Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40191 | ClearanceKit has a policy bypass via dual-path Endpoin… |
craigjbass |
clearancekit |
2026-04-10T20:19:35.909Z | 2026-04-15T15:12:11.855Z | |
| cve-2026-39922 | 5.3 (v4.0) | GeoNode SSRF via Service Registration |
GeoNode |
GeoNode |
2026-04-10T19:53:05.159Z | 2026-04-16T00:43:12.705Z |
| cve-2026-39921 | 5.3 (v4.0) | GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload |
GeoNode |
GeoNode |
2026-04-10T19:52:49.924Z | 2026-04-16T00:40:03.983Z |
| cve-2026-40190 | LangSmith Client SDKs has Prototype Pollution in langs… |
langchain-ai |
langsmith-sdk |
2026-04-10T19:47:57.642Z | 2026-04-13T16:13:45.532Z | |
| cve-2026-40189 | goshs has a file-based ACL authorization bypass in gos… |
patrickhener |
goshs |
2026-04-10T19:44:54.672Z | 2026-04-13T20:53:02.400Z | |
| cve-2026-40188 | goshs is Missing Write Protection for Parametric Data Values |
patrickhener |
goshs |
2026-04-10T19:43:45.197Z | 2026-04-13T15:35:32.574Z | |
| cve-2026-40185 | Missing Authorization on Immich Trip Photo Routes in TREK |
mauriceboe |
TREK |
2026-04-10T19:40:16.382Z | 2026-04-15T15:09:36.514Z | |
| cve-2026-40184 | Unauthenticated Access to Uploaded Files in TREK |
mauriceboe |
TREK |
2026-04-10T19:39:32.442Z | 2026-04-13T16:12:51.487Z | |
| cve-2026-40180 | Zip Slip Path Traversal in quarkus-openapi-generator A… |
quarkiverse |
quarkus-openapi-generator |
2026-04-10T19:35:53.440Z | 2026-04-13T20:53:46.782Z | |
| cve-2026-40178 | ajenti.plugin.core has a race conditions in 2FA |
ajenti |
ajenti |
2026-04-10T19:30:47.083Z | 2026-04-14T03:55:43.193Z | |
| cve-2026-40177 | Password bypass when 2FA is activated |
ajenti |
ajenti |
2026-04-10T19:29:00.851Z | 2026-04-14T13:26:56.925Z | |
| cve-2026-40175 | Axios has Unrestricted Cloud Metadata Exfiltration via… |
axios |
axios |
2026-04-10T19:23:52.285Z | 2026-04-16T18:45:12.892Z | |
| cve-2026-40168 | Postiz has Server-Side Request Forgery via Redirect By… |
gitroomhq |
postiz-app |
2026-04-10T19:20:16.365Z | 2026-04-13T20:55:15.792Z | |
| cve-2026-32252 | Chartbrew Cross-Tenant Template Export and Secret Disc… |
chartbrew |
chartbrew |
2026-04-10T19:17:53.438Z | 2026-04-13T15:35:52.178Z | |
| cve-2026-30232 | Chartbrew has SSRF in API Data Connection - No IP Vali… |
chartbrew |
chartbrew |
2026-04-10T19:15:11.439Z | 2026-04-15T15:07:30.227Z | |
| cve-2026-27460 | Tandoor Recipes Affected by Denial of Service via Reci… |
TandoorRecipes |
recipes |
2026-04-10T19:09:05.883Z | 2026-04-13T15:35:58.210Z | |
| cve-2026-33737 | Chamilo LMS has an XML External Entity (XXE) Injection |
chamilo |
chamilo-lms |
2026-04-10T19:05:08.873Z | 2026-04-13T16:02:10.691Z | |
| cve-2026-33736 | Chamilo LMS has an Insecure Direct Object Reference (I… |
chamilo |
chamilo-lms |
2026-04-10T19:03:18.638Z | 2026-04-13T20:55:46.727Z | |
| cve-2026-33710 | Chamilo LMS has Weak REST API Key Generation (Predictable) |
chamilo |
chamilo-lms |
2026-04-10T18:59:24.111Z | 2026-04-13T15:36:06.835Z | |
| cve-2026-33708 | Chamilo LMS has REST API PII Exposure via get_user_inf… |
chamilo |
chamilo-lms |
2026-04-10T18:54:35.034Z | 2026-04-15T15:04:02.449Z | |
| cve-2026-33707 | Weak Password Recovery Mechanism for Forgotten Passwor… |
chamilo |
chamilo-lms |
2026-04-10T18:52:54.097Z | 2026-04-13T16:03:17.502Z | |
| cve-2026-33706 | Chamilo LMS has a REST API Self-Privilege Escalation (… |
chamilo |
chamilo-lms |
2026-04-10T18:51:23.824Z | 2026-04-14T14:02:07.696Z | |
| cve-2026-33705 | Chamilo LMS has unauthenticated access to Twig templat… |
chamilo |
chamilo-lms |
2026-04-10T18:32:45.193Z | 2026-04-15T15:02:39.017Z | |
| cve-2026-33704 | Chamilo LMS Affected by Authenticated Arbitrary File W… |
chamilo |
chamilo-lms |
2026-04-10T18:30:48.478Z | 2026-04-13T16:04:11.514Z | |
| cve-2026-33703 | Chamilo LMS Critical IDOR: Any Authenticated User Can … |
chamilo |
chamilo-lms |
2026-04-10T18:23:01.031Z | 2026-04-14T14:05:24.505Z | |
| cve-2026-3446 | 6 (v4.0) | Base64 decoding stops at first padded quad by default |
Python Software Foundation |
CPython |
2026-04-10T18:17:35.045Z | 2026-04-13T16:07:24.229Z |
| cve-2026-33702 | Chamilo LMS has an Insecure Direct Object Reference (IDOR) |
chamilo |
chamilo-lms |
2026-04-10T18:15:49.964Z | 2026-04-13T15:36:13.742Z | |
| cve-2026-33698 | Chamilo LMS affected by unauthenticated RCE in main/in… |
chamilo |
chamilo-lms |
2026-04-10T18:14:17.424Z | 2026-04-15T15:00:31.550Z | |
| cve-2026-33618 | Chamilo LMS Affected by Remote Code Execution via eval… |
chamilo |
chamilo-lms |
2026-04-10T18:10:16.691Z | 2026-04-10T18:46:09.585Z | |
| cve-2026-33141 | Chamilo LMS has an IDOR in REST API Stats Endpoint Exp… |
chamilo |
chamilo-lms |
2026-04-10T18:01:26.027Z | 2026-04-14T14:06:11.889Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2014-000143 | "File Upload BBS" of i-HTTPD vulnerable to remote command execution | 2014-12-09T14:40+09:00 | 2014-12-16T17:10+09:00 |
| jvndb-2014-000148 | Kaku-San-Sei Million Arthur for Android information management vulnerability | 2014-12-04T12:28+09:00 | 2014-12-08T16:05+09:00 |
| jvndb-2014-000147 | KENT-WEB Clip Board vulnerable to cross-site scripting | 2014-12-04T12:22+09:00 | 2014-12-08T16:03+09:00 |
| jvndb-2014-000142 | DBD::PgPP vulnerable to SQL injection | 2014-12-03T15:09+09:00 | 2014-12-03T15:09+09:00 |
| jvndb-2014-000140 | LG Electronics mobile access routers lack access restrictions | 2014-12-02T14:27+09:00 | 2014-12-08T16:07+09:00 |
| jvndb-2014-000139 | ARROWS Me F-11D vulnerability where arbitrary areas may be accessed | 2014-12-02T14:26+09:00 | 2014-12-08T16:06+09:00 |
| jvndb-2014-000138 | OS command injection vulnerability in multiple FUJITSU Android devices | 2014-12-02T14:21+09:00 | 2014-12-09T15:33+09:00 |
| jvndb-2014-000137 | Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors | 2014-12-02T13:56+09:00 | 2014-12-09T15:34+09:00 |
| jvndb-2014-000136 | SEIL Series routers vulnerable to denial-of-service (DoS) | 2014-12-01T15:24+09:00 | 2014-12-09T15:31+09:00 |
| jvndb-2014-000135 | SEIL Series routers vulnerable to denial-of-service (DoS) | 2014-12-01T15:18+09:00 | 2014-12-09T15:32+09:00 |
| jvndb-2014-000141 | FAST/TOOLS vulnerable to improper restriction of XML external entity references | 2014-11-28T14:54+09:00 | 2014-12-10T10:16+09:00 |
| jvndb-2014-000134 | BSD Operating Systems vulnerable to denial-of-service (DoS) | 2014-11-21T14:10+09:00 | 2014-12-16T17:08+09:00 |
| jvndb-2014-000133 | iLogScanner vulnerable to cross-site scripting | 2014-11-14T14:38+09:00 | 2014-11-18T18:22+09:00 |
| jvndb-2014-000118 | Direct Web Remoting (DWR) vulnerable to cross-site scripting | 2014-11-14T14:37+09:00 | 2014-11-25T17:51+09:00 |
| jvndb-2014-000117 | Direct Web Remoting (DWR) vulnerable to XML external entity injection | 2014-11-14T14:33+09:00 | 2014-11-25T17:50+09:00 |
| jvndb-2014-000131 | Ichitaro series vulnerable to arbitrary code execution | 2014-11-13T16:52+09:00 | 2014-11-27T17:58+09:00 |
| jvndb-2014-004833 | Vulnerability in JP1/NETM/DM and Job Management Partner 1/Software Distribution data reproduction functionality | 2014-11-11T15:33+09:00 | 2015-03-03T16:59+09:00 |
| jvndb-2014-000130 | Multiple Cybozu products vulnerable to buffer overflow | 2014-11-11T13:36+09:00 | 2014-11-25T17:52+09:00 |
| jvndb-2014-000129 | OpenAM vulnerable to denial-of-service (DoS) | 2014-11-10T14:23+09:00 | 2014-11-20T10:09+09:00 |
| jvndb-2014-000126 | QNAP QTS vulnerable to OS command injection | 2014-10-28T14:39+09:00 | 2015-12-25T13:47+09:00 |
| jvndb-2014-000125 | SumaHo for Android fails to verify SSL/TLS server certificates | 2014-10-23T13:43+09:00 | 2018-03-07T14:24+09:00 |
| jvndb-2014-000123 | GIGAPOD vulnerable to denial-of-service (DoS) | 2014-10-16T13:51+09:00 | 2024-05-13T18:10+09:00 |
| jvndb-2014-000122 | Aflax vulnerable to cross-site scripting | 2014-10-16T13:35+09:00 | 2014-10-24T18:32+09:00 |
| jvndb-2014-000121 | BirdBlog vulnerable to cross-site scripting | 2014-10-16T13:26+09:00 | 2014-10-16T13:26+09:00 |
| jvndb-2014-000120 | Huawei E5332 vulnerable to denial-of-service (DoS) | 2014-10-10T14:03+09:00 | 2014-10-21T15:11+09:00 |
| jvndb-2014-000119 | Huawei E5332 vulnerable to denial-of-service (DoS) | 2014-10-10T14:02+09:00 | 2014-10-21T15:15+09:00 |
| jvndb-2014-004316 | Safari issue in handling application cache | 2014-09-25T14:54+09:00 | 2014-09-25T14:54+09:00 |
| jvndb-2014-000116 | Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates | 2014-09-25T14:54+09:00 | 2014-09-25T14:54+09:00 |
| jvndb-2014-000112 | N-Media file uploader vulnerability in handling uploaded files | 2014-09-25T14:53+09:00 | 2014-09-29T11:39+09:00 |
| jvndb-2014-000108 | jigbrowser+ for iOS same origin policy bypass | 2014-09-25T14:52+09:00 | 2014-09-29T11:47+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0649 | Vulnérabilité dans les produits Citrix | 2024-08-05T00:00:00.000000 | 2024-08-05T00:00:00.000000 |
| certfr-2024-avi-0648 | Multiples vulnérabilités dans les produits SonicWall | 2024-08-05T00:00:00.000000 | 2024-08-05T00:00:00.000000 |
| certfr-2024-avi-0647 | Multiples vulnérabilités dans Roundcube | 2024-08-05T00:00:00.000000 | 2024-08-05T00:00:00.000000 |
| certfr-2024-avi-0646 | Multiples vulnérabilités dans les produits IBM | 2024-08-02T00:00:00.000000 | 2024-08-02T00:00:00.000000 |
| certfr-2024-avi-0645 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-08-02T00:00:00.000000 | 2024-08-02T00:00:00.000000 |
| certfr-2024-avi-0644 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-08-02T00:00:00.000000 | 2024-08-02T00:00:00.000000 |
| certfr-2024-avi-0643 | Vulnérabilité dans les produits Moxa | 2024-08-02T00:00:00.000000 | 2024-08-02T00:00:00.000000 |
| certfr-2024-avi-0642 | Multiples vulnérabilités dans Microsoft Edge | 2024-08-02T00:00:00.000000 | 2024-08-02T00:00:00.000000 |
| certfr-2024-avi-0641 | Multiples vulnérabilités dans les produits NetApp | 2024-08-01T00:00:00.000000 | 2024-08-01T00:00:00.000000 |
| certfr-2024-avi-0640 | Vulnérabilité dans Elastic Elasticsearch | 2024-08-01T00:00:00.000000 | 2024-08-01T00:00:00.000000 |
| certfr-2024-avi-0639 | Vulnérabilité dans les produits Microsoft | 2024-08-01T00:00:00.000000 | 2024-08-01T00:00:00.000000 |
| certfr-2024-avi-0638 | Vulnérabilité dans Elastic Kibana | 2024-07-31T00:00:00.000000 | 2024-07-31T00:00:00.000000 |
| certfr-2024-avi-0637 | Multiples vulnérabilités dans HPE Aruba Networking ClearPass Policy Manager | 2024-07-31T00:00:00.000000 | 2024-07-31T00:00:00.000000 |
| certfr-2024-avi-0636 | Multiples vulnérabilités dans Google Chrome | 2024-07-31T00:00:00.000000 | 2024-07-31T00:00:00.000000 |
| certfr-2024-avi-0635 | Multiples vulnérabilités dans StormShield Management Center | 2024-07-30T00:00:00.000000 | 2024-07-30T00:00:00.000000 |
| certfr-2024-avi-0634 | Multiples vulnérabilités dans les produits Apple | 2024-07-30T00:00:00.000000 | 2024-07-30T00:00:00.000000 |
| certfr-2024-avi-0633 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-07-26T00:00:00.000000 | 2024-07-26T00:00:00.000000 |
| certfr-2024-avi-0632 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-07-26T00:00:00.000000 | 2024-07-26T00:00:00.000000 |
| certfr-2024-avi-0631 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-07-26T00:00:00.000000 | 2024-07-26T00:00:00.000000 |
| certfr-2024-avi-0630 | Multiples vulnérabilités dans IBM QRadar | 2024-07-26T00:00:00.000000 | 2024-07-26T00:00:00.000000 |
| certfr-2024-avi-0629 | Vulnérabilité dans SPIP | 2024-07-26T00:00:00.000000 | 2024-07-26T00:00:00.000000 |
| certfr-2024-avi-0628 | Multiples vulnérabilités dans Microsoft Edge | 2024-07-26T00:00:00.000000 | 2024-07-26T00:00:00.000000 |
| certfr-2024-avi-0627 | Multiples vulnérabilités dans les produits VMware | 2024-07-26T00:00:00.000000 | 2024-07-26T00:00:00.000000 |
| certfr-2024-avi-0626 | Multiples vulnérabilités dans les produits Mitel | 2024-07-25T00:00:00.000000 | 2024-07-25T00:00:00.000000 |
| certfr-2024-avi-0625 | Multiples vulnérabilités dans GitLab | 2024-07-25T00:00:00.000000 | 2024-07-25T00:00:00.000000 |
| certfr-2024-avi-0624 | Vulnérabilité dans Spring Cloud Skipper | 2024-07-25T00:00:00.000000 | 2024-07-25T00:00:00.000000 |
| certfr-2024-avi-0623 | Multiples vulnérabilités Microsoft GroupMe | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0622 | Multiples vulnérabilités dans Google Chrome | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0621 | Vulnérabilité dans Nagios XI | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0620 | Multiples vulnérabilités dans les produits HPE Aruba Networking | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |