Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40351 | FastGPT: NoSQL Injection in loginByPassword leads to A… |
labring |
FastGPT |
2026-04-17T21:05:05.911Z | 2026-04-20T14:57:15.664Z | |
| cve-2026-40476 | graphql-php: Denial of Service via quadratic complexit… |
webonyx |
graphql-php |
2026-04-17T21:42:59.511Z | 2026-04-20T14:56:57.812Z | |
| cve-2026-40486 | Kimai's User Preferences API allows standard users to … |
kimai |
kimai |
2026-04-17T22:35:53.543Z | 2026-04-20T14:56:51.165Z | |
| cve-2026-40333 | libgphoto2 has OOB read in ptp_unpack_EOS_ImageFormat(… |
gphoto |
libgphoto2 |
2026-04-17T23:11:11.073Z | 2026-04-20T14:56:44.091Z | |
| cve-2026-40582 | ChurchCRM: Authentication Bypass in `/api/public/user/… |
ChurchCRM |
CRM |
2026-04-17T23:16:13.862Z | 2026-04-20T14:56:36.921Z | |
| cve-2026-40484 | ChurchCRM: Authenticated Remote Code Execution via Unr… |
ChurchCRM |
CRM |
2026-04-17T23:25:06.319Z | 2026-04-20T14:56:29.684Z | |
| cve-2026-40339 | libgphoto2 has OOB read in ptp_unpack_Sony_DPD() FormF… |
gphoto |
libgphoto2 |
2026-04-17T23:42:32.586Z | 2026-04-20T14:56:21.979Z | |
| cve-2026-34429 | 5.1 (v4.0) 5.4 (v3.1) | Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename |
givanz |
Vvveb |
2026-04-20T13:54:37.019Z | 2026-04-20T14:56:19.205Z |
| cve-2026-40346 | NocoBase has SSRF in Workflow HTTP Request and Custom … |
nocobase |
@nocobase/plugin-workflow-request |
2026-04-17T23:54:34.829Z | 2026-04-20T14:56:12.829Z | |
| cve-2026-40593 | ChurchCRM: Stored XSS in UserEditor.php via Login Name Field |
ChurchCRM |
CRM |
2026-04-18T00:02:59.606Z | 2026-04-20T14:56:05.666Z | |
| cve-2026-40572 | NovumOS has Arbitrary Memory Mapping via Syscall 15 (M… |
MinecAnton209 |
NovumOS |
2026-04-18T00:16:02.590Z | 2026-04-20T14:55:57.521Z | |
| cve-2026-40490 | AsyncHttpClient leaks authorization credentials to unt… |
AsyncHttpClient |
async-http-client |
2026-04-18T01:31:13.860Z | 2026-04-20T14:55:50.254Z | |
| cve-2026-40494 | SAIL has heap buffer overflow in TGA RLE decoder — raw… |
HappySeaFox |
sail |
2026-04-18T01:42:48.830Z | 2026-04-20T14:55:42.859Z | |
| cve-2026-6561 | EyouCMS Index.php edit_adminlogo unrestricted upload |
n/a |
EyouCMS |
2026-04-19T07:15:11.267Z | 2026-04-20T14:55:35.698Z | |
| cve-2026-6569 | kodcloud KodExplorer fileGet Endpoint share.class.php … |
kodcloud |
KodExplorer |
2026-04-19T10:15:11.445Z | 2026-04-20T14:55:28.674Z | |
| cve-2026-6574 | osuuu LightPicture API Upload Endpoint lp.sql hard-cod… |
osuuu |
LightPicture |
2026-04-19T13:30:17.265Z | 2026-04-20T14:55:21.489Z | |
| cve-2026-6580 | liangliangyy DjangoBlog Amap API Call views.py hard-co… |
liangliangyy |
DjangoBlog |
2026-04-19T22:15:12.387Z | 2026-04-20T14:55:13.830Z | |
| cve-2026-6585 | TransformerOptimus SuperAGI Organisation Update Endpoi… |
TransformerOptimus |
SuperAGI |
2026-04-19T23:30:14.085Z | 2026-04-20T14:55:07.060Z | |
| cve-2026-6590 | ComfyUI Model Preview Endpoint model_manager.py get_mo… |
n/a |
ComfyUI |
2026-04-20T00:45:11.883Z | 2026-04-20T14:54:57.999Z | |
| cve-2026-6595 | ProjectsAndPrograms School Management System HTTP GET … |
ProjectsAndPrograms |
School Management System |
2026-04-20T02:00:49.226Z | 2026-04-20T14:54:50.760Z | |
| cve-2026-6600 | langflow-ai langflow Frontend React Component Renderin… |
langflow-ai |
langflow |
2026-04-20T03:15:12.169Z | 2026-04-20T14:54:42.453Z | |
| cve-2026-6596 | langflow-ai langflow API Endpoint endpoints.py create_… |
langflow-ai |
langflow |
2026-04-20T02:15:13.863Z | 2026-04-20T14:54:40.530Z | |
| cve-2026-6594 | brikcss merge prototype pollution |
brikcss |
merge |
2026-04-20T01:45:12.099Z | 2026-04-20T14:53:13.499Z | |
| cve-2026-32962 | 5.3 (v3.1) 6.9 (v4.0) | SD-330AC and AMC Manager provided by silex techno… |
silex technology, Inc. |
SD-330AC |
2026-04-20T03:18:25.122Z | 2026-04-20T14:52:15.598Z |
| cve-2026-34427 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save |
givanz |
Vvveb |
2026-04-20T13:55:15.311Z | 2026-04-20T14:51:12.245Z |
| cve-2026-6648 | Qibo CMS Internal Message cross site scripting |
Qibo |
CMS |
2026-04-20T13:00:44.627Z | 2026-04-20T14:51:00.368Z | |
| cve-2026-34428 | 8.3 (v4.0) 7.7 (v3.1) | Vvveb < 1.0.8.1 SSRF via oEmbedProxy |
givanz |
Vvveb |
2026-04-20T13:55:36.802Z | 2026-04-20T14:49:33.646Z |
| cve-2026-4801 | Page Builder Gutenberg Blocks <= 3.1.16 - Authenticate… |
godaddy |
Page Builder Gutenberg Blocks – CoBlocks |
2026-04-18T03:37:03.859Z | 2026-04-20T14:42:38.120Z | |
| cve-2026-33557 | Apache Kafka: Missing JWT token validation in OAUTHBEA… |
Apache Software Foundation |
Apache Kafka |
2026-04-20T13:28:43.669Z | 2026-04-20T14:30:30.936Z | |
| cve-2026-6599 | langflow-ai langflow Model Context Protocol Configurat… |
langflow-ai |
langflow |
2026-04-20T03:00:15.645Z | 2026-04-20T14:24:36.870Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2019-000028 | WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery | 2019-05-23T14:10+09:00 | 2019-10-01T11:11+09:00 |
| jvndb-2019-000034 | Multiple vulnerabilities in WordPress Plugin "Attendance Manager" | 2019-06-10T15:31+09:00 | 2019-10-01T10:56+09:00 |
| jvndb-2019-000030 | Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ" | 2019-05-31T13:51+09:00 | 2019-10-01T10:54+09:00 |
| jvndb-2019-000031 | Multiple vulnerabilities in Joruri Mail | 2019-06-07T15:03+09:00 | 2019-10-01T10:50+09:00 |
| jvndb-2019-000033 | Multiple vulnerabilities in GROWI | 2019-06-07T15:18+09:00 | 2019-10-01T10:46+09:00 |
| jvndb-2019-000041 | WordPress Plugin "HTML5 Maps" vulnerable to cross-site request forgery | 2019-06-24T14:22+09:00 | 2019-10-01T10:24+09:00 |
| jvndb-2019-000042 | WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery | 2019-06-24T14:27+09:00 | 2019-10-01T10:22+09:00 |
| jvndb-2019-000037 | A map plugin for Mincraft server "Dynmap" fails to restrict access permissions | 2019-06-13T13:57+09:00 | 2019-10-01T10:18+09:00 |
| jvndb-2019-000009 | Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries | 2019-02-18T15:16+09:00 | 2019-10-01T10:15+09:00 |
| jvndb-2019-000025 | Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries | 2019-05-10T14:49+09:00 | 2019-10-01T10:11+09:00 |
| jvndb-2019-000026 | Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries | 2019-05-10T14:55+09:00 | 2019-10-01T10:08+09:00 |
| jvndb-2019-000027 | Apache Camel vulnerable to XML external entity injection (XXE) | 2019-05-22T14:37+09:00 | 2019-09-30T18:14+09:00 |
| jvndb-2019-000022 | GNU Wget vulnerable to buffer overflow | 2019-04-03T14:58+09:00 | 2019-09-30T18:08+09:00 |
| jvndb-2019-000020 | PowerAct Pro Master Agent for Windows fails to restrict acess permissions | 2019-03-27T14:41+09:00 | 2019-09-27T10:38+09:00 |
| jvndb-2018-000123 | Panasonic applications register unquoted service paths | 2018-11-29T14:45+09:00 | 2019-09-27T10:31+09:00 |
| jvndb-2019-000012 | Multiple vulnerabilities in Nablarch | 2019-02-27T17:14+09:00 | 2019-09-27T10:15+09:00 |
| jvndb-2019-000011 | WordPress plugin "FormCraft" vulnerable to cross-site request forgery | 2019-02-26T14:46+09:00 | 2019-09-27T10:12+09:00 |
| jvndb-2019-000013 | Windows 7 may insecurely load Dynamic Link Libraries | 2019-02-28T15:52+09:00 | 2019-09-27T10:09+09:00 |
| jvndb-2019-000015 | iChain Insurance Wallet App for iOS vulnerable to directory traversal | 2019-03-12T14:28+09:00 | 2019-09-27T10:04+09:00 |
| jvndb-2019-000016 | WordPress plugin "Smart Forms" vulnerable to cross-site request forgery | 2019-02-28T15:57+09:00 | 2019-09-27T09:59+09:00 |
| jvndb-2018-000128 | Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners | 2018-12-06T16:19+09:00 | 2019-09-27T09:55+09:00 |
| jvndb-2019-000017 | Dradis Community Edition and Dradis Professional Edition vulnerable to cross-site scripting | 2019-03-05T14:18+09:00 | 2019-09-27T09:54+09:00 |
| jvndb-2018-000107 | OpenAM (Open Source Edition) vulnerable to session management | 2018-10-12T14:44+09:00 | 2019-09-26T18:10+09:00 |
| jvndb-2019-000004 | UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries | 2019-01-31T15:46+09:00 | 2019-09-26T18:08+09:00 |
| jvndb-2019-000006 | POWER EGG vulnerability where EL expression may be executed | 2019-02-05T14:09+09:00 | 2019-09-26T18:05+09:00 |
| jvndb-2019-000018 | "an" App for iOS vulnerable to directory traversal | 2019-03-19T15:51+09:00 | 2019-09-26T17:56+09:00 |
| jvndb-2019-000019 | KinagaCMS vulnerable to cross-site scripting | 2019-03-15T17:03+09:00 | 2019-09-26T17:10+09:00 |
| jvndb-2019-000057 | SHIRASAGI vulnerable to open redirect | 2019-09-10T13:56+09:00 | 2019-09-10T13:56+09:00 |
| jvndb-2019-008917 | Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor | 2019-09-09T15:58+09:00 | 2019-09-09T15:58+09:00 |
| jvndb-2019-000005 | The installers of UNLHA32.DLL, UNARJ32.DLL and LHMelting may insecurely load Dynamic Link Libraries | 2019-01-31T15:35+09:00 | 2019-08-28T12:08+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0437 | Multiples vulnérabilités dans GitLab | 2025-05-22T00:00:00.000000 | 2025-05-22T00:00:00.000000 |
| certfr-2025-avi-0436 | Vulnérabilité dans ISC BIND | 2025-05-22T00:00:00.000000 | 2025-05-22T00:00:00.000000 |
| certfr-2025-avi-0435 | Multiples vulnérabilités dans les produits Atlassian | 2025-05-21T00:00:00.000000 | 2025-05-21T00:00:00.000000 |
| certfr-2025-avi-0434 | Multiples vulnérabilités dans Node.js | 2025-05-21T00:00:00.000000 | 2025-05-21T00:00:00.000000 |
| certfr-2025-avi-0433 | Multiples vulnérabilités dans Adobe ColdFusion | 2025-05-21T00:00:00.000000 | 2025-05-21T00:00:00.000000 |
| certfr-2025-avi-0432 | Vulnérabilité dans Schneider Electric EcoStruxure Power Build Rapsody | 2025-05-21T00:00:00.000000 | 2025-05-21T00:00:00.000000 |
| certfr-2025-avi-0431 | Vulnérabilité dans Mitel OpenScapeXpressions | 2025-05-21T00:00:00.000000 | 2025-05-21T00:00:00.000000 |
| certfr-2025-avi-0430 | Multiples vulnérabilités dans les produits VMware | 2025-05-21T00:00:00.000000 | 2025-05-21T00:00:00.000000 |
| certfr-2025-avi-0429 | Multiples vulnérabilités dans Typo3 | 2025-05-20T00:00:00.000000 | 2025-05-20T00:00:00.000000 |
| certfr-2025-avi-0428 | Multiples vulnérabilités dans VMware Cloud Foundation | 2025-05-20T00:00:00.000000 | 2025-05-20T00:00:00.000000 |
| certfr-2025-avi-0427 | Vulnérabilité dans Spring Security | 2025-05-20T00:00:00.000000 | 2025-05-20T00:00:00.000000 |
| certfr-2025-avi-0426 | Vulnérabilité dans Juniper Networks Junos OS | 2025-05-19T00:00:00.000000 | 2025-05-19T00:00:00.000000 |
| certfr-2025-avi-0425 | Vulnérabilité dans les produits Synology | 2025-05-19T00:00:00.000000 | 2025-05-19T00:00:00.000000 |
| certfr-2025-avi-0424 | Multiples vulnérabilités dans les produits Mozilla | 2025-05-19T00:00:00.000000 | 2025-05-19T00:00:00.000000 |
| certfr-2025-avi-0423 | Multiples vulnérabilités dans les produits Netgate | 2025-05-19T00:00:00.000000 | 2025-05-19T00:00:00.000000 |
| certfr-2025-avi-0350 | Vulnérabilité dans SAP NetWeaver | 2025-04-25T00:00:00.000000 | 2025-05-19T00:00:00.000000 |
| certfr-2025-avi-0422 | Multiples vulnérabilités dans IBM QRadar SIEM | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0421 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0420 | Multiples vulnérabilités dans les produits Nextcloud | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0419 | Vulnérabilité dans Microsoft Defender pour Endpoint | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0418 | Multiples vulnérabilités dans Microsoft Edge | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0417 | Vulnérabilité dans Spring Framework | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0416 | Vulnérabilité dans Synacor Zimbra Collaboration | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0415 | Vulnérabilité dans Python | 2025-05-16T00:00:00.000000 | 2025-05-16T00:00:00.000000 |
| certfr-2025-avi-0414 | Multiples vulnérabilités dans Synacor Zimbra Collaboration | 2025-05-15T00:00:00.000000 | 2025-05-15T00:00:00.000000 |
| certfr-2025-avi-0413 | Multiples vulnérabilités dans Mattermost Server | 2025-05-15T00:00:00.000000 | 2025-05-15T00:00:00.000000 |
| certfr-2025-avi-0412 | Multiples vulnérabilités dans Google Chrome | 2025-05-15T00:00:00.000000 | 2025-05-15T00:00:00.000000 |
| certfr-2025-avi-0411 | Multiples vulnérabilités dans les produits Mozilla | 2025-05-15T00:00:00.000000 | 2025-05-15T00:00:00.000000 |
| certfr-2025-avi-0410 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2025-05-15T00:00:00.000000 | 2025-05-15T00:00:00.000000 |
| certfr-2025-avi-0409 | Multiples vulnérabilités dans SonicWall Secure Mobile Access | 2025-05-15T00:00:00.000000 | 2025-05-15T00:00:00.000000 |