Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-41253 | 6.9 (v3.1) | In iTerm2 through 3.6.9, displaying a .txt file c… |
iTerm2 |
iTerm2 |
2026-04-18T05:27:08.202Z | 2026-04-20T15:52:10.357Z |
| cve-2026-40499 | 8.4 (v4.0) | radare2 < 6.1.4 Command Injection via PDB Parser print… |
radareorg |
radare2 |
2026-04-15T02:05:20.899Z | 2026-04-20T15:51:22.636Z |
| cve-2026-35402 | mcp-neo4j-cypher: SSRF and Data Modification via read_… |
neo4j-contrib |
mcp-neo4j |
2026-04-17T20:34:06.510Z | 2026-04-20T15:51:06.164Z | |
| cve-2026-40491 | gdown Affected by Arbitrary File Write via Path Traver… |
wkentaro |
gdown |
2026-04-18T01:36:47.659Z | 2026-04-20T15:50:02.983Z | |
| cve-2026-40286 | WeGIA has Cross-Site Scripting in Controle de Contribuição |
LabRedesCefetRJ |
WeGIA |
2026-04-17T20:27:59.131Z | 2026-04-20T15:49:44.569Z | |
| cve-2026-35582 | Emissary has an OS Command Injection via Unvalidated I… |
NationalSecurityAgency |
emissary |
2026-04-18T01:16:27.661Z | 2026-04-20T15:48:51.543Z | |
| cve-2026-40258 | Gramps Web API has Zip Slip Path Traversal in Media Ar… |
gramps-project |
gramps-web-api |
2026-04-17T21:12:54.226Z | 2026-04-20T15:48:41.690Z | |
| cve-2026-35465 | SecureDrop Client has path injection in read_gzip_head… |
freedomofpress |
securedrop-client |
2026-04-18T00:41:16.594Z | 2026-04-20T15:47:43.822Z | |
| cve-2026-40347 | Python-Multipart affected by Denial of Service via lar… |
Kludex |
python-multipart |
2026-04-17T23:56:50.777Z | 2026-04-20T15:46:40.011Z | |
| cve-2026-33516 | xrdp: Pre-authentication out-of-bounds reads in RDP ca… |
neutrinolabs |
xrdp |
2026-04-17T19:56:11.990Z | 2026-04-20T15:43:53.801Z | |
| cve-2026-35215 | Firebird: DoS via malicious slice descriptor in slice packet |
FirebirdSQL |
firebird |
2026-04-17T18:59:23.663Z | 2026-04-20T15:40:39.510Z | |
| cve-2026-39918 | 9.2 (v4.0) 9.8 (v3.1) | Vvveb < 1.0.8.1 Code Injection via Installation Endpoint |
givanz |
Vvveb |
2026-04-20T14:46:33.549Z | 2026-04-20T15:36:55.619Z |
| cve-2026-6620 | SonicCloudOrg sonic-server File Upload Endpoint FileTo… |
SonicCloudOrg |
sonic-server |
2026-04-20T08:15:18.329Z | 2026-04-20T15:35:54.833Z | |
| cve-2026-6621 | 1024bit extend-deep index.js prototype pollution |
1024bit |
extend-deep |
2026-04-20T08:30:14.457Z | 2026-04-20T15:33:04.684Z | |
| cve-2026-5760 | N/A | CVE-2026-5760 |
SGLang |
SGLang |
2026-04-20T13:46:23.603Z | 2026-04-20T15:29:54.098Z |
| cve-2026-6623 | BichitroGan ISP Billing Software Profile users-view cr… |
BichitroGan |
ISP Billing Software |
2026-04-20T09:00:20.118Z | 2026-04-20T15:29:21.949Z | |
| cve-2026-6625 | moxi624 Mogu Blog v2 Picture Storage Service LocalFile… |
moxi624 |
Mogu Blog v2 |
2026-04-20T09:30:16.835Z | 2026-04-20T15:27:00.317Z | |
| cve-2026-40317 | NovumOS has Privilege Escalation in the Syscall Interface |
MinecAnton209 |
NovumOS |
2026-04-18T00:12:10.368Z | 2026-04-20T15:26:25.222Z | |
| cve-2026-40487 | Postiz Has Unrestricted File Upload via MIME Type Spoo… |
gitroomhq |
postiz-app |
2026-04-18T01:19:06.588Z | 2026-04-20T15:25:40.893Z | |
| cve-2026-40492 | SAIL has heap buffer overflow in XWD decoder — bits_pe… |
HappySeaFox |
sail |
2026-04-18T01:39:48.056Z | 2026-04-20T15:24:42.029Z | |
| cve-2026-6626 | Cockpit-HQ Cockpit Asset Handler/Aggregate data query … |
Cockpit-HQ |
Cockpit |
2026-04-20T09:45:12.067Z | 2026-04-20T15:23:47.915Z | |
| cve-2026-6651 | erponline.xyz ERP Online Inventory Edit Item cross sit… |
erponline.xyz |
ERP Online |
2026-04-20T14:45:11.560Z | 2026-04-20T15:21:57.084Z | |
| cve-2026-6629 | Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.exec… |
Metasoft 美特软件 |
MetaCRM |
2026-04-20T10:15:19.931Z | 2026-04-20T15:21:18.092Z | |
| cve-2026-6560 | H3C Magic B0 aspForm Edit_BasicSSID buffer overflow |
H3C |
Magic B0 |
2026-04-19T06:45:14.514Z | 2026-04-20T15:20:44.443Z | |
| cve-2026-6568 | kodcloud KodExplorer Public Share share.class.php init… |
kodcloud |
KodExplorer |
2026-04-19T09:45:11.131Z | 2026-04-20T15:20:09.531Z | |
| cve-2026-6573 | PHPEMS Instant Exam Creation exams.master.php temppage… |
n/a |
PHPEMS |
2026-04-19T12:45:14.558Z | 2026-04-20T15:19:11.751Z | |
| cve-2026-6579 | liangliangyy DjangoBlog Clean Endpoint views.py missin… |
liangliangyy |
DjangoBlog |
2026-04-19T22:00:17.503Z | 2026-04-20T15:18:38.633Z | |
| cve-2024-7322 | 5.8 (v3.1) | Dos in ZigBee device due to unsolicited encrypted rejo… |
silabs.com |
EmberZNet |
2025-01-15T07:59:55.430Z | 2026-04-20T15:10:01.669Z |
| cve-2026-6631 | Tenda F451 httpd webExcptypemanFilter fromwebExcptypem… |
Tenda |
F451 |
2026-04-20T10:45:12.978Z | 2026-04-20T15:07:58.242Z | |
| cve-2026-6584 | TransformerOptimus SuperAGI User Update Endpoint user.… |
TransformerOptimus |
SuperAGI |
2026-04-19T23:15:16.091Z | 2026-04-20T15:07:48.363Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2019-012236 | Ghostscript access restriction bypass vulnerability | 2020-02-05T13:51+09:00 | 2020-02-13T16:36+09:00 |
| jvndb-2020-000011 | HtmlUnit vulenerable to arbitrary code execution | 2020-02-10T12:30+09:00 | 2020-02-10T12:30+09:00 |
| jvndb-2020-000009 | Movable Type vulnerable to cross-site scripting | 2020-02-06T12:29+09:00 | 2020-02-06T12:29+09:00 |
| jvndb-2020-000007 | Android App "MyPallete" vulnerable to improper server certificate verification | 2020-01-28T15:59+09:00 | 2020-01-28T15:59+09:00 |
| jvndb-2020-000006 | Multiple Fuji Xerox mobile applications fails to verify SSL server certificates | 2020-01-21T13:55+09:00 | 2020-01-21T13:55+09:00 |
| jvndb-2020-000005 | Trend Micro Password Manager vulnerable to information disclosure | 2020-01-17T15:08+09:00 | 2020-01-17T15:08+09:00 |
| jvndb-2020-000004 | Trend Micro Password Manager vulnerable to information disclosure | 2020-01-17T15:01+09:00 | 2020-01-17T15:01+09:00 |
| jvndb-2020-000003 | Junos OS vulnerable to cross-site scripting | 2020-01-10T14:48+09:00 | 2020-01-10T14:48+09:00 |
| jvndb-2020-000002 | Junos OS vulnerable to directory traversal | 2020-01-10T14:48+09:00 | 2020-01-10T14:48+09:00 |
| jvndb-2020-000001 | F-RevoCRM vulnerable to cross-site scripting | 2020-01-08T14:22+09:00 | 2020-01-08T14:22+09:00 |
| jvndb-2018-000047 | IIJ SmartKey App for Android vulnerable to authentication bypass | 2018-05-11T14:34+09:00 | 2019-12-27T18:11+09:00 |
| jvndb-2018-000055 | Multiple vulnerabilities in baserCMS | 2018-05-22T14:53+09:00 | 2019-12-27T18:10+09:00 |
| jvndb-2018-000057 | The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file | 2018-05-29T13:47+09:00 | 2019-12-27T18:09+09:00 |
| jvndb-2018-000065 | ANA App for iOS fails to verify SSL server certificates | 2018-06-15T14:40+09:00 | 2019-12-27T18:08+09:00 |
| jvndb-2019-000024 | CREATE SD official App for Android fails to restrict access permissions | 2019-05-10T13:55+09:00 | 2019-12-27T18:07+09:00 |
| jvndb-2019-009884 | FON routers may behave as an open resolver | 2019-10-02T10:59+09:00 | 2019-12-27T18:05+09:00 |
| jvndb-2019-000074 | Athenz vulnerable to open redirect | 2019-12-12T15:00+09:00 | 2019-12-26T17:14+09:00 |
| jvndb-2019-013272 | Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor | 2019-12-24T16:02+09:00 | 2019-12-24T16:02+09:00 |
| jvndb-2019-013271 | Multiple Vulnerabilities in Hitachi Automation Director | 2019-12-24T16:02+09:00 | 2019-12-24T16:02+09:00 |
| jvndb-2019-013273 | DoS Vulnerability in Hitachi Compute Systems Manager | 2019-12-24T16:01+09:00 | 2019-12-24T16:01+09:00 |
| jvndb-2019-000078 | Multiple vulnerabilities in a-blog cms | 2019-12-20T15:43+09:00 | 2019-12-20T15:43+09:00 |
| jvndb-2019-000077 | Android App "NTV News24" fails to verify SSL server certificates | 2019-12-19T13:59+09:00 | 2019-12-19T13:59+09:00 |
| jvndb-2019-000076 | Multiple vulnerabilities in Cybozu Office | 2019-12-17T13:55+09:00 | 2019-12-17T13:55+09:00 |
| jvndb-2019-000075 | Multiple vulnerabilities in "Custom Body Class" | 2019-12-12T14:55+09:00 | 2019-12-12T14:55+09:00 |
| jvndb-2019-000073 | Kinza vulnerable to cross-site scripting | 2019-12-11T09:56+09:00 | 2019-12-11T09:56+09:00 |
| jvndb-2019-000072 | Multiple MOTEX products vulnerable to privilege escalation | 2019-12-03T13:34+09:00 | 2019-12-03T13:34+09:00 |
| jvndb-2019-011088 | Trend Micro OfficeScan vulnerable to directory traversal | 2019-10-30T10:59+09:00 | 2019-12-02T16:08+09:00 |
| jvndb-2019-011488 | Information Disclosure Vulnerability in Hitachi Command Suite | 2019-11-11T14:09+09:00 | 2019-12-02T15:46+09:00 |
| jvndb-2019-000071 | STAMP Workbench installer may insecurely load Dynamic Link Libraries | 2019-11-27T10:31+09:00 | 2019-11-27T10:31+09:00 |
| jvndb-2019-000070 | WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery | 2019-11-26T18:16+09:00 | 2019-11-26T18:16+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0491 | Multiples vulnérabilités dans les produits Mozilla | 2025-06-11T00:00:00.000000 | 2025-06-11T00:00:00.000000 |
| certfr-2025-avi-0490 | Multiples vulnérabilités dans Ivanti Workspace Control (IWC) | 2025-06-11T00:00:00.000000 | 2025-06-11T00:00:00.000000 |
| certfr-2025-avi-0489 | Multiples vulnérabilités dans Google Chrome | 2025-06-11T00:00:00.000000 | 2025-06-11T00:00:00.000000 |
| certfr-2025-avi-0488 | Vulnérabilité dans Stormshield Network Security | 2025-06-11T00:00:00.000000 | 2025-06-11T00:00:00.000000 |
| certfr-2025-avi-0487 | Multiples vulnérabilités dans les produits SAP | 2025-06-11T00:00:00.000000 | 2025-06-11T00:00:00.000000 |
| certfr-2025-avi-0486 | Multiples vulnérabilités dans les produits Qnap | 2025-06-10T00:00:00.000000 | 2025-06-10T00:00:00.000000 |
| certfr-2025-avi-0485 | Multiples vulnérabilités dans les produits Schneider Electric | 2025-06-10T00:00:00.000000 | 2025-06-10T00:00:00.000000 |
| certfr-2025-avi-0484 | Vulnérabilité dans les produits HPE Aruba Networking | 2025-06-10T00:00:00.000000 | 2025-06-10T00:00:00.000000 |
| certfr-2025-avi-0483 | Vulnérabilité dans Mozilla VPN | 2025-06-10T00:00:00.000000 | 2025-06-10T00:00:00.000000 |
| certfr-2025-avi-0482 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-06-06T00:00:00.000000 | 2025-06-06T00:00:00.000000 |
| certfr-2025-avi-0481 | Multiples vulnérabilités dans les produits IBM | 2025-06-06T00:00:00.000000 | 2025-06-06T00:00:00.000000 |
| certfr-2025-avi-0480 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-06-06T00:00:00.000000 | 2025-06-06T00:00:00.000000 |
| certfr-2025-avi-0479 | Multiples vulnérabilités dans les produits Cisco | 2025-06-05T00:00:00.000000 | 2025-06-05T00:00:00.000000 |
| certfr-2025-avi-0478 | Vulnérabilité dans Wireshark | 2025-06-05T00:00:00.000000 | 2025-06-05T00:00:00.000000 |
| certfr-2025-avi-0477 | Multiples vulnérabilités dans les produits VMware | 2025-06-05T00:00:00.000000 | 2025-06-05T00:00:00.000000 |
| certfr-2025-avi-0468 | Vulnérabilité dans Roundcube | 2025-06-02T00:00:00.000000 | 2025-06-05T00:00:00.000000 |
| certfr-2025-avi-0476 | Vulnérabilité dans cURL | 2025-06-04T00:00:00.000000 | 2025-06-04T00:00:00.000000 |
| certfr-2025-avi-0475 | Multiples vulnérabilités dans Python | 2025-06-04T00:00:00.000000 | 2025-06-04T00:00:00.000000 |
| certfr-2025-avi-0474 | Multiples vulnérabilités dans Microsoft Edge | 2025-06-04T00:00:00.000000 | 2025-06-04T00:00:00.000000 |
| certfr-2025-avi-0473 | Multiples vulnérabilités dans les produits Splunk | 2025-06-03T00:00:00.000000 | 2025-06-03T00:00:00.000000 |
| certfr-2025-avi-0472 | Multiples vulnérabilités dans Google Android | 2025-06-03T00:00:00.000000 | 2025-06-03T00:00:00.000000 |
| certfr-2025-avi-0471 | Multiples vulnérabilités dans Google Chrome | 2025-06-03T00:00:00.000000 | 2025-06-03T00:00:00.000000 |
| certfr-2025-avi-0470 | Vulnérabilité dans les produits Moxa | 2025-06-02T00:00:00.000000 | 2025-06-02T00:00:00.000000 |
| certfr-2025-avi-0469 | Vulnérabilité dans les produits Synology | 2025-06-02T00:00:00.000000 | 2025-06-02T00:00:00.000000 |
| certfr-2025-avi-0467 | Multiples vulnérabilités dans IBM Db2 | 2025-05-30T00:00:00.000000 | 2025-05-30T00:00:00.000000 |
| certfr-2025-avi-0466 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-05-30T00:00:00.000000 | 2025-05-30T00:00:00.000000 |
| certfr-2025-avi-0465 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-05-30T00:00:00.000000 | 2025-05-30T00:00:00.000000 |
| certfr-2025-avi-0464 | Multiples vulnérabilités dans le noyau Linux de Debian | 2025-05-30T00:00:00.000000 | 2025-05-30T00:00:00.000000 |
| certfr-2025-avi-0463 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2025-05-30T00:00:00.000000 | 2025-05-30T00:00:00.000000 |
| certfr-2025-avi-0462 | Multiples vulnérabilités dans Microsoft Edge | 2025-05-30T00:00:00.000000 | 2025-05-30T00:00:00.000000 |