Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-48700 | N/A | An issue was discovered in Zimbra Collaboration (… |
n/a |
n/a |
2025-06-23T00:00:00.000Z | 2026-04-21T03:55:38.511Z |
| cve-2023-27351 | This vulnerability allows remote attackers to byp… |
PaperCut |
NG |
2023-04-20T00:00:00.000Z | 2026-04-21T03:55:37.286Z | |
| cve-2025-2749 | 7.2 (v3.1) | Kentico Xperience <= 13.0.178 Staging Media File Uploa… |
Kentico |
Xperience |
2025-03-24T18:18:07.228Z | 2026-04-21T03:55:36.051Z |
| cve-2026-20133 | Cisco Catalyst SD-WAN Manager Information Disclosure V… |
Cisco |
Cisco Catalyst SD-WAN Manager |
2026-02-25T16:13:56.017Z | 2026-04-21T03:55:34.599Z | |
| cve-2026-20122 | Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite… |
Cisco |
Cisco Catalyst SD-WAN Manager |
2026-02-25T16:14:21.256Z | 2026-04-21T03:55:33.255Z | |
| cve-2026-20128 | Cisco Catalyst SD-WAN Manager Information Disclosure V… |
Cisco |
Cisco Catalyst SD-WAN Manager |
2026-02-25T16:14:12.353Z | 2026-04-21T03:55:31.648Z | |
| cve-2024-27199 | 7.3 (v3.1) | In JetBrains TeamCity before 2023.11.4 path trave… |
JetBrains |
TeamCity |
2024-03-04T17:21:40.081Z | 2026-04-21T03:55:31.232Z |
| cve-2026-28463 | 8.6 (v4.0) 8.4 (v3.1) | OpenClaw < 2026.2.14 - Arbitrary File Read via Shell E… |
OpenClaw |
OpenClaw |
2026-03-05T21:59:39.605Z | 2026-04-21T02:43:28.827Z |
| cve-2025-40931 | N/A | Apache::Session::Generate::MD5 versions through 1.94 f… |
CHORNY |
Apache::Session::Generate::MD5 |
2026-03-05T01:41:09.588Z | 2026-04-21T02:42:43.047Z |
| cve-2025-40926 | N/A | Plack::Middleware::Session::Simple versions before 0.0… |
KAZEBURO |
Plack::Middleware::Session::Simple |
2026-03-05T01:24:34.151Z | 2026-04-21T02:42:17.296Z |
| cve-2025-70995 | N/A | An issue in Aranda Service Desk Web Edition (ASDK… |
n/a |
n/a |
2026-03-05T00:00:00.000Z | 2026-04-21T02:41:54.623Z |
| cve-2025-48645 | N/A | In loadDescription of DeviceAdminInfo.java, there… |
Google |
Android |
2026-03-02T18:42:25.869Z | 2026-04-21T02:41:36.807Z |
| cve-2025-48613 | N/A | In VBMeta, there is a possible way to modify and … |
Google |
Android |
2026-03-02T18:42:15.702Z | 2026-04-21T02:41:16.037Z |
| cve-2026-2791 | N/A | Mitigation bypass in the Networking: Cache component |
Mozilla |
Firefox |
2026-02-24T13:33:22.237Z | 2026-04-21T02:40:55.797Z |
| cve-2026-2788 | N/A | Incorrect boundary conditions in the Audio/Video: GMP … |
Mozilla |
Firefox |
2026-02-24T13:33:20.287Z | 2026-04-21T02:40:29.432Z |
| cve-2026-0924 | 7.3 (v4.0) | BuhoCleaner 1.15.2 - Local Privilege Escalation via PI… |
Dr.Buho |
BuhoCleaner |
2026-02-02T20:18:21.258Z | 2026-04-21T02:40:06.930Z |
| cve-2026-40250 | OpenEXR has integer overflow in DWA decoder outBufferE… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:33:00.212Z | 2026-04-21T01:33:00.212Z | |
| cve-2026-40244 | OpenEXR has integer overflow in DWA setupChannelData p… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:30:55.061Z | 2026-04-21T01:30:55.061Z | |
| cve-2026-39866 | Lawnchair vulnerable to Command Injection via unquoted… |
LawnchairLauncher |
lawnchair |
2026-04-21T01:19:47.510Z | 2026-04-21T01:19:47.510Z | |
| cve-2026-41282 | 4 (v3.1) | ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL… |
ProjectDiscovery |
Nuclei |
2026-04-20T07:10:30.246Z | 2026-04-21T00:59:19.998Z |
| cve-2026-40264 | OpenBao's Token Store Allows Cross-Namespace Renewal, … |
openbao |
openbao |
2026-04-21T00:47:38.156Z | 2026-04-21T00:47:38.156Z | |
| cve-2026-39396 | OpenBao has Decompression Bomb via Unbounded Copy in O… |
openbao |
openbao |
2026-04-21T00:44:53.943Z | 2026-04-21T00:44:53.943Z | |
| cve-2026-39388 | OpenBao's Certificate Authentication Allows Token Rene… |
openbao |
openbao |
2026-04-21T00:43:22.920Z | 2026-04-21T00:43:22.920Z | |
| cve-2026-39377 | nbconvert has an Arbitrary File Write via Path Travers… |
jupyter |
nbconvert |
2026-04-21T00:14:59.937Z | 2026-04-21T00:14:59.937Z | |
| cve-2026-39320 | Signal K Server has an Unauthenticated Regular Express… |
SignalK |
signalk-server |
2026-04-21T00:07:10.371Z | 2026-04-21T00:07:10.371Z | |
| cve-2026-35570 | OpenClaude has Sandbox Bypass via Early-Exit Logic Fla… |
Gitlawb |
openclaude |
2026-04-20T23:24:08.324Z | 2026-04-20T23:24:08.324Z | |
| cve-2026-34839 | Glances Vulnerable to Cross-Origin Information Disclos… |
nicolargo |
glances |
2026-04-20T23:09:02.551Z | 2026-04-20T23:09:02.551Z | |
| cve-2026-41331 | 6.9 (v4.0) 5.3 (v3.1) | OpenClaw < 2026.3.31 - Resource Consumption via Unauth… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:17.653Z | 2026-04-20T23:08:17.653Z |
| cve-2026-41329 | 9 (v4.0) 9.9 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Co… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:16.222Z | 2026-04-20T23:08:16.222Z |
| cve-2026-41302 | 4.8 (v4.0) 7.6 (v3.1) | OpenClaw < 2026.3.31 - Server-Side Request Forgery via… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:14.782Z | 2026-04-20T23:08:14.782Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2025-000108 | "FOD" App uses hard-coded cryptographic keys | 2025-11-25T14:15+09:00 | 2025-11-25T14:15+09:00 |
| jvndb-2025-000106 | Multiple vulnerabilities in LogStare Collector | 2025-11-21T16:27+09:00 | 2025-11-21T16:27+09:00 |
| jvndb-2025-000107 | Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries | 2025-11-19T16:22+09:00 | 2025-11-19T16:22+09:00 |
| jvndb-2025-000097 | "Dejira" App for iOS vulnerable to improper server certificate verification | 2025-11-17T14:09+09:00 | 2025-11-17T14:09+09:00 |
| jvndb-2025-000105 | NCP-HG100 vulnerable to OS command injection | 2025-11-14T15:26+09:00 | 2025-11-14T15:26+09:00 |
| jvndb-2025-000104 | Multiple vulnerabilities in GNU Libmicrohttpd | 2025-11-10T15:07+09:00 | 2025-11-10T15:07+09:00 |
| jvndb-2025-000103 | Use of password hash with insufficient computational effort vulnerability in BUFFALO Wi-Fi router "WSR-1800AX4 series" | 2025-11-07T15:39+09:00 | 2025-11-07T15:39+09:00 |
| jvndb-2025-000102 | CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to OS command injection | 2025-11-07T14:55+09:00 | 2025-11-07T14:55+09:00 |
| jvndb-2025-000101 | GROWI vulnerable to stored cross-site scripting | 2025-11-06T13:45+09:00 | 2025-11-06T13:45+09:00 |
| jvndb-2024-013260 | Multiple vulnerabilities in Edgecross Basic Software for Windows | 2024-11-22T10:59+09:00 | 2025-11-04T16:41+09:00 |
| jvndb-2025-017972 | Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series | 2025-11-04T16:37+09:00 | 2025-11-04T16:37+09:00 |
| jvndb-2025-000100 | Multiple Roboticsware products register Windows services with unquoted file paths | 2025-11-04T14:17+09:00 | 2025-11-04T14:17+09:00 |
| jvndb-2025-000098 | Optical Disc Archive Software (for Windows) registers a Windows service with an unquoted file path | 2025-11-04T13:51+09:00 | 2025-11-04T13:51+09:00 |
| jvndb-2025-000099 | Progress Flowmon vulnerable to authenticated OS command injection | 2025-11-04T12:47+09:00 | 2025-11-04T12:47+09:00 |
| jvndb-2025-000096 | Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries | 2025-10-29T14:17+09:00 | 2025-10-29T14:17+09:00 |
| jvndb-2025-000095 | MZK-DP300N uses hard-coded credentials | 2025-10-28T14:04+09:00 | 2025-10-28T14:04+09:00 |
| jvndb-2025-014793 | NIHON KOHDEN Central Monitor CNS-6201 vulnerable to NULL pointer dereference | 2025-10-01T11:35+09:00 | 2025-10-27T12:28+09:00 |
| jvndb-2025-000093 | Multiple stored cross-site scripting vulnerabilities in Pleasanter | 2025-10-24T15:11+09:00 | 2025-10-24T15:11+09:00 |
| jvndb-2025-000084 | GROWI vulnerable to cross-site scripting | 2025-10-22T15:44+09:00 | 2025-10-22T15:44+09:00 |
| jvndb-2025-000090 | Multiple stored cross-site scripting vulnerabilities in Movable Type | 2025-10-22T13:54+09:00 | 2025-10-22T13:54+09:00 |
| jvndb-2025-000088 | Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel | 2025-10-20T16:17+09:00 | 2025-10-22T10:06+09:00 |
| jvndb-2025-000092 | ETERNUS SF vulnerable to incorrect default permissions | 2025-10-20T14:20+09:00 | 2025-10-20T14:20+09:00 |
| jvndb-2025-000089 | Installer of AutoDownloader may insecurely load Dynamic Link Libraries | 2025-10-17T13:38+09:00 | 2025-10-17T13:38+09:00 |
| jvndb-2025-000074 | Multiple vulnerabilities in desknet's NEO | 2025-10-16T17:30+09:00 | 2025-10-16T17:30+09:00 |
| jvndb-2025-000076 | Multiple vulnerabilities in ChatLuck | 2025-10-16T17:17+09:00 | 2025-10-16T17:17+09:00 |
| jvndb-2025-000087 | Ruijie Networks RG-EST300 undocumented SSH functionality | 2025-10-16T14:19+09:00 | 2025-10-16T14:19+09:00 |
| jvndb-2025-016124 | Buffalo Wi-Fi router WXR9300BE6P series vulnerable to path traversal | 2025-10-16T11:16+09:00 | 2025-10-16T11:16+09:00 |
| jvndb-2025-000085 | Multiple RSUPPORT products may insecurely load Dynamic Link Libraries | 2025-10-15T15:55+09:00 | 2025-10-15T15:55+09:00 |
| jvndb-2025-000086 | Phoenix Contact CHARX SEC-3xxx vulnerable to code injection | 2025-10-15T15:54+09:00 | 2025-10-15T15:54+09:00 |
| jvndb-2025-000083 | BUFFALO NAS Navigator2 registers a Windows service with an unquoted file path | 2025-10-10T13:56+09:00 | 2025-10-10T13:56+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0348 | Vulnérabilité dans Trend Micro Deep Discovery Inspector | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0347 | Vulnérabilité dans Xen | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0346 | Vulnérabilité dans VMware Tanzu pour Postgres | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0345 | Vulnérabilité dans LibreNMS | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0344 | Vulnérabilité dans strongSwan | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0343 | Vulnérabilité dans Spring Cloud Config | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0342 | Multiples vulnérabilités dans Google Chrome | 2026-03-24T00:00:00.000000 | 2026-03-24T00:00:00.000000 |
| certfr-2026-avi-0341 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0340 | Multiples vulnérabilités dans Microsoft Edge | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0339 | Multiples vulnérabilités dans les produits VMware | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0338 | Vulnérabilité dans les produits Synology | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0337 | Multiples vulnérabilités dans les produits Citrix | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0336 | Multiples vulnérabilités dans les produits Qnap | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0335 | Vulnérabilité dans CPython | 2026-03-23T00:00:00.000000 | 2026-03-23T00:00:00.000000 |
| certfr-2026-avi-0334 | Vulnérabilité dans les produits Microsoft | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0333 | Multiples vulnérabilités dans Traefik | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0332 | Vulnérabilité dans Oracle Identity Manager et Web Services Manager | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0331 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0330 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0329 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0328 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0327 | Multiples vulnérabilités dans les produits IBM | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0326 | Multiples vulnérabilités dans les produits VMware | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0325 | Multiples vulnérabilités dans les produits Elastic | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0324 | Multiples vulnérabilités dans Google Chrome | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0323 | Multiples vulnérabilités dans les produits Spring | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0322 | Multiples vulnérabilités dans les produits VMware | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-avi-0321 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0319 | Vulnérabilité dans les produits Mitel | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0318 | Multiples vulnérabilités dans Splunk Universal Forwarder | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2019-ale-003 | Campagnes de rançongiciels | 2019-01-31T00:00:00.000000 | 2019-06-20T00:00:00.000000 |
| certfr-2019-ale-004 | Multiples vulnérabilités dans Microsoft Edge et Internet Explorer | 2019-04-01T00:00:00.000000 | 2019-04-17T00:00:00.000000 |
| certfr-2019-ale-002 | Vulnérabilités affectant l'écosystème Microsoft Exchange et Active Directory | 2019-01-30T00:00:00.000000 | 2019-03-06T00:00:00.000000 |
| certfr-2019-ale-001 | Vulnérabilité dans le gestionnaire de paquets APT | 2019-01-22T00:00:00.000000 | 2019-02-27T00:00:00.000000 |
| certfr-2018-ale-013 | Vulnérabilité dans Microsoft Internet Explorer | 2018-12-20T00:00:00.000000 | 2019-02-04T00:00:00.000000 |
| certfr-2018-ale-012 | Vulnérabilité dans Wallix AdminBastion | 2018-10-26T00:00:00.000000 | 2019-02-04T00:00:00.000000 |
| certfr-2018-ale-011 | Vulnérabilité dans le client Git | 2018-10-08T00:00:00.000000 | 2018-10-12T00:00:00.000000 |
| certfr-2018-ale-010 | Vulnérabilité activement exploitée dans le framework STRUTS 2 | 2018-08-29T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-ale-008 | Campagne de messages électroniques non sollicités de type Locky Locker | 2018-08-03T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-ale-007 | Multiples vulnérabilités dans S/MIME et OpenPGP | 2018-05-14T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-ale-001 | Multiples vulnérabilités de fuite d'informations dans des processeurs | 2018-01-04T00:00:00.000000 | 2018-10-10T00:00:00.000000 |
| certfr-2018-ale-009 | Vulnérabilité dans Microsoft Windows | 2018-08-29T00:00:00.000000 | 2018-09-17T00:00:00.000000 |
| certfr-2018-ale-006 | Vulnérabilité dans Cisco IOS et IOS XE Smart Install Client | 2018-04-06T00:00:00.000000 | 2018-07-30T00:00:00.000000 |
| certfr-2018-ale-005 | Multiples vulnérabilités dans Drupal | 2018-03-29T00:00:00.000000 | 2018-07-30T00:00:00.000000 |
| certfr-2018-ale-004 | Vulnérabilité dans le serveur de messagerie Exim | 2018-03-07T00:00:00.000000 | 2018-07-30T00:00:00.000000 |
| certfr-2018-ale-002 | Vulnérabilité dans Cisco Adaptive Security Appliance | 2018-02-01T00:00:00.000000 | 2018-04-06T00:00:00.000000 |
| certfr-2017-ale-020 | Vulnérabilité dans des implémentations de TLS | 2017-12-13T00:00:00.000000 | 2018-04-06T00:00:00.000000 |
| certfr-2017-ale-019 | Vulnérabilité d'usurpation d'identité dans plusieurs clients de messagerie | 2017-12-05T00:00:00.000000 | 2018-03-07T00:00:00.000000 |
| certfr-2018-ale-003 | Vulnérabilité dans Adobe Flash Player | 2018-02-02T00:00:00.000000 | 2018-02-07T00:00:00.000000 |
| certfr-2017-ale-017 | Vulnérabilité dans le serveur de messagerie Exim | 2017-11-27T00:00:00.000000 | 2018-02-01T00:00:00.000000 |
| certfr-2017-ale-018 | Vulnérabilité dans Apple MacOS High Sierra | 2017-11-29T00:00:00.000000 | 2017-11-30T00:00:00.000000 |
| certfr-2017-ale-016 | Campagne de rançongiciel Bad Rabbit | 2017-10-25T00:00:00.000000 | 2017-10-27T00:00:00.000000 |
| certfr-2017-ale-014 | Vulnérabilité dans le protocole WPA/WPA2 | 2017-10-18T00:00:00.000000 | 2017-10-19T00:00:00.000000 |
| certfr-2017-ale-015 | Vulnérabilités dans la bibliothèque Infineon RSA | 2017-10-16T00:00:00.000000 | 2017-10-17T00:00:00.000000 |
| certfr-2017-ale-013 | Présence de code malveillant dans Piriform CCleaner | 2017-09-18T00:00:00.000000 | 2017-10-09T00:00:00.000000 |
| certfr-2017-ale-008 | Multiples vulnérabilités dans Microsoft Windows XP et Windows Server 2003 | 2017-04-14T00:00:00.000000 | 2017-09-06T00:00:00.000000 |
| certfr-2017-ale-012 | Campagne de maliciels prenant l'apparence d'un rançongiciel à multiples capacités de propagation | 2017-06-27T00:00:00.000000 | 2017-08-03T00:00:00.000000 |
| certfr-2017-ale-011 | Campagne de messages électroniques non sollicités de type Jaff | 2017-05-14T00:00:00.000000 | 2017-06-27T00:00:00.000000 |
| certfr-2017-ale-010 | Propagation d'un rançongiciel exploitant les vulnérabilités MS17-010 | 2017-05-12T00:00:00.000000 | 2017-06-27T00:00:00.000000 |
| certfr-2017-ale-009 | Vulnérabilité dans Microsoft Malware Protection Engine | 2017-05-09T00:00:00.000000 | 2017-05-15T00:00:00.000000 |