Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2026-35602 | Vikunja has a File Size Limit Bypass via Vikunja Import |
go-vikunja |
vikunja |
2026-04-10T16:10:39.630Z | 2026-04-14T14:19:30.140Z | |
| cve-2026-39634 | N/A | WordPress Grand Portfolio theme <= 3.3 - Cross Site Re… |
ThemeGoods |
Grand Portfolio |
2026-04-08T08:30:29.207Z | 2026-04-14T14:19:26.060Z |
| cve-2026-39632 | N/A | WordPress Grand Blog theme <= 3.1 - Cross Site Request… |
ThemeGoods |
Grand Blog |
2026-04-08T08:30:28.792Z | 2026-04-14T14:18:19.405Z |
| cve-2026-40074 | SvelteKit's invalidated redirect in handle hook causes… |
sveltejs |
kit |
2026-04-10T16:26:07.068Z | 2026-04-14T14:17:29.422Z | |
| cve-2026-39620 | N/A | WordPress Appointment theme <= 3.5.5 - Cross Site Requ… |
priyanshumittal |
Appointment |
2026-04-08T08:30:26.089Z | 2026-04-14T14:16:43.942Z |
| cve-2026-36232 | N/A | A SQL injection vulnerability was found in the in… |
n/a |
n/a |
2026-04-10T00:00:00.000Z | 2026-04-14T14:14:30.652Z |
| cve-2026-40157 | PraisonAI affected by arbitrary file write via path tr… |
MervinPraison |
PraisonAI |
2026-04-10T16:47:16.109Z | 2026-04-14T14:13:29.632Z | |
| cve-2025-66447 | Chamilo LMS has validation-less redirect on login page |
chamilo |
chamilo-lms |
2026-04-10T17:22:32.443Z | 2026-04-14T14:12:56.349Z | |
| cve-2026-31940 | Session Fixation in Chamilo LMS |
chamilo |
chamilo-lms |
2026-04-10T17:35:10.661Z | 2026-04-14T14:12:28.550Z | |
| cve-2026-31262 | N/A | Cross Site Scripting vulnerability in Altenar Spo… |
n/a |
n/a |
2026-04-10T00:00:00.000Z | 2026-04-14T14:12:27.998Z |
| cve-2026-39626 | N/A | WordPress Armania theme <= 1.4.8 - Arbitrary Shortcode… |
kutethemes |
Armania |
2026-04-08T08:30:27.418Z | 2026-04-14T14:11:57.651Z |
| cve-2026-39628 | N/A | WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortc… |
kutethemes |
DukaMarket |
2026-04-08T08:30:27.843Z | 2026-04-14T14:11:32.490Z |
| cve-2026-39618 | N/A | WordPress NewsExo theme <= 7.1 - Cross Site Request Fo… |
themearile |
NewsExo |
2026-04-08T08:30:25.559Z | 2026-04-14T14:10:31.888Z |
| cve-2026-39475 | N/A | WordPress User Feedback plugin <= 1.10.1 - SQL Injecti… |
Syed Balkhi |
User Feedback |
2026-04-08T08:30:09.133Z | 2026-04-14T14:09:37.492Z |
| cve-2026-29861 | N/A | PHP-MYSQL-User-Login-System v1.0 was discovered t… |
n/a |
n/a |
2026-04-10T00:00:00.000Z | 2026-04-14T14:08:36.518Z |
| cve-2025-67133 | N/A | An issue in Hero Motocorp Vida V1 Pro 2.0.7 allow… |
n/a |
n/a |
2026-01-09T00:00:00.000Z | 2026-04-14T14:07:23.904Z |
| cve-2026-32892 | OS Command Injection in Chamilo LMS 1.11.36 |
chamilo |
chamilo-lms |
2026-04-10T17:56:57.695Z | 2026-04-14T14:07:14.704Z | |
| cve-2025-44560 | N/A | owntone-server 2ca10d9 is vulnerable to Buffer Ov… |
n/a |
n/a |
2026-04-10T00:00:00.000Z | 2026-04-14T14:06:50.236Z |
| cve-2026-33141 | Chamilo LMS has an IDOR in REST API Stats Endpoint Exp… |
chamilo |
chamilo-lms |
2026-04-10T18:01:26.027Z | 2026-04-14T14:06:11.889Z | |
| cve-2026-39616 | N/A | WordPress Download Attachments plugin <= 1.4.0 - Insec… |
dFactory |
Download Attachments |
2026-04-08T08:30:25.169Z | 2026-04-14T14:05:43.461Z |
| cve-2026-33703 | Chamilo LMS Critical IDOR: Any Authenticated User Can … |
chamilo |
chamilo-lms |
2026-04-10T18:23:01.031Z | 2026-04-14T14:05:24.505Z | |
| cve-2026-5187 | 2.3 (v4.0) | Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL |
wolfSSL |
wolfSSL |
2026-04-09T19:45:39.937Z | 2026-04-14T14:04:53.585Z |
| cve-2026-4436 | 8.6 (v3.1) | GPL Odorizers GPL750 Missing Authentication for Critic… |
GPL Odorizers |
GPL750 (XL4) |
2026-04-09T20:04:26.208Z | 2026-04-14T14:04:53.417Z |
| cve-2026-6203 | User Registration & Membership <= 5.1.4 - Unauthentica… |
wpeverest |
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder |
2026-04-13T22:25:54.316Z | 2026-04-14T14:04:53.123Z | |
| cve-2026-4352 | JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection v… |
Crocoblock |
JetEngine |
2026-04-14T01:25:01.077Z | 2026-04-14T14:04:52.928Z | |
| cve-2026-4388 | Form Maker by 10Web <= 1.15.40 - Unauthenticated Store… |
10web |
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder |
2026-04-14T02:25:48.339Z | 2026-04-14T14:04:52.784Z | |
| cve-2026-4479 | WholeSale Products Dynamic Pricing Management WooComme… |
wpcodefactory |
WholeSale Products Dynamic Pricing Management WooCommerce |
2026-04-14T03:37:33.525Z | 2026-04-14T14:04:52.634Z | |
| cve-2026-4059 | ShopLentor <= 3.3.5 - Authenticated (Contributor+) Sto… |
devitemsllc |
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin |
2026-04-14T03:37:33.893Z | 2026-04-14T14:04:52.486Z | |
| cve-2026-2582 | Germanized for WooCommerce <= 3.20.5 - Unauthenticated… |
vendidero |
Germanized for WooCommerce |
2026-04-14T06:43:52.199Z | 2026-04-14T14:04:52.319Z | |
| cve-2025-7389 | 8.2 (v4.0) | Unauthorized Arbitrary File Read via RMI in AdminServe… |
Progress Software Corporation |
OpenEdge |
2026-04-14T13:12:54.559Z | 2026-04-14T14:04:52.165Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2011-000061 | Internet Explorer window display vulnerability | 2011-08-12T14:06+09:00 | 2011-08-12T14:06+09:00 |
| jvndb-2011-000060 | Windows URL Protocol Handler may insecurely load executable files | 2011-08-10T17:17+09:00 | 2011-08-10T17:17+09:00 |
| jvndb-2011-001928 | JP1/Performance Management - Web Console Cross-Site Scripting Vulnerability | 2011-08-09T10:11+09:00 | 2011-08-09T10:11+09:00 |
| jvndb-2011-001927 | Arbitrary Code Execution Vulnerability in HiRDB Control Manager | 2011-08-09T10:10+09:00 | 2011-08-09T10:10+09:00 |
| jvndb-2011-000059 | Mozilla Firefox vulnerable to cross-site scripting | 2011-07-28T16:31+09:00 | 2011-07-28T16:31+09:00 |
| jvndb-2011-000058 | Mozilla Firefox vulnerable to cross-site scripting | 2011-07-28T16:29+09:00 | 2011-07-28T16:29+09:00 |
| jvndb-2011-000057 | Mozilla Firefox vulnerable to denial-of-service (DoS) | 2011-07-28T16:27+09:00 | 2011-07-28T16:27+09:00 |
| jvndb-2011-000055 | Mozilla Firefox vulnerability in processing content-length header | 2011-07-28T16:24+09:00 | 2011-07-28T16:24+09:00 |
| jvndb-2011-000056 | Plone vulnerable to cross-site scripting | 2011-07-27T16:17+09:00 | 2011-07-27T16:17+09:00 |
| jvndb-2009-002069 | Oracle iPlanet Web Server information disclosure vulnerability | 2011-07-25T18:06+09:00 | 2011-07-25T18:06+09:00 |
| jvndb-2011-000051 | ASP.NET vulnerable to cross-site scripting | 2011-07-15T16:32+09:00 | 2011-07-15T16:32+09:00 |
| jvndb-2011-000054 | Google Search Appliance vulnerable to cross-site scripting | 2011-07-15T16:27+09:00 | 2011-07-15T16:27+09:00 |
| jvndb-2011-000052 | Internet Explorer vulnerable to cross-site scripting | 2011-07-08T18:29+09:00 | 2011-07-08T18:29+09:00 |
| jvndb-2011-000050 | XnView may insecurely load executable files | 2011-07-05T16:56+09:00 | 2011-07-05T16:56+09:00 |
| jvndb-2011-000049 | Opera vulnerable to denial-of-service (DoS) | 2011-07-05T16:54+09:00 | 2011-07-05T16:54+09:00 |
| jvndb-2011-000048 | ALZip vulnerable to buffer overflow | 2011-06-29T18:20+09:00 | 2011-06-29T18:20+09:00 |
| jvndb-2010-002807 | Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability | 2011-06-29T17:57+09:00 | 2011-06-29T17:57+09:00 |
| jvndb-2010-002809 | Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability | 2011-06-29T17:55+09:00 | 2011-06-29T17:55+09:00 |
| jvndb-2010-002808 | Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability | 2011-06-29T17:55+09:00 | 2011-06-29T17:55+09:00 |
| jvndb-2011-000047 | Cybozu Office vulnerable to cross-site scripting | 2011-06-24T19:23+09:00 | 2011-06-24T19:23+09:00 |
| jvndb-2011-000046 | Multiple Cybozu products vulnerable to cross-site scripting | 2011-06-24T19:21+09:00 | 2011-06-24T19:21+09:00 |
| jvndb-2011-000045 | Multiple Cybozu products vulnerable to cross-site scripting | 2011-06-24T19:18+09:00 | 2011-06-24T19:18+09:00 |
| jvndb-2011-000044 | Cybozu Garoon vulnerable to cross-site scripting | 2011-06-24T19:15+09:00 | 2011-06-24T19:15+09:00 |
| jvndb-2011-000042 | WeblyGo vulnerable to cross-site scripting | 2011-06-20T15:37+09:00 | 2011-06-20T15:37+09:00 |
| jvndb-2011-000043 | Ichitaro series vulnerable to arbitrary code execution | 2011-06-16T19:04+09:00 | 2011-06-16T19:04+09:00 |
| jvndb-2011-000041 | Microsoft MSXML vulnerability in HTTP request processing | 2011-06-16T12:28+09:00 | 2011-06-16T12:28+09:00 |
| jvndb-2011-000040 | Microsoft Outlook read receipt function vulnerability | 2011-06-16T12:25+09:00 | 2011-06-16T12:25+09:00 |
| jvndb-2011-000039 | ASP.NET vulnerable to cross-site scripting | 2011-06-16T12:23+09:00 | 2011-06-16T12:23+09:00 |
| jvndb-2011-000038 | Internet Explorer vulnerable to cross-site scripting | 2011-06-16T12:21+09:00 | 2011-06-16T12:21+09:00 |
| jvndb-2011-000037 | Clipboard contents alteration vulnerability in Internet Explorer | 2011-06-16T12:18+09:00 | 2011-06-16T12:18+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2024-avi-0173 | Multiples vulnérabilités dans Juniper Secure Analytics | 2024-02-29T00:00:00.000000 | 2024-02-29T00:00:00.000000 |
| certfr-2024-avi-0172 | Multiples vulnérabilités dans Zimbra Collaboration | 2024-02-28T00:00:00.000000 | 2024-02-28T00:00:00.000000 |
| certfr-2024-avi-0171 | Multiples vulnérabilités dans Aruba ClearPass Policy Manager | 2024-02-28T00:00:00.000000 | 2024-02-28T00:00:00.000000 |
| certfr-2024-avi-0170 | Multiples vulnérabilités dans Google Chrome | 2024-02-28T00:00:00.000000 | 2024-02-28T00:00:00.000000 |
| certfr-2024-avi-0169 | Vulnérabilité dans les produits VMware | 2024-02-28T00:00:00.000000 | 2024-02-28T00:00:00.000000 |
| certfr-2024-avi-0168 | Vulnérabilité dans les produits Xen | 2024-02-27T00:00:00.000000 | 2024-02-27T00:00:00.000000 |
| certfr-2024-avi-0167 | Vulnérabilité dans les produits Moxa | 2024-02-27T00:00:00.000000 | 2024-02-27T00:00:00.000000 |
| certfr-2024-avi-0166 | Vulnérabilité dans les produits WithSecure | 2024-02-26T00:00:00.000000 | 2024-02-26T00:00:00.000000 |
| certfr-2024-avi-0165 | Multiples vulnérabilités dans Microsoft Edge | 2024-02-26T00:00:00.000000 | 2024-02-26T00:00:00.000000 |
| certfr-2024-avi-0164 | Multiples vulnérabilités dans le noyau Linux de RedHat | 2024-02-23T00:00:00.000000 | 2024-02-23T00:00:00.000000 |
| certfr-2024-avi-0163 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2024-02-23T00:00:00.000000 | 2024-02-23T00:00:00.000000 |
| certfr-2024-avi-0162 | Multiples vulnérabilités dans les produits IBM | 2024-02-23T00:00:00.000000 | 2024-02-23T00:00:00.000000 |
| certfr-2024-avi-0161 | Vulnérabilité dans les produits SonicWall | 2024-02-23T00:00:00.000000 | 2024-02-23T00:00:00.000000 |
| certfr-2024-avi-0160 | Multiples vulnérabilités dans Ruby on Rails | 2024-02-23T00:00:00.000000 | 2024-02-23T00:00:00.000000 |
| certfr-2024-avi-0159 | Multiples vulnérabilités dans les produits Mozilla | 2024-02-23T00:00:00.000000 | 2024-02-23T00:00:00.000000 |
| certfr-2024-avi-0158 | Vulnérabilité dans Kaspersky Endpoint Security | 2024-02-22T00:00:00.000000 | 2024-02-22T00:00:00.000000 |
| certfr-2024-avi-0157 | Vulnérabilité dans PostgreSQL JDBC | 2024-02-22T00:00:00.000000 | 2024-02-22T00:00:00.000000 |
| certfr-2024-avi-0156 | Multiples vulnérabilités dans les produits Tenable | 2024-02-22T00:00:00.000000 | 2024-02-22T00:00:00.000000 |
| certfr-2024-avi-0155 | Multiples vulnérabilités dans Gitlab | 2024-02-22T00:00:00.000000 | 2024-02-22T00:00:00.000000 |
| certfr-2024-avi-0154 | Vulnérabilité dans Spring Framework | 2024-02-22T00:00:00.000000 | 2024-02-22T00:00:00.000000 |
| certfr-2024-avi-0153 | Multiples vulnérabilités dans les produits VMware | 2024-02-21T00:00:00.000000 | 2024-02-21T00:00:00.000000 |
| certfr-2024-avi-0152 | Multiples vulnérabilités dans Google Chrome | 2024-02-21T00:00:00.000000 | 2024-02-21T00:00:00.000000 |
| certfr-2024-avi-0150 | Multiples vulnérabilités dans les produits Mozilla | 2024-02-21T00:00:00.000000 | 2024-02-21T00:00:00.000000 |
| certfr-2024-avi-0149 | Multiples vulnérabilités dans Moodle | 2024-02-20T00:00:00.000000 | 2024-02-20T00:00:00.000000 |
| certfr-2024-avi-0148 | Vulnérabilité dans Kaspersky Anti Targeted Attack | 2024-02-20T00:00:00.000000 | 2024-02-20T00:00:00.000000 |
| certfr-2024-avi-0147 | Vulnérabilité dans Spring Security | 2024-02-19T00:00:00.000000 | 2024-02-19T00:00:00.000000 |
| certfr-2024-avi-0139 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2024-02-15T00:00:00.000000 | 2024-02-19T00:00:00.000000 |
| certfr-2024-avi-0146 | Multiples vulnérabilités dans le noyau Linux de RedHat | 2024-02-16T00:00:00.000000 | 2024-02-16T00:00:00.000000 |
| certfr-2024-avi-0145 | Multiples vulnérabilités dans les produits IBM | 2024-02-16T00:00:00.000000 | 2024-02-16T00:00:00.000000 |
| certfr-2024-avi-0144 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2024-02-16T00:00:00.000000 | 2024-02-16T00:00:00.000000 |