Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-4388 | Form Maker by 10Web <= 1.15.40 - Unauthenticated Store… |
10web |
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder |
2026-04-14T02:25:48.339Z | 2026-04-14T14:04:52.784Z | |
| cve-2026-6227 | BackWPup <= 5.6.6 - Authenticated (Administrator+) Loc… |
wp_media |
BackWPup – WordPress Backup & Restore Plugin |
2026-04-14T02:25:47.771Z | 2026-04-14T13:03:30.768Z | |
| cve-2026-6264 | Critical Security fix for the Talend JobServer and Tal… |
Talend |
Talend JobServer |
2026-04-14T01:49:08.920Z | 2026-04-16T00:03:18.302Z | |
| cve-2026-34984 | External Secrets Operator has DNS exfiltration via get… |
external-secrets |
external-secrets |
2026-04-14T01:48:41.166Z | 2026-04-14T16:27:55.720Z | |
| cve-2026-34225 | Open WebUI has Blind Server Side Request Forgery in it… |
open-webui |
open-webui |
2026-04-14T01:39:07.088Z | 2026-04-14T16:28:03.089Z | |
| cve-2026-39426 | MaxKB: Stored XSS via Unsanitized iframe_render Parsing |
1Panel-dev |
MaxKB |
2026-04-14T01:25:10.592Z | 2026-04-16T13:26:39.917Z | |
| cve-2026-4352 | JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection v… |
Crocoblock |
JetEngine |
2026-04-14T01:25:01.077Z | 2026-04-14T14:04:52.928Z | |
| cve-2026-4365 | LearnPress <= 4.3.2.8 - Missing Authorization to Unaut… |
thimpress |
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses |
2026-04-14T01:24:59.735Z | 2026-04-14T13:48:54.581Z | |
| cve-2026-39425 | MaxKB: Stored XSS via Unsanitized html_rander Tags in … |
1Panel-dev |
MaxKB |
2026-04-14T01:18:42.895Z | 2026-04-14T15:56:06.211Z | |
| cve-2026-39419 | MaxKB: Sandbox Result Validation Bypass via Tool Outpu… |
1Panel-dev |
MaxKB |
2026-04-14T01:03:40.653Z | 2026-04-14T13:28:04.792Z | |
| cve-2026-39424 | MaxKB has CSV Injection in its Application Chat Export… |
1Panel-dev |
MaxKB |
2026-04-14T00:56:56.625Z | 2026-04-16T13:26:40.061Z | |
| cve-2026-39423 | Stored XSS via Eval Injection in EchartsRander Component |
1Panel-dev |
MaxKB |
2026-04-14T00:28:47.572Z | 2026-04-14T15:55:17.386Z | |
| cve-2026-39422 | MaxKB has Stored XSS via ChatHeadersMiddleware |
1Panel-dev |
MaxKB |
2026-04-14T00:22:50.958Z | 2026-04-14T13:32:41.804Z | |
| cve-2026-39421 | MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey… |
1Panel-dev |
MaxKB |
2026-04-14T00:17:10.279Z | 2026-04-14T16:28:08.560Z | |
| cve-2026-39420 | MaxKB: Sandbox escape via LD_PRELOAD bypass |
1Panel-dev |
MaxKB |
2026-04-14T00:13:01.189Z | 2026-04-16T13:26:40.212Z | |
| cve-2026-34264 | 6.5 (v3.1) | Information Disclosure vulnerability in SAP Human Capi… |
SAP_SE |
SAP Human Capital Management for SAP S/4HANA |
2026-04-14T00:09:12.272Z | 2026-04-14T13:14:17.154Z |
| cve-2026-34262 | 5 (v3.1) | Information Disclosure Vulnerability in SAP HANA Cockp… |
SAP_SE |
SAP HANA Cockpit and HANA Database Explorer |
2026-04-14T00:09:03.364Z | 2026-04-14T13:14:17.275Z |
| cve-2026-34261 | 6.5 (v3.1) | Missing Authorization check in SAP Business Analytics … |
SAP_SE |
SAP Business Analytics and SAP Content Management |
2026-04-14T00:08:51.232Z | 2026-04-14T13:14:17.473Z |
| cve-2026-39418 | MaxKB: SSRF via sandbox network hook bypass |
1Panel-dev |
MaxKB |
2026-04-14T00:08:50.182Z | 2026-04-14T15:54:30.206Z | |
| cve-2026-34257 | 6.1 (v3.1) | Open Redirect vulnerability in SAP NetWeaver Applicati… |
SAP_SE |
SAP NetWeaver Application Server ABAP |
2026-04-14T00:08:39.814Z | 2026-04-14T13:14:17.620Z |
| cve-2026-34256 | 7.1 (v3.1) | Missing Authorization check in SAP ERP and SAP S/4 HAN… |
SAP_SE |
SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise) |
2026-04-14T00:08:26.993Z | 2026-04-14T13:14:17.750Z |
| cve-2026-27683 | 4.1 (v3.1) | Reflected cross site scripting vulnerability in SAP Bu… |
SAP_SE |
SAP BusinessObjects Business Intelligence Platform |
2026-04-14T00:08:15.599Z | 2026-04-14T13:14:17.886Z |
| cve-2026-27681 | 9.9 (v3.1) | SQL Injection vulnerability in SAP Business Planning a… |
SAP_SE |
SAP Business Planning and Consolidation and SAP Business Warehouse |
2026-04-14T00:08:05.791Z | 2026-04-14T13:14:18.028Z |
| cve-2026-27679 | 6.5 (v3.1) | Missing Authorization check in SAP S/4HANA Frontend OD… |
SAP_SE |
SAP S/4HANA Frontend OData Service (Manage Reference Structures) |
2026-04-14T00:07:44.698Z | 2026-04-14T13:14:18.168Z |
| cve-2026-27678 | 6.5 (v3.1) | Missing Authorization check in SAP S/4HANA Backend ODa… |
SAP_SE |
SAP S/4HANA Backend OData Service (Manage Reference Structures) |
2026-04-14T00:07:33.397Z | 2026-04-14T13:14:18.299Z |
| cve-2026-27677 | 6.5 (v3.1) | Missing Authorization check in SAP S/4HANA OData Servi… |
SAP_SE |
SAP S/4HANA OData Service (Manage Reference Equipment) |
2026-04-14T00:07:22.753Z | 2026-04-14T13:14:18.498Z |
| cve-2026-27676 | 4.3 (v3.1) | Missing Authorization check in SAP S/4HANA OData Servi… |
SAP_SE |
SAP S/4HANA OData Service (Manage Technical Object Structures) |
2026-04-14T00:07:12.657Z | 2026-04-14T13:14:18.632Z |
| cve-2026-27675 | 2 (v3.1) | Code Injection vulnerability in SAP Landscape Transformation |
SAP_SE |
SAP Landscape Transformation |
2026-04-14T00:07:01.278Z | 2026-04-14T13:14:18.764Z |
| cve-2026-27674 | 6.1 (v3.1) | Code Injection vulnerability in SAP NetWeaver Applicat… |
SAP_SE |
SAP NetWeaver Application Server Java (Web Dynpro Java) |
2026-04-14T00:06:50.301Z | 2026-04-15T03:58:11.103Z |
| cve-2026-27673 | 4.9 (v3.1) | Missing Authorization Check in SAP S/4HANA (Private Cl… |
SAP_SE |
SAP S/4HANA (Private Cloud and On-Premise) |
2026-04-14T00:06:38.160Z | 2026-04-14T13:14:19.040Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2016-000183 | baserCMS plugin Uploader vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000182 | baserCMS plugin Mail vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000181 | baserCMS plugin Feed vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000180 | baserCMS plugin Blog vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000179 | baserCMS vulnerable to cross-site scripting | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000178 | baserCMS vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000177 | baserCMS vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000176 | baserCMS plugin Blog vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000175 | baserCMS plugin Blog vulnerable to cross-site scripting | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000174 | baserCMS plugin Mail vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000173 | baserCMS plugin Mail vulnerable to cross-site scripting | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000172 | baserCMS vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:36+09:00 |
| jvndb-2016-000171 | ManageEngine ServiceDesk Plus uses an insecure method for cookie generation | 2016-09-29T14:39+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000170 | ManageEngine ServiceDesk Plus fails to restrict access permissions | 2016-09-29T14:39+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000169 | ManageEngine ServiceDesk Plus vulnerable to cross-site scripting | 2016-09-29T14:39+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000167 | Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting | 2016-09-23T14:15+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000161 | Money Forward Apps for Android vulnerability that allows unintended operations | 2016-09-20T15:19+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2016-000160 | Money Forward Apps for Android vulnerable in the WebView class | 2016-09-20T15:19+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2016-000166 | Trend Micro Internet Security vulnerability where files may be excluded as scan targets | 2016-09-16T14:31+09:00 | 2016-09-16T14:31+09:00 |
| jvndb-2016-000165 | Splunk Enterprise and Splunk Light vulnerable to cross-site scripting | 2016-09-16T14:17+09:00 | 2018-01-24T11:53+09:00 |
| jvndb-2016-000164 | Splunk Enterprise and Splunk Light vulnerable to open redirect | 2016-09-16T14:16+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2016-000163 | Splunk Enterprise and Splunk Light vulnerable to open redirect | 2016-09-16T14:08+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2016-000162 | Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting | 2016-09-16T13:56+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2016-000159 | H2O use of externally-controlled format string | 2016-09-15T14:26+09:00 | 2017-11-27T17:23+09:00 |
| jvndb-2016-000158 | Zend Framework vulnerable to SQL injection | 2016-09-15T14:11+09:00 | 2017-03-16T14:15+09:00 |
| jvndb-2016-000157 | CS-Cart add-on "Twigmo" vulnerable to PHP object injection | 2016-09-14T15:00+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000156 | ADOdb vulnerable to cross-site scripting | 2016-09-06T13:45+09:00 | 2017-11-27T16:43+09:00 |
| jvndb-2016-004496 | Information Disclosure Vulnerability in Hitachi Automation Director and JP1/Automatic Operation | 2016-09-02T16:09+09:00 | 2016-09-30T09:47+09:00 |
| jvndb-2016-000154 | Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection | 2016-08-31T15:33+09:00 | 2016-09-05T17:56+09:00 |
| jvndb-2016-000153 | LINE for Windows fails to properly verify downloaded files | 2016-08-25T14:26+09:00 | 2017-05-23T14:28+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-1029 | Vulnérabilité dans Traefik | 2024-11-29T00:00:00.000000 | 2024-11-29T00:00:00.000000 |
| certfr-2024-avi-1028 | Multiples vulnérabilités dans Zabbix | 2024-11-29T00:00:00.000000 | 2024-11-29T00:00:00.000000 |
| certfr-2024-avi-1027 | Multiples vulnérabilités dans VMware Aria Operations | 2024-11-29T00:00:00.000000 | 2024-11-29T00:00:00.000000 |
| certfr-2024-avi-1026 | Multiples vulnérabilités dans les produits Synology | 2024-11-28T00:00:00.000000 | 2025-12-08T00:00:00.000000 |
| certfr-2024-avi-1025 | Multiples vulnérabilités dans les produits Mozilla | 2024-11-27T00:00:00.000000 | 2024-11-27T00:00:00.000000 |
| certfr-2024-avi-1024 | Multiples vulnérabilités dans les produits Microsoft | 2024-11-27T00:00:00.000000 | 2024-11-27T00:00:00.000000 |
| certfr-2024-avi-1023 | Vulnérabilité dans Microsoft Azure | 2024-11-27T00:00:00.000000 | 2024-11-27T00:00:00.000000 |
| certfr-2024-avi-1022 | Multiples vulnérabilités dans les produits Splunk | 2024-11-27T00:00:00.000000 | 2024-11-27T00:00:00.000000 |
| certfr-2024-avi-1021 | Multiples vulnérabilités dans GitLab | 2024-11-27T00:00:00.000000 | 2024-11-27T00:00:00.000000 |
| certfr-2024-avi-1020 | Vulnérabilité dans Palo Alto Networks GlobalProtect App | 2024-11-26T00:00:00.000000 | 2024-11-26T00:00:00.000000 |
| certfr-2024-avi-1019 | Multiples vulnérabilités dans Netgate pfSense | 2024-11-26T00:00:00.000000 | 2024-11-26T00:00:00.000000 |
| certfr-2024-avi-1018 | Multiples vulnérabilités dans les produits Qnap | 2024-11-25T00:00:00.000000 | 2024-11-25T00:00:00.000000 |
| certfr-2024-avi-1017 | Multiples vulnérabilités dans Centreon Central server | 2024-11-25T00:00:00.000000 | 2024-11-25T00:00:00.000000 |
| certfr-2024-avi-1016 | Vulnérabilité dans NetApp Brocade SAN Navigator | 2024-11-25T00:00:00.000000 | 2024-11-25T00:00:00.000000 |
| certfr-2024-avi-1015 | Multiples vulnérabilités dans les produits IBM | 2024-11-22T00:00:00.000000 | 2024-11-22T00:00:00.000000 |
| certfr-2024-avi-1014 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-11-22T00:00:00.000000 | 2024-11-22T00:00:00.000000 |
| certfr-2024-avi-1013 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-11-22T00:00:00.000000 | 2024-11-22T00:00:00.000000 |
| certfr-2024-avi-1012 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-11-22T00:00:00.000000 | 2024-11-22T00:00:00.000000 |
| certfr-2024-avi-1011 | Vulnérabilité dans Centreon Web | 2024-11-22T00:00:00.000000 | 2024-11-22T00:00:00.000000 |
| certfr-2024-avi-1010 | Multiples vulnérabilités dans Microsoft Edge | 2024-11-22T00:00:00.000000 | 2024-11-22T00:00:00.000000 |
| certfr-2024-avi-1009 | Multiples vulnérabilités dans Drupal | 2024-11-21T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-avi-1008 | Multiples vulnérabilités dans Wireshark | 2024-11-21T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-avi-1007 | Multiples vulnérabilités dans PHP | 2024-11-21T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-avi-1006 | Multiples vulnérabilités dans les produits Atlassian | 2024-11-20T00:00:00.000000 | 2024-11-20T00:00:00.000000 |
| certfr-2024-avi-1005 | Multiples vulnérabilités dans les produits Spring | 2024-11-20T00:00:00.000000 | 2024-11-20T00:00:00.000000 |
| certfr-2024-avi-1004 | Multiples vulnérabilités dans les produits Apple | 2024-11-20T00:00:00.000000 | 2024-11-20T00:00:00.000000 |
| certfr-2024-avi-1003 | Vulnérabilité dans Google Chrome | 2024-11-20T00:00:00.000000 | 2024-11-20T00:00:00.000000 |
| certfr-2024-avi-1002 | Vulnérabilité dans les produits Trend Micro | 2024-11-19T00:00:00.000000 | 2024-11-19T00:00:00.000000 |
| certfr-2024-avi-1001 | Vulnérabilité dans les produits Palo Alto Networks | 2024-11-19T00:00:00.000000 | 2024-11-19T00:00:00.000000 |
| certfr-2024-avi-1000 | Multiples vulnérabilités dans Apache Tomcat | 2024-11-18T00:00:00.000000 | 2024-11-18T00:00:00.000000 |