Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-33908 | ImageMagick is vulnerable to Stack Overflow in Destroy… |
ImageMagick |
ImageMagick |
2026-04-13T21:06:42.682Z | 2026-04-14T16:28:36.167Z | |
| cve-2026-6224 | nocobase plugin-workflow-javascript Vm.js createSafeCo… |
nocobase |
plugin-workflow-javascript |
2026-04-13T21:15:11.914Z | 2026-04-14T16:28:30.809Z | |
| cve-2026-40310 | ImageMagick: Heap out-of-bounds write in JP2 encoder |
ImageMagick |
ImageMagick |
2026-04-13T21:32:53.361Z | 2026-04-14T16:28:25.315Z | |
| cve-2026-39956 | jq: Missing runtime type checks for _strindices lead t… |
jqlang |
jq |
2026-04-13T22:10:18.817Z | 2026-04-14T16:28:19.908Z | |
| cve-2026-34069 | nimiq-consensus panics via RequestMacroChain micro-blo… |
nimiq |
core-rs-albatross |
2026-04-13T23:55:52.994Z | 2026-04-14T16:28:14.091Z | |
| cve-2026-39421 | MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey… |
1Panel-dev |
MaxKB |
2026-04-14T00:17:10.279Z | 2026-04-14T16:28:08.560Z | |
| cve-2026-34225 | Open WebUI has Blind Server Side Request Forgery in it… |
open-webui |
open-webui |
2026-04-14T01:39:07.088Z | 2026-04-14T16:28:03.089Z | |
| cve-2026-34984 | External Secrets Operator has DNS exfiltration via get… |
external-secrets |
external-secrets |
2026-04-14T01:48:41.166Z | 2026-04-14T16:27:55.720Z | |
| cve-2026-40313 | PraisonAI: ArtiPACKED Vulnerability via GitHub Actions… |
MervinPraison |
PraisonAI |
2026-04-14T03:10:23.697Z | 2026-04-14T16:27:49.836Z | |
| cve-2026-2404 | 6.9 (v4.0) | CWE-116 Improper Encoding or Escaping of Output v… |
Schneider Electric |
PowerChute™ Serial Shutdown |
2026-04-14T15:13:50.351Z | 2026-04-14T16:27:43.927Z |
| cve-2026-2402 | 6.9 (v4.0) | CWE-307 Improper Restriction of Excessive Authent… |
Schneider Electric |
PowerChute™ Serial Shutdown |
2026-04-14T15:16:17.583Z | 2026-04-14T16:27:38.566Z |
| cve-2026-2405 | 5.3 (v4.0) | CWE-400 Uncontrolled Resource Consumption vulnera… |
Schneider Electric |
PowerChute™ Serial Shutdown |
2026-04-14T15:19:40.765Z | 2026-04-14T16:27:33.148Z |
| cve-2026-2403 | 5.3 (v4.0) | CWE-1284 Improper Validation of Specified Quantit… |
Schneider Electric |
PowerChute™ Serial Shutdown |
2026-04-14T15:21:10.802Z | 2026-04-14T16:27:27.629Z |
| cve-2026-2400 | 5.3 (v4.0) | CWE-93 Improper Neutralization of CRLF Sequences … |
Schneider Electric |
PowerChute™ Serial Shutdown |
2026-04-14T15:22:53.245Z | 2026-04-14T16:27:22.220Z |
| cve-2026-2401 | 2.4 (v4.0) | CWE-532 Insertion of Sensitive Information into L… |
Schneider Electric |
PowerChute™ Serial Shutdown |
2026-04-14T15:24:17.233Z | 2026-04-14T16:27:16.331Z |
| cve-2026-21741 | 2.2 (v3.1) | An URL Redirection to Untrusted Site ('Open Redir… |
Fortinet |
FortiNAC-F |
2026-04-14T15:39:45.334Z | 2026-04-14T16:15:52.069Z |
| cve-2026-40288 | PraisonAI: Critical RCE via `type: job` workflow YAML |
MervinPraison |
PraisonAI |
2026-04-14T03:00:21.547Z | 2026-04-14T15:57:15.812Z | |
| cve-2025-13753 | WP Table Builder <= 2.0.19 - Incorrect Authorization t… |
wptb |
WP Table Builder – Drag & Drop Table Builder |
2026-01-09T07:22:12.280Z | 2026-04-14T15:56:21.107Z | |
| cve-2026-39425 | MaxKB: Stored XSS via Unsanitized html_rander Tags in … |
1Panel-dev |
MaxKB |
2026-04-14T01:18:42.895Z | 2026-04-14T15:56:06.211Z | |
| cve-2026-39423 | Stored XSS via Eval Injection in EchartsRander Component |
1Panel-dev |
MaxKB |
2026-04-14T00:28:47.572Z | 2026-04-14T15:55:17.386Z | |
| cve-2026-39418 | MaxKB: SSRF via sandbox network hook bypass |
1Panel-dev |
MaxKB |
2026-04-14T00:08:50.182Z | 2026-04-14T15:54:30.206Z | |
| cve-2026-33948 | jq: Embedded-NUL Truncation in CLI JSON Input Path Cau… |
jqlang |
jq |
2026-04-13T23:51:04.144Z | 2026-04-14T15:53:38.340Z | |
| cve-2026-40169 | ImageMagick: Heap buffer overflow (WRITE) in the YAML … |
ImageMagick |
ImageMagick |
2026-04-13T21:25:56.317Z | 2026-04-14T15:52:31.799Z | |
| cve-2026-2399 | 6.9 (v4.0) | CWE-22 Improper Limitation of a Pathname to a Res… |
Schneider Electric |
PowerChute™ Serial Shutdown |
2026-04-14T15:09:58.751Z | 2026-04-14T15:52:07.599Z |
| cve-2026-33902 | ImageMagick: Stack Overflow via Recursive FX Expressio… |
ImageMagick |
ImageMagick |
2026-04-13T20:59:47.120Z | 2026-04-14T15:51:26.551Z | |
| cve-2026-33740 | EspoCRM: Email importEml can import and delete another… |
espocrm |
espocrm |
2026-04-13T20:37:28.831Z | 2026-04-14T15:50:45.744Z | |
| cve-2026-40311 | ImageMagick: Heap-use-after-free via XMP profile could… |
ImageMagick |
ImageMagick |
2026-04-13T21:36:44.262Z | 2026-04-14T15:48:36.521Z | |
| cve-2026-37980 | 6.9 (v3.1) | Org.keycloak.forms.login: keycloak: keycloak: arbitrar… |
Red Hat |
Red Hat Build of Keycloak |
2026-04-14T14:54:42.871Z | 2026-04-14T15:43:02.647Z |
| cve-2026-6216 | DbGate SVG Icon String FontIcon.svelte cross site scripting |
n/a |
DbGate |
2026-04-13T20:15:13.778Z | 2026-04-14T15:41:52.694Z | |
| cve-2025-62600 | eprosima Fast DDS affected by Out-of-Memory in readBin… |
eProsima |
Fast-DDS |
2026-02-03T19:11:19.429Z | 2026-04-14T15:39:28.295Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2012-000070 | Yahoo! Browser vulnerable in the WebView class | 2012-07-13T15:00+09:00 | 2012-07-20T12:12+09:00 |
| jvndb-2012-000069 | Movable Type plugin MT4i vulnerable to cross-site scripting | 2012-07-06T17:24+09:00 | 2012-07-06T17:24+09:00 |
| jvndb-2012-000068 | YY-BOARD vulnerable to cross-site scripting | 2012-07-06T17:19+09:00 | 2012-07-06T17:19+09:00 |
| jvndb-2012-000067 | Movable Type plugin MT4i vulnerable to cross-site scripting | 2012-07-06T17:14+09:00 | 2012-07-06T17:14+09:00 |
| jvndb-2012-000066 | Ruby hash table implementation vulnerable to denial-of-service | 2012-07-06T17:11+09:00 | 2012-07-06T17:11+09:00 |
| jvndb-2012-000064 | Yome Collection for Android issue in management of IMEI | 2012-07-03T14:57+09:00 | 2012-07-03T14:57+09:00 |
| jvndb-2012-000065 | Zenphoto vulnerable to cross-site scripting | 2012-07-03T14:49+09:00 | 2012-07-03T14:49+09:00 |
| jvndb-2012-000061 | WEB PATIO vulnerable to cross-site scripting | 2012-06-19T14:31+09:00 | 2012-06-19T14:31+09:00 |
| jvndb-2012-000060 | SmallPICT vulnerable to cross-site scripting | 2012-06-19T14:00+09:00 | 2012-06-19T14:00+09:00 |
| jvndb-2012-000062 | WEB PATIO vulnerable to cross-site scripting | 2012-06-19T12:35+09:00 | 2012-06-19T12:35+09:00 |
| jvndb-2012-000057 | Dolphin Browser vulnerable in the WebView class | 2012-06-14T14:20+09:00 | 2012-06-14T14:20+09:00 |
| jvndb-2012-000046 | Flash Player issue in implementations of the Same Origin Policy | 2012-06-11T15:05+09:00 | 2012-06-13T16:39+09:00 |
| jvndb-2012-000056 | FeedDemon vulnerable to arbitrary script execution | 2012-06-07T15:39+09:00 | 2012-06-07T15:39+09:00 |
| jvndb-2012-000059 | SEIL series fail to restrict access permissions | 2012-06-06T12:39+09:00 | 2012-06-06T12:39+09:00 |
| jvndb-2012-000058 | WordPress plugin WassUp vulnerable to cross-site scripting | 2012-06-06T12:29+09:00 | 2012-06-06T12:29+09:00 |
| jvndb-2012-000055 | @WEB ShoppingCart vulnerable to cross-site scripting | 2012-06-05T14:04+09:00 | 2012-06-05T14:04+09:00 |
| jvndb-2012-000054 | Puella Magi Madoka Magica iP for Android vulnerable to information disclosure | 2012-06-01T14:09+09:00 | 2012-06-01T14:09+09:00 |
| jvndb-2012-000053 | Segue vulnerable to SQL injection | 2012-06-01T14:06+09:00 | 2012-06-01T14:06+09:00 |
| jvndb-2012-000052 | Segue vulnerable to cross-site scripting | 2012-06-01T14:03+09:00 | 2012-06-01T14:03+09:00 |
| jvndb-2012-000051 | Logitec LAN-W300N/R series fails to restrict access permissions | 2012-05-25T15:50+09:00 | 2012-05-25T15:50+09:00 |
| jvndb-2012-000050 | Roundcube Webmail vulnerable to cross-site scripting | 2012-05-25T15:43+09:00 | 2012-05-25T15:43+09:00 |
| jvndb-2012-000048 | RSSOwl vulnerable to arbitrary script execution | 2012-05-25T15:37+09:00 | 2012-05-25T15:37+09:00 |
| jvndb-2012-000047 | Sybase EAServer vulnerable to cross-site scripting | 2012-05-25T15:34+09:00 | 2012-05-25T15:34+09:00 |
| jvndb-2012-000044 | iLunascape for Android vulnerable in the WebView class | 2012-05-21T13:56+09:00 | 2012-05-21T13:56+09:00 |
| jvndb-2012-000045 | Drupal Form API fails to validate the redirect URL | 2012-05-17T13:55+09:00 | 2012-05-17T13:55+09:00 |
| jvndb-2012-000043 | baserCMS vulnerable to session management | 2012-05-15T16:56+09:00 | 2012-05-15T16:56+09:00 |
| jvndb-2012-000042 | WEB MART from KENT-WEB vulnerable to cross-site scripting | 2012-05-15T16:53+09:00 | 2012-05-15T16:53+09:00 |
| jvndb-2012-000041 | WEB MART from KENT-WEB vulnerable to cross-site scripting | 2012-05-15T16:44+09:00 | 2012-05-15T16:44+09:00 |
| jvndb-2012-002377 | Arbitrary Code Execution Vulnerability in Hitachi COBOL GUI Option on Windows | 2012-05-15T15:14+09:00 | 2012-05-15T15:14+09:00 |
| jvndb-2012-000035 | Multiple JustSystems products vulnerable to buffer overflow | 2012-04-24T13:37+09:00 | 2012-05-09T19:49+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0293 | Multiples vulnérabilités dans Mitel MiCollab | 2024-04-11T00:00:00.000000 | 2024-04-11T00:00:00.000000 |
| certfr-2024-avi-0292 | Multiples vulnérabilités dans les produits Microsoft | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0291 | Multiples vulnérabilités dans Microsoft Azure | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0290 | Vulnérabilité dans Microsoft .Net | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0289 | Multiples vulnérabilités dans Microsoft Windows | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0288 | Vulnérabilité dans Microsoft Office | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0287 | Multiples vulnérabilités dans les produits Fortinet | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0286 | Multiples vulnérabilités dans les produits Xen | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0285 | Vulnérabilité dans WordPress | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0284 | Multiples vulnérabilités dans les produits Adobe | 2024-04-10T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0108 | Multiples vulnérabilités dans les produits Fortinet | 2024-02-09T00:00:00.000000 | 2024-04-10T00:00:00.000000 |
| certfr-2024-avi-0282 | Vulnérabilité dans les produits Schneider | 2024-04-09T00:00:00.000000 | 2024-04-09T00:00:00.000000 |
| certfr-2024-avi-0281 | Multiples vulnérabilités dans les produits Siemens | 2024-04-09T00:00:00.000000 | 2024-04-09T00:00:00.000000 |
| certfr-2024-avi-0280 | Vulnérabilité dans OpenSSL | 2024-04-09T00:00:00.000000 | 2024-04-09T00:00:00.000000 |
| certfr-2024-avi-0279 | Multiples vulnérabilités dans les produits IBM | 2024-04-05T00:00:00.000000 | 2024-04-05T00:00:00.000000 |
| certfr-2024-avi-0278 | Vulnérabilité dans le noyau Linux de Debian | 2024-04-05T00:00:00.000000 | 2024-04-05T00:00:00.000000 |
| certfr-2024-avi-0277 | Multiples vulnérabilités dans le noyau Linux de RedHat | 2024-04-05T00:00:00.000000 | 2024-04-05T00:00:00.000000 |
| certfr-2024-avi-0276 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-04-05T00:00:00.000000 | 2024-04-05T00:00:00.000000 |
| certfr-2024-avi-0275 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-04-05T00:00:00.000000 | 2024-04-05T00:00:00.000000 |
| certfr-2024-avi-0274 | Multiples vulnérabilités dans Apache HTTP Server | 2024-04-05T00:00:00.000000 | 2024-04-05T00:00:00.000000 |
| certfr-2024-avi-0273 | Multiples vulnérabilités dans Microsoft Edge | 2024-04-05T00:00:00.000000 | 2024-04-05T00:00:00.000000 |
| certfr-2024-avi-0272 | Multiples vulnérabilités dans Google Android et Pixel | 2024-04-04T00:00:00.000000 | 2024-04-04T00:00:00.000000 |
| certfr-2024-avi-0271 | Multiples vulnérabilités dans les produits Ivanti | 2024-04-04T00:00:00.000000 | 2024-04-04T00:00:00.000000 |
| certfr-2024-avi-0270 | Vulnérabilité dans Cisco Nexus Dashboard Fabric Controller | 2024-04-04T00:00:00.000000 | 2024-04-04T00:00:00.000000 |
| certfr-2024-avi-0269 | Multiples vulnérabilités dans Mozilla Firefox | 2024-04-04T00:00:00.000000 | 2024-04-04T00:00:00.000000 |
| certfr-2024-avi-0268 | Multiples vulnérabilités dans VMware SD-WAN | 2024-04-03T00:00:00.000000 | 2024-04-03T00:00:00.000000 |
| certfr-2024-avi-0267 | Vulnérabilité dans les produits Palo Alto Networks | 2024-04-02T00:00:00.000000 | 2024-04-02T00:00:00.000000 |
| certfr-2024-avi-0266 | Multiples vulnérabilités dans Synology Surveillance Station | 2024-04-02T00:00:00.000000 | 2024-04-02T00:00:00.000000 |
| certfr-2024-avi-0265 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-03-29T00:00:00.000000 | 2024-03-29T00:00:00.000000 |
| certfr-2024-avi-0264 | Multiples vulnérabilités dans le noyau Linux de RedHat | 2024-03-29T00:00:00.000000 | 2024-03-29T00:00:00.000000 |