Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-40354 | 2.9 (v3.1) | Flatpak xdg-desktop-portal before 1.20.4 and 1.21… |
Flatpak |
xdg-desktop-portal |
2026-04-11T00:29:03.467Z | 2026-04-15T15:14:27.291Z |
| cve-2026-40191 | ClearanceKit has a policy bypass via dual-path Endpoin… |
craigjbass |
clearancekit |
2026-04-10T20:19:35.909Z | 2026-04-15T15:12:11.855Z | |
| cve-2026-40185 | Missing Authorization on Immich Trip Photo Routes in TREK |
mauriceboe |
TREK |
2026-04-10T19:40:16.382Z | 2026-04-15T15:09:36.514Z | |
| cve-2026-30232 | Chartbrew has SSRF in API Data Connection - No IP Vali… |
chartbrew |
chartbrew |
2026-04-10T19:15:11.439Z | 2026-04-15T15:07:30.227Z | |
| cve-2026-33708 | Chamilo LMS has REST API PII Exposure via get_user_inf… |
chamilo |
chamilo-lms |
2026-04-10T18:54:35.034Z | 2026-04-15T15:04:02.449Z | |
| cve-2026-33705 | Chamilo LMS has unauthenticated access to Twig templat… |
chamilo |
chamilo-lms |
2026-04-10T18:32:45.193Z | 2026-04-15T15:02:39.017Z | |
| cve-2026-33698 | Chamilo LMS affected by unauthenticated RCE in main/in… |
chamilo |
chamilo-lms |
2026-04-10T18:14:17.424Z | 2026-04-15T15:00:31.550Z | |
| cve-2026-32931 | Chamilo LMS has Arbitrary File Upload via MIME-Only Va… |
chamilo |
chamilo-lms |
2026-04-10T17:50:40.176Z | 2026-04-15T14:56:10.732Z | |
| cve-2026-32893 | Chamilo LMS has Reflected XSS via Unsanitized http_bui… |
chamilo |
chamilo-lms |
2026-04-10T17:42:24.220Z | 2026-04-15T14:51:41.852Z | |
| cve-2026-40163 | Saltcorn has an Unauthenticated Path Traversal in sync… |
saltcorn |
saltcorn |
2026-04-10T17:07:49.067Z | 2026-04-15T14:50:01.616Z | |
| cve-2026-40159 | PraisonAI Exposes Sensitive Environment Variable via U… |
MervinPraison |
PraisonAI |
2026-04-10T16:57:11.623Z | 2026-04-15T14:48:42.389Z | |
| cve-2026-40100 | FastGPT has Unauthenticated SSRF in /api/core/app/mcpT… |
labring |
FastGPT |
2026-04-10T16:39:25.856Z | 2026-04-15T14:47:23.092Z | |
| cve-2026-40103 | Vikunja's Scoped API tokens with projects.background p… |
go-vikunja |
vikunja |
2026-04-10T16:12:27.603Z | 2026-04-15T14:45:18.303Z | |
| cve-2026-40223 | 4.7 (v3.1) | In systemd 258 before 260, a local unprivileged u… |
systemd |
systemd |
2026-04-10T15:10:56.605Z | 2026-04-15T14:42:11.727Z |
| cve-2026-39399 | NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Con… |
NuGet |
NuGetGallery |
2026-04-14T23:01:38.176Z | 2026-04-15T14:42:02.662Z | |
| cve-2026-33146 | Docmost's Public Share Search Exposes Metadata of Rest… |
docmost |
docmost |
2026-04-14T21:36:53.562Z | 2026-04-15T14:28:08.044Z | |
| cve-2026-35196 | Chamilo LMS has OS Command Injection via export_all_ce… |
chamilo |
chamilo-lms |
2026-04-14T21:33:13.518Z | 2026-04-15T14:27:29.401Z | |
| cve-2026-34160 | Chamilo LMS: Unauthenticated SSRF via PENS Plugin allo… |
chamilo |
chamilo-lms |
2026-04-14T21:09:36.832Z | 2026-04-15T14:26:33.592Z | |
| cve-2026-25125 | October CMS: Environment Variable Exfiltration via INI… |
octobercms |
october |
2026-04-14T20:39:59.164Z | 2026-04-15T14:25:12.276Z | |
| cve-2026-40291 | Chamilo LMS has Privilege Escalation via API User Role… |
chamilo |
chamilo-lms |
2026-04-14T21:37:55.490Z | 2026-04-15T14:24:29.902Z | |
| cve-2026-39400 | Stored XSS via Job HTML/Table Output in Cronicle |
jhuckaby |
Cronicle |
2026-04-07T20:22:54.581Z | 2026-04-15T14:24:26.306Z | |
| cve-2026-39365 | Vite has a Path Traversal in Optimized Deps `.map` Handling |
vitejs |
vite |
2026-04-07T19:13:50.927Z | 2026-04-15T14:23:24.501Z | |
| cve-2025-8669 | Customify <= 0.4.11 - Cross-Site Request Forgery |
pressmaximum |
Customify |
2025-10-03T11:17:18.759Z | 2026-04-15T14:00:42.668Z | |
| cve-2026-3590 | 6.5 (v3.1) | Race Condition in Guest Magic Link Authentication Allo… |
Mattermost |
Mattermost |
2026-04-15T11:00:14.880Z | 2026-04-15T14:00:27.030Z |
| cve-2025-10583 | WP Fastest Cache Premium <= 1.7.4 - Missing Authorizat… |
emrevona |
WP Fastest Cache Premium |
2025-12-12T07:20:35.569Z | 2026-04-15T13:53:27.464Z | |
| cve-2025-14151 | SlimStat Analytics <= 5.3.2 - Unauthenticated Stored C… |
veronalabs |
SlimStat Analytics |
2025-12-19T08:23:40.685Z | 2026-04-15T13:50:48.795Z | |
| cve-2026-0827 | 6.9 (v4.0) 7.1 (v3.1) | During an internal security assessment, a potenti… |
Lenovo |
Diagnostics |
2026-04-15T12:27:45.354Z | 2026-04-15T13:48:06.089Z |
| cve-2026-39387 | BoidCMS: Local File Inclusion (LFI) leads to Remote Co… |
BoidCMS |
BoidCMS |
2026-04-14T22:56:20.935Z | 2026-04-15T13:42:26.866Z | |
| cve-2026-24893 | openITCOCKPIT has Authenticated Command Injection Lead… |
openITCOCKPIT |
openITCOCKPIT |
2026-04-14T20:37:00.347Z | 2026-04-15T13:40:30.971Z | |
| cve-2026-33715 | Chamilo LMS has Unauthenticated SSRF and Open Email Re… |
chamilo |
chamilo-lms |
2026-04-14T21:05:35.043Z | 2026-04-15T13:37:16.615Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2014-000141 | FAST/TOOLS vulnerable to improper restriction of XML external entity references | 2014-11-28T14:54+09:00 | 2014-12-10T10:16+09:00 |
| jvndb-2014-000137 | Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors | 2014-12-02T13:56+09:00 | 2014-12-09T15:34+09:00 |
| jvndb-2014-000138 | OS command injection vulnerability in multiple FUJITSU Android devices | 2014-12-02T14:21+09:00 | 2014-12-09T15:33+09:00 |
| jvndb-2014-000135 | SEIL Series routers vulnerable to denial-of-service (DoS) | 2014-12-01T15:18+09:00 | 2014-12-09T15:32+09:00 |
| jvndb-2014-000136 | SEIL Series routers vulnerable to denial-of-service (DoS) | 2014-12-01T15:24+09:00 | 2014-12-09T15:31+09:00 |
| jvndb-2014-000146 | i-HTTPD vulnerable to cross-site scripting | 2014-12-09T14:45+09:00 | 2014-12-09T14:45+09:00 |
| jvndb-2014-000140 | LG Electronics mobile access routers lack access restrictions | 2014-12-02T14:27+09:00 | 2014-12-08T16:07+09:00 |
| jvndb-2014-000139 | ARROWS Me F-11D vulnerability where arbitrary areas may be accessed | 2014-12-02T14:26+09:00 | 2014-12-08T16:06+09:00 |
| jvndb-2014-000148 | Kaku-San-Sei Million Arthur for Android information management vulnerability | 2014-12-04T12:28+09:00 | 2014-12-08T16:05+09:00 |
| jvndb-2014-000147 | KENT-WEB Clip Board vulnerable to cross-site scripting | 2014-12-04T12:22+09:00 | 2014-12-08T16:03+09:00 |
| jvndb-2014-000142 | DBD::PgPP vulnerable to SQL injection | 2014-12-03T15:09+09:00 | 2014-12-03T15:09+09:00 |
| jvndb-2014-000131 | Ichitaro series vulnerable to arbitrary code execution | 2014-11-13T16:52+09:00 | 2014-11-27T17:58+09:00 |
| jvndb-2014-000130 | Multiple Cybozu products vulnerable to buffer overflow | 2014-11-11T13:36+09:00 | 2014-11-25T17:52+09:00 |
| jvndb-2014-000118 | Direct Web Remoting (DWR) vulnerable to cross-site scripting | 2014-11-14T14:37+09:00 | 2014-11-25T17:51+09:00 |
| jvndb-2014-000117 | Direct Web Remoting (DWR) vulnerable to XML external entity injection | 2014-11-14T14:33+09:00 | 2014-11-25T17:50+09:00 |
| jvndb-2014-000129 | OpenAM vulnerable to denial-of-service (DoS) | 2014-11-10T14:23+09:00 | 2014-11-20T10:09+09:00 |
| jvndb-2014-000133 | iLogScanner vulnerable to cross-site scripting | 2014-11-14T14:38+09:00 | 2014-11-18T18:22+09:00 |
| jvndb-2014-000122 | Aflax vulnerable to cross-site scripting | 2014-10-16T13:35+09:00 | 2014-10-24T18:32+09:00 |
| jvndb-2014-000119 | Huawei E5332 vulnerable to denial-of-service (DoS) | 2014-10-10T14:02+09:00 | 2014-10-21T15:15+09:00 |
| jvndb-2014-000120 | Huawei E5332 vulnerable to denial-of-service (DoS) | 2014-10-10T14:03+09:00 | 2014-10-21T15:11+09:00 |
| jvndb-2014-000121 | BirdBlog vulnerable to cross-site scripting | 2014-10-16T13:26+09:00 | 2014-10-16T13:26+09:00 |
| jvndb-2014-000108 | jigbrowser+ for iOS same origin policy bypass | 2014-09-25T14:52+09:00 | 2014-09-29T11:47+09:00 |
| jvndb-2014-000105 | Help Page in multiple Adobe products vulnerable to cross-site scripting | 2014-09-12T14:00+09:00 | 2014-09-29T11:42+09:00 |
| jvndb-2014-000112 | N-Media file uploader vulnerability in handling uploaded files | 2014-09-25T14:53+09:00 | 2014-09-29T11:39+09:00 |
| jvndb-2014-000110 | Dotclear vulnerable to cross-site scripting | 2014-09-19T13:42+09:00 | 2014-09-25T17:52+09:00 |
| jvndb-2014-000109 | Bump for Android vulnerable in handling of implicit intents | 2014-09-19T13:41+09:00 | 2014-09-25T17:44+09:00 |
| jvndb-2014-004316 | Safari issue in handling application cache | 2014-09-25T14:54+09:00 | 2014-09-25T14:54+09:00 |
| jvndb-2014-000116 | Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates | 2014-09-25T14:54+09:00 | 2014-09-25T14:54+09:00 |
| jvndb-2014-000114 | FileMaker Pro fails to verify SSL server certificates | 2014-09-18T20:36+09:00 | 2014-09-24T18:47+09:00 |
| jvndb-2014-000111 | Yuko Yuko App for Android fails to verify SSL server certificates | 2014-09-22T13:50+09:00 | 2014-09-22T13:50+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0624 | Vulnérabilité dans Spring Cloud Skipper | 2024-07-25T00:00:00.000000 | 2024-07-25T00:00:00.000000 |
| certfr-2024-avi-0623 | Multiples vulnérabilités Microsoft GroupMe | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0622 | Multiples vulnérabilités dans Google Chrome | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0621 | Vulnérabilité dans Nagios XI | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0620 | Multiples vulnérabilités dans les produits HPE Aruba Networking | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0619 | Multiples vulnérabilités dans les produits VMware | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0618 | Multiples vulnérabilités dans ISC BIND | 2024-07-24T00:00:00.000000 | 2024-07-24T00:00:00.000000 |
| certfr-2024-avi-0617 | Multiples vulnérabilités dans les produits Siemens | 2024-07-23T00:00:00.000000 | 2024-07-23T00:00:00.000000 |
| certfr-2024-avi-0616 | Vulnérabilité dans les produits Atlassian | 2024-07-22T00:00:00.000000 | 2024-07-22T00:00:00.000000 |
| certfr-2024-avi-0615 | Vulnérabilité dans les produits NetApp | 2024-07-22T00:00:00.000000 | 2024-07-22T00:00:00.000000 |
| certfr-2024-avi-0614 | Vulnérabilité dans IBM MaaS360 | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0613 | Multiples vulnérabilités dans le noyau Linux de Debian | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0612 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0611 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0610 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0609 | Multiples vulnérabilités dans SolarWinds Access Rights Manager | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0608 | Vulnérabilité dans VMware Tanzu | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0607 | Multiples vulnérabilités dans Microsoft Edge | 2024-07-19T00:00:00.000000 | 2024-07-19T00:00:00.000000 |
| certfr-2024-avi-0606 | Multiples vulnérabilités dans les produits Ivanti | 2024-07-18T00:00:00.000000 | 2024-07-18T00:00:00.000000 |
| certfr-2024-avi-0605 | Vulnérabilité dans les produits Sonicwall | 2024-07-18T00:00:00.000000 | 2024-07-18T00:00:00.000000 |
| certfr-2024-avi-0604 | Vulnérabilité dans Microsoft Edge | 2024-07-18T00:00:00.000000 | 2024-07-18T00:00:00.000000 |
| certfr-2024-avi-0603 | Multiples vulnérabilités dans Apache HTTP Server | 2024-07-18T00:00:00.000000 | 2024-07-18T00:00:00.000000 |
| certfr-2024-avi-0602 | Multiples vulnérabilités dans les produits Cisco | 2024-07-18T00:00:00.000000 | 2024-07-18T00:00:00.000000 |
| certfr-2024-avi-0600 | Vulnérabilité dans Sonicwall NetExtender | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0599 | Multiples vulnérabilités dans Oracle Weblogic | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0598 | Multiples vulnérabilités dans Oracle Virtualization | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0597 | Multiples vulnérabilités dans Oracle Systems | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0596 | Multiples vulnérabilités dans Oracle PeopleSoft | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0595 | Multiples vulnérabilités dans Oracle MySQL | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0594 | Multiples vulnérabilités dans Oracle Java SE | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |