Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-39941 | ChurchCRM has an XSS vulnerability |
ChurchCRM |
CRM |
2026-04-09T15:38:07.444Z | 2026-04-10T14:05:39.204Z | |
| cve-2026-5960 | code-projects Patient Record Management System SQL Dat… |
code-projects |
Patient Record Management System |
2026-04-09T15:15:11.648Z | 2026-04-10T14:04:51.221Z | |
| cve-2026-35205 | Helm's plugin verification fails open when .prov is mi… |
helm |
helm |
2026-04-09T15:06:41.052Z | 2026-04-09T16:05:00.744Z | |
| cve-2025-14551 | 2.7 (v4.0) | Senstive information disclosure was affecting subiquity |
Canonical |
Ubuntu |
2026-04-09T15:03:58.798Z | 2026-04-10T13:54:40.369Z |
| cve-2026-35204 | Helm has a path traversal in plugin metadata version e… |
helm |
helm |
2026-04-09T15:03:28.668Z | 2026-04-09T17:46:15.811Z | |
| cve-2025-15480 | 2.7 (v4.0) | Senstive information disclosure was affecting ubuntu-d… |
Canonical |
Ubuntu |
2026-04-09T15:02:14.066Z | 2026-04-10T13:57:17.350Z |
| cve-2026-35041 | ReDoS in fast-jwt when using RegExp in allowed* leadin… |
nearform |
fast-jwt |
2026-04-09T14:55:22.807Z | 2026-04-09T16:15:25.352Z | |
| cve-2026-35040 | fast-jwt: Stateful RegExp (/g or /y) causes non-determ… |
nearform |
fast-jwt |
2026-04-09T14:52:56.436Z | 2026-04-13T20:03:41.746Z | |
| cve-2026-4878 | 6.7 (v3.1) | Libcap: libcap: privilege escalation via toctou race c… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-04-09T14:49:02.942Z | 2026-04-18T17:34:10.850Z |
| cve-2026-5439 | N/A | Memory Exhaustion via Forged ZIP Metadata |
Orthanc |
DICOM Server |
2026-04-09T14:44:37.078Z | 2026-04-14T16:34:14.439Z |
| cve-2026-5437 | N/A | Out-of-Bounds Read in DicomStreamReader |
Orthanc |
DICOM Server |
2026-04-09T14:44:17.972Z | 2026-04-14T16:34:20.487Z |
| cve-2026-5438 | N/A | Gzip Decompression Bomb via Content-Encoding Header |
Orthanc |
DICOM Server |
2026-04-09T14:44:05.375Z | 2026-04-14T16:34:26.623Z |
| cve-2026-5440 | N/A | Memory Exhaustion via Unbounded Content-Length |
Orthanc |
DICOM Server |
2026-04-09T14:43:55.684Z | 2026-04-14T16:34:31.991Z |
| cve-2026-5442 | N/A | Heap Buffer Overflow in DICOM Image Decoder via VR UL … |
Orthanc |
DICOM Server |
2026-04-09T14:43:43.571Z | 2026-04-14T16:34:39.322Z |
| cve-2026-5443 | N/A | Heap Buffer Overflow in DICOM Image Decoder (Palette C… |
Orthanc |
DICOM Server |
2026-04-09T14:43:15.227Z | 2026-04-14T16:34:45.930Z |
| cve-2026-5445 | N/A | Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable) |
Orthanc |
DICOM Server |
2026-04-09T14:42:51.673Z | 2026-04-14T16:34:52.024Z |
| cve-2026-5444 | N/A | Heap Buffer Overflow in PAM Image Buffer Allocation |
Orthanc |
DICOM Server |
2026-04-09T14:42:30.696Z | 2026-04-14T16:34:57.706Z |
| cve-2026-5441 | N/A | Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 De… |
Orthanc |
DICOM Server |
2026-04-09T14:42:04.597Z | 2026-04-14T16:35:04.748Z |
| cve-2026-34757 | LIBPNG has a yse-after-free in png_set_PLTE, png_set_t… |
pnggroup |
libpng |
2026-04-09T14:41:18.195Z | 2026-04-09T16:07:31.052Z | |
| cve-2026-34578 | OPNsense has an LDAP Injection via Unsanitized Usernam… |
opnsense |
core |
2026-04-09T14:34:20.158Z | 2026-04-09T17:45:23.099Z | |
| cve-2025-62718 | Axios has a NO_PROXY Hostname Normalization Bypass tha… |
axios |
axios |
2026-04-09T14:31:46.067Z | 2026-04-16T18:44:20.705Z | |
| cve-2026-5959 | GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Rese… |
GL.iNet |
GL-RM1 |
2026-04-09T14:30:14.351Z | 2026-04-13T20:01:57.939Z | |
| cve-2026-4116 | N/A | Improper handling of Unicode encoding in SonicWal… |
SonicWall |
SMA1000 |
2026-04-09T14:27:29.341Z | 2026-04-13T18:26:18.229Z |
| cve-2026-4114 | N/A | Improper handling of Unicode encoding in SonicWal… |
SonicWall |
SMA1000 |
2026-04-09T14:25:41.059Z | 2026-04-13T13:04:16.553Z |
| cve-2026-4113 | N/A | An observable response discrepancy vulnerability … |
SonicWall |
SMA1000 |
2026-04-09T14:23:53.270Z | 2026-04-13T18:27:04.538Z |
| cve-2026-4112 | N/A | Improper neutralization of special elements used … |
SonicWall |
SMA1000 |
2026-04-09T14:22:21.018Z | 2026-04-13T13:04:16.689Z |
| cve-2026-4660 | 7.5 (v3.1) | Go-getter may allow to arbitrary filesystem reads thro… |
HashiCorp |
Tooling |
2026-04-09T13:47:46.953Z | 2026-04-17T17:57:55.534Z |
| cve-2026-2519 | Online Scheduling and Appointment Booking System – Boo… |
ladela |
Online Scheduling and Appointment Booking System – Bookly |
2026-04-09T12:28:06.471Z | 2026-04-13T15:15:09.493Z | |
| cve-2026-3005 | List category posts <= 0.94.0 - Authenticated (Author+… |
fernandobt |
List category posts |
2026-04-09T12:28:05.799Z | 2026-04-09T17:41:29.900Z | |
| cve-2025-57735 | Apache Airflow: Airflow Logout Not Invalidating JWT |
Apache Software Foundation |
Apache Airflow |
2026-04-09T11:12:41.735Z | 2026-04-09T17:25:08.801Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2012-000013 | cforms II vulnerable to cross-site scripting | 2012-02-15T17:14+09:00 | 2012-02-15T17:14+09:00 |
| jvndb-2012-000011 | ALFTP may insecurely load executable files | 2012-02-13T15:58+09:00 | 2012-02-13T15:58+09:00 |
| jvndb-2012-000012 | Apache Struts 2 vulnerable to an arbitrary Java method execution | 2012-02-10T14:29+09:00 | 2012-02-10T14:29+09:00 |
| jvndb-2012-000010 | Pocket WiFi (GP02) vulnerable to cross-site request forgery | 2012-02-01T14:12+09:00 | 2012-02-01T14:12+09:00 |
| jvndb-2012-001191 | Arbitrary Code Execution Vulnerability in Hitachi COBOL2002 | 2012-01-27T10:44+09:00 | 2012-01-27T10:44+09:00 |
| jvndb-2012-001190 | Hitachi IT Operations Director Cross-Site Scripting Vulnerability | 2012-01-27T10:38+09:00 | 2012-01-27T10:38+09:00 |
| jvndb-2012-001189 | Hitachi IT Operations Analyzer Cross-Site Scripting Vulnerability | 2012-01-27T10:37+09:00 | 2012-01-27T10:37+09:00 |
| jvndb-2012-000008 | glucose 2 vulnerable to arbitrary script execution | 2012-01-23T18:27+09:00 | 2012-01-23T18:27+09:00 |
| jvndb-2012-000004 | osCommerce Japanese version vulnerable to cross-site scripting | 2012-01-20T16:23+09:00 | 2012-01-20T16:23+09:00 |
| jvndb-2012-000005 | osCommerce vulnerable to cross-site scripting | 2012-01-20T16:15+09:00 | 2012-04-26T16:58+09:00 |
| jvndb-2012-000006 | osCommerce vulnerable to directory traversal | 2012-01-20T16:09+09:00 | 2012-01-20T16:09+09:00 |
| jvndb-2012-000007 | Oracle WebLogic Server vulnerable to cross-site scripting | 2012-01-20T15:37+09:00 | 2012-01-20T15:37+09:00 |
| jvndb-2012-000001 | Cogent DataHub vulnerable to cross-site scripting | 2012-01-11T15:22+09:00 | 2012-01-13T15:57+09:00 |
| jvndb-2012-000002 | Cogent DataHub vulnerable to HTTP header injection | 2012-01-11T15:12+09:00 | 2012-01-13T16:08+09:00 |
| jvndb-2012-000003 | Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service | 2012-01-11T15:02+09:00 | 2012-01-11T15:02+09:00 |
| jvndb-2011-002122 | An authentication information Exposure Vulnerability in JP1/IT Resource Management - Manager | 2012-01-06T19:53+09:00 | 2012-01-06T19:53+09:00 |
| jvndb-2011-003295 | JP1/Cm2/Network Node Manager i Denial of Service (DoS) Vulnerability | 2012-01-06T19:51+09:00 | 2012-01-06T19:51+09:00 |
| jvndb-2011-000108 | Movable Type Plugin MailForm vulnerable to cross-site scripting | 2011-12-26T14:49+09:00 | 2011-12-26T14:49+09:00 |
| jvndb-2011-000109 | WordPress vulnerable to arbitrary PHP code execution | 2011-12-26T14:28+09:00 | 2011-12-26T14:28+09:00 |
| jvndb-2011-000110 | WordPress Japanese vulnerable to cross-site scripting | 2011-12-26T14:26+09:00 | 2011-12-26T14:26+09:00 |
| jvndb-2011-000107 | PukiWiki Plus! vulnerable to cross-site scripting | 2011-12-22T18:16+09:00 | 2011-12-22T18:16+09:00 |
| jvndb-2011-000106 | Apache Struts vulnerable to cross-site scripting | 2011-12-22T18:08+09:00 | 2011-12-22T18:08+09:00 |
| jvndb-2011-000105 | Safari for iOS vulnerable to denial-of-service | 2011-12-15T16:30+09:00 | 2011-12-15T16:30+09:00 |
| jvndb-2011-000102 | Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK | 2011-12-15T16:26+09:00 | 2011-12-20T18:14+09:00 |
| jvndb-2011-000104 | FFFTP may insecurely load executable files | 2011-12-09T17:08+09:00 | 2011-12-09T17:08+09:00 |
| jvndb-2011-000103 | phpWebSite vulnerable to cross-site scripting | 2011-12-08T17:15+09:00 | 2011-12-08T17:15+09:00 |
| jvndb-2011-000101 | Etomite vulnerable to cross-site scripting | 2011-12-06T17:45+09:00 | 2011-12-06T17:45+09:00 |
| jvndb-2011-000100 | PowerChute Business Edition vulnerable to cross-site scripting | 2011-12-06T16:49+09:00 | 2011-12-06T16:49+09:00 |
| jvndb-2011-000076 | Nikki vulnerable to OS command injection | 2011-11-21T18:23+09:00 | 2011-11-21T18:23+09:00 |
| jvndb-2011-000075 | Nikki vulnerable to directory traversal | 2011-11-21T18:22+09:00 | 2011-11-21T18:22+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0258 | Multiples vulnérabilités dans les produits Splunk | 2024-03-28T00:00:00.000000 | 2024-03-28T00:00:00.000000 |
| certfr-2024-avi-0257 | Multiples vulnérabilités dans Elasticsearch | 2024-03-28T00:00:00.000000 | 2024-03-29T00:00:00.000000 |
| certfr-2024-avi-0256 | Vulnérabilité dans Wireshark | 2024-03-28T00:00:00.000000 | 2024-03-28T00:00:00.000000 |
| certfr-2024-avi-0255 | Vulnérabilité dans GLPI | 2024-03-28T00:00:00.000000 | 2024-03-28T00:00:00.000000 |
| certfr-2024-avi-0254 | Multiples vulnérabilités dans Google Chrome | 2024-03-27T00:00:00.000000 | 2024-03-27T00:00:00.000000 |
| certfr-2024-avi-0253 | Vulnérabilité dans Aruba ArubaOS-Switch | 2024-03-27T00:00:00.000000 | 2024-03-27T00:00:00.000000 |
| certfr-2024-avi-0252 | Multiples vulnérabilités dans Nagios XI | 2024-03-27T00:00:00.000000 | 2024-03-27T00:00:00.000000 |
| certfr-2024-avi-0251 | Multiples vulnérabilités dans Kaspersky Anti Targeted Attack | 2024-03-26T00:00:00.000000 | 2024-03-26T00:00:00.000000 |
| certfr-2024-avi-0250 | Vulnérabilité dans les produits Apple | 2024-03-26T00:00:00.000000 | 2024-03-26T00:00:00.000000 |
| certfr-2024-avi-0249 | Multiples vulnérabilités dans Tenable Security Center | 2024-03-26T00:00:00.000000 | 2024-03-26T00:00:00.000000 |
| certfr-2024-avi-0248 | Vulnérabilité dans Microsoft .Net | 2024-03-25T00:00:00.000000 | 2024-03-25T00:00:00.000000 |
| certfr-2024-avi-0247 | Multiples vulnérabilités dans Microsoft Edge | 2024-03-25T00:00:00.000000 | 2024-03-25T00:00:00.000000 |
| certfr-2024-avi-0246 | Multiples vulnérabilités dans Mozilla Firefox | 2024-03-25T00:00:00.000000 | 2024-03-25T00:00:00.000000 |
| certfr-2024-avi-0245 | Multiples vulnérabilités dans MISP | 2024-03-25T00:00:00.000000 | 2024-03-25T00:00:00.000000 |
| certfr-2024-avi-0244 | Multiples vulnérabilités dans les produits Netapp | 2024-03-25T00:00:00.000000 | 2024-03-25T00:00:00.000000 |
| certfr-2024-avi-0243 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-03-22T00:00:00.000000 | 2024-03-22T00:00:00.000000 |
| certfr-2024-avi-0242 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-03-22T00:00:00.000000 | 2024-03-22T00:00:00.000000 |
| certfr-2024-avi-0241 | Multiples vulnérabilités dans le noyau Linux de RedHat | 2024-03-22T00:00:00.000000 | 2024-03-22T00:00:00.000000 |
| certfr-2024-avi-0240 | Multiples vulnérabilités dans les produits IBM | 2024-03-22T00:00:00.000000 | 2024-03-22T00:00:00.000000 |
| certfr-2024-avi-0239 | Vulnérabilité dans Microsoft Xbox Gaming Services | 2024-03-21T00:00:00.000000 | 2024-03-21T00:00:00.000000 |
| certfr-2024-avi-0238 | Multiples vulnérabilités dans les produits Ivanti | 2024-03-21T00:00:00.000000 | 2024-03-21T00:00:00.000000 |
| certfr-2024-avi-0237 | Multiples vulnérabilités dans les produits Belden | 2024-03-20T00:00:00.000000 | 2024-03-20T00:00:00.000000 |
| certfr-2024-avi-0236 | Vulnérabilité dans Spring Authorization Server | 2024-03-20T00:00:00.000000 | 2024-03-20T00:00:00.000000 |
| certfr-2024-avi-0235 | Multiples vulnérabilités dans Google Chrome | 2024-03-20T00:00:00.000000 | 2024-03-20T00:00:00.000000 |
| certfr-2024-avi-0234 | Multiples vulnérabilités dans les produits Mozilla | 2024-03-20T00:00:00.000000 | 2024-03-20T00:00:00.000000 |
| certfr-2024-avi-0233 | Multiples vulnérabilités dans AXIS OS | 2024-03-19T00:00:00.000000 | 2024-03-19T00:00:00.000000 |
| certfr-2024-avi-0232 | Vulnérabilité dans les produits Spring Security | 2024-03-19T00:00:00.000000 | 2024-03-19T00:00:00.000000 |
| certfr-2024-avi-0231 | Multiples vulnérabilités dans les produits GLPI | 2024-03-19T00:00:00.000000 | 2024-03-19T00:00:00.000000 |
| certfr-2024-avi-0230 | Vulnérabilité dans Kaspersky Password Manager | 2024-03-18T00:00:00.000000 | 2024-03-18T00:00:00.000000 |
| certfr-2024-avi-0229 | Vulnérabilité dans Tenable Nessus | 2024-03-18T00:00:00.000000 | 2024-03-18T00:00:00.000000 |