Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-35588 | Glances has CQL Injection in its Cassandra Export Modu… |
nicolargo |
glances |
2026-04-20T23:20:34.998Z | 2026-04-21T13:35:04.526Z | |
| cve-2026-35587 | Glances IP Plugin has SSRF via public_api that leads t… |
nicolargo |
glances |
2026-04-20T23:19:02.908Z | 2026-04-21T13:40:30.135Z | |
| cve-2026-34839 | Glances Vulnerable to Cross-Origin Information Disclos… |
nicolargo |
glances |
2026-04-20T23:09:02.551Z | 2026-04-20T23:09:02.551Z | |
| cve-2026-41331 | 6.9 (v4.0) 5.3 (v3.1) | OpenClaw < 2026.3.31 - Resource Consumption via Unauth… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:17.653Z | 2026-04-20T23:08:17.653Z |
| cve-2026-41330 | 2 (v4.0) 4.4 (v3.1) | OpenClaw < 2026.3.31 - Environment Variable Override v… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:16.941Z | 2026-04-21T13:39:27.598Z |
| cve-2026-41329 | 9 (v4.0) 9.9 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Co… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:16.222Z | 2026-04-20T23:08:16.222Z |
| cve-2026-41303 | 8.7 (v4.0) 8.8 (v3.1) | OpenClaw < 2026.3.28 - Authorization Bypass in Discord… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:15.511Z | 2026-04-21T13:35:55.924Z |
| cve-2026-41302 | 4.8 (v4.0) 7.6 (v3.1) | OpenClaw < 2026.3.31 - Server-Side Request Forgery via… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:14.782Z | 2026-04-20T23:08:14.782Z |
| cve-2026-41301 | 6.9 (v4.0) 5.3 (v3.1) | OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairi… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:14.023Z | 2026-04-21T13:33:53.554Z |
| cve-2026-41300 | 6.9 (v4.0) 6.5 (v3.1) | OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Pr… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:13.304Z | 2026-04-21T13:03:24.309Z |
| cve-2026-41299 | 7.1 (v4.0) 7.1 (v3.1) | OpenClaw < 2026.3.28 - Client Identity Spoofing in cha… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:12.586Z | 2026-04-21T13:38:25.512Z |
| cve-2026-41298 | 5.3 (v4.0) 5.4 (v3.1) | OpenClaw < 2026.4.2 - Authorization Bypass in Session … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:11.787Z | 2026-04-21T17:34:23.419Z |
| cve-2026-41297 | 4.8 (v4.0) 7.6 (v3.1) | OpenClaw < 2026.3.31 - Server-Side Request Forgery via… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:10.955Z | 2026-04-21T13:41:34.057Z |
| cve-2026-41296 | 8.8 (v4.0) 8.2 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:10.194Z | 2026-04-20T23:08:10.194Z |
| cve-2026-41295 | 8.5 (v4.0) 7.8 (v3.1) | OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shad… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:09.503Z | 2026-04-21T13:35:47.883Z |
| cve-2026-41294 | 8.5 (v4.0) 8.6 (v3.1) | OpenClaw < 2026.3.28 - Environment Variable Injection … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:08.795Z | 2026-04-21T13:04:36.188Z |
| cve-2026-40045 | 5.9 (v4.0) 5.7 (v3.1) | OpenClaw < 2026.4.2 - Cleartext Credential Transmissio… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:07.952Z | 2026-04-21T13:37:43.951Z |
| cve-2026-34082 | Dify has IDOR in deleting someone else's chat conversation |
langgenius |
dify |
2026-04-20T23:03:18.158Z | 2026-04-21T13:36:45.614Z | |
| cve-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & … |
wpdatatables |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
2026-04-20T22:25:26.695Z | 2026-04-20T22:25:26.695Z | |
| cve-2026-6729 | 5.3 (v4.0) 6.3 (v3.1) | HKUDS OpenHarness Session Key Collision Privilege Escalation |
HKUDS |
OpenHarness |
2026-04-20T22:01:38.766Z | 2026-04-21T17:39:32.967Z |
| cve-2026-0930 | 2.3 (v4.0) | Potential wolfSSHd Buffer out-of-bounds Read on Window… |
wolfSSL |
wolfSSH |
2026-04-20T21:28:33.227Z | 2026-04-21T13:37:15.647Z |
| cve-2026-22051 | 2.3 (v4.0) | StorageGRID (formerly StorageGRID Webscale) versi… |
NETAPP |
StorageGRID (formerly StorageGRID Webscale) |
2026-04-20T21:27:36.822Z | 2026-04-21T13:40:46.948Z |
| cve-2026-5450 | N/A | scanf %mc off-by-one heap buffer overflow |
The GNU C Library |
glibc |
2026-04-20T20:55:41.170Z | 2026-04-20T20:55:41.170Z |
| cve-2026-5928 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:31.743Z | 2026-04-20T20:37:31.743Z |
| cve-2026-5358 | N/A | Static buffer overflow in deprecated nis_local_principal |
The GNU C Library |
glibc |
2026-04-20T20:37:23.178Z | 2026-04-20T20:37:23.178Z |
| cve-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SS… |
InternLM |
lmdeploy |
2026-04-20T20:29:19.558Z | 2026-04-20T20:29:19.558Z | |
| cve-2026-4852 | Image Source Control Lite – Show Image Credits and Cap… |
webzunft |
Image Source Control Lite – Show Image Credits and Captions |
2026-04-20T20:26:53.256Z | 2026-04-21T13:53:14.507Z | |
| cve-2026-33432 | Roxy-WI has Pre-Authentication LDAP Injection that Lea… |
roxy-wi |
roxy-wi |
2026-04-20T20:26:52.217Z | 2026-04-21T17:38:09.523Z | |
| cve-2026-33431 | Roxy-WI Vulnerable to Authenticated Arbitrary File Rea… |
roxy-wi |
roxy-wi |
2026-04-20T20:24:15.319Z | 2026-04-21T13:42:19.802Z | |
| cve-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking … |
0xJacky |
nginx-ui |
2026-04-20T20:16:47.597Z | 2026-04-21T13:36:46.510Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2025-014105 | OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path | 2025-09-19T16:21+09:00 | 2025-09-19T16:21+09:00 |
| jvndb-2025-014104 | Multiple vulnerabilities in I-O DATA wireless LAN routers | 2025-09-19T14:58+09:00 | 2025-09-19T14:58+09:00 |
| jvndb-2025-014081 | Multiple Brother and its OEM products with weak initial administrator passwords | 2025-09-19T10:52+09:00 | 2025-09-19T10:52+09:00 |
| jvndb-2025-000079 | UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting | 2025-09-18T17:43+09:00 | 2025-09-18T17:43+09:00 |
| jvndb-2025-000078 | Century HW RAID Manager registers a Windows service with an unquoted file path | 2025-09-17T13:45+09:00 | 2025-09-17T13:45+09:00 |
| jvndb-2025-000048 | WTW-EAGLE App vulnerable to improper server certificate validation | 2025-09-12T13:57+09:00 | 2025-09-12T13:57+09:00 |
| jvndb-2025-000077 | RICOH Streamline NX vulnerable to tampering with operation history | 2025-09-08T13:42+09:00 | 2025-09-24T16:53+09:00 |
| jvndb-2025-000072 | Obsidian GitHub Copilot Plugin stores sensitive information in cleartext | 2025-09-05T16:52+09:00 | 2025-09-05T16:52+09:00 |
| jvndb-2025-000073 | RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path | 2025-09-05T16:20+09:00 | 2025-09-05T16:20+09:00 |
| jvndb-2025-000071 | "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly | 2025-09-05T15:12+09:00 | 2025-09-05T15:12+09:00 |
| jvndb-2025-000075 | Multiple vulnerabilities in TkEasyGUI | 2025-09-05T14:53+09:00 | 2025-09-05T14:53+09:00 |
| jvndb-2025-000069 | Web Caster V130 vulnerable to cross-site request forgery | 2025-09-03T14:23+09:00 | 2025-09-03T14:23+09:00 |
| jvndb-2025-000070 | "Gunosy" App vulnerable to insertion of sensitive information into sent data | 2025-09-02T14:20+09:00 | 2025-09-09T09:51+09:00 |
| jvndb-2025-000068 | Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection | 2025-09-01T16:21+09:00 | 2025-09-01T16:21+09:00 |
| jvndb-2025-012659 | Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series | 2025-09-01T15:22+09:00 | 2025-09-01T15:22+09:00 |
| jvndb-2025-000067 | Multiple vulnerabilities in multiple iND products | 2025-08-29T14:47+09:00 | 2025-08-29T14:47+09:00 |
| jvndb-2025-000066 | Improper file access permission settings in multiple i-FILTER products | 2025-08-27T19:50+09:00 | 2025-09-29T13:45+09:00 |
| jvndb-2025-000064 | Multiple vulnerabilities in SS1 | 2025-08-27T15:13+09:00 | 2025-08-27T15:13+09:00 |
| jvndb-2025-000065 | ScanSnap Manager installers vulnerable to privilege escalation | 2025-08-27T14:22+09:00 | 2025-08-27T14:22+09:00 |
| jvndb-2025-000063 | Western Digital Kitfox registers a Windows service with an unquoted file path | 2025-08-22T13:37+09:00 | 2025-08-22T13:37+09:00 |
| jvndb-2025-000062 | Multiple vulnerabilities in Group-Office | 2025-08-21T14:03+09:00 | 2025-08-21T14:03+09:00 |
| jvndb-2025-011884 | FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation | 2025-08-21T11:49+09:00 | 2025-08-25T10:38+09:00 |
| jvndb-2025-000061 | Multiple vulnerabilities in Movable Type | 2025-08-20T15:30+09:00 | 2025-08-20T15:30+09:00 |
| jvndb-2025-000060 | PgManage vulnerable to injection | 2025-08-18T13:40+09:00 | 2025-08-18T13:40+09:00 |
| jvndb-2025-000059 | Seagate Toolkit registers a Windows service with an unquoted file path | 2025-08-14T12:32+09:00 | 2025-08-19T14:40+09:00 |
| jvndb-2025-000058 | WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection | 2025-08-08T15:29+09:00 | 2025-08-08T15:29+09:00 |
| jvndb-2025-010972 | Multiple SEIKO EPSON products use weak initial passwords | 2025-08-08T14:50+09:00 | 2025-08-08T14:50+09:00 |
| jvndb-2025-000057 | Multiple vulnerabilities in Mubit Powered BLUE 870 | 2025-08-08T14:47+09:00 | 2025-08-08T14:47+09:00 |
| jvndb-2025-010854 | Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection | 2025-08-07T12:25+09:00 | 2025-08-19T11:36+09:00 |
| jvndb-2025-000056 | Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series | 2025-08-06T16:38+09:00 | 2025-08-06T16:38+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0313 | Vulnérabilité dans les produits Apple | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0312 | Multiples vulnérabilités dans GLPI | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0311 | Vulnérabilité dans Citrix XenServer | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0310 | Multiples vulnérabilités dans MongoDB | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0309 | Multiples vulnérabilités dans Suricata | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0308 | Multiples vulnérabilités dans Node.js | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0307 | Vulnérabilité dans les produits Microsoft | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0306 | Multiples vulnérabilités dans Redmine | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0305 | Multiples vulnérabilités dans Spring AI | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0304 | Multiples vulnérabilités dans Xen | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0303 | Vulnérabilité dans Microsoft Edge | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0302 | Multiples vulnérabilités dans Python | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0301 | Multiples vulnérabilités dans les produits Kaspersky | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0300 | Multiples vulnérabilités dans Mattermost Server | 2026-03-17T00:00:00.000000 | 2026-03-27T00:00:00.000000 |
| certfr-2026-avi-0299 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0298 | Multiples vulnérabilités dans Microsoft Edge | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0297 | Vulnérabilité dans Google Chrome | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0296 | Vulnérabilité dans OpenSSL | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0295 | Vulnérabilité dans les produits Microsoft | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0294 | Vulnérabilité dans Microsoft Office | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0293 | Vulnérabilité dans Microsoft Edge | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0292 | Multiples vulnérabilités dans les produits IBM | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0291 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0290 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0289 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0288 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0287 | Multiples vulnérabilités dans les produits NetApp | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0286 | Multiples vulnérabilités dans Google Chrome | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0285 | Vulnérabilité dans Python | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0284 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-12T00:00:00.000000 | 2026-03-12T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2017-ale-007 | Vulnérabilité dans Microsoft Office | 2017-04-10T00:00:00.000000 | 2017-04-12T00:00:00.000000 |
| certfr-2017-ale-006 | Multiples vulnérabilités dans SCADA Siemens RUGGEDCOM ROX I | 2017-03-29T00:00:00.000000 | 2017-03-29T00:00:00.000000 |
| certfr-2017-ale-005 | Vulnérabilité dans les commutateurs Cisco | 2017-03-20T00:00:00.000000 | 2017-05-10T00:00:00.000000 |
| certfr-2017-ale-004 | Vulnérabilité dans Apache Struts | 2017-03-10T00:00:00.000000 | 2017-05-10T00:00:00.000000 |
| certfr-2017-ale-003 | Vulnérabilité dans les navigateurs Microsoft | 2017-02-27T00:00:00.000000 | 2017-03-15T00:00:00.000000 |
| certfr-2017-ale-002 | Vulnérabilité dans Microsoft Windows | 2017-02-20T00:00:00.000000 | 2017-03-15T00:00:00.000000 |
| certfr-2017-ale-001 | Vulnérabilité dans Cisco WebEx | 2017-01-25T00:00:00.000000 | 2017-01-31T00:00:00.000000 |
| certfr-2016-ale-010 | Vulnérabilité dans les routeurs Netgear | 2016-12-13T00:00:00.000000 | 2016-12-26T00:00:00.000000 |
| certfr-2016-ale-009 | Campagne d'attaque contre des routeurs DSL | 2016-12-01T00:00:00.000000 | 2017-01-26T00:00:00.000000 |
| certfr-2016-ale-008 | Vulnérabilité dans Microsoft Windows | 2016-11-02T00:00:00.000000 | 2016-11-09T00:00:00.000000 |
| certfr-2016-ale-007 | Vulnérabilité dans Cisco IOS, IOS XE et IOS XR | 2016-09-19T00:00:00.000000 | 2016-09-19T00:00:00.000000 |
| certfr-2016-ale-006 | Campagne de messages électroniques non sollicités de type Zepto/Odin | 2016-09-05T00:00:00.000000 | 2016-11-17T00:00:00.000000 |
| certfr-2016-ale-005 | Multiples vulnérabilités dans les pare-feux Cisco | 2016-08-18T00:00:00.000000 | 2016-09-05T00:00:00.000000 |
| certfr-2016-ale-004 | Vulnérabilité dans Adobe Flash Player | 2016-06-15T00:00:00.000000 | 2016-06-16T00:00:00.000000 |
| certfr-2016-ale-003 | Vulnérabilité dans Adobe Flash Player | 2016-05-11T00:00:00.000000 | 2016-05-12T00:00:00.000000 |
| certfr-2016-ale-002 | Vulnérabilité dans Adobe Flash Player | 2016-04-06T00:00:00.000000 | 2016-04-08T00:00:00.000000 |
| certfr-2016-ale-001 | Campagne de messages électroniques non sollicités de type Locky | 2016-02-19T00:00:00.000000 | 2016-04-07T00:00:00.000000 |
| certfr-2015-ale-015 | Campagne de messages électroniques non sollicités de type TeslaCrypt | 2015-12-21T00:00:00.000000 | 2016-03-10T00:00:00.000000 |
| certfr-2015-ale-014 | Vulnérabilité dans Juniper ScreenOS | 2015-12-18T00:00:00.000000 | 2016-04-11T00:00:00.000000 |
| certfr-2015-ale-013 | Vulnérabilité dans Joomla! | 2015-12-14T00:00:00.000000 | 2016-08-01T00:00:00.000000 |
| certfr-2015-ale-012 | Campagne de messages électroniques non sollicités de type Dridex | 2015-10-23T00:00:00.000000 | 2015-11-26T00:00:00.000000 |
| certfr-2015-ale-011 | Vulnérabilité dans Adobe Flash Player | 2015-10-14T00:00:00.000000 | 2015-10-19T00:00:00.000000 |
| certfr-2015-ale-010 | Multiples vulnérabilités dans Google Android | 2015-07-28T00:00:00.000000 | 2015-10-06T00:00:00.000000 |
| certfr-2015-ale-009 | Vulnérabilité dans Apple Mac OS X | 2015-07-24T00:00:00.000000 | 2015-12-22T00:00:00.000000 |
| certfr-2015-ale-008 | Vulnérabilité dans le pilote de gestion des polices de caractères de Microsoft Windows | 2015-07-20T00:00:00.000000 | 2015-07-30T00:00:00.000000 |
| certfr-2015-ale-007 | Vulnérabilité dans Oracle Java SE | 2015-07-13T00:00:00.000000 | 2015-07-20T00:00:00.000000 |
| certfr-2015-ale-006 | Vulnérabilité dans Adobe Flash Player | 2015-07-11T00:00:00.000000 | 2015-07-20T00:00:00.000000 |
| certfr-2015-ale-005 | Vulnérabilité dans Adobe Flash Player | 2015-07-08T00:00:00.000000 | 2015-07-10T00:00:00.000000 |
| certfr-2015-ale-004 | Vulnérabilité dans Microsoft Internet Explorer | 2015-02-10T00:00:00.000000 | 2015-03-31T00:00:00.000000 |
| certfr-2015-ale-003 | Nouvelle campagne d'hameçonnage de type rançongiciel | 2015-02-05T00:00:00.000000 | 2015-07-10T00:00:00.000000 |