Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-30625 | N/A | Upsonic 0.71.6 contains a remote code execution v… |
n/a |
n/a |
2026-04-15T00:00:00.000Z | 2026-04-16T13:55:52.158Z |
| cve-2022-27782 | N/A | libcurl would reuse a previously created connecti… |
n/a |
https://github.com/curl/curl |
2022-06-01T00:00:00.000Z | 2026-04-16T13:55:26.270Z |
| cve-2026-0820 | RepairBuddy <= 4.1116 - Insecure Direct Object Referen… |
sweetdaisy86 |
RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress |
2026-01-17T03:24:23.562Z | 2026-04-16T13:54:59.241Z | |
| cve-2026-33021 | libsixel: Use-after-free in sixel_encoder_encode_bytes() |
saitoha |
libsixel |
2026-04-14T21:57:22.817Z | 2026-04-16T13:54:36.177Z | |
| cve-2021-22946 | N/A | A user can tell curl >= 7.20.0 and <= 7.78.0 to r… |
n/a |
https://github.com/curl/curl |
2021-09-29T00:00:00.000Z | 2026-04-16T13:53:47.481Z |
| cve-2026-33018 | libsixel: Use-After-Free in load_gif() |
saitoha |
libsixel |
2026-04-14T21:45:42.261Z | 2026-04-16T13:53:25.060Z | |
| cve-2026-0745 | User Language Switch <= 1.6.10 - Authenticated (Admini… |
webilop |
User Language Switch |
2026-02-14T06:42:27.887Z | 2026-04-16T13:53:08.235Z | |
| cve-2026-6364 | N/A | Out of bounds read in Skia in Google Chrome prior… |
Google |
Chrome |
2026-04-15T19:04:59.385Z | 2026-04-16T13:53:06.236Z |
| cve-2025-61662 | 7.8 (v3.1) | Grub2: missing unregister call for gettext command may… |
GNU |
grub2 |
2025-11-18T18:20:48.351Z | 2026-04-16T13:52:15.542Z |
| cve-2023-3634 | 8.8 (v3.1) | Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation … |
Festo |
MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD |
2026-04-16T04:40:29.960Z | 2026-04-16T13:51:55.114Z |
| cve-2026-33193 | Docmost vulnerable to stored XSS via MIME type spoofing |
docmost |
docmost |
2026-04-14T21:39:45.500Z | 2026-04-16T13:51:42.724Z | |
| cve-2026-39906 | 7 (v4.0) | Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage … |
Unisys |
WebPerfect Image Suite |
2026-04-14T21:21:21.739Z | 2026-04-16T13:50:58.130Z |
| cve-2026-34161 | Chamilo LMS: Stored XSS via Malicious File Upload in S… |
chamilo |
chamilo-lms |
2026-04-14T21:12:48.128Z | 2026-04-16T13:49:26.172Z | |
| cve-2026-6414 | 5.9 (v3.1) | @fastify/static vulnerable to route guard bypass via e… |
@fastify/static |
@fastify/static |
2026-04-16T13:09:03.526Z | 2026-04-16T13:48:52.393Z |
| cve-2026-25133 | October CMS has Stored XSS via SVG Filter Bypass |
octobercms |
october |
2026-04-14T20:47:49.474Z | 2026-04-16T13:47:42.800Z | |
| cve-2025-6586 | Download Plugin <= 2.2.8 - Authenticated (Administrato… |
metagauss |
Download Plugin |
2025-07-04T01:44:03.464Z | 2026-04-16T13:47:19.725Z | |
| cve-2016-8623 | A flaw was found in curl before version 7.51.0. T… |
The Curl Project |
curl |
2018-08-01T06:00:00.000Z | 2026-04-16T13:46:49.510Z | |
| cve-2026-24906 | October CMS has Stored XSS in its Backend Editor Marku… |
octobercms |
october |
2026-04-14T17:23:20.461Z | 2026-04-16T13:46:05.447Z | |
| cve-2026-34940 | KubeAI has an OS Command Injection via Model URL in Ol… |
kubeai-project |
kubeai |
2026-04-06T15:49:06.918Z | 2026-04-16T13:45:47.027Z | |
| cve-2017-1000101 | N/A | curl supports "globbing" of URLs, in which a user… |
n/a |
n/a |
2017-10-04T01:00:00.000Z | 2026-04-16T13:45:37.458Z |
| cve-2026-40504 | 9.3 (v4.0) 9.8 (v3.1) | Creolabs Gravity < 0.9.6 Heap Buffer Overflow via grav… |
marcobambini |
gravity |
2026-04-16T01:10:27.364Z | 2026-04-16T13:45:35.255Z |
| cve-2017-7407 | N/A | The ourWriteOut function in tool_writeout.c in cu… |
n/a |
n/a |
2017-04-03T20:00:00.000Z | 2026-04-16T13:44:39.758Z |
| cve-2026-3878 | WP Docs <= 2.2.9 - Authenticated (Subscriber+) Stored … |
fahadmahmood |
WP Docs |
2026-04-16T03:36:36.430Z | 2026-04-16T13:44:27.331Z | |
| cve-2026-3581 | Basic Google Maps Placemarks <= 1.10.7 - Missing Autho… |
iandunn |
Basic Google Maps Placemarks |
2026-04-16T05:29:55.137Z | 2026-04-16T13:44:00.613Z | |
| cve-2026-6349 | 10 (v4.0) | HGiga|iSherlock - OS Command Injection |
HGiga |
iSherlock-base-4.5 |
2026-04-16T02:24:45.258Z | 2026-04-16T13:43:07.281Z |
| cve-2026-40503 | 7.1 (v4.0) 6.5 (v3.1) | OpenHarness Path Traversal Information Disclosure via … |
HKUDS |
OpenHarness |
2026-04-16T00:08:09.535Z | 2026-04-16T13:42:38.789Z |
| cve-2026-3299 | WP YouTube Lyte <= 1.7.29 - Authenticated (Contributor… |
futtta |
WP YouTube Lyte |
2026-04-16T01:24:34.807Z | 2026-04-16T13:42:32.504Z | |
| cve-2026-3551 | Custom New User Notification <= 1.2.0 - Authenticated … |
rafasashi |
Custom New User Notification |
2026-04-16T05:29:53.185Z | 2026-04-16T13:42:26.444Z | |
| cve-2026-5050 | Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0… |
jconti |
Payment Gateway for Redsys & WooCommerce Lite |
2026-04-16T05:29:53.590Z | 2026-04-16T13:42:20.364Z | |
| cve-2026-3614 | AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to … |
acyba |
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress |
2026-04-16T05:29:54.350Z | 2026-04-16T13:42:14.595Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2016-000134 | Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery | 2016-08-08T12:28+09:00 | 2016-10-24T18:27+09:00 |
| jvndb-2007-000226 | BASP21 vulnerable to mail header injection | 2008-05-21T00:00+09:00 | 2016-10-13T14:45+09:00 |
| jvndb-2016-000195 | Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS) | 2016-10-07T14:11+09:00 | 2016-10-07T14:11+09:00 |
| jvndb-2016-004496 | Information Disclosure Vulnerability in Hitachi Automation Director and JP1/Automatic Operation | 2016-09-02T16:09+09:00 | 2016-09-30T09:47+09:00 |
| jvndb-2016-000166 | Trend Micro Internet Security vulnerability where files may be excluded as scan targets | 2016-09-16T14:31+09:00 | 2016-09-16T14:31+09:00 |
| jvndb-2016-003527 | Information Disclosure Vulnerability in Hitachi Command Suite | 2016-08-02T13:50+09:00 | 2016-09-14T18:18+09:00 |
| jvndb-2016-001472 | Remote File Inclusion Vulnerability in Hitachi Command Suite | 2016-02-25T16:09+09:00 | 2016-09-14T18:18+09:00 |
| jvndb-2015-006130 | Vulnerability in JP1/Automatic Job Management System 3 | 2015-12-17T16:19+09:00 | 2016-09-14T18:18+09:00 |
| jvndb-2011-001632 | Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol | 2011-06-29T17:55+09:00 | 2016-09-08T17:05+09:00 |
| jvndb-2016-000154 | Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection | 2016-08-31T15:33+09:00 | 2016-09-05T17:56+09:00 |
| jvndb-2016-000152 | simple chat vulnerable to cross-site scripting | 2016-08-23T13:37+09:00 | 2016-09-05T17:45+09:00 |
| jvndb-2016-000140 | ClipBucket vulnerable to cross-site scripting | 2016-08-18T14:09+09:00 | 2016-09-05T17:41+09:00 |
| jvndb-2015-000052 | Seasar S2Struts vulnerable to input validation bypass | 2015-04-10T14:38+09:00 | 2016-08-26T16:39+09:00 |
| jvndb-2015-000042 | The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass | 2015-03-24T14:10+09:00 | 2016-08-26T16:37+09:00 |
| jvndb-2016-000123 | LINE for Windows may insecurely load Dynamic Link Libraries | 2016-07-08T14:29+09:00 | 2016-08-19T17:44+09:00 |
| jvndb-2016-000125 | WordPress plugin "Nofollow Links" vulnerable to cross-site scripting | 2016-07-20T14:56+09:00 | 2016-08-05T17:40+09:00 |
| jvndb-2016-000127 | Android stock browser vulnerable to denial-of-service (DoS) | 2016-08-05T13:41+09:00 | 2016-08-05T13:41+09:00 |
| jvndb-2016-000126 | Vtiger CRM does not properly restrict access to application data | 2016-07-20T14:56+09:00 | 2016-08-04T18:02+09:00 |
| jvndb-2016-000130 | EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection | 2016-07-25T11:15+09:00 | 2016-08-04T17:55+09:00 |
| jvndb-2016-000114 | Apache Struts vulnerable to denial-of-service (DoS) | 2016-06-20T16:36+09:00 | 2016-08-03T16:20+09:00 |
| jvndb-2016-000110 | Apache Struts vulnerable to remote code execution | 2016-06-20T16:36+09:00 | 2016-08-03T16:19+09:00 |
| jvndb-2016-002716 | Cross-site Scripting Vulnerability in Hitachi Tuning Manager | 2016-05-24T16:43+09:00 | 2016-08-03T16:09+09:00 |
| jvndb-2016-002715 | Information Disclosure Vulnerability in Hitachi Command Suite | 2016-05-24T16:43+09:00 | 2016-08-03T16:09+09:00 |
| jvndb-2016-000106 | Multiple Hikari Denwa routers vulnerable to cross-site request forgery | 2016-06-27T14:19+09:00 | 2016-08-03T16:07+09:00 |
| jvndb-2016-000105 | Multiple Hikari Denwa routers vulnerable to OS command injection | 2016-06-27T14:10+09:00 | 2016-08-03T16:07+09:00 |
| jvndb-2016-000119 | QNAP QTS vulnerable to cross-site scripting | 2016-06-27T13:48+09:00 | 2016-08-03T14:55+09:00 |
| jvndb-2016-000128 | Android OS Contacts app fails to restrict access permissions | 2016-07-25T11:14+09:00 | 2016-07-25T11:14+09:00 |
| jvndb-2016-000103 | Deep Discovery Inspector vulnerable to remote code execution | 2016-06-16T14:03+09:00 | 2016-07-12T15:03+09:00 |
| jvndb-2015-000190 | EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection | 2015-12-03T14:26+09:00 | 2016-07-07T14:53+09:00 |
| jvndb-2016-000116 | WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting | 2016-06-24T13:43+09:00 | 2016-06-29T16:05+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0953 | Multiples vulnérabilités dans Moxa EDS-P510 Series | 2024-11-08T00:00:00.000000 | 2024-11-08T00:00:00.000000 |
| certfr-2024-avi-0952 | Vulnérabilité dans les produits F5 | 2024-11-08T00:00:00.000000 | 2024-11-08T00:00:00.000000 |
| certfr-2024-avi-0951 | Multiples vulnérabilités dans Google Pixel | 2024-11-07T00:00:00.000000 | 2024-11-07T00:00:00.000000 |
| certfr-2024-avi-0950 | Multiples vulnérabilités dans les produits Cisco | 2024-11-07T00:00:00.000000 | 2024-11-07T00:00:00.000000 |
| certfr-2024-avi-0949 | Vulnérabilité dans Veeam Backup & Replication | 2024-11-07T00:00:00.000000 | 2024-11-07T00:00:00.000000 |
| certfr-2024-avi-0948 | Multiples vulnérabilités dans les produits Symfony | 2024-11-06T00:00:00.000000 | 2024-11-06T00:00:00.000000 |
| certfr-2024-avi-0947 | Vulnérabilité dans NetApp ONTAP Select Deploy administration utility | 2024-11-06T00:00:00.000000 | 2024-11-06T00:00:00.000000 |
| certfr-2024-avi-0946 | Multiples vulnérabilités dans Google Chrome | 2024-11-06T00:00:00.000000 | 2024-11-06T00:00:00.000000 |
| certfr-2024-avi-0945 | Multiples vulnérabilités dans les produits HPE Aruba Networking | 2024-11-06T00:00:00.000000 | 2024-11-06T00:00:00.000000 |
| certfr-2024-avi-0944 | Multiples vulnérabilités dans Google Android | 2024-11-05T00:00:00.000000 | 2024-11-05T00:00:00.000000 |
| certfr-2024-avi-0943 | Vulnérabilité dans Qnap QuRouter | 2024-11-05T00:00:00.000000 | 2024-11-05T00:00:00.000000 |
| certfr-2024-avi-0942 | Vulnérabilité dans les produits Broadcom | 2024-11-04T00:00:00.000000 | 2024-11-04T00:00:00.000000 |
| certfr-2024-avi-0941 | Multiples vulnérabilités dans Microsoft Edge | 2024-11-04T00:00:00.000000 | 2024-11-04T00:00:00.000000 |
| certfr-2024-avi-0940 | Multiples vulnérabilités dans les produits Moxa | 2024-11-04T00:00:00.000000 | 2024-11-04T00:00:00.000000 |
| certfr-2024-avi-0939 | Multiples vulnérabilités dans les produits IBM | 2024-10-31T00:00:00.000000 | 2024-10-31T00:00:00.000000 |
| certfr-2024-avi-0938 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-10-31T00:00:00.000000 | 2024-10-31T00:00:00.000000 |
| certfr-2024-avi-0937 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-10-31T00:00:00.000000 | 2024-10-31T00:00:00.000000 |
| certfr-2024-avi-0936 | Multiples vulnérabilités dans les produits Splunk | 2024-10-31T00:00:00.000000 | 2024-10-31T00:00:00.000000 |
| certfr-2024-avi-0935 | Vulnérabilité dans Tenable Sensor Proxy | 2024-10-31T00:00:00.000000 | 2024-10-31T00:00:00.000000 |
| certfr-2024-avi-0934 | Multiples vulnérabilités dans les produits Mozilla | 2024-10-30T00:00:00.000000 | 2024-10-30T00:00:00.000000 |
| certfr-2024-avi-0933 | Multiples vulnérabilités dans les produits Qnap | 2024-10-30T00:00:00.000000 | 2024-10-30T00:00:00.000000 |
| certfr-2024-avi-0932 | Multiples vulnérabilités dans les produits Apple | 2024-10-30T00:00:00.000000 | 2024-10-30T00:00:00.000000 |
| certfr-2024-avi-0931 | Multiples vulnérabilités dans Google Chrome | 2024-10-30T00:00:00.000000 | 2024-10-30T00:00:00.000000 |
| certfr-2024-avi-0930 | Vulnérabilité dans MongoDB | 2024-10-29T00:00:00.000000 | 2024-10-29T00:00:00.000000 |
| certfr-2024-avi-0929 | Multiples vulnérabilités dans les produits Apple | 2024-10-29T00:00:00.000000 | 2024-10-29T00:00:00.000000 |
| certfr-2024-avi-0928 | Vulnérabilité dans Squid | 2024-10-28T00:00:00.000000 | 2024-10-28T00:00:00.000000 |
| certfr-2024-avi-0927 | Multiples vulnérabilités dans les produits Synology | 2024-10-28T00:00:00.000000 | 2024-10-28T00:00:00.000000 |
| certfr-2024-avi-0926 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-10-25T00:00:00.000000 | 2024-10-25T00:00:00.000000 |
| certfr-2024-avi-0925 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-10-25T00:00:00.000000 | 2024-10-25T00:00:00.000000 |
| certfr-2024-avi-0924 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-10-25T00:00:00.000000 | 2024-10-25T00:00:00.000000 |