Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2018-16842 | Curl versions 7.14.1 through 7.61.1 are vulnerabl… |
The Curl Project |
curl: |
2018-10-31T19:00:00.000Z | 2026-04-15T20:56:32.322Z | |
| cve-2019-5482 | N/A | Heap buffer overflow in the TFTP protocol handler… |
n/a |
curl |
2019-09-16T18:06:35.000Z | 2026-04-15T20:55:58.217Z |
| cve-2016-8622 | The URL percent-encoding decode function in libcu… |
The Curl Project |
curl |
2018-07-31T21:00:00.000Z | 2026-04-15T20:54:57.538Z | |
| cve-2018-14618 | curl before version 7.61.1 is vulnerable to a buf… |
[UNKNOWN] |
curl |
2018-09-05T19:00:00.000Z | 2026-04-15T20:54:19.698Z | |
| cve-2018-16890 | libcurl versions from 7.36.0 to before 7.64.0 is … |
The curl Project |
curl |
2019-02-06T20:00:00.000Z | 2026-04-15T20:53:35.135Z | |
| cve-2019-3822 | libcurl versions from 7.36.0 to before 7.64.0 are… |
The curl Project |
curl |
2019-02-06T20:00:00.000Z | 2026-04-15T20:52:52.914Z | |
| cve-2019-3823 | libcurl versions from 7.34.0 to before 7.64.0 are… |
The curl Project |
curl |
2019-02-06T20:00:00.000Z | 2026-04-15T20:52:15.885Z | |
| cve-2019-5436 | N/A | A heap buffer overflow in the TFTP receiving code… |
curl |
curl |
2019-05-28T18:47:32.000Z | 2026-04-15T20:51:25.334Z |
| cve-2018-20225 | N/A | An issue was discovered in pip (all versions) bec… |
n/a |
n/a |
2020-05-08T17:29:12.000Z | 2026-04-15T20:50:17.582Z |
| cve-2019-12098 | N/A | In the client side of Heimdal before 7.6.0, failu… |
n/a |
n/a |
2019-05-15T22:41:11.000Z | 2026-04-15T20:49:22.320Z |
| cve-2026-32236 | @backstage/plugin-auth-backend: SSRF in experimental C… |
@backstage |
plugin-auth-backend |
2026-03-12T18:37:11.330Z | 2026-04-15T20:46:50.517Z | |
| cve-2026-32187 | N/A | {'providerMetadata': {'orgId': 'f38d906d-7342-40ea-92c1-6c4a2c6478c8', 'shortName': 'microsoft', 'dateUpdated': '2026-04-15T20:45:55.522Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'supportingMedia': [{'type': 'text/html', 'base64': False, 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.'}]}], 'x_generator': {'engine': 'Vulnogram 1.0.1'}} | N/A | N/A | 2026-03-27T20:42:05.339Z | 2026-04-15T20:45:55.522Z |
| cve-2026-6298 | N/A | Heap buffer overflow in Skia in Google Chrome pri… |
Google |
Chrome |
2026-04-15T19:04:46.537Z | 2026-04-15T20:25:53.459Z |
| cve-2026-6398 | N/A | {'providerMetadata': {'orgId': 'b15e7b5b-3da4-40ae-a43c-f7aa60e62599', 'shortName': 'Wordfence', 'dateUpdated': '2026-04-15T20:24:11.160Z'}, 'rejectedReasons': [{'lang': 'en', 'value': '** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.'}]} | N/A | N/A | 2026-04-15T20:24:11.160Z | |
| cve-2025-66236 | Apache Airflow: Secrets from Airflow config file logge… |
Apache Software Foundation |
Apache Airflow |
2026-04-13T14:20:37.180Z | 2026-04-15T20:03:37.134Z | |
| cve-2026-33888 | ApostropheCMS: publicApiProjection Bypass via `project… |
apostrophecms |
apostrophe |
2026-04-15T19:25:46.262Z | 2026-04-15T20:03:30.594Z | |
| cve-2026-5086 | N/A | Crypt::SecretBuffer versions before 0.019 for Perl is … |
NERDVANA |
Crypt::SecretBuffer |
2026-04-13T22:54:53.724Z | 2026-04-15T20:03:28.442Z |
| cve-2026-33714 | Chamilo LMS has Authenticated SQL Injection in statist… |
chamilo |
chamilo-lms |
2026-04-14T21:00:19.259Z | 2026-04-15T20:03:16.195Z | |
| cve-2026-34370 | Chamilo LMS: IDOR in the Notebook Module allows an att… |
chamilo |
chamilo-lms |
2026-04-14T21:25:28.960Z | 2026-04-15T20:03:07.959Z | |
| cve-2026-34212 | Docmost page content has stored XSS via unsanitized at… |
docmost |
docmost |
2026-04-14T21:42:44.202Z | 2026-04-15T20:02:55.239Z | |
| cve-2026-33019 | libsixel: Integer overflow leads to Out-of-bounds Read… |
saitoha |
libsixel |
2026-04-14T21:49:25.204Z | 2026-04-15T20:02:46.628Z | |
| cve-2026-33023 | libsixel: Use-after-free in load_with_gdkpixbuf() |
saitoha |
libsixel |
2026-04-14T22:05:31.493Z | 2026-04-15T20:02:36.839Z | |
| cve-2026-35032 | Jellyfin: Potential SSRF + Arbitrary file read via Liv… |
jellyfin |
jellyfin |
2026-04-14T22:25:35.729Z | 2026-04-15T20:02:29.887Z | |
| cve-2026-25219 | Apache Airflow: Sensitive Azure Service Bus connection… |
Apache Software Foundation |
Apache Airflow |
2026-04-15T12:30:17.584Z | 2026-04-15T20:02:22.052Z | |
| cve-2026-33214 | Weblate has improper access control for the translatio… |
WeblateOrg |
weblate |
2026-04-15T17:51:46.812Z | 2026-04-15T20:02:14.057Z | |
| cve-2026-34242 | Weblate: Arbitrary File Read via Symlink |
WeblateOrg |
weblate |
2026-04-15T18:19:59.552Z | 2026-04-15T20:02:06.899Z | |
| cve-2026-39845 | Weblate: SSRF via the webhook add-on using unprotected… |
WeblateOrg |
weblate |
2026-04-15T18:26:51.706Z | 2026-04-15T20:01:56.793Z | |
| cve-2026-6245 | 5.5 (v3.1) | Sssd: out-of-bounds read in the sssd |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-04-15T18:35:19.401Z | 2026-04-15T20:01:50.488Z |
| cve-2026-40919 | 6.1 (v3.1) | Gimp: gimp: denial of service via specially crafted se… |
Red Hat |
Red Hat Enterprise Linux 6 |
2026-04-15T18:59:16.272Z | 2026-04-15T20:01:40.521Z |
| cve-2026-6385 | 6.5 (v3.1) | Ffmpeg: ffmpeg: denial of service and potential arbitr… |
Red Hat |
Lightspeed Core |
2026-04-15T19:18:39.354Z | 2026-04-15T20:01:15.671Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2015-000141 | Python for Windows may insecurely load dynamic libraries | 2015-10-01T14:11+09:00 | 2015-10-08T15:25+09:00 |
| jvndb-2015-000147 | AjaXplorer vulnerable to directory traversal | 2015-10-01T14:11+09:00 | 2015-10-07T17:38+09:00 |
| jvndb-2015-000139 | baserCMS vulnerable to SQL injection | 2015-09-30T14:46+09:00 | 2015-10-07T17:38+09:00 |
| jvndb-2015-000138 | baserCMS fails to restrict access permissions | 2015-09-30T14:46+09:00 | 2015-10-07T17:38+09:00 |
| jvndb-2015-000148 | Dotclear vulnerable to cross-site scripting | 2015-10-02T13:36+09:00 | 2015-10-06T18:02+09:00 |
| jvndb-2015-000140 | Canary Labs Trend Web Server vulnerable to buffer overflow | 2015-10-01T14:11+09:00 | 2015-10-06T18:00+09:00 |
| jvndb-2015-000136 | H2O vulnerable to directory traversal | 2015-09-17T13:36+09:00 | 2015-10-05T17:32+09:00 |
| jvndb-2015-000133 | Koritore vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-10-02T17:22+09:00 |
| jvndb-2015-000132 | MEGAPHONE MUSIC vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-10-02T17:22+09:00 |
| jvndb-2015-000134 | Reversi vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-10-02T17:18+09:00 |
| jvndb-2015-000135 | Photon vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-10-02T17:15+09:00 |
| jvndb-2015-000131 | Auction Camera vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-09-16T16:58+09:00 |
| jvndb-2015-000129 | PIXMA MG7500 Series vulnerable to cross-site request forgery | 2015-09-11T14:17+09:00 | 2015-09-15T17:17+09:00 |
| jvndb-2015-000116 | Japan Connected-free Wi-Fi vulnerable to script injection | 2015-09-11T14:17+09:00 | 2015-09-15T17:17+09:00 |
| jvndb-2015-000302 | hitSuji (rktSNS2) vulnetable to cross-site scripting | 2015-09-03T14:46+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000301 | BBS X102 vulnerable to cross-site scripting | 2015-09-03T15:00+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000128 | OpenDocMan vulnerable to cross-site scripting | 2015-09-04T18:13+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000127 | ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow | 2015-09-07T13:38+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000123 | NScripter vulnerable to buffer overflow | 2015-09-02T15:46+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000122 | desknet's NEO vulnerable to directory traversal | 2015-09-01T12:36+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000121 | Twit BBS vulnerable to cross-site scripting | 2015-09-01T14:18+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000119 | File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted | 2015-08-27T15:03+09:00 | 2015-09-02T17:57+09:00 |
| jvndb-2015-000117 | Multiple I-O DATA LAN routers vulnerable in UPnP functionality | 2015-08-18T15:21+09:00 | 2015-08-28T17:29+09:00 |
| jvndb-2015-000118 | Apache Tapestry deserializes untrusted data | 2015-08-20T15:53+09:00 | 2015-08-26T17:51+09:00 |
| jvndb-2015-000113 | Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting | 2015-08-12T15:13+09:00 | 2015-08-26T17:38+09:00 |
| jvndb-2015-000114 | Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery | 2015-08-12T15:13+09:00 | 2015-08-26T17:28+09:00 |
| jvndb-2015-000009 | NP-BBRM vulnerable in UPnP functionality | 2015-01-26T13:42+09:00 | 2015-08-18T14:36+09:00 |
| jvndb-2015-000112 | Microsoft Office discloses a file path of a local file | 2015-08-12T15:13+09:00 | 2015-08-12T15:13+09:00 |
| jvndb-2013-003469 | Apache Struts vulnerable to remote command execution | 2013-09-06T14:12+09:00 | 2015-08-11T15:19+09:00 |
| jvndb-2015-000110 | Yodobashi App for Android vulnerable to arbitrary Java method execution | 2015-08-07T13:50+09:00 | 2015-08-11T12:22+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0776 | Vulnérabilité dans Spring Framework | 2024-09-13T00:00:00.000000 | 2024-09-13T00:00:00.000000 |
| certfr-2024-avi-0775 | Multiples vulnérabilités dans Microsoft Edge | 2024-09-13T00:00:00.000000 | 2024-09-13T00:00:00.000000 |
| certfr-2024-avi-0774 | Vulnérabilité dans les produits Juniper Networks | 2024-09-12T00:00:00.000000 | 2024-09-12T00:00:00.000000 |
| certfr-2024-avi-0773 | Multiples vulnérabilités dans Microsoft Edge | 2024-09-12T00:00:00.000000 | 2024-09-12T00:00:00.000000 |
| certfr-2024-avi-0772 | Multiples vulnérabilités dans les produits Cisco | 2024-09-12T00:00:00.000000 | 2024-09-12T00:00:00.000000 |
| certfr-2024-avi-0771 | Multiples vulnérabilités dans les produits Tenable | 2024-09-12T00:00:00.000000 | 2024-09-12T00:00:00.000000 |
| certfr-2024-avi-0770 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2024-09-12T00:00:00.000000 | 2024-09-12T00:00:00.000000 |
| certfr-2024-avi-0769 | Multiples vulnérabilités dans GitLab | 2024-09-12T00:00:00.000000 | 2024-09-12T00:00:00.000000 |
| certfr-2024-avi-0768 | Multiples vulnérabilités dans les produits Intel | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0767 | Multiples vulnérabilités dans Ivanti Endpoint Manager | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0766 | Multiples vulnérabilités dans Google Chrome | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0765 | Vulnérabilité dans MongoDB Server | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0764 | Multiples vulnérabilités dans les produits Adobe | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0763 | Multiples vulnérabilités dans les produits Fortinet | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0762 | Multiples vulnérabilités dans les produits Citrix | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0761 | Multiples vulnérabilités dans les produits Microsoft | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0760 | Multiples vulnérabilités dans Microsoft Azure | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0759 | Multiples vulnérabilités dans Microsoft Windows | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0758 | Multiples vulnérabilités dans Microsoft Office | 2024-09-11T00:00:00.000000 | 2024-09-11T00:00:00.000000 |
| certfr-2024-avi-0757 | Multiples vulnérabilités dans les produits Siemens | 2024-09-10T00:00:00.000000 | 2024-09-10T00:00:00.000000 |
| certfr-2024-avi-0756 | Multiples vulnérabilités dans Moodle | 2024-09-10T00:00:00.000000 | 2024-09-10T00:00:00.000000 |
| certfr-2024-avi-0755 | Vulnérabilité dans Synology SRM | 2024-09-10T00:00:00.000000 | 2024-09-10T00:00:00.000000 |
| certfr-2024-avi-0754 | Multiples vulnérabilités dans les produits SAP | 2024-09-10T00:00:00.000000 | 2024-09-10T00:00:00.000000 |
| certfr-2024-avi-0753 | Multiples vulnérabilités dans les produits OwnCloud | 2024-09-10T00:00:00.000000 | 2024-09-10T00:00:00.000000 |
| certfr-2024-avi-0751 | Multiples vulnérabilités dans les produits Mozilla | 2024-09-09T00:00:00.000000 | 2024-09-09T00:00:00.000000 |
| certfr-2024-avi-0750 | Multiples vulnérabilités dans les produits IBM | 2024-09-06T00:00:00.000000 | 2024-09-06T00:00:00.000000 |
| certfr-2024-avi-0749 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-09-06T00:00:00.000000 | 2024-09-06T00:00:00.000000 |
| certfr-2024-avi-0748 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-09-06T00:00:00.000000 | 2024-09-06T00:00:00.000000 |
| certfr-2024-avi-0747 | Vulnérabilité dans le noyau Linux de SUSE | 2024-09-06T00:00:00.000000 | 2024-09-06T00:00:00.000000 |
| certfr-2024-avi-0746 | Multiples vulnérabilités dans Elastic Kibana | 2024-09-06T00:00:00.000000 | 2024-09-06T00:00:00.000000 |