Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-37749 | N/A | A SQL injection vulnerability in CodeAstro Simple… |
n/a |
n/a |
2026-04-17T00:00:00.000Z | 2026-04-17T15:23:39.696Z |
| cve-2025-70795 | N/A | STProcessMonitor 11.11.4.0, part of the Safetica … |
n/a |
n/a |
2026-04-17T00:00:00.000Z | 2026-04-17T14:58:56.485Z |
| cve-2026-6492 | arnobt78 Hotel Booking Management System Health Check … |
arnobt78 |
Hotel Booking Management System |
2026-04-17T14:00:15.221Z | 2026-04-17T14:32:34.042Z | |
| cve-2026-5231 | WP Statistics <= 14.16.4 - Unauthenticated Stored Cros… |
veronalabs |
WP Statistics – Simple, privacy-friendly Google Analytics alternative |
2026-04-17T01:24:37.573Z | 2026-04-17T14:30:43.119Z | |
| cve-2026-5502 | Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbit… |
themeum |
Tutor LMS – eLearning and online course solution |
2026-04-17T03:36:45.463Z | 2026-04-17T14:28:01.492Z | |
| cve-2026-6451 | CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Req… |
tholstkabelbwde |
Plugin: CMS für Motorrad Werkstätten |
2026-04-17T07:45:57.242Z | 2026-04-17T14:21:59.771Z | |
| cve-2026-6490 | QueryMine sms GET Request Parameter deletecourse.php s… |
QueryMine |
sms |
2026-04-17T13:15:11.136Z | 2026-04-17T14:04:14.886Z | |
| cve-2026-40458 | 7 (v4.0) | Cross-Site Request Forgery in PAC4J |
PAC4J |
PAC4J |
2026-04-17T13:18:26.308Z | 2026-04-17T14:00:04.811Z |
| cve-2026-40459 | 8.7 (v4.0) | LDAP Injection in PAC4J |
PAC4J |
PAC4J |
2026-04-17T13:18:39.181Z | 2026-04-17T13:54:22.069Z |
| cve-2023-52356 | 7.5 (v3.1) | Libtiff: segment fault in libtiff in tiffreadrgbatile… |
|
|
2024-01-25T20:03:40.971Z | 2026-04-17T13:33:12.074Z |
| cve-2024-58343 | 4.3 (v3.1) | Vision Helpdesk before 5.7.0 (patched in 5.6.10) … |
Vision |
Helpdesk |
2026-04-16T22:27:03.084Z | 2026-04-17T13:31:05.652Z |
| cve-2026-22734 | 8.6 (v3.1) | Cloud Foundry UAA SAML 2.0 Signature Bypass |
Cloud Foundry |
UUA |
2026-04-16T23:33:43.596Z | 2026-04-17T13:21:04.331Z |
| cve-2026-6487 | Qihui jtbc5 CMS Code Endpoint manage.php path traversal |
Qihui |
jtbc5 CMS |
2026-04-17T12:30:39.824Z | 2026-04-17T13:18:00.383Z | |
| cve-2026-23777 | 4.3 (v3.1) | Dell PowerProtect Data Domain with Data Domain Op… |
Dell |
PowerProtect Data Domain |
2026-04-17T11:52:13.427Z | 2026-04-17T13:14:12.461Z |
| cve-2025-15622 | 6.2 (v4.0) | Sparx Enterprise Architect Client reveals plaintext OA… |
Sparx Systems Pty Ltd. |
Sparx Enterprise Architect |
2026-04-17T08:35:05.019Z | 2026-04-17T12:56:53.740Z |
| cve-2026-40900 | DataEase has SQL Injection via Stacked Queries |
dataease |
dataease |
2026-04-16T20:53:27.788Z | 2026-04-17T12:38:32.676Z | |
| cve-2026-35469 | SpdyStream: DOS on CRI |
moby |
spdystream |
2026-04-16T21:19:23.516Z | 2026-04-17T12:37:27.329Z | |
| cve-2026-40308 | My Calendar: Unauthenticated Information Disclosure (I… |
joedolson |
my-calendar |
2026-04-16T21:30:52.401Z | 2026-04-17T12:32:26.622Z | |
| cve-2026-40253 | openCryptoki: Memory safety vulnerabilities in BER/DER… |
opencryptoki |
opencryptoki |
2026-04-16T22:04:44.005Z | 2026-04-17T12:27:41.682Z | |
| cve-2026-40322 | SiYuan: Mermaid `javascript:` Link Injection Leads to … |
siyuan-note |
siyuan |
2026-04-16T23:00:07.719Z | 2026-04-17T12:26:06.118Z | |
| cve-2026-3488 | WP Statistics <= 14.16.4 - Missing Authorization to Au… |
veronalabs |
WP Statistics – Simple, privacy-friendly Google Analytics alternative |
2026-04-17T01:24:37.967Z | 2026-04-17T12:25:12.232Z | |
| cve-2026-40263 | Note Mark: Username Enumeration via Login Endpoint Tim… |
enchant97 |
note-mark |
2026-04-16T23:53:50.195Z | 2026-04-17T12:23:42.042Z | |
| cve-2026-4853 | JetBackup <= 3.1.19.8 - Authenticated (Administrator+)… |
backupguard |
JetBackup – Backup, Restore & Migrate |
2026-04-17T03:36:43.041Z | 2026-04-17T12:23:01.736Z | |
| cve-2026-21719 | 7.2 (v3.0) 8.6 (v4.0) | An OS command injection vulnerability exists in C… |
CubeCart Limited |
CubeCart |
2026-04-17T04:33:17.708Z | 2026-04-17T12:21:48.770Z |
| cve-2026-34018 | 6.3 (v3.0) 5.1 (v4.0) | An SQL injection vulnerability exists in CubeCart… |
CubeCart Limited |
CubeCart |
2026-04-17T04:33:35.768Z | 2026-04-17T12:20:12.217Z |
| cve-2025-15623 | 9.3 (v4.0) | Sparx Pro Cloud Server reveals sensitive information t… |
Sparx Systems Pty Ltd. |
Sparx Pro Cloud Server |
2026-04-17T08:37:27.611Z | 2026-04-17T12:19:21.714Z |
| cve-2026-35496 | 2.7 (v3.0) 5.1 (v4.0) | A path traversal vulnerability exists in CubeCart… |
CubeCart Limited |
CubeCart |
2026-04-17T04:33:49.813Z | 2026-04-17T12:18:33.735Z |
| cve-2026-4659 | Unlimited Elements For Elementor <= 2.0.6 - Authentica… |
unitecms |
Unlimited Elements For Elementor |
2026-04-17T06:44:49.739Z | 2026-04-17T12:14:39.811Z | |
| cve-2026-40002 | 5 (v3.1) | ZTE Red Magic 11 Pro (NX809J) contains a vulnerability… |
ZTE |
Red Magic 11 Pro (NX809J) |
2026-04-17T07:40:58.277Z | 2026-04-17T12:11:37.153Z |
| cve-2025-15624 | 9.3 (v4.0) | Plaintext Storage of a Password in Sparx Pro Cloud Server. |
Sparx Systems Pty Ltd. |
Sparx Pro Cloud Server |
2026-04-17T08:38:36.968Z | 2026-04-17T11:58:38.118Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2016-000206 | Installer of Evernote for Windows may insecurely load Dynamic Link Libraries | 2016-10-19T15:32+09:00 | 2017-11-27T18:12+09:00 |
| jvndb-2017-000098 | The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries | 2017-05-19T14:57+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2017-000097 | Empirical Project Monitor - eXtended vulnerable to cross-site scripting | 2017-05-19T14:55+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2017-000096 | Empirical Project Monitor - eXtended vulnerable to cross-site scripting | 2017-05-19T14:53+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2016-000161 | Money Forward Apps for Android vulnerability that allows unintended operations | 2016-09-20T15:19+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2016-000160 | Money Forward Apps for Android vulnerable in the WebView class | 2016-09-20T15:19+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2017-000083 | The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries | 2017-05-09T13:52+09:00 | 2017-11-27T17:23+09:00 |
| jvndb-2017-000079 | The installer of SOY CMS vulnerable to cross-site scripting | 2017-05-11T13:37+09:00 | 2017-11-27T17:23+09:00 |
| jvndb-2017-000078 | SOY CMS vulnerable to directory traversal | 2017-05-11T13:36+09:00 | 2017-11-27T17:23+09:00 |
| jvndb-2016-000159 | H2O use of externally-controlled format string | 2016-09-15T14:26+09:00 | 2017-11-27T17:23+09:00 |
| jvndb-2017-000114 | Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution | 2017-06-06T14:19+09:00 | 2017-11-27T17:22+09:00 |
| jvndb-2017-000113 | Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution | 2017-06-06T14:21+09:00 | 2017-11-27T17:22+09:00 |
| jvndb-2017-000112 | Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure | 2017-06-06T14:20+09:00 | 2017-11-27T17:22+09:00 |
| jvndb-2017-000111 | Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution | 2017-06-06T14:19+09:00 | 2017-11-27T17:22+09:00 |
| jvndb-2016-000244 | Access restriction bypass to delete DBM files in Cybozu Dezie | 2016-12-12T14:49+09:00 | 2017-11-27T17:12+09:00 |
| jvndb-2016-000243 | Access restriction bypass to download DBM files in Cybozu Dezie | 2016-12-12T14:49+09:00 | 2017-11-27T17:12+09:00 |
| jvndb-2016-000241 | WNC01WH vulnerable to directory traversal due to an issue in processing POST request | 2016-12-02T14:46+09:00 | 2017-11-27T17:11+09:00 |
| jvndb-2016-000229 | Cybozu Garoon vulnerable to SQL injection | 2016-12-19T14:19+09:00 | 2017-11-27T17:11+09:00 |
| jvndb-2016-000228 | Cybozu Garoon vulnerable to directory traversal | 2016-12-19T13:44+09:00 | 2017-11-27T17:11+09:00 |
| jvndb-2017-000094 | Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting | 2017-05-16T14:00+09:00 | 2017-11-27T17:04+09:00 |
| jvndb-2016-000168 | Toshiba FlashAir does not require authentication in "Internet pass-thru Mode" | 2016-10-12T10:03+09:00 | 2017-11-27T17:04+09:00 |
| jvndb-2016-000227 | Cybozu Garoon vulnerable to cross-site request forgery | 2016-12-19T13:36+09:00 | 2017-11-27T16:58+09:00 |
| jvndb-2016-000226 | Cybozu Garoon fails to restrict access permission in To-Dos of Space function | 2016-12-19T14:38+09:00 | 2017-11-27T16:58+09:00 |
| jvndb-2016-000225 | Cybozu Garoon fails to restrict access permission in MultiReport filters | 2016-12-19T14:32+09:00 | 2017-11-27T16:58+09:00 |
| jvndb-2016-000224 | Cybozu Garoon fails to restrict access permission in the RSS settings | 2016-12-19T14:29+09:00 | 2017-11-27T16:58+09:00 |
| jvndb-2016-000223 | Cybozu Garoon vulnerable to information disclosure | 2016-12-19T12:29+09:00 | 2017-11-27T16:58+09:00 |
| jvndb-2016-000222 | Cybozu Garoon vulnerable to cross-site scripting | 2016-12-19T12:22+09:00 | 2017-11-27T16:58+09:00 |
| jvndb-2017-000082 | Nessus vulnerable to cross-site scripting | 2017-05-09T13:52+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2017-000080 | PrimeDrive Desktop Application Installer may insecurely load executable files | 2017-05-12T13:36+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2016-000164 | Splunk Enterprise and Splunk Light vulnerable to open redirect | 2016-09-16T14:16+09:00 | 2017-11-27T16:55+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0047 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-01-17T00:00:00.000000 | 2025-01-17T00:00:00.000000 |
| certfr-2025-avi-0046 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-01-17T00:00:00.000000 | 2025-01-17T00:00:00.000000 |
| certfr-2025-avi-0045 | Multiples vulnérabilités dans les produits IBM | 2025-01-17T00:00:00.000000 | 2025-01-17T00:00:00.000000 |
| certfr-2025-avi-0044 | Vulnérabilité dans les produits Moxa | 2025-01-17T00:00:00.000000 | 2025-01-17T00:00:00.000000 |
| certfr-2025-avi-0042 | Vulnérabilité dans le greffon Splunk Supporting pour Active Directory | 2025-01-16T00:00:00.000000 | 2025-01-16T00:00:00.000000 |
| certfr-2025-avi-0041 | Multiples vulnérabilités dans les produits Microsoft | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0040 | Multiples vulnérabilités dans Microsoft .Net | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0039 | Multiples vulnérabilités dans Microsoft Windows | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0038 | Multiples vulnérabilités dans Microsoft Office | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0037 | Vulnérabilité dans Microsoft Edge | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0036 | Multiples vulnérabilités dans les produits Moxa | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0035 | Multiples vulnérabilités dans Ivanti Endpoint Manager (EPM) | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0034 | Multiples vulnérabilités dans les produits Schneider Electric | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0033 | Multiples vulnérabilités dans Google Chrome | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0032 | Multiples vulnérabilités dans HPE Aruba Networking AOS | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0031 | Multiples vulnérabilités dans les produits Fortinet | 2025-01-15T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0019 | Multiples vulnérabilités dans Mozilla Thunderbird | 2025-01-09T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0009 | Multiples vulnérabilités dans les produits Mozilla | 2025-01-08T00:00:00.000000 | 2025-01-15T00:00:00.000000 |
| certfr-2025-avi-0029 | Multiples vulnérabilités dans les produits Siemens | 2025-01-14T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-avi-0028 | Multiples vulnérabilités dans Typo3 | 2025-01-14T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-avi-0027 | Multiples vulnérabilités dans les produits SAP | 2025-01-14T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-avi-0026 | Vulnérabilité dans Veeam Backup pour Microsoft Azure | 2025-01-14T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-avi-0025 | Multiples vulnérabilités dans Mozilla Firefox pour iOS | 2025-01-13T00:00:00.000000 | 2025-01-13T00:00:00.000000 |
| certfr-2025-avi-0024 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-01-10T00:00:00.000000 | 2025-01-10T00:00:00.000000 |
| certfr-2025-avi-0023 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-01-10T00:00:00.000000 | 2025-01-10T00:00:00.000000 |
| certfr-2025-avi-0022 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-01-10T00:00:00.000000 | 2025-01-10T00:00:00.000000 |
| certfr-2025-avi-0021 | Multiples vulnérabilités dans les produits IBM | 2025-01-10T00:00:00.000000 | 2025-01-10T00:00:00.000000 |
| certfr-2025-avi-0020 | Vulnérabilité dans Asterisk | 2025-01-10T00:00:00.000000 | 2025-01-10T00:00:00.000000 |
| certfr-2025-avi-0018 | Multiples vulnérabilités dans les produits Juniper Networks | 2025-01-09T00:00:00.000000 | 2025-01-09T00:00:00.000000 |
| certfr-2025-avi-0017 | Vulnérabilité dans les produits HPE Aruba Networking | 2025-01-09T00:00:00.000000 | 2025-01-09T00:00:00.000000 |