Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-70995 | N/A | An issue in Aranda Service Desk Web Edition (ASDK… |
n/a |
n/a |
2026-03-05T00:00:00.000Z | 2026-04-21T02:41:54.623Z |
| cve-2025-48645 | N/A | In loadDescription of DeviceAdminInfo.java, there… |
Google |
Android |
2026-03-02T18:42:25.869Z | 2026-04-21T02:41:36.807Z |
| cve-2025-48613 | N/A | In VBMeta, there is a possible way to modify and … |
Google |
Android |
2026-03-02T18:42:15.702Z | 2026-04-21T02:41:16.037Z |
| cve-2026-2791 | N/A | Mitigation bypass in the Networking: Cache component |
Mozilla |
Firefox |
2026-02-24T13:33:22.237Z | 2026-04-21T02:40:55.797Z |
| cve-2026-2788 | N/A | Incorrect boundary conditions in the Audio/Video: GMP … |
Mozilla |
Firefox |
2026-02-24T13:33:20.287Z | 2026-04-21T02:40:29.432Z |
| cve-2026-0924 | 7.3 (v4.0) | BuhoCleaner 1.15.2 - Local Privilege Escalation via PI… |
Dr.Buho |
BuhoCleaner |
2026-02-02T20:18:21.258Z | 2026-04-21T02:40:06.930Z |
| cve-2026-40250 | OpenEXR has integer overflow in DWA decoder outBufferE… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:33:00.212Z | 2026-04-21T01:33:00.212Z | |
| cve-2026-40244 | OpenEXR has integer overflow in DWA setupChannelData p… |
AcademySoftwareFoundation |
openexr |
2026-04-21T01:30:55.061Z | 2026-04-21T01:30:55.061Z | |
| cve-2026-39866 | Lawnchair vulnerable to Command Injection via unquoted… |
LawnchairLauncher |
lawnchair |
2026-04-21T01:19:47.510Z | 2026-04-21T01:19:47.510Z | |
| cve-2026-41282 | 4 (v3.1) | ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL… |
ProjectDiscovery |
Nuclei |
2026-04-20T07:10:30.246Z | 2026-04-21T00:59:19.998Z |
| cve-2026-40264 | OpenBao's Token Store Allows Cross-Namespace Renewal, … |
openbao |
openbao |
2026-04-21T00:47:38.156Z | 2026-04-21T00:47:38.156Z | |
| cve-2026-39396 | OpenBao has Decompression Bomb via Unbounded Copy in O… |
openbao |
openbao |
2026-04-21T00:44:53.943Z | 2026-04-21T00:44:53.943Z | |
| cve-2026-39388 | OpenBao's Certificate Authentication Allows Token Rene… |
openbao |
openbao |
2026-04-21T00:43:22.920Z | 2026-04-21T00:43:22.920Z | |
| cve-2026-39377 | nbconvert has an Arbitrary File Write via Path Travers… |
jupyter |
nbconvert |
2026-04-21T00:14:59.937Z | 2026-04-21T00:14:59.937Z | |
| cve-2026-39320 | Signal K Server has an Unauthenticated Regular Express… |
SignalK |
signalk-server |
2026-04-21T00:07:10.371Z | 2026-04-21T00:07:10.371Z | |
| cve-2026-35570 | OpenClaude has Sandbox Bypass via Early-Exit Logic Fla… |
Gitlawb |
openclaude |
2026-04-20T23:24:08.324Z | 2026-04-20T23:24:08.324Z | |
| cve-2026-34839 | Glances Vulnerable to Cross-Origin Information Disclos… |
nicolargo |
glances |
2026-04-20T23:09:02.551Z | 2026-04-20T23:09:02.551Z | |
| cve-2026-41331 | 6.9 (v4.0) 5.3 (v3.1) | OpenClaw < 2026.3.31 - Resource Consumption via Unauth… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:17.653Z | 2026-04-20T23:08:17.653Z |
| cve-2026-41329 | 9 (v4.0) 9.9 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Co… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:16.222Z | 2026-04-20T23:08:16.222Z |
| cve-2026-41302 | 4.8 (v4.0) 7.6 (v3.1) | OpenClaw < 2026.3.31 - Server-Side Request Forgery via… |
OpenClaw |
OpenClaw |
2026-04-20T23:08:14.782Z | 2026-04-20T23:08:14.782Z |
| cve-2026-41298 | 5.3 (v4.0) 5.4 (v3.1) | OpenClaw < 2026.4.2 - Authorization Bypass in Session … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:11.787Z | 2026-04-20T23:08:11.787Z |
| cve-2026-41296 | 8.8 (v4.0) 8.2 (v3.1) | OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race … |
OpenClaw |
OpenClaw |
2026-04-20T23:08:10.194Z | 2026-04-20T23:08:10.194Z |
| cve-2024-0456 | 4.3 (v3.1) | Direct Request ('Forced Browsing') in GitLab |
GitLab |
GitLab |
2024-01-26T01:02:43.953Z | 2026-04-20T23:00:08.692Z |
| cve-2026-5721 | wpDataTables – WordPress Data Table, Dynamic Tables & … |
wpdatatables |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
2026-04-20T22:25:26.695Z | 2026-04-20T22:25:26.695Z | |
| cve-2026-6729 | 5.3 (v4.0) 6.3 (v3.1) | HKUDS OpenHarness Session Key Collision Privilege Escalation |
HKUDS |
OpenHarness |
2026-04-20T22:01:38.766Z | 2026-04-20T22:01:38.766Z |
| cve-2025-9375 | 6.9 (v4.0) | xmltodict 0.14.2 - XML Injection |
xmltodict |
xmltodict |
2025-09-01T16:43:18.220Z | 2026-04-20T21:45:55.337Z |
| cve-2025-32990 | 6.5 (v3.1) | Gnutls: vulnerability in gnutls certtool template parsing |
|
|
2025-07-10T09:41:46.211Z | 2026-04-20T21:35:30.314Z |
| cve-2025-32989 | 5.3 (v3.1) | Gnutls: vulnerability in gnutls sct extension parsing |
|
|
2025-07-10T08:05:26.307Z | 2026-04-20T21:35:29.773Z |
| cve-2025-32988 | 6.5 (v3.1) | Gnutls: vulnerability in gnutls othername san export |
|
|
2025-07-10T08:04:57.991Z | 2026-04-20T21:35:28.412Z |
| cve-2026-29643 | N/A | XiangShan (Open-source high-performance RISC-V pr… |
n/a |
n/a |
2026-04-20T00:00:00.000Z | 2026-04-20T21:18:39.405Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2025-015451 | Multiple vulnerabilities in FUJI Electric V-SFT | 2025-10-09T13:39+09:00 | 2025-10-09T13:39+09:00 |
| jvndb-2025-000081 | DataSpider Servista improper restriction of XML external entity references | 2025-09-29T14:44+09:00 | 2025-10-07T16:54+09:00 |
| jvndb-2025-000082 | The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries | 2025-10-06T15:38+09:00 | 2025-10-06T15:38+09:00 |
| jvndb-2025-015061 | Trend Micro Antivirus for Mac vulnerable to Local Privilege Escalation | 2025-10-06T13:52+09:00 | 2025-10-06T13:52+09:00 |
| jvndb-2025-000044 | Denial-of-service (DoS) vulnerabilities in multiple Apache products | 2025-06-26T14:41+09:00 | 2025-10-01T14:18+09:00 |
| jvndb-2025-014642 | Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers | 2025-09-30T11:50+09:00 | 2025-09-30T11:50+09:00 |
| jvndb-2025-000066 | Improper file access permission settings in multiple i-FILTER products | 2025-08-27T19:50+09:00 | 2025-09-29T13:45+09:00 |
| jvndb-2025-000077 | RICOH Streamline NX vulnerable to tampering with operation history | 2025-09-08T13:42+09:00 | 2025-09-24T16:53+09:00 |
| jvndb-2025-007519 | Multiple vulnerabilities in multiple BROTHER products | 2025-06-26T18:15+09:00 | 2025-09-22T10:16+09:00 |
| jvndb-2025-014105 | OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path | 2025-09-19T16:21+09:00 | 2025-09-19T16:21+09:00 |
| jvndb-2025-014104 | Multiple vulnerabilities in I-O DATA wireless LAN routers | 2025-09-19T14:58+09:00 | 2025-09-19T14:58+09:00 |
| jvndb-2025-014081 | Multiple Brother and its OEM products with weak initial administrator passwords | 2025-09-19T10:52+09:00 | 2025-09-19T10:52+09:00 |
| jvndb-2025-000079 | UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting | 2025-09-18T17:43+09:00 | 2025-09-18T17:43+09:00 |
| jvndb-2025-000078 | Century HW RAID Manager registers a Windows service with an unquoted file path | 2025-09-17T13:45+09:00 | 2025-09-17T13:45+09:00 |
| jvndb-2025-000048 | WTW-EAGLE App vulnerable to improper server certificate validation | 2025-09-12T13:57+09:00 | 2025-09-12T13:57+09:00 |
| jvndb-2025-000070 | "Gunosy" App vulnerable to insertion of sensitive information into sent data | 2025-09-02T14:20+09:00 | 2025-09-09T09:51+09:00 |
| jvndb-2025-000072 | Obsidian GitHub Copilot Plugin stores sensitive information in cleartext | 2025-09-05T16:52+09:00 | 2025-09-05T16:52+09:00 |
| jvndb-2025-000073 | RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path | 2025-09-05T16:20+09:00 | 2025-09-05T16:20+09:00 |
| jvndb-2025-000071 | "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly | 2025-09-05T15:12+09:00 | 2025-09-05T15:12+09:00 |
| jvndb-2025-000075 | Multiple vulnerabilities in TkEasyGUI | 2025-09-05T14:53+09:00 | 2025-09-05T14:53+09:00 |
| jvndb-2025-000069 | Web Caster V130 vulnerable to cross-site request forgery | 2025-09-03T14:23+09:00 | 2025-09-03T14:23+09:00 |
| jvndb-2025-000068 | Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection | 2025-09-01T16:21+09:00 | 2025-09-01T16:21+09:00 |
| jvndb-2025-012659 | Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series | 2025-09-01T15:22+09:00 | 2025-09-01T15:22+09:00 |
| jvndb-2025-000067 | Multiple vulnerabilities in multiple iND products | 2025-08-29T14:47+09:00 | 2025-08-29T14:47+09:00 |
| jvndb-2025-000064 | Multiple vulnerabilities in SS1 | 2025-08-27T15:13+09:00 | 2025-08-27T15:13+09:00 |
| jvndb-2025-000065 | ScanSnap Manager installers vulnerable to privilege escalation | 2025-08-27T14:22+09:00 | 2025-08-27T14:22+09:00 |
| jvndb-2025-011884 | FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation | 2025-08-21T11:49+09:00 | 2025-08-25T10:38+09:00 |
| jvndb-2025-000063 | Western Digital Kitfox registers a Windows service with an unquoted file path | 2025-08-22T13:37+09:00 | 2025-08-22T13:37+09:00 |
| jvndb-2025-000062 | Multiple vulnerabilities in Group-Office | 2025-08-21T14:03+09:00 | 2025-08-21T14:03+09:00 |
| jvndb-2025-000061 | Multiple vulnerabilities in Movable Type | 2025-08-20T15:30+09:00 | 2025-08-20T15:30+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0317 | Vulnérabilité dans Python | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0316 | Multiples vulnérabilités dans les produits VMware | 2026-03-19T00:00:00.000000 | 2026-03-19T00:00:00.000000 |
| certfr-2026-avi-0315 | Multiples vulnérabilités dans les produits VMware | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0314 | Multiples vulnérabilités dans les produits Atlassian | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0313 | Vulnérabilité dans les produits Apple | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0312 | Multiples vulnérabilités dans GLPI | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0311 | Vulnérabilité dans Citrix XenServer | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0310 | Multiples vulnérabilités dans MongoDB | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0309 | Multiples vulnérabilités dans Suricata | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0308 | Multiples vulnérabilités dans Node.js | 2026-03-18T00:00:00.000000 | 2026-03-18T00:00:00.000000 |
| certfr-2026-avi-0307 | Vulnérabilité dans les produits Microsoft | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0306 | Multiples vulnérabilités dans Redmine | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0305 | Multiples vulnérabilités dans Spring AI | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0304 | Multiples vulnérabilités dans Xen | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0303 | Vulnérabilité dans Microsoft Edge | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0302 | Multiples vulnérabilités dans Python | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0301 | Multiples vulnérabilités dans les produits Kaspersky | 2026-03-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0176 | Vulnérabilité dans Mattermost Server | 2026-02-17T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0173 | Multiples vulnérabilités dans les produits Mattermost | 2026-02-16T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0052 | Multiples vulnérabilités dans Mattermost Server | 2026-01-16T00:00:00.000000 | 2026-03-17T00:00:00.000000 |
| certfr-2026-avi-0299 | Multiples vulnérabilités dans les produits Microsoft | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0298 | Multiples vulnérabilités dans Microsoft Edge | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0297 | Vulnérabilité dans Google Chrome | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0296 | Vulnérabilité dans OpenSSL | 2026-03-16T00:00:00.000000 | 2026-03-16T00:00:00.000000 |
| certfr-2026-avi-0295 | Vulnérabilité dans les produits Microsoft | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0294 | Vulnérabilité dans Microsoft Office | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0293 | Vulnérabilité dans Microsoft Edge | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0292 | Multiples vulnérabilités dans les produits IBM | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0291 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| certfr-2026-avi-0290 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-03-13T00:00:00.000000 | 2026-03-13T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2017-ale-005 | Vulnérabilité dans les commutateurs Cisco | 2017-03-20T00:00:00.000000 | 2017-05-10T00:00:00.000000 |
| certfr-2017-ale-004 | Vulnérabilité dans Apache Struts | 2017-03-10T00:00:00.000000 | 2017-05-10T00:00:00.000000 |
| certfr-2017-ale-007 | Vulnérabilité dans Microsoft Office | 2017-04-10T00:00:00.000000 | 2017-04-12T00:00:00.000000 |
| certfr-2017-ale-006 | Multiples vulnérabilités dans SCADA Siemens RUGGEDCOM ROX I | 2017-03-29T00:00:00.000000 | 2017-03-29T00:00:00.000000 |
| certfr-2017-ale-003 | Vulnérabilité dans les navigateurs Microsoft | 2017-02-27T00:00:00.000000 | 2017-03-15T00:00:00.000000 |
| certfr-2017-ale-002 | Vulnérabilité dans Microsoft Windows | 2017-02-20T00:00:00.000000 | 2017-03-15T00:00:00.000000 |
| certfr-2017-ale-001 | Vulnérabilité dans Cisco WebEx | 2017-01-25T00:00:00.000000 | 2017-01-31T00:00:00.000000 |
| certfr-2016-ale-009 | Campagne d'attaque contre des routeurs DSL | 2016-12-01T00:00:00.000000 | 2017-01-26T00:00:00.000000 |
| certfr-2016-ale-010 | Vulnérabilité dans les routeurs Netgear | 2016-12-13T00:00:00.000000 | 2016-12-26T00:00:00.000000 |
| certfr-2016-ale-006 | Campagne de messages électroniques non sollicités de type Zepto/Odin | 2016-09-05T00:00:00.000000 | 2016-11-17T00:00:00.000000 |
| certfr-2016-ale-008 | Vulnérabilité dans Microsoft Windows | 2016-11-02T00:00:00.000000 | 2016-11-09T00:00:00.000000 |
| certfr-2016-ale-007 | Vulnérabilité dans Cisco IOS, IOS XE et IOS XR | 2016-09-19T00:00:00.000000 | 2016-09-19T00:00:00.000000 |
| certfr-2016-ale-005 | Multiples vulnérabilités dans les pare-feux Cisco | 2016-08-18T00:00:00.000000 | 2016-09-05T00:00:00.000000 |
| certfr-2015-ale-013 | Vulnérabilité dans Joomla! | 2015-12-14T00:00:00.000000 | 2016-08-01T00:00:00.000000 |
| certfr-2016-ale-004 | Vulnérabilité dans Adobe Flash Player | 2016-06-15T00:00:00.000000 | 2016-06-16T00:00:00.000000 |
| certfr-2016-ale-003 | Vulnérabilité dans Adobe Flash Player | 2016-05-11T00:00:00.000000 | 2016-05-12T00:00:00.000000 |
| certfr-2015-ale-014 | Vulnérabilité dans Juniper ScreenOS | 2015-12-18T00:00:00.000000 | 2016-04-11T00:00:00.000000 |
| certfr-2016-ale-002 | Vulnérabilité dans Adobe Flash Player | 2016-04-06T00:00:00.000000 | 2016-04-08T00:00:00.000000 |
| certfr-2016-ale-001 | Campagne de messages électroniques non sollicités de type Locky | 2016-02-19T00:00:00.000000 | 2016-04-07T00:00:00.000000 |
| certfr-2015-ale-015 | Campagne de messages électroniques non sollicités de type TeslaCrypt | 2015-12-21T00:00:00.000000 | 2016-03-10T00:00:00.000000 |
| certfr-2015-ale-009 | Vulnérabilité dans Apple Mac OS X | 2015-07-24T00:00:00.000000 | 2015-12-22T00:00:00.000000 |
| certfr-2015-ale-012 | Campagne de messages électroniques non sollicités de type Dridex | 2015-10-23T00:00:00.000000 | 2015-11-26T00:00:00.000000 |
| certfr-2015-ale-011 | Vulnérabilité dans Adobe Flash Player | 2015-10-14T00:00:00.000000 | 2015-10-19T00:00:00.000000 |
| certfr-2015-ale-010 | Multiples vulnérabilités dans Google Android | 2015-07-28T00:00:00.000000 | 2015-10-06T00:00:00.000000 |
| certfr-2015-ale-008 | Vulnérabilité dans le pilote de gestion des polices de caractères de Microsoft Windows | 2015-07-20T00:00:00.000000 | 2015-07-30T00:00:00.000000 |
| certfr-2015-ale-007 | Vulnérabilité dans Oracle Java SE | 2015-07-13T00:00:00.000000 | 2015-07-20T00:00:00.000000 |
| certfr-2015-ale-006 | Vulnérabilité dans Adobe Flash Player | 2015-07-11T00:00:00.000000 | 2015-07-20T00:00:00.000000 |
| certfr-2015-ale-005 | Vulnérabilité dans Adobe Flash Player | 2015-07-08T00:00:00.000000 | 2015-07-10T00:00:00.000000 |
| certfr-2015-ale-003 | Nouvelle campagne d'hameçonnage de type rançongiciel | 2015-02-05T00:00:00.000000 | 2015-07-10T00:00:00.000000 |
| certfr-2015-ale-004 | Vulnérabilité dans Microsoft Internet Explorer | 2015-02-10T00:00:00.000000 | 2015-03-31T00:00:00.000000 |