Recent vulnerabilities

ID	CVSS	Description	Vendor	Product	Published	Updated
cve-2026-6313	N/A	Insufficient policy enforcement in CORS in Google…	Google	Chrome	2026-04-15T19:04:54.889Z	2026-04-15T20:00:40.125Z
cve-2026-33667		OpenProject: 2FA OTP Verification Missing Rate Limiting	opf	openproject	2026-04-15T18:43:14.130Z	2026-04-15T20:00:14.503Z
cve-2026-6312	N/A	Insufficient policy enforcement in Passwords in G…	Google	Chrome	2026-04-15T19:04:54.385Z	2026-04-15T19:59:44.768Z
cve-2025-34256	10 (v4.0)	Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Ke…	Advantech Co., Ltd.	WISE-DeviceOn Server	2025-12-05T17:18:31.747Z	2026-04-15T19:36:20.788Z
cve-2026-33877		ApostropheCMS: User Enumeration via Timing Side Channe…	apostrophecms	apostrophe	2026-04-15T19:11:06.796Z	2026-04-15T19:30:53.040Z
cve-2025-41115		Incorrect privilege assignment	Grafana	Grafana Enterprise	2025-11-21T14:25:38.945Z	2026-04-15T19:25:10.792Z
cve-2025-41117		XSS in Grafana Explore stack trace	Grafana	grafana/grafana	2026-02-12T08:49:08.545Z	2026-04-15T19:25:10.125Z
cve-2026-21721		Dashboard Permissions Scope Bypass Enables Cross‑Dashb…	Grafana	grafana/grafana	2026-01-27T09:07:55.160Z	2026-04-15T19:25:09.512Z
cve-2026-33375		Grafana MSSQL Data Source Plugin: Restriction Bypass L…	Grafana	Grafana OSS	2026-03-26T20:05:52.564Z	2026-04-15T19:25:09.166Z
cve-2026-27880		OpenFeature evaluation API reads input data with no bounds	Grafana	Grafana	2026-03-27T14:12:20.075Z	2026-04-15T19:25:08.819Z
cve-2026-27877		Public dashboards discloses all direct mode datasources	Grafana	Grafana	2026-03-27T14:02:11.889Z	2026-04-15T19:25:08.510Z
cve-2026-27879		Query resampling can cause unbounded memory allocations	Grafana	Grafana	2026-03-27T14:28:56.133Z	2026-04-15T19:25:07.791Z
cve-2026-21720		Unauthenticated DoS: avatar cache leaks goroutines whe…	Grafana	grafana/grafana-enterprise	2026-01-27T09:07:04.758Z	2026-04-15T19:25:07.460Z
cve-2026-28377		S3 SSE-C Encryption Key Exposed in Plaintext via Confi…	Grafana	Tempo	2026-03-26T21:39:46.928Z	2026-04-15T19:25:07.090Z
cve-2026-21722		Public Dashboards time range restriction on annotation…	Grafana	grafana/grafana	2026-02-12T08:49:05.678Z	2026-04-15T19:25:06.746Z
cve-2026-21724		Missing Protected-field Authorization in Provisioning …	Grafana	Grafana OSS	2026-03-26T20:06:18.829Z	2026-04-15T19:25:06.401Z
cve-2026-27876		RCE on Grafana via sqlExpressions	Grafana	Grafana	2026-03-27T14:24:36.771Z	2026-04-15T19:25:05.649Z
cve-2026-28375		Grafana Testdata datasource can issue unbounded memory…	Grafana	Grafana	2026-03-27T14:26:19.270Z	2026-04-15T19:25:05.269Z
cve-2026-21725		Authorization Bypass via TOCTOU in Grafana Datasource …	Grafana	Grafana	2026-02-25T12:35:43.104Z	2026-04-15T19:25:04.909Z
cve-2026-5758	N/A	Mafintosh's protocol-buffers-schema is vulnerable to p…	Mafintosh	Protocol-buffers-schema parser	2026-04-15T17:20:13.551Z	2026-04-15T18:55:45.526Z
cve-2026-4667	7.3 (v4.0)	HP System Optimizer - Escalation of Privilege	HP Inc.	OMEN Gaming Hub	2026-04-15T14:22:55.333Z	2026-04-15T18:51:17.119Z
cve-2026-34244		Weblate: SSRF via Project-Level Machinery Configuration	WeblateOrg	weblate	2026-04-15T18:22:42.551Z	2026-04-15T18:50:10.569Z
cve-2026-33440		Weblate: Authenticated SSRF via redirect bypass of ALL…	WeblateOrg	weblate	2026-04-15T18:15:12.560Z	2026-04-15T18:49:25.077Z
cve-2025-12141	1.3 (v4.0)	Grafana Alerting Editors can edit destination of webho…	Grafana	Grafana Alerting	2026-04-15T14:59:41.317Z	2026-04-15T18:45:53.672Z
cve-2026-4682	8.7 (v4.0)	Certain HP DeskJet All In One (AIO) Devices – Potentia…	HP Inc	HP DeskJet 2800e All-in-One Printer series	2026-04-15T14:32:31.348Z	2026-04-15T18:45:14.071Z
cve-2026-32631		Git for Windows: `git clone` from manipulated reposito…	git-for-windows	git	2026-04-15T17:26:44.154Z	2026-04-15T18:44:04.155Z
cve-2026-6383	5.4 (v3.1)	Kubevirt: kubevirt: unauthorized subresource access du…	Red Hat	Red Hat OpenShift Virtualization 4	2026-04-15T18:22:30.589Z	2026-04-15T18:40:31.052Z
cve-2026-33435		Weblate: Remote code execution during backup restoration	WeblateOrg	weblate	2026-04-15T18:13:07.568Z	2026-04-15T18:40:27.204Z
cve-2026-34393		Weblate: Privilege escalation in the user API endpoint	WeblateOrg	weblate	2026-04-15T18:24:30.813Z	2026-04-15T18:38:53.920Z
cve-2026-33212		Weblate: Improper access control for pending tasks in API	WeblateOrg	weblate	2026-04-15T17:48:17.842Z	2026-04-15T18:09:01.991Z

ID	CVSS	Description	Vendor	Product	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Package	Published	Updated

ID	Description	Type

ID	Description	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Updated

ID	Description	Published	Updated
jvndb-2014-000107	SLFileManager for Android vulnerable to directory traversal	2014-09-25T14:52+09:00	2015-07-31T16:30+09:00
jvndb-2015-000109	yoyaku_v41 vulnerable to OS command injection	2015-07-29T14:58+09:00	2015-07-30T15:14+09:00
jvndb-2015-000108	yoyaku_v41 vulnerable to authentication bypass	2015-07-29T14:58+09:00	2015-07-30T15:14+09:00
jvndb-2015-000107	yoyaku_v41 vulnerable to arbitrary file creation	2015-07-29T14:58+09:00	2015-07-30T15:14+09:00
jvndb-2015-000106	Gazou BBS plus vulnerability in file upload processing	2015-07-28T13:47+09:00	2015-07-30T15:14+09:00
jvndb-2015-000103	Welcart vulnerable to cross-site scripting	2015-07-24T14:33+09:00	2015-07-28T17:51+09:00
jvndb-2015-000104	Research Artisan Lite vulnerable to cross-site scripting	2015-07-24T14:36+09:00	2015-07-28T17:29+09:00
jvndb-2015-000105	Research Artisan Lite does not properly perform authentication	2015-07-24T14:46+09:00	2015-07-28T17:22+09:00
jvndb-2015-000098	acmailer vulnerable to directory traversal	2015-07-15T15:53+09:00	2015-07-27T15:12+09:00
jvndb-2015-000099	Thetis vulnerable to SQL injection	2015-07-15T15:54+09:00	2015-07-27T15:07+09:00
jvndb-2014-007612	Welcart vulnerable to SQL injection	2015-07-24T14:52+09:00	2015-07-24T14:52+09:00
jvndb-2015-000088	Ruby on Rails library Paperclip vulnerable to cross-site scripting	2015-06-18T14:14+09:00	2015-07-14T18:15+09:00
jvndb-2015-000097	Simple Oekaki BBS vulnerability where arbitrary files may be deleted	2015-07-10T13:57+09:00	2015-07-14T18:11+09:00
jvndb-2015-000096	Simple Oekaki BBS vulnerable to cross-site scripting	2015-07-10T13:57+09:00	2015-07-14T18:09+09:00
jvndb-2015-000094	Cacti vulnerable to cross-site scripting	2015-07-09T14:41+09:00	2015-07-14T18:03+09:00
jvndb-2015-000090	namshi/jose fails to verify token signatures	2015-06-25T15:00+09:00	2015-07-14T17:18+09:00
jvndb-2015-000092	OpenEMR vulnerable to authentication bypass	2015-06-30T13:55+09:00	2015-07-14T17:16+09:00
jvndb-2014-002239	Cacti vulnerable to cross-site request forgery	2015-07-09T14:41+09:00	2015-07-09T14:41+09:00
jvndb-2009-003901	Cacti vulnerable to cross-site scripting	2015-07-09T14:41+09:00	2015-07-09T14:41+09:00
jvndb-2015-000093	Explorer+ File Manager vulnerable to directory traversal	2015-06-30T13:56+09:00	2015-07-02T15:04+09:00
jvndb-2015-000091	osCommerce Japanese version vulnerable to directory traversal	2015-06-25T15:53+09:00	2015-06-30T11:53+09:00
jvndb-2015-000089	Symfony vulnerable to code injection	2015-06-23T12:29+09:00	2015-06-25T17:34+09:00
jvndb-2015-000012	Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery	2015-01-27T14:24+09:00	2015-06-17T16:42+09:00
jvndb-2015-000011	Multiple ASUS wireless LAN routers vulnerable to OS command injection	2015-01-27T14:23+09:00	2015-06-17T16:42+09:00
jvndb-2015-000082	MilkyStep vulnerable to cross-site scripting	2015-06-09T14:15+09:00	2015-06-16T16:52+09:00
jvndb-2015-000081	MilkyStep vulnerable to SQL injection	2015-06-09T14:15+09:00	2015-06-16T16:52+09:00
jvndb-2015-000080	MilkyStep vulnerable to OS command injection	2015-06-09T14:02+09:00	2015-06-16T16:52+09:00
jvndb-2015-000079	MilkyStep vulnerable to cross-site request forgery	2015-06-09T13:45+09:00	2015-06-16T16:52+09:00
jvndb-2015-000078	MilkyStep fails to restrict access permissions	2015-06-09T13:43+09:00	2015-06-16T16:52+09:00
jvndb-2015-000077	MilkyStep fails to restrict access permissions	2015-06-12T14:13+09:00	2015-06-16T16:52+09:00

ID	Description	Updated

ID	Description

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated

ID	Description	Published	Updated
certfr-2024-avi-0745	Vulnérabilité dans les produits Asterisk	2024-09-06T00:00:00.000000	2024-09-06T00:00:00.000000
certfr-2024-avi-0712	Vulnérabilité dans les produits Sonicwall	2024-08-23T00:00:00.000000	2024-09-06T00:00:00.000000
certfr-2024-avi-0744	Multiples vulnérabilités dans ClamAV	2024-09-05T00:00:00.000000	2024-09-05T00:00:00.000000
certfr-2024-avi-0743	Multiples vulnérabilités dans Centreon Web	2024-09-05T00:00:00.000000	2024-09-05T00:00:00.000000
certfr-2024-avi-0742	Multiples vulnérabilités dans Synacor Zimbra Collaboration	2024-09-05T00:00:00.000000	2024-09-05T00:00:00.000000
certfr-2024-avi-0740	Multiples vulnérabilités dans les produits Veeam	2024-09-05T00:00:00.000000	2024-09-05T00:00:00.000000
certfr-2024-avi-0739	Multiples vulnérabilités dans les produits Cisco	2024-09-05T00:00:00.000000	2024-09-05T00:00:00.000000
certfr-2024-avi-0733	Multiples vulnérabilités dans les produits Google	2024-09-04T00:00:00.000000	2024-09-05T00:00:00.000000
certfr-2024-avi-0738	Vulnérabilité dans Synacor Zimbra Desktop	2024-09-04T00:00:00.000000	2024-09-04T00:00:00.000000
certfr-2024-avi-0737	Multiples vulnérabilités dans Moxa OnCell 3120-LTE-1 Series	2024-09-04T00:00:00.000000	2024-09-04T00:00:00.000000
certfr-2024-avi-0736	Vulnérabilité dans OpenSSL	2024-09-04T00:00:00.000000	2024-09-04T00:00:00.000000
certfr-2024-avi-0735	Multiples vulnérabilités dans les produits Mozilla	2024-09-04T00:00:00.000000	2024-09-04T00:00:00.000000
certfr-2024-avi-0734	Vulnérabilité dans CPython	2024-09-04T00:00:00.000000	2024-09-04T00:00:00.000000
certfr-2024-avi-0732	Vulnérabilité dans les produits VMware	2024-09-03T00:00:00.000000	2024-09-03T00:00:00.000000
certfr-2024-avi-0731	Multiples vulnérabilités dans Google Chrome	2024-09-03T00:00:00.000000	2024-09-03T00:00:00.000000
certfr-2024-avi-0730	Multiples vulnérabilités dans MISP	2024-09-02T00:00:00.000000	2024-09-02T00:00:00.000000
certfr-2024-avi-0729	Multiples vulnérabilités dans le noyau Linux de SUSE	2024-08-30T00:00:00.000000	2024-08-30T00:00:00.000000
certfr-2024-avi-0728	Multiples vulnérabilités dans le noyau Linux de Red Hat	2024-08-30T00:00:00.000000	2024-08-30T00:00:00.000000
certfr-2024-avi-0727	Multiples vulnérabilités dans le noyau Linux d'Ubuntu	2024-08-30T00:00:00.000000	2024-08-30T00:00:00.000000
certfr-2024-avi-0726	Multiples vulnérabilités dans les produits IBM	2024-08-30T00:00:00.000000	2024-08-30T00:00:00.000000
certfr-2024-avi-0725	Vulnérabilité dans Wireshark	2024-08-29T00:00:00.000000	2024-08-30T00:00:00.000000
certfr-2024-avi-0724	Multiples vulnérabilités dans Google Chrome	2024-08-29T00:00:00.000000	2024-08-29T00:00:00.000000
certfr-2024-avi-0723	Vulnérabilité dans les produits Cisco Nexus	2024-08-29T00:00:00.000000	2024-08-29T00:00:00.000000
certfr-2024-avi-0722	Vulnérabilité dans MongoDB Server	2024-08-28T00:00:00.000000	2024-08-28T00:00:00.000000
certfr-2024-avi-0721	Vulnérabilité dans Microsoft Edge	2024-08-26T00:00:00.000000	2024-08-26T00:00:00.000000
certfr-2024-avi-0720	Multiples vulnérabilités dans IBM QRadar SIEM	2024-08-23T00:00:00.000000	2024-08-23T00:00:00.000000
certfr-2024-avi-0719	Multiples vulnérabilités dans le noyau Linux de Debian	2024-08-23T00:00:00.000000	2024-08-23T00:00:00.000000
certfr-2024-avi-0718	Multiples vulnérabilités dans le noyau Linux de Red Hat	2024-08-23T00:00:00.000000	2024-08-23T00:00:00.000000
certfr-2024-avi-0717	Multiples vulnérabilités dans le noyau Linux de SUSE	2024-08-23T00:00:00.000000	2024-08-23T00:00:00.000000
certfr-2024-avi-0716	Multiples vulnérabilités dans le noyau Linux d'Ubuntu	2024-08-23T00:00:00.000000	2024-08-23T00:00:00.000000

ID	Description	Published	Updated