Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-41297 | 4.8 (v4.0) 7.6 (v3.1) | OpenClaw < 2026.3.31 - Server-Side Request Forgery via… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:10.955Z | 2026-04-21T13:41:34.057Z |
| cve-2026-41296 | 8.8 (v4.0) 8.2 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:10.194Z | 2026-04-20T23:08:10.194Z |
| cve-2026-41295 | 8.5 (v4.0) 7.8 (v3.1) | OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shad… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:09.503Z | 2026-04-21T13:35:47.883Z |
| cve-2026-41294 | 8.5 (v4.0) 8.6 (v3.1) | OpenClaw < 2026.3.28 - Environment Variable Injection … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:08.795Z | 2026-04-21T13:04:36.188Z |
| cve-2026-40045 | 5.9 (v4.0) 5.7 (v3.1) | OpenClaw < 2026.4.2 - Cleartext Credential Transmissio… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:07.952Z | 2026-04-21T13:37:43.951Z |
| cve-2026-34082 | Dify has IDOR in deleting someone else's chat conversation |
langgenius |
dify |
2026-04-20T23:03:18.158Z | 2026-04-21T13:36:45.614Z | |
| cve-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & … |
wpdatatables |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
2026-04-20T22:25:26.695Z | 2026-04-20T22:25:26.695Z | |
| cve-2026-6729 | 5.3 (v4.0) 6.3 (v3.1) | HKUDS OpenHarness Session Key Collision Privilege Escalation |
HKUDS |
OpenHarness |
2026-04-20T22:01:38.766Z | 2026-04-20T22:01:38.766Z |
| cve-2026-0930 | 2.3 (v4.0) | Potential wolfSSHd Buffer out-of-bounds Read on Window… |
wolfSSL |
wolfSSH |
2026-04-20T21:28:33.227Z | 2026-04-21T13:37:15.647Z |
| cve-2026-22051 | 2.3 (v4.0) | StorageGRID (formerly StorageGRID Webscale) versi… |
NETAPP |
StorageGRID (formerly StorageGRID Webscale) |
2026-04-20T21:27:36.822Z | 2026-04-21T13:40:46.948Z |
| cve-2026-5450 | N/A | scanf %mc off-by-one heap buffer overflow |
The GNU C Library |
glibc |
2026-04-20T20:55:41.170Z | 2026-04-20T20:55:41.170Z |
| cve-2026-5928 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:31.743Z | 2026-04-20T20:37:31.743Z |
| cve-2026-5358 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:23.178Z | 2026-04-20T20:37:23.178Z |
| cve-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SS… |
InternLM |
lmdeploy |
2026-04-20T20:29:19.558Z | 2026-04-20T20:29:19.558Z | |
| cve-2026-4852 | Image Source Control Lite – Show Image Credits and Cap… |
webzunft |
Image Source Control Lite – Show Image Credits and Captions |
2026-04-20T20:26:53.256Z | 2026-04-20T20:26:53.256Z | |
| cve-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Lea… |
roxy-wi |
roxy-wi |
2026-04-20T20:26:52.217Z | 2026-04-20T20:26:52.217Z | |
| cve-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Rea… |
roxy-wi |
roxy-wi |
2026-04-20T20:24:15.319Z | 2026-04-21T13:42:19.802Z | |
| cve-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking … |
0xJacky |
nginx-ui |
2026-04-20T20:16:47.597Z | 2026-04-21T13:36:46.510Z | |
| cve-2026-33031 | Nginx-UI: Disabled users retain full API access throug… |
0xJacky |
nginx-ui |
2026-04-20T20:12:07.905Z | 2026-04-21T13:35:20.144Z | |
| cve-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due… |
spinnaker |
spinnaker |
2026-04-20T20:07:24.697Z | 2026-04-20T20:08:54.702Z | |
| cve-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifac… |
spinnaker |
spinnaker |
2026-04-20T20:00:57.517Z | 2026-04-20T20:07:31.157Z | |
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-20T19:57:37.655Z |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-20T19:56:32.521Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-20T19:09:45.927Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-20T18:31:33.290Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-000007 | Multiple Vulnerabilities in TOA Network Cameras TRIFORA 3 series | 2026-01-16T15:06+09:00 | 2026-01-16T15:06+09:00 |
| jvndb-2026-000006 | Chainlit vulnerable to improper access restriction | 2026-01-14T17:03+09:00 | 2026-01-14T17:03+09:00 |
| jvndb-2026-000005 | Multiple vulnerabilities in EATON UPS Companion | 2026-01-13T19:01+09:00 | 2026-01-13T19:01+09:00 |
| jvndb-2026-000003 | RICOH Streamline NX vulnerable to improper authorization | 2026-01-09T18:17+09:00 | 2026-01-09T18:17+09:00 |
| jvndb-2026-000004 | The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries | 2026-01-08T13:47+09:00 | 2026-01-08T13:47+09:00 |
| jvndb-2026-000001 | Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2 | 2026-01-07T14:19+09:00 | 2026-01-07T14:19+09:00 |
| jvndb-2026-000002 | Multiple vulnerabilities in multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd. | 2026-01-07T14:10+09:00 | 2026-01-14T16:54+09:00 |
| jvndb-2026-001001 | Authentication bypass vulnerability in OpenBlocks series | 2026-01-07T10:46+09:00 | 2026-01-07T10:46+09:00 |
| jvndb-2025-022878 | Media Player MP-01 vulnerable to Missing Authentication for Critical Function | 2025-12-24T11:10+09:00 | 2026-01-15T11:10+09:00 |
| jvndb-2025-022400 | Ruijie Networks AP180 Series vulnerable to OS command injection | 2025-12-19T12:33+09:00 | 2025-12-19T12:33+09:00 |
| jvndb-2025-000118 | GROWI vulnerable to cross-site request forgery | 2025-12-17T13:04+09:00 | 2025-12-17T13:04+09:00 |
| jvndb-2025-022062 | Multiple vulnerabilities in CHOCO TEI WATCHER mini | 2025-12-17T11:28+09:00 | 2025-12-17T11:28+09:00 |
| jvndb-2025-000117 | SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow | 2025-12-16T15:31+09:00 | 2025-12-23T11:57+09:00 |
| jvndb-2025-000115 | QND vulnerable to privilege escalation | 2025-12-11T14:33+09:00 | 2025-12-11T14:33+09:00 |
| jvndb-2025-021305 | Android App "Brother iPrint&Scan" improper use of an external cache directory | 2025-12-09T17:25+09:00 | 2025-12-09T17:25+09:00 |
| jvndb-2025-000114 | ELECOM Clone for Windows registers a Windows service with an unquoted file path | 2025-12-09T17:16+09:00 | 2025-12-09T17:16+09:00 |
| jvndb-2025-000113 | Multiple vulnerabilities in GroupSession | 2025-12-08T17:48+09:00 | 2025-12-11T11:30+09:00 |
| jvndb-2025-000116 | GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths | 2025-12-08T14:06+09:00 | 2025-12-08T14:06+09:00 |
| jvndb-2025-000094 | Multiple vulnerabilities in ABB Terra AC Wallbox | 2025-12-05T14:12+09:00 | 2025-12-05T14:12+09:00 |
| jvndb-2025-000112 | Installer of INZONE Hub may insecurely load Dynamic Link Libraries | 2025-11-28T13:36+09:00 | 2025-11-28T13:36+09:00 |
| jvndb-2025-000111 | SwitchBot Smart Video Doorbell vulnerable to active debug code | 2025-11-26T14:35+09:00 | 2025-11-26T14:35+09:00 |
| jvndb-2025-000110 | Multiple vulnerabilities in Security Point (Windows) of MaLion | 2025-11-25T17:17+09:00 | 2025-11-25T17:17+09:00 |
| jvndb-2025-000109 | Multiple vulnerabilities in SNC-CX600W | 2025-11-25T14:59+09:00 | 2025-11-25T14:59+09:00 |
| jvndb-2025-000108 | "FOD" App uses hard-coded cryptographic keys | 2025-11-25T14:15+09:00 | 2025-11-25T14:15+09:00 |
| jvndb-2025-000106 | Multiple vulnerabilities in LogStare Collector | 2025-11-21T16:27+09:00 | 2025-11-21T16:27+09:00 |
| jvndb-2025-019621 | EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts | 2025-11-21T15:31+09:00 | 2025-12-24T10:54+09:00 |
| jvndb-2025-000107 | Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries | 2025-11-19T16:22+09:00 | 2025-11-19T16:22+09:00 |
| jvndb-2025-000097 | "Dejira" App for iOS vulnerable to improper server certificate verification | 2025-11-17T14:09+09:00 | 2025-11-17T14:09+09:00 |
| jvndb-2025-000105 | NCP-HG100 vulnerable to OS command injection | 2025-11-14T15:26+09:00 | 2025-11-14T15:26+09:00 |
| jvndb-2025-000104 | Multiple vulnerabilities in GNU Libmicrohttpd | 2025-11-10T15:07+09:00 | 2025-11-10T15:07+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0373 | Vulnérabilité dans Roundcube | 2026-03-30T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0372 | Multiples vulnérabilités dans les produits IBM | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0371 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0370 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0369 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0368 | Vulnérabilité dans les produits Microsoft | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0367 | Multiples vulnérabilités dans Zabbix | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0366 | Multiples vulnérabilités dans Traefik | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0365 | Multiples vulnérabilités dans Spring AI | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0364 | Multiples vulnérabilités dans les produits Siemens | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0363 | Multiples vulnérabilités dans les produits NetApp | 2026-03-27T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0362 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-26T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2026-avi-0361 | Multiples vulnérabilités dans Cisco IOS et IOS XE | 2026-03-26T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2026-avi-0360 | Multiples vulnérabilités dans ISC BIND | 2026-03-26T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2026-avi-0359 | Multiples vulnérabilités dans Grafana | 2026-03-26T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2026-avi-0358 | Vulnérabilité dans Citrix XenServer | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0357 | Multiples vulnérabilités dans GitLab | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0356 | Vulnérabilité dans ISC Kea | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0355 | Multiples vulnérabilités dans les produits Apple | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0354 | Multiples vulnérabilités dans les produits Mozilla | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0353 | Multiples vulnérabilités dans Zabbix | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0352 | Multiples vulnérabilités dans les produits F5 | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0351 | Vulnérabilité dans Tenable OT Platform | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0350 | Multiples vulnérabilités dans Squid | 2026-03-25T00:00:00.000000 | 2026-03-25T00:00:00.000000 |
| certfr-2026-avi-0349 | Multiples vulnérabilités dans Ruby on Rails | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0348 | Vulnérabilité dans Trend Micro Deep Discovery Inspector | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0347 | Vulnérabilité dans Xen | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0346 | Vulnérabilité dans VMware Tanzu pour Postgres | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0345 | Vulnérabilité dans LibreNMS | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0344 | Vulnérabilité dans strongSwan | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2020-ale-019 | Recrudescence d'activité Emotet en France | 2020-09-07T00:00:00.000000 | 2021-02-09T00:00:00.000000 |
| certfr-2020-ale-018 | Vulnérabilité dans Cisco ASA et FTD | 2020-07-28T00:00:00.000000 | 2020-11-05T00:00:00.000000 |
| certfr-2020-ale-017 | Multiples vulnérabilités dans SAP Netweaver AS JAVA | 2020-07-15T00:00:00.000000 | 2020-10-12T00:00:00.000000 |
| certfr-2020-ale-016 | Vulnérabilité dans Microsoft Domain Name System (DNS) Server | 2020-07-15T00:00:00.000000 | 2020-10-12T00:00:00.000000 |
| certfr-2020-ale-015 | Vulnérabilité dans F5 BIG-IP | 2020-07-05T00:00:00.000000 | 2020-09-15T00:00:00.000000 |
| certfr-2020-ale-014 | Vulnérabilité dans Palo Alto Networks PAN-OS | 2020-07-03T00:00:00.000000 | 2020-07-31T00:00:00.000000 |
| certfr-2020-ale-013 | Multiples vulnérabilités dans Microsoft Windows | 2020-07-01T00:00:00.000000 | 2020-07-05T00:00:00.000000 |
| certfr-2020-ale-012 | Multiples vulnérabilités dans SaltStack | 2020-05-04T00:00:00.000000 | 2020-07-31T00:00:00.000000 |
| certfr-2020-ale-011 | Multiples vulnérabilités dans les produits Microsoft qui utilisent la bibliothèque Autodesk FBX | 2020-04-22T00:00:00.000000 | 2020-06-23T00:00:00.000000 |
| certfr-2020-ale-010 | Multiples vulnérabilités dans Mozilla Firefox | 2020-04-06T00:00:00.000000 | 2020-05-05T00:00:00.000000 |
| certfr-2020-ale-009 | Multiples vulnérabilités dans Microsoft Windows | 2020-03-24T00:00:00.000000 | 2020-06-23T00:00:00.000000 |
| certfr-2020-ale-008 | Vulnérabilité dans l'implémentation du protocole SMB par Microsoft | 2020-03-11T00:00:00.000000 | 2020-07-31T00:00:00.000000 |
| certfr-2020-ale-007 | Vulnérabilité dans Microsoft Exchange Server | 2020-02-27T00:00:00.000000 | 2020-05-05T00:00:00.000000 |
| certfr-2020-ale-006 | Vulnérabilité dans Microsoft Internet Explorer | 2020-01-20T00:00:00.000000 | 2020-02-19T00:00:00.000000 |
| certfr-2020-ale-005 | Multiples vulnérabilités dans le serveur de passerelle RDP de Windows | 2020-01-14T00:00:00.000000 | 2020-02-19T00:00:00.000000 |
| certfr-2020-ale-004 | Vulnérabilité dans Microsoft Windows | 2020-01-14T00:00:00.000000 | 2020-01-17T00:00:00.000000 |
| certfr-2020-ale-003 | Vulnérabilité dans les produits Mozilla | 2020-01-09T00:00:00.000000 | 2020-01-20T00:00:00.000000 |
| certfr-2020-ale-002 | Vulnérabilité dans les produits Citrix ADC et Citrix Gateway | 2020-01-09T00:00:00.000000 | 2020-07-31T00:00:00.000000 |
| certfr-2020-ale-001 | Multiples vulnérabilités dans les produits de Pulse Secure | 2020-01-09T00:00:00.000000 | 2020-05-05T00:00:00.000000 |
| certfr-2019-ale-015 | Multiples vulnérabilités dans Google Chrome | 2019-11-04T00:00:00.000000 | 2020-01-08T00:00:00.000000 |
| certfr-2019-ale-014 | Vulnérabilité dans PHP | 2019-10-29T00:00:00.000000 | 2020-01-08T00:00:00.000000 |
| certfr-2019-ale-013 | Vulnérabilité dans Microsoft Internet Explorer | 2019-09-24T00:00:00.000000 | 2019-10-25T00:00:00.000000 |
| certfr-2019-ale-012 | Multiples vulnérabilités dans Microsoft Remote Desktop Services | 2019-08-14T00:00:00.000000 | 2019-10-25T00:00:00.000000 |
| certfr-2019-ale-011 | Vulnérabilité dans Oracle WebLogic | 2019-06-20T00:00:00.000000 | 2019-07-23T00:00:00.000000 |
| certfr-2019-ale-010 | Vulnérabilité dans Mozilla Firefox | 2019-06-20T00:00:00.000000 | 2019-07-23T00:00:00.000000 |
| certfr-2019-ale-009 | Vulnérabilité dans Exim | 2019-06-11T00:00:00.000000 | 2019-07-23T00:00:00.000000 |
| certfr-2019-ale-008 | Vulnérabilité dans Microsoft SharePoint Server | 2019-05-29T00:00:00.000000 | 2019-07-23T00:00:00.000000 |
| certfr-2019-ale-006 | Vulnérabilité dans Microsoft Remote Desktop Services | 2019-05-22T00:00:00.000000 | 2019-10-25T00:00:00.000000 |
| certfr-2019-ale-007 | Vulnérabilité dans le serveur DHCP de Windows | 2019-05-15T00:00:00.000000 | 2019-06-20T00:00:00.000000 |
| certfr-2019-ale-005 | Vulnérabilité dans Oracle WebLogic | 2019-04-26T00:00:00.000000 | 2019-06-20T00:00:00.000000 |