Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifac… |
spinnaker |
spinnaker |
2026-04-20T20:00:57.517Z | 2026-04-20T20:07:31.157Z | |
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-20T19:57:37.655Z |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-20T19:56:32.521Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-20T19:27:08.159Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-20T19:23:09.704Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-20T19:09:45.927Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-20T18:31:33.290Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-20T17:33:59.134Z |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| cve-2026-23757 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module |
GFI Software |
HelpDesk |
2026-04-20T17:27:56.067Z | 2026-04-20T18:07:01.630Z |
| cve-2026-6662 | ericc-ch copilot-api Token Endpoint server.ts cors cro… |
ericc-ch |
copilot-api |
2026-04-20T17:00:17.800Z | 2026-04-20T18:09:27.691Z | |
| cve-2026-35154 | 6.3 (v3.1) | Dell PowerProtect Data Domain appliances, version… |
Dell |
PowerProtect Data Domain appliances |
2026-04-20T16:50:56.856Z | 2026-04-20T18:08:44.096Z |
| cve-2026-26951 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:44:49.612Z | 2026-04-20T17:45:10.071Z |
| cve-2026-22761 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:39:40.268Z | 2026-04-20T18:00:41.131Z |
| cve-2026-26942 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:34:43.219Z | 2026-04-20T16:34:43.219Z |
| cve-2026-26943 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:28:53.110Z | 2026-04-20T16:55:16.949Z |
| cve-2026-28684 | python-dotenv: Symlink following in set_key allows arb… |
theskumar |
python-dotenv |
2026-04-20T16:25:12.302Z | 2026-04-20T17:43:09.477Z | |
| cve-2026-40488 | OpenMage LTS has Customer File Upload Extension Blockl… |
OpenMage |
magento-lts |
2026-04-20T16:23:07.429Z | 2026-04-20T16:55:05.724Z | |
| cve-2026-24506 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:22:37.689Z | 2026-04-20T18:09:44.869Z |
| cve-2026-40098 | OpenMage LTS imports cross-user wishlist item via shar… |
OpenMage |
magento-lts |
2026-04-20T16:19:55.157Z | 2026-04-20T18:10:44.490Z | |
| cve-2026-41445 | 8.7 (v4.0) 8.8 (v3.1) | KissFFT Integer Overflow Heap Buffer Overflow via kiss… |
mborgerding |
kissfft |
2026-04-20T16:18:50.371Z | 2026-04-20T17:57:10.156Z |
| cve-2026-24505 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:15:46.863Z | 2026-04-20T18:08:18.273Z |
| cve-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataf… |
OpenMage |
magento-lts |
2026-04-20T16:14:14.366Z | 2026-04-20T16:14:14.366Z | |
| cve-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Co… |
OpenMage |
magento-lts |
2026-04-20T16:11:16.922Z | 2026-04-20T16:54:43.603Z | |
| cve-2026-24504 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:08:35.314Z | 2026-04-20T17:42:15.787Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-003907 | Multiple Vulnerabilities in JP1 | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003906 | Multiple Vulnerabilities in Cosminexus | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003905 | Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-000025 | Joomla! CMS vulnerable to cross-site scripting | 2026-02-17T12:46+09:00 | 2026-02-17T12:46+09:00 |
| jvndb-2026-000023 | FileZen vulnerable to OS command injection | 2026-02-13T16:51+09:00 | 2026-02-13T17:08+09:00 |
| jvndb-2026-000024 | Installer of M-Audio M-Track Duo HD may insecurely load Dynamic Link Libraries | 2026-02-12T13:32+09:00 | 2026-02-12T13:32+09:00 |
| jvndb-2026-000022 | Oki Electric Industry products and OEM products register Windows services with unquoted file paths | 2026-02-09T15:21+09:00 | 2026-02-09T15:21+09:00 |
| jvndb-2026-000021 | web2py vulnerable to open redirect | 2026-02-05T15:01+09:00 | 2026-02-05T15:01+09:00 |
| jvndb-2026-000020 | Multiple vulnerabilities in Movable Type | 2026-02-04T16:15+09:00 | 2026-02-04T16:15+09:00 |
| jvndb-2026-000019 | Multiple vulnerabilities in ELECOM wireless LAN products | 2026-02-03T14:57+09:00 | 2026-02-03T14:57+09:00 |
| jvndb-2026-000017 | Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows | 2026-02-03T14:57+09:00 | 2026-02-05T14:41+09:00 |
| jvndb-2026-000016 | Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries | 2026-02-03T14:57+09:00 | 2026-02-04T12:39+09:00 |
| jvndb-2026-000015 | Sonatype Nexus Repository vulnerable to server-side request forgery | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000014 | OS command injection in raspap-webgui | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000013 | Multiple Microsoft Office products vulnerable to untrusted search path | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000012 | Multiple vulnerabilities in Cybozu Garoon | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000018 | Undocumented "TelnetEnable" functionality of End of Service NETGEAR products | 2026-01-30T14:23+09:00 | 2026-01-30T14:23+09:00 |
| jvndb-2026-002119 | Multiple vulnerabilities in BROTHER MFPs (multifunction printers) | 2026-01-30T11:26+09:00 | 2026-01-30T11:26+09:00 |
| jvndb-2026-002030 | Multiple Vulnerabilities in Cosminexus | 2026-01-29T10:32+09:00 | 2026-01-29T10:32+09:00 |
| jvndb-2026-001972 | Archer MR600 vulnerable to OS command injection | 2026-01-28T10:41+09:00 | 2026-01-28T10:41+09:00 |
| jvndb-2026-000011 | beat-access for Windows may insecurely load Dynamic Link Libraries | 2026-01-27T18:22+09:00 | 2026-01-27T18:22+09:00 |
| jvndb-2026-001732 | Multiple Brother software installers may insecurely load Dynamic Link Libraries | 2026-01-26T16:04+09:00 | 2026-01-26T16:04+09:00 |
| jvndb-2026-000010 | Command injection vulnerability in ASUS routers | 2026-01-23T15:22+09:00 | 2026-01-23T15:22+09:00 |
| jvndb-2026-001663 | "iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization | 2026-01-23T11:29+09:00 | 2026-01-23T11:29+09:00 |
| jvndb-2026-001662 | Multiple vulnerabilities in Trend Micro Apex Central (January 2026) | 2026-01-23T11:29+09:00 | 2026-01-23T11:29+09:00 |
| jvndb-2026-000009 | Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries | 2026-01-21T15:17+09:00 | 2026-01-21T15:17+09:00 |
| jvndb-2026-000008 | Ruijie Networks AP180 series vulnerable to OS command injection | 2026-01-21T15:17+09:00 | 2026-01-21T15:17+09:00 |
| jvndb-2026-001582 | Security information for Hitachi Disk Array Systems | 2026-01-21T12:11+09:00 | 2026-01-21T12:11+09:00 |
| jvndb-2026-001578 | ETERNUS SF vulnerable to insertion of sensitive information into maintenance data | 2026-01-20T20:00+09:00 | 2026-01-20T20:00+09:00 |
| jvndb-2026-001380 | Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers | 2026-01-19T10:08+09:00 | 2026-01-19T10:08+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0403 | Multiples vulnérabilités dans OpenSSL | 2026-04-08T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0402 | Vulnérabilité dans HPE Aruba Networking Private 5G Core | 2026-04-08T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0401 | Multiples vulnérabilités dans GLPI | 2026-04-07T00:00:00.000000 | 2026-04-07T00:00:00.000000 |
| certfr-2026-avi-0400 | Vulnérabilité dans Fortinet FortiClientEMS | 2026-04-07T00:00:00.000000 | 2026-04-07T00:00:00.000000 |
| certfr-2026-avi-0399 | Multiples vulnérabilités dans Google Android | 2026-04-07T00:00:00.000000 | 2026-04-07T00:00:00.000000 |
| certfr-2026-avi-0398 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0397 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0396 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0395 | Multiples vulnérabilités dans les produits IBM | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0394 | Multiples vulnérabilités dans VMware Tanzu | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0393 | Vulnérabilité dans Synology Mail Station | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0392 | Multiples vulnérabilités dans Microsoft Edge | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0391 | Multiples vulnérabilités dans OpenSSH | 2026-04-02T00:00:00.000000 | 2026-04-02T00:00:00.000000 |
| certfr-2026-avi-0390 | Multiples vulnérabilités dans Belden NetModule Router Software | 2026-04-02T00:00:00.000000 | 2026-04-02T00:00:00.000000 |
| certfr-2026-avi-0389 | Vulnérabilité dans Microsoft Azure Linux | 2026-04-02T00:00:00.000000 | 2026-04-02T00:00:00.000000 |
| certfr-2026-avi-0388 | Multiples vulnérabilités dans les produits Cisco | 2026-04-02T00:00:00.000000 | 2026-04-02T00:00:00.000000 |
| certfr-2026-avi-0387 | Multiples vulnérabilités dans les produits Netgate | 2026-04-02T00:00:00.000000 | 2026-04-02T00:00:00.000000 |
| certfr-2026-avi-0386 | Multiples vulnérabilités dans les produits Microsoft | 2026-04-01T00:00:00.000000 | 2026-04-01T00:00:00.000000 |
| certfr-2026-avi-0385 | Multiples vulnérabilités dans Google Chrome | 2026-04-01T00:00:00.000000 | 2026-04-01T00:00:00.000000 |
| certfr-2026-avi-0384 | Multiples vulnérabilités dans Joomla! | 2026-04-01T00:00:00.000000 | 2026-04-01T00:00:00.000000 |
| certfr-2026-avi-0383 | Multiples vulnérabilités dans Sonicwall Email Security | 2026-04-01T00:00:00.000000 | 2026-04-01T00:00:00.000000 |
| certfr-2026-avi-0382 | Multiples vulnérabilités dans les produits FoxIT | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-avi-0381 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-avi-0380 | Multiples vulnérabilités dans Microsoft Edge | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-avi-0379 | Vulnérabilité dans Elastic OpenTelemetry Java | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-avi-0378 | Vulnérabilité dans Symantec Data Loss Prevention (DLP) | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-avi-0377 | Multiples vulnérabilités dans Papercut | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-avi-0376 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-30T00:00:00.000000 | 2026-03-30T00:00:00.000000 |
| certfr-2026-avi-0375 | Multiples vulnérabilités dans Microsoft Edge | 2026-03-30T00:00:00.000000 | 2026-03-30T00:00:00.000000 |
| certfr-2026-avi-0374 | Vulnérabilité dans Docker Desktop | 2026-03-30T00:00:00.000000 | 2026-03-30T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2022-ale-001 | [MaJ] Vulnérabilité dans Microsoft Windows | 2022-01-12T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2021-ale-022 | [MaJ] Vulnérabilité dans Apache Log4j | 2021-12-10T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2021-ale-021 | Vulnérabilité dans Microsoft Exchange | 2021-11-10T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2021-ale-020 | [Maj] Multiples vulnérabilités dans Microsoft Azure Open Management Infrastructure | 2021-09-17T00:00:00.000000 | 2022-01-05T00:00:00.000000 |
| certfr-2021-ale-019 | [MaJ] Vulnérabilité dans Microsoft Windows | 2021-09-08T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2021-ale-018 | Vulnérabilité dans Atlassian Confluence Server et Data Center | 2021-09-06T00:00:00.000000 | 2022-01-05T00:00:00.000000 |
| certfr-2021-ale-017 | Multiples vulnérabilités dans Microsoft Exchange | 2021-08-27T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2021-ale-016 | Vulnérabilité dans SonicWall | 2021-07-15T00:00:00.000000 | 2021-08-19T00:00:00.000000 |
| certfr-2021-ale-015 | Multiples vulnérabilités dans SolarWinds Serv-U | 2021-07-13T00:00:00.000000 | 2021-10-19T00:00:00.000000 |
| certfr-2021-ale-014 | [MaJ] Multiples vulnérabilités dans Microsoft Windows | 2021-07-02T00:00:00.000000 | 2022-01-05T00:00:00.000000 |
| certfr-2021-ale-013 | [MaJ] Vulnérabilité dans Microsoft Windows | 2021-06-30T00:00:00.000000 | 2021-07-02T00:00:00.000000 |
| certfr-2021-ale-012 | Multiples vulnérabilités dans Microsoft Windows | 2021-06-09T00:00:00.000000 | 2021-10-19T00:00:00.000000 |
| certfr-2021-ale-011 | Vulnérabilité dans VMware vCenter Server | 2021-06-07T00:00:00.000000 | 2021-10-19T00:00:00.000000 |
| certfr-2021-ale-010 | Vulnérabilité dans Adobe Acrobat et Acrobat Reader | 2021-05-12T00:00:00.000000 | 2021-06-29T00:00:00.000000 |
| certfr-2021-ale-009 | [MàJ] Vulnérabilité dans Microsoft Windows | 2021-05-12T00:00:00.000000 | 2021-06-10T00:00:00.000000 |
| certfr-2021-ale-008 | Multiples vulnérabilités dans Exim | 2021-05-05T00:00:00.000000 | 2021-06-10T00:00:00.000000 |
| certfr-2021-ale-007 | [MàJ] Vulnérabilité dans Pulse Connect Secure | 2021-04-20T00:00:00.000000 | 2021-06-21T00:00:00.000000 |
| certfr-2021-ale-006 | [MàJ] Vulnérabilité dans F5 BIG-IP | 2021-03-22T00:00:00.000000 | 2021-04-15T00:00:00.000000 |
| certfr-2021-ale-005 | Multiples vulnérabilités dans Microsoft DNS server | 2021-03-12T00:00:00.000000 | 2021-05-12T00:00:00.000000 |
| certfr-2021-ale-004 | [MàJ] Multiples vulnérabilités dans Microsoft Exchange Server | 2021-03-03T00:00:00.000000 | 2021-07-16T00:00:00.000000 |
| certfr-2021-ale-003 | [MàJ] Vulnérabilité dans VMware vCenter Server | 2021-02-25T00:00:00.000000 | 2021-05-12T00:00:00.000000 |
| certfr-2021-ale-002 | [MàJ] Vulnérabilité dans Google Chrome et Microsoft Edge | 2021-02-05T00:00:00.000000 | 2021-03-11T00:00:00.000000 |
| certfr-2021-ale-001 | |MàJ] Vulnérabilité dans SonicWall SMA100 | 2021-02-02T00:00:00.000000 | 2021-05-12T00:00:00.000000 |
| certfr-2020-ale-026 | [MaJ] Présence de code malveillant dans SolarWinds Orion | 2020-12-14T00:00:00.000000 | 2021-04-15T00:00:00.000000 |
| certfr-2020-ale-025 | Vulnérabilité dans Fortinet FortiOS SSL-VPN | 2020-11-27T00:00:00.000000 | 2021-02-08T00:00:00.000000 |
| certfr-2020-ale-024 | [MaJ] Vulnérabilité dans les produits VMware | 2020-11-24T00:00:00.000000 | 2020-12-17T00:00:00.000000 |
| certfr-2020-ale-023 | Multiples vulnérabilités dans Google Chrome | 2020-11-12T00:00:00.000000 | 2020-12-04T00:00:00.000000 |
| certfr-2020-ale-022 | [MàJ] Vulnérabilité dans Oracle Weblogic | 2020-10-30T00:00:00.000000 | 2020-12-17T00:00:00.000000 |
| certfr-2020-ale-021 | Vulnérabilité dans Samba | 2020-09-18T00:00:00.000000 | 2021-03-11T00:00:00.000000 |
| certfr-2020-ale-020 | [MàJ] Vulnérabilité dans Microsoft Netlogon | 2020-09-15T00:00:00.000000 | 2021-03-11T00:00:00.000000 |