025-06-19T00:00:00.000000 | 2025-06-19T00:00:00.000000 |
| certfr-2025-avi-0522 | Multiples vulnérabilités dans ClamAV | 2025-06-19T00:00:00.000000 | 2025-06-19T00:00:00.000000 |
| certfr-2025-avi-0521 | Multiples vulnérabilités dans Synacor Zimbra Collaboration | 2025-06-18T00:00:00.000000 | 2025-06-18T00:00:00.000000 |
| certfr-2025-avi-0520 | Multiples vulnérabilités dans les produits Atlassian | 2025-06-18T00:00:00.000000 | 2025-06-18T00:00:00.000000 |