Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-35033 | Jellyfin: Potential SSRF + Arbitrary file read via str… |
jellyfin |
jellyfin |
2026-04-14T22:28:47.558Z | 2026-04-15T13:36:26.787Z | |
| cve-2025-15565 | Nexi XPay <= 8.3.0 - Missing Authorization to Unauthen… |
cartasi |
Nexi XPay |
2026-04-14T21:26:40.111Z | 2026-04-15T13:33:09.315Z | |
| cve-2026-34602 | Chamilo LMS: IDOR in /api/course_rel_users Allows Unau… |
chamilo |
chamilo-lms |
2026-04-14T21:29:06.585Z | 2026-04-15T13:32:34.878Z | |
| cve-2026-34213 | Docmost has cross-page attachment overwrite via flawed… |
docmost |
docmost |
2026-04-14T21:49:55.380Z | 2026-04-15T13:31:17.467Z | |
| cve-2026-33020 | libsixel: Integer Overflow in write_png_to_file() lead… |
saitoha |
libsixel |
2026-04-14T21:53:00.388Z | 2026-04-15T13:30:47.463Z | |
| cve-2026-34454 | OAuth2 Proxy: Session cookie not cleared when renderin… |
oauth2-proxy |
oauth2-proxy |
2026-04-14T22:10:37.901Z | 2026-04-15T13:30:10.300Z | |
| cve-2026-27299 | 6.3 (v3.1) | Adobe Framemaker | Improper Input Validation (CWE-20) |
Adobe |
Adobe Framemaker |
2026-04-14T22:58:12.664Z | 2026-04-15T13:28:12.518Z |
| cve-2026-39963 | Serendipity: Host Header Injection enables authenticat… |
s9y |
Serendipity |
2026-04-14T23:31:13.843Z | 2026-04-15T13:23:48.591Z | |
| cve-2026-40091 | SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on start… |
authzed |
spicedb |
2026-04-14T23:50:25.479Z | 2026-04-15T13:23:15.155Z | |
| cve-2026-2834 | Age Verification & Identity Verification by Token of T… |
tokenoftrust |
Age Verification & Identity Verification by Token of Trust |
2026-04-15T01:25:16.957Z | 2026-04-15T13:22:48.260Z | |
| cve-2026-40719 | 7.5 (v3.1) | Deadwood in MaraDNS 3.5.0036 allows attackers to … |
MaraDNS |
MaraDNS |
2026-04-15T06:23:09.912Z | 2026-04-15T13:22:14.897Z |
| cve-2026-5717 | VI: Include Post By <= 0.4.200706 - Authenticated (Con… |
knighthawk |
VI: Include Post By |
2026-04-15T07:45:29.078Z | 2026-04-15T13:21:29.069Z | |
| cve-2025-40897 | 7.2 (v4.0) 8.1 (v3.1) | Incorrect authorization for Threat Intelligence in Gua… |
Nozomi Networks |
Guardian |
2026-04-15T08:18:05.174Z | 2026-04-15T13:20:48.924Z |
| cve-2025-40899 | 7.1 (v4.0) 8.9 (v3.1) | Stored Cross-Site Scripting (XSS) in Assets and Nodes … |
Nozomi Networks |
Guardian |
2026-04-15T08:18:36.427Z | 2026-04-15T13:20:23.839Z |
| cve-2025-14813 | 9.3 (v4.0) | GOSTCTR implementation unable to process more than 255… |
Legion of the Bouncy Castle Inc. |
BC-JAVA |
2026-04-15T08:56:34.057Z | 2026-04-15T13:19:49.520Z |
| cve-2026-3659 | WP Circliful <= 1.2 - Authenticated (Contributor+) Sto… |
bappidgreat |
WP Circliful |
2026-04-15T08:28:13.507Z | 2026-04-15T13:19:14.183Z | |
| cve-2025-52641 | 2.9 (v3.1) | Internal Filesystem Exploration vulnerability |
HCL |
AION |
2026-04-15T08:47:33.167Z | 2026-04-15T13:18:47.899Z |
| cve-2026-0636 | 5.5 (v4.0) | LDAP Injection Vulnerability in LDAPStoreHelper.java |
Legion of the Bouncy Castle Inc. |
BC-JAVA |
2026-04-15T08:59:12.677Z | 2026-04-15T13:12:22.433Z |
| cve-2026-33808 | 9.1 (v4.0) | @fastify/express vulnerable to middleware authenticati… |
fastify |
@fastify/express |
2026-04-15T09:29:46.091Z | 2026-04-15T13:10:24.054Z |
| cve-2026-33807 | 9.1 (v3.1) | @fastify/express vulnerable to middleware path doublin… |
fastify |
@fastify/express |
2026-04-15T09:52:26.838Z | 2026-04-15T13:09:45.259Z |
| cve-2024-33618 | Uncontrolled Resource Consumption in Bosch VMS Ce… |
Bosch |
BVMS |
2026-04-15T09:51:52.722Z | 2026-04-15T13:09:13.468Z | |
| cve-2026-27769 | 2.7 (v3.1) | Connected Workspaces: Malicious remote server can mani… |
Mattermost |
Mattermost |
2026-04-15T10:11:07.676Z | 2026-04-15T13:08:35.452Z |
| cve-2026-4134 | 7 (v4.0) 7.3 (v3.1) | During an internal security assessment, a potenti… |
Lenovo |
Software Fix |
2026-04-15T12:28:05.838Z | 2026-04-15T13:08:19.333Z |
| cve-2026-33805 | 9 (v4.0) | @fastify/reply-from vulnerable to connection header ab… |
@fastify/reply-from |
@fastify/reply-from |
2026-04-15T10:13:25.147Z | 2026-04-15T13:08:12.612Z |
| cve-2026-4135 | 5.2 (v4.0) 6.6 (v3.1) | During an internal security assessment, a potenti… |
Lenovo |
Software Fix |
2026-04-15T12:28:12.205Z | 2026-04-15T13:05:12.030Z |
| cve-2026-1852 | Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Sit… |
woobeewoo |
Product Pricing Table by WooBeWoo |
2026-04-15T11:30:25.272Z | 2026-04-15T13:05:00.238Z | |
| cve-2026-4145 | 8.5 (v4.0) 7.8 (v3.1) | During an internal security assessment, a potenti… |
Lenovo |
Software Fix |
2026-04-15T12:28:19.642Z | 2026-04-15T13:02:39.038Z |
| cve-2026-27226 | 5.4 (v3.1) | Adobe Experience Manager | Cross-site Scripting (Store… |
Adobe |
Adobe Experience Manager |
2026-03-11T00:23:08.254Z | 2026-04-15T09:36:35.591Z |
| cve-2026-34615 | 9.3 (v3.1) | Adobe Connect | Deserialization of Untrusted Data (CWE-502) |
Adobe |
Adobe Connect |
2026-04-14T17:33:44.131Z | 2026-04-15T09:35:52.515Z |
| cve-2026-34618 | 7.8 (v3.1) | Illustrator | Out-of-bounds Write (CWE-787) |
Adobe |
Illustrator |
2026-04-14T19:24:39.041Z | 2026-04-15T09:13:12.280Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2014-000106 | 365 Links series vulnerable to cross-site scripting | 2014-09-17T15:23+09:00 | 2014-09-19T13:33+09:00 |
| jvndb-2013-000048 | FileMaker Pro fails to verify SSL server certificates | 2013-05-31T15:43+09:00 | 2014-09-18T21:08+09:00 |
| jvndb-2014-000104 | Movable Type vulnerable to cross-site scripting | 2014-09-09T15:02+09:00 | 2014-09-11T16:56+09:00 |
| jvndb-2014-000103 | EmFTP may insecurely load executable files | 2014-09-04T16:36+09:00 | 2014-09-09T15:15+09:00 |
| jvndb-2014-000084 | WisePoint vulnerable to session fixation | 2014-09-04T16:46+09:00 | 2014-09-09T15:02+09:00 |
| jvndb-2014-000102 | Kindle App for Android fails to verify SSL server certificates | 2014-08-29T13:38+09:00 | 2014-09-03T18:25+09:00 |
| jvndb-2014-000101 | MailPoet Newsletters vulnerable to cross-site request forgery | 2014-08-26T13:33+09:00 | 2014-08-28T18:13+09:00 |
| jvndb-2013-000087 | Multiple broadband routers may behave as open resolvers | 2013-09-19T13:29+09:00 | 2014-08-28T18:10+09:00 |
| jvndb-2014-000100 | Cakifo vulnerable to cross-site scripting | 2014-08-18T13:32+09:00 | 2014-08-20T16:30+09:00 |
| jvndb-2014-000099 | Advance-Flow vulnerable to SQL injection | 2014-08-19T12:35+09:00 | 2014-08-20T16:26+09:00 |
| jvndb-2014-000093 | Piwigo vulnerable to cross-site scripting | 2014-08-08T13:52+09:00 | 2014-08-19T16:48+09:00 |
| jvndb-2014-000096 | Shutter vulnerable to cross-site scripting | 2014-08-15T13:27+09:00 | 2014-08-19T16:27+09:00 |
| jvndb-2014-000098 | Ameba for Android contains an issue where it fails to verify SSL server certificates | 2014-08-14T12:32+09:00 | 2014-08-18T12:22+09:00 |
| jvndb-2014-000086 | Outlook.com for Android contains an issue where it fails to verify SSL server certificates | 2014-07-30T15:11+09:00 | 2014-08-18T10:09+09:00 |
| jvndb-2014-000091 | ServerView Operations Manager vulnerable to cross-site scripting | 2014-08-01T15:42+09:00 | 2014-08-18T10:05+09:00 |
| jvndb-2014-000097 | Dominion KX2-101 vulnerable to denial-of-service (DoS) | 2014-08-12T14:03+09:00 | 2014-08-18T09:44+09:00 |
| jvndb-2014-000092 | Piwigo vulnerable to cross-site scripting | 2014-08-08T13:49+09:00 | 2014-08-15T13:35+09:00 |
| jvndb-2014-000085 | GOM Player vulnerable to denial-of-service (DoS) | 2014-08-06T15:22+09:00 | 2014-08-13T18:29+09:00 |
| jvndb-2014-000094 | Piwigo vulnerable to SQL injection | 2014-08-08T13:57+09:00 | 2014-08-08T13:57+09:00 |
| jvndb-2014-000087 | Multiple I-O DATA IP Cameras vulnerable to authentication bypass | 2014-07-29T14:24+09:00 | 2014-08-01T18:30+09:00 |
| jvndb-2014-000089 | acmailer contains a cross-site request forgery vulnerability | 2014-07-29T14:15+09:00 | 2014-08-01T18:29+09:00 |
| jvndb-2014-000088 | PerlMailer vulnerable to cross-site scripting | 2014-07-29T14:20+09:00 | 2014-08-01T18:28+09:00 |
| jvndb-2013-002240 | Arbitrary program execution vulnerability in TrendLink ActiveX control | 2014-07-25T14:44+09:00 | 2014-07-25T14:44+09:00 |
| jvndb-2014-000082 | FuelPHP vulnerable to remote code execution | 2014-07-18T13:50+09:00 | 2014-07-23T11:03+09:00 |
| jvndb-2014-000081 | File Explorer vulnerable to directory traversal | 2014-07-18T13:48+09:00 | 2014-07-23T11:02+09:00 |
| jvndb-2014-000080 | Meridian vulnerable to cross-site scripting | 2014-07-18T13:47+09:00 | 2014-07-23T11:02+09:00 |
| jvndb-2014-000079 | Multifunctional MailForm Free vulnerable to cross-site scripting | 2014-07-16T15:13+09:00 | 2014-07-23T11:02+09:00 |
| jvndb-2014-000078 | Cybozu Garoon vulnerable to cross-site scritping | 2014-07-15T14:47+09:00 | 2014-07-23T11:01+09:00 |
| jvndb-2014-000077 | Cybozu Garoon vulnerable to access restriction bypass | 2014-07-15T14:46+09:00 | 2014-07-23T11:01+09:00 |
| jvndb-2014-000076 | Cybozu Garoon vulnerable to cross-site scritping | 2014-07-15T14:46+09:00 | 2014-07-23T11:01+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0593 | Multiples vulnérabilités dans Oracle Database Server | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0592 | Multiples vulnérabilités dans Synacor Zimbra Collaboration | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0591 | Multiples vulnérabilités dans Google Chrome | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0590 | Multiples vulnérabilités dans les produits Atlassian | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0589 | Multiples vulnérabilités dans Xen | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0588 | Multiples vulnérabilités dans Mozilla Thunderbird | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0587 | Multiples vulnérabilités dans les produits VMware | 2024-07-17T00:00:00.000000 | 2024-07-17T00:00:00.000000 |
| certfr-2024-avi-0585 | Multiples vulnérabilités dans les produits VMware | 2024-07-16T00:00:00.000000 | 2024-07-16T00:00:00.000000 |
| certfr-2024-avi-0584 | Vulnérabilité dans les produits Cisco | 2024-07-15T00:00:00.000000 | 2024-07-15T00:00:00.000000 |
| certfr-2024-avi-0583 | Vulnérabilité dans les produits Kaspersky | 2024-07-15T00:00:00.000000 | 2024-07-15T00:00:00.000000 |
| certfr-2024-avi-0582 | Vulnérabilité dans les produits Axis | 2024-07-15T00:00:00.000000 | 2024-07-15T00:00:00.000000 |
| certfr-2024-avi-0581 | Vulnérabilité dans les produits ESET | 2024-07-15T00:00:00.000000 | 2024-07-15T00:00:00.000000 |
| certfr-2024-avi-0580 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-07-12T00:00:00.000000 | 2024-07-12T00:00:00.000000 |
| certfr-2024-avi-0579 | Multiples vulnérabilités dans les produits IBM | 2024-07-12T00:00:00.000000 | 2024-07-12T00:00:00.000000 |
| certfr-2024-avi-0578 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-07-12T00:00:00.000000 | 2024-07-12T00:00:00.000000 |
| certfr-2024-avi-0577 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2024-07-12T00:00:00.000000 | 2024-07-12T00:00:00.000000 |
| certfr-2024-avi-0576 | Vulnérabilité dans Exim | 2024-07-12T00:00:00.000000 | 2024-07-12T00:00:00.000000 |
| certfr-2024-avi-0574 | Vulnérabilité dans Citrix uberAgent | 2024-07-12T00:00:00.000000 | 2024-07-12T00:00:00.000000 |
| certfr-2024-avi-0573 | Vulnérabilité dans les produits Microsoft | 2024-07-12T00:00:00.000000 | 2024-07-12T00:00:00.000000 |
| certfr-2024-avi-0572 | Multiples vulnérabilités dans GitLab | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0571 | Vulnérabilité dans les produits VMware | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0570 | Vulnérabilité dans les produits Moxa | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0569 | Vulnérabilité dans les produits Cisco | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0568 | Vulnérabilité dans Wireshark | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0567 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0566 | Multiples vulnérabilités dans GLPI | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0565 | Vulnérabilité dans les produits Mitel | 2024-07-11T00:00:00.000000 | 2024-07-11T00:00:00.000000 |
| certfr-2024-avi-0564 | Multiples vulnérabilités dans les produits Tenable | 2024-07-10T00:00:00.000000 | 2024-07-10T00:00:00.000000 |
| certfr-2024-avi-0563 | Multiples vulnérabilités dans les produits Citrix | 2024-07-10T00:00:00.000000 | 2024-07-10T00:00:00.000000 |
| certfr-2024-avi-0562 | Multiples vulnérabilités dans Joomla! | 2024-07-10T00:00:00.000000 | 2024-07-10T00:00:00.000000 |