Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-5358 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:23.178Z | 2026-04-20T20:37:23.178Z |
| cve-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SS… |
InternLM |
lmdeploy |
2026-04-20T20:29:19.558Z | 2026-04-20T20:29:19.558Z | |
| cve-2026-4852 | Image Source Control Lite – Show Image Credits and Cap… |
webzunft |
Image Source Control Lite – Show Image Credits and Captions |
2026-04-20T20:26:53.256Z | 2026-04-21T13:53:14.507Z | |
| cve-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Lea… |
roxy-wi |
roxy-wi |
2026-04-20T20:26:52.217Z | 2026-04-20T20:26:52.217Z | |
| cve-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Rea… |
roxy-wi |
roxy-wi |
2026-04-20T20:24:15.319Z | 2026-04-21T13:42:19.802Z | |
| cve-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking … |
0xJacky |
nginx-ui |
2026-04-20T20:16:47.597Z | 2026-04-21T13:36:46.510Z | |
| cve-2026-33031 | Nginx-UI: Disabled users retain full API access throug… |
0xJacky |
nginx-ui |
2026-04-20T20:12:07.905Z | 2026-04-21T13:35:20.144Z | |
| cve-2026-32613 | Spinnaker vulnerable to RCE via expression parsing due… |
spinnaker |
spinnaker |
2026-04-20T20:07:24.697Z | 2026-04-20T20:08:54.702Z | |
| cve-2026-32604 | Spinnaker vulnerable to RCE when using gitrepo artifac… |
spinnaker |
spinnaker |
2026-04-20T20:00:57.517Z | 2026-04-20T20:07:31.157Z | |
| cve-2026-6249 | 8.7 (v4.0) 8.8 (v3.1) | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload |
Vvveb |
Vvveb CMS |
2026-04-20T19:57:37.655Z | 2026-04-21T13:43:17.635Z |
| cve-2026-32311 | Command Injection and Docker container escape allows r… |
reconurge |
flowsint |
2026-04-20T19:56:32.521Z | 2026-04-21T13:44:08.776Z | |
| cve-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary Fil… |
wpeverest |
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder |
2026-04-20T19:27:08.159Z | 2026-04-21T13:33:57.569Z | |
| cve-2026-32135 | NanoMQ has Heap Buffer Overflow in URI Parameter Parsing |
nanomq |
nanomq |
2026-04-20T19:23:09.704Z | 2026-04-21T13:33:14.607Z | |
| cve-2026-6550 | 4.7 (v3.1) 5.7 (v4.0) | Key commitment policy bypass via shared key cache in A… |
AWS |
AWS Encryption SDK for Python |
2026-04-20T19:20:23.383Z | 2026-04-20T19:44:11.685Z |
| cve-2026-6257 | 9.2 (v4.0) 9.1 (v3.1) | Vvveb CMS v1.0.8 Remote Code Execution via Media Management |
Vvveb |
Vvveb CMS |
2026-04-20T19:09:45.927Z | 2026-04-20T19:09:45.927Z |
| cve-2026-6248 | wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Ar… |
tomdever |
wpForo Forum |
2026-04-20T18:31:33.290Z | 2026-04-20T18:31:33.290Z | |
| cve-2026-6060 | 4.5 (v3.1) | Possible DoS via SQL Box |
OTRS AG |
OTRS |
2026-04-20T18:20:01.664Z | 2026-04-20T18:48:48.185Z |
| cve-2026-41389 | 6.3 (v4.0) 5.8 (v3.1) | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read vi… |
OpenClaw |
OpenClaw |
2026-04-20T17:48:43.704Z | 2026-04-20T18:05:03.103Z |
| cve-2026-23753 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:59.134Z | 2026-04-21T13:31:13.580Z |
| cve-2026-23752 | 4.8 (v4.0) 4.8 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:33:23.424Z | 2026-04-20T18:09:59.603Z |
| cve-2026-23756 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter St… |
GFI Software |
HelpDesk |
2026-04-20T17:30:51.162Z | 2026-04-20T18:08:49.925Z |
| cve-2026-23758 | 5.1 (v4.0) 6.4 (v4.0) | GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter |
GFI Software |
HelpDesk |
2026-04-20T17:30:06.853Z | 2026-04-20T17:45:55.788Z |
| cve-2026-23757 | 5.1 (v4.0) 5.4 (v3.1) | GFI HelpDesk < 4.99.10 Stored XSS via Reports Module |
GFI Software |
HelpDesk |
2026-04-20T17:27:56.067Z | 2026-04-20T18:07:01.630Z |
| cve-2026-6662 | ericc-ch copilot-api Token Endpoint server.ts cors cro… |
ericc-ch |
copilot-api |
2026-04-20T17:00:17.800Z | 2026-04-20T18:09:27.691Z | |
| cve-2026-35154 | 6.3 (v3.1) | Dell PowerProtect Data Domain appliances, version… |
Dell |
PowerProtect Data Domain appliances |
2026-04-20T16:50:56.856Z | 2026-04-20T18:08:44.096Z |
| cve-2026-26951 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:44:49.612Z | 2026-04-20T17:45:10.071Z |
| cve-2026-22761 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:39:40.268Z | 2026-04-20T18:00:41.131Z |
| cve-2026-26942 | 6.7 (v3.1) | Dell PowerProtect Data Domain, versions 8.5 throu… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:34:43.219Z | 2026-04-21T13:30:05.534Z |
| cve-2026-26943 | 7.2 (v3.1) | Dell PowerProtect Data Domain, versions 7.7.1.0 t… |
Dell |
PowerProtect Data Domain |
2026-04-20T16:28:53.110Z | 2026-04-20T16:55:16.949Z |
| cve-2026-28684 | python-dotenv: Symlink following in set_key allows arb… |
theskumar |
python-dotenv |
2026-04-20T16:25:12.302Z | 2026-04-20T17:43:09.477Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2025-000103 | Use of password hash with insufficient computational effort vulnerability in BUFFALO Wi-Fi router "WSR-1800AX4 series" | 2025-11-07T15:39+09:00 | 2025-11-07T15:39+09:00 |
| jvndb-2025-000102 | CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to OS command injection | 2025-11-07T14:55+09:00 | 2025-11-07T14:55+09:00 |
| jvndb-2025-000101 | GROWI vulnerable to stored cross-site scripting | 2025-11-06T13:45+09:00 | 2025-11-06T13:45+09:00 |
| jvndb-2025-017972 | Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series | 2025-11-04T16:37+09:00 | 2025-11-04T16:37+09:00 |
| jvndb-2025-000100 | Multiple Roboticsware products register Windows services with unquoted file paths | 2025-11-04T14:17+09:00 | 2025-11-04T14:17+09:00 |
| jvndb-2025-000098 | Optical Disc Archive Software (for Windows) registers a Windows service with an unquoted file path | 2025-11-04T13:51+09:00 | 2025-11-04T13:51+09:00 |
| jvndb-2025-000099 | Progress Flowmon vulnerable to authenticated OS command injection | 2025-11-04T12:47+09:00 | 2025-11-04T12:47+09:00 |
| jvndb-2025-000096 | Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries | 2025-10-29T14:17+09:00 | 2025-10-29T14:17+09:00 |
| jvndb-2025-000095 | MZK-DP300N uses hard-coded credentials | 2025-10-28T14:04+09:00 | 2025-10-28T14:04+09:00 |
| jvndb-2025-000093 | Multiple stored cross-site scripting vulnerabilities in Pleasanter | 2025-10-24T15:11+09:00 | 2025-10-24T15:11+09:00 |
| jvndb-2025-000084 | GROWI vulnerable to cross-site scripting | 2025-10-22T15:44+09:00 | 2025-10-22T15:44+09:00 |
| jvndb-2025-000091 | Multiple I-O DATA NAS management applications register Windows services with unquoted file paths | 2025-10-22T15:04+09:00 | 2025-12-10T16:20+09:00 |
| jvndb-2025-000090 | Multiple stored cross-site scripting vulnerabilities in Movable Type | 2025-10-22T13:54+09:00 | 2025-10-22T13:54+09:00 |
| jvndb-2025-000088 | Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel | 2025-10-20T16:17+09:00 | 2025-10-22T10:06+09:00 |
| jvndb-2025-000092 | ETERNUS SF vulnerable to incorrect default permissions | 2025-10-20T14:20+09:00 | 2025-10-20T14:20+09:00 |
| jvndb-2025-000089 | Installer of AutoDownloader may insecurely load Dynamic Link Libraries | 2025-10-17T13:38+09:00 | 2025-10-17T13:38+09:00 |
| jvndb-2025-000074 | Multiple vulnerabilities in desknet's NEO | 2025-10-16T17:30+09:00 | 2025-10-16T17:30+09:00 |
| jvndb-2025-000076 | Multiple vulnerabilities in ChatLuck | 2025-10-16T17:17+09:00 | 2025-10-16T17:17+09:00 |
| jvndb-2025-000087 | Ruijie Networks RG-EST300 undocumented SSH functionality | 2025-10-16T14:19+09:00 | 2025-10-16T14:19+09:00 |
| jvndb-2025-016124 | Buffalo Wi-Fi router WXR9300BE6P series vulnerable to path traversal | 2025-10-16T11:16+09:00 | 2025-10-16T11:16+09:00 |
| jvndb-2025-000085 | Multiple RSUPPORT products may insecurely load Dynamic Link Libraries | 2025-10-15T15:55+09:00 | 2025-10-15T15:55+09:00 |
| jvndb-2025-000086 | Phoenix Contact CHARX SEC-3xxx vulnerable to code injection | 2025-10-15T15:54+09:00 | 2025-10-15T15:54+09:00 |
| jvndb-2025-000083 | BUFFALO NAS Navigator2 registers a Windows service with an unquoted file path | 2025-10-10T13:56+09:00 | 2025-10-10T13:56+09:00 |
| jvndb-2025-015451 | Multiple vulnerabilities in FUJI Electric V-SFT | 2025-10-09T13:39+09:00 | 2025-10-09T13:39+09:00 |
| jvndb-2025-000082 | The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries | 2025-10-06T15:38+09:00 | 2025-10-06T15:38+09:00 |
| jvndb-2025-015061 | Trend Micro Antivirus for Mac vulnerable to Local Privilege Escalation | 2025-10-06T13:52+09:00 | 2025-10-06T13:52+09:00 |
| jvndb-2025-014967 | Multiple vulnerabilities in multiple Keyence products | 2025-10-03T11:19+09:00 | 2025-12-23T14:36+09:00 |
| jvndb-2025-014793 | NIHON KOHDEN Central Monitor CNS-6201 vulnerable to NULL pointer dereference | 2025-10-01T11:35+09:00 | 2025-10-27T12:28+09:00 |
| jvndb-2025-014642 | Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers | 2025-09-30T11:50+09:00 | 2025-09-30T11:50+09:00 |
| jvndb-2025-000081 | DataSpider Servista improper restriction of XML external entity references | 2025-09-29T14:44+09:00 | 2025-10-07T16:54+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0343 | Vulnérabilité dans Spring Cloud Config | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0342 | Multiples vulnérabilités dans Google Chrome | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0341 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0340 | Multiples vulnérabilités dans Microsoft Edge | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0339 | Multiples vulnérabilités dans les produits VMware | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0338 | Vulnérabilité dans les produits Synology | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0337 | Multiples vulnérabilités dans les produits Citrix | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0336 | Multiples vulnérabilités dans les produits Qnap | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0335 | Vulnérabilité dans CPython | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0334 | Vulnérabilité dans les produits Microsoft | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0333 | Multiples vulnérabilités dans Traefik | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0332 | Vulnérabilité dans Oracle Identity Manager et Web Services Manager | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0331 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0330 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0329 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0328 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0327 | Multiples vulnérabilités dans les produits IBM | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0326 | Multiples vulnérabilités dans les produits VMware | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0325 | Multiples vulnérabilités dans les produits Elastic | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0324 | Multiples vulnérabilités dans Google Chrome | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0323 | Multiples vulnérabilités dans les produits Spring | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0322 | Multiples vulnérabilités dans les produits VMware | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0321 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0320 | Multiples vulnérabilités dans Roundcube | 2026-03-19T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0319 | Vulnérabilité dans les produits Mitel | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0318 | Multiples vulnérabilités dans Splunk Universal Forwarder | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0317 | Vulnérabilité dans Python | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0316 | Multiples vulnérabilités dans les produits VMware | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0315 | Multiples vulnérabilités dans les produits VMware | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0314 | Multiples vulnérabilités dans les produits Atlassian | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2019-ale-004 | Multiples vulnérabilités dans Microsoft Edge et Internet Explorer | 2019-04-01T00:00:00.000000 | 2019-04-17T00:00:00.000000 |
| certfr-2019-ale-003 | Campagnes de rançongiciels | 2019-01-31T00:00:00.000000 | 2019-06-20T00:00:00.000000 |
| certfr-2019-ale-002 | Vulnérabilités affectant l'écosystème Microsoft Exchange et Active Directory | 2019-01-30T00:00:00.000000 | 2019-03-06T00:00:00.000000 |
| certfr-2019-ale-001 | Vulnérabilité dans le gestionnaire de paquets APT | 2019-01-22T00:00:00.000000 | 2019-02-27T00:00:00.000000 |
| certfr-2018-ale-013 | Vulnérabilité dans Microsoft Internet Explorer | 2018-12-20T00:00:00.000000 | 2019-02-04T00:00:00.000000 |
| certfr-2018-ale-012 | Vulnérabilité dans Wallix AdminBastion | 2018-10-26T00:00:00.000000 | 2019-02-04T00:00:00.000000 |
| certfr-2018-ale-011 | Vulnérabilité dans le client Git | 2018-10-08T00:00:00.000000 | 2018-10-12T00:00:00.000000 |
| certfr-2018-ale-010 | Vulnérabilité activement exploitée dans le framework STRUTS 2 | 2018-08-29T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-ale-009 | Vulnérabilité dans Microsoft Windows | 2018-08-29T00:00:00.000000 | 2018-09-17T00:00:00.000000 |
| certfr-2018-ale-008 | Campagne de messages électroniques non sollicités de type Locky Locker | 2018-08-03T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-ale-007 | Multiples vulnérabilités dans S/MIME et OpenPGP | 2018-05-14T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-ale-006 | Vulnérabilité dans Cisco IOS et IOS XE Smart Install Client | 2018-04-06T00:00:00.000000 | 2018-07-30T00:00:00.000000 |
| certfr-2018-ale-005 | Multiples vulnérabilités dans Drupal | 2018-03-29T00:00:00.000000 | 2018-07-30T00:00:00.000000 |
| certfr-2018-ale-004 | Vulnérabilité dans le serveur de messagerie Exim | 2018-03-07T00:00:00.000000 | 2018-07-30T00:00:00.000000 |
| certfr-2018-ale-003 | Vulnérabilité dans Adobe Flash Player | 2018-02-02T00:00:00.000000 | 2018-02-07T00:00:00.000000 |
| certfr-2018-ale-002 | Vulnérabilité dans Cisco Adaptive Security Appliance | 2018-02-01T00:00:00.000000 | 2018-04-06T00:00:00.000000 |
| certfr-2018-ale-001 | Multiples vulnérabilités de fuite d'informations dans des processeurs | 2018-01-04T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2017-ale-020 | Vulnérabilité dans des implémentations de TLS | 2017-12-13T00:00:00.000000 | 2018-04-06T00:00:00.000000 |
| certfr-2017-ale-019 | Vulnérabilité d'usurpation d'identité dans plusieurs clients de messagerie | 2017-12-05T00:00:00.000000 | 2018-03-07T00:00:00.000000 |
| certfr-2017-ale-018 | Vulnérabilité dans Apple MacOS High Sierra | 2017-11-29T00:00:00.000000 | 2017-11-30T00:00:00.000000 |
| certfr-2017-ale-017 | Vulnérabilité dans le serveur de messagerie Exim | 2017-11-27T00:00:00.000000 | 2018-02-01T00:00:00.000000 |
| certfr-2017-ale-016 | Campagne de rançongiciel Bad Rabbit | 2017-10-25T00:00:00.000000 | 2017-10-27T00:00:00.000000 |
| certfr-2017-ale-014 | Vulnérabilité dans le protocole WPA/WPA2 | 2017-10-18T00:00:00.000000 | 2017-10-19T00:00:00.000000 |
| certfr-2017-ale-015 | Vulnérabilités dans la bibliothèque Infineon RSA | 2017-10-16T00:00:00.000000 | 2017-10-17T00:00:00.000000 |
| certfr-2017-ale-013 | Présence de code malveillant dans Piriform CCleaner | 2017-09-18T00:00:00.000000 | 2017-10-09T00:00:00.000000 |
| certfr-2017-ale-012 | Campagne de maliciels prenant l'apparence d'un rançongiciel à multiples capacités de propagation | 2017-06-27T00:00:00.000000 | 2017-08-03T00:00:00.000000 |
| certfr-2017-ale-011 | Campagne de messages électroniques non sollicités de type Jaff | 2017-05-14T00:00:00.000000 | 2017-06-27T00:00:00.000000 |
| certfr-2017-ale-010 | Propagation d'un rançongiciel exploitant les vulnérabilités MS17-010 | 2017-05-12T00:00:00.000000 | 2017-06-27T00:00:00.000000 |
| certfr-2017-ale-009 | Vulnérabilité dans Microsoft Malware Protection Engine | 2017-05-09T00:00:00.000000 | 2017-05-15T00:00:00.000000 |
| certfr-2017-ale-008 | Multiples vulnérabilités dans Microsoft Windows XP et Windows Server 2003 | 2017-04-14T00:00:00.000000 | 2017-09-06T00:00:00.000000 |