Recent vulnerabilities

ID CVSS Description Vendor Product Published Updated
cve-2026-39859 LiquidJS has a renderFile() / parseFile() bypass confi… harttle
 liquidjs
 2026-04-08T19:45:21.747Z 2026-04-10T20:45:55.071Z
cve-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability i… HKUDS
 LightRAG
 2026-04-08T19:41:23.909Z 2026-04-22T15:28:31.845Z
cve-2026-39412 LiquidJS has an ownPropertyOnly bypass via sort_natura… harttle
 liquidjs
 2026-04-08T19:39:17.780Z 2026-04-09T13:53:27.859Z
cve-2026-39411 LobeHub has an unauthenticated authentication bypass o… lobehub
 lobehub
 2026-04-08T19:37:43.814Z 2026-04-08T20:15:22.363Z
cve-2026-39362 InvenTree has SSRF via Remote Image Download — No IP/H… inventree
 InvenTree
 2026-04-08T19:32:46.744Z 2026-04-10T20:44:13.278Z
cve-2026-35525 LiquidJS has a root restriction bypass for partial and… harttle
 liquidjs
 2026-04-08T19:30:24.802Z 2026-04-08T19:53:00.573Z
cve-2026-35479 InvenTree Plugin Installation - Insufficient Permissions inventree
 InvenTree
 2026-04-08T19:27:57.320Z 2026-04-09T14:16:36.423Z
cve-2026-35476 InvenTree Affected by Privilege Escalation via API inventree
 InvenTree
 2026-04-08T19:26:12.692Z 2026-04-08T19:53:28.982Z
cve-2026-35478 InvenTree has Arbitrary API Token Creation inventree
 InvenTree
 2026-04-08T19:24:05.044Z 2026-04-08T20:12:15.181Z
cve-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-20… inventree
 InvenTree
 2026-04-08T19:20:58.967Z 2026-04-10T20:43:12.243Z
cve-2026-23869 7.5 (v3.1) A denial of service vulnerability exists in React… Meta
 react-server-dom-turbopack
 2026-04-08T19:11:08.418Z 2026-04-08T19:56:22.791Z
cve-2026-35455 immich has Stored XSS via OCR Text in 360° Panorama Viewer immich-app
 immich
 2026-04-08T18:31:27.418Z 2026-04-13T15:36:26.045Z
cve-2026-35446 LORIS has a path traversal in FilesDownloadHandler aces
 Loris
 2026-04-08T18:28:30.405Z 2026-04-08T20:13:54.835Z
cve-2026-35403 LORIS has potential cross-site scripting in survey_acc… aces
 Loris
 2026-04-08T18:27:17.221Z 2026-04-10T20:42:38.101Z
cve-2026-35400 LORIS incorrectly trusts user input in publication module aces
 Loris
 2026-04-08T18:26:09.890Z 2026-04-08T19:52:33.071Z
cve-2026-35169 LORIS has potential cross-site scripting in help_edito… aces
 Loris
 2026-04-08T18:24:27.757Z 2026-04-09T14:21:17.788Z
cve-2026-35165 LORIS has incorrect access checks in document_repository aces
 Loris
 2026-04-08T18:23:34.101Z 2026-04-08T20:13:29.831Z
cve-2026-34985 LORIS has incorrect access checks in media module aces
 Loris
 2026-04-08T18:22:09.927Z 2026-04-10T20:41:48.430Z
cve-2026-20709 6.6 (v3.1) 5.8 (v4.0) Use of Default Cryptographic Key in the hardware … n/a
 Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via physical access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (none) impacts.
 2026-04-08T18:20:48.374Z 2026-04-08T19:50:31.560Z
cve-2026-34837 Zammad is miissing authorization in AI assistance cont… zammad
 zammad
 2026-04-08T18:20:00.977Z 2026-04-08T19:52:03.644Z
cve-2026-34782 Zammad has improper access control in AI assistance co… zammad
 zammad
 2026-04-08T18:18:32.044Z 2026-04-09T14:22:06.575Z
cve-2026-34724 Zammad has a server-side template injection leading to… zammad
 zammad
 2026-04-08T18:17:30.178Z 2026-04-09T16:17:29.350Z
cve-2026-34723 Zammad has incorrect access control in getting_started… zammad
 zammad
 2026-04-08T18:14:08.582Z 2026-04-10T20:40:49.909Z
cve-2026-34722 Zammad is missing authorization in ticket create endpoint zammad
 zammad
 2026-04-08T18:13:20.927Z 2026-04-08T19:51:42.966Z
cve-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth … zammad
 zammad
 2026-04-08T18:12:32.504Z 2026-04-09T14:22:33.535Z
cve-2026-34720 Zammad has an origin validation error in SSO mechanism zammad
 zammad
 2026-04-08T18:11:23.538Z 2026-04-09T16:17:34.878Z
cve-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks zammad
 zammad
 2026-04-08T18:02:16.224Z 2026-04-10T20:38:50.653Z
cve-2026-34718 Zammad improperly neutralizes of script-related HTML t… zammad
 zammad
 2026-04-08T18:01:20.870Z 2026-04-08T19:51:19.873Z
cve-2026-34248 Zammad has an information disclosure in ticket detail … zammad
 zammad
 2026-04-08T18:00:09.868Z 2026-04-09T16:17:40.442Z
cve-2026-34392 LORIS has a path traversal in static router aces
 Loris
 2026-04-08T17:57:35.927Z 2026-04-09T14:23:46.526Z
ID CVSS Description Vendor Product Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Package Published Updated
ID Description Type
ID Description Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Updated
ID Description Published Updated
jvndb-2010-000024 Ichitaro series vulnerable to arbitrary code execution 2010-06-01T17:37+09:00 2010-06-01T17:37+09:00
jvndb-2010-001427 XMAP3 Arbitrary Code Execution Vulnerability 2010-05-18T11:34+09:00 2010-05-18T11:34+09:00
jvndb-2010-001395 Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability 2010-05-18T11:33+09:00 2010-05-18T11:33+09:00
jvndb-2010-000020 CapsSuite Small Edition PatchMeister vulnerable to denial of service 2010-05-17T16:43+09:00 2010-05-17T16:43+09:00
jvndb-2010-000019 WebSAM DeploymentManager vulnerable to denial of service 2010-05-17T16:42+09:00 2010-05-17T16:42+09:00
jvndb-2010-000018 Interstage Application Server vulnerable in request processing 2010-05-17T16:42+09:00 2010-05-17T16:42+09:00
jvndb-2010-000017 Movable Type vulnerable to cross-site scripting 2010-05-12T15:25+09:00 2010-05-12T15:25+09:00
jvndb-2010-000016 Multiple Cybozu products vulnerable to authentication bypass 2010-04-21T17:27+09:00 2010-04-21T17:27+09:00
jvndb-2010-000015 Ichitaro series vulnerable to arbitrary code execution 2010-04-12T17:17+09:00 2010-04-12T17:17+09:00
jvndb-2010-001204 Accela BizSearch Access Control Bypass Vulnerability 2010-04-09T16:36+09:00 2010-04-09T16:36+09:00
jvndb-2010-000014 Cisco Router and Security Device Manager vulnerable to cross-site scripting 2010-04-08T17:47+09:00 2010-04-08T17:47+09:00
jvndb-2010-000013 MODx vulnerable to cross-site scripting 2010-04-08T17:47+09:00 2010-04-08T17:47+09:00
jvndb-2010-000012 MODx vulnerable to SQL injection 2010-04-08T17:47+09:00 2010-04-08T17:47+09:00
jvndb-2010-000011 Internet Explorer information disclosure vulnerability 2010-04-08T17:47+09:00 2010-04-08T17:47+09:00
jvndb-2010-000010 HL-SiteManager vulnerable to SQL injection 2010-04-02T17:33+09:00 2010-04-02T17:33+09:00
jvndb-2010-000009 Compiere vulnerable to cross-site scripting 2010-04-02T17:32+09:00 2010-04-02T17:32+09:00
jvndb-2010-000008 Compiere vulnerable to cross-site scripting 2010-04-02T17:32+09:00 2010-04-02T17:32+09:00
jvndb-2010-000007 PrettyFormMail vulnerable to cross-site scripting 2010-04-02T17:31+09:00 2010-04-02T17:31+09:00
jvndb-2009-000057 ATOK screen lock bypass vulnerability 2010-03-23T17:42+09:00 2010-03-23T17:42+09:00
jvndb-2009-000018 Ichitaro series buffer overflow vulnerability 2010-03-23T17:42+09:00 2010-03-23T17:42+09:00
jvndb-2010-001147 JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability 2010-03-15T12:21+09:00 2010-03-15T12:21+09:00
jvndb-2010-000006 OpenPNE authentication bypass vulnerability 2010-03-12T15:29+09:00 2010-03-12T15:29+09:00
jvndb-2010-001088 uCosminexus Portal Framework Cross-Site Scripting Vulnerability 2010-03-03T12:00+09:00 2010-03-03T12:00+09:00
jvndb-2010-000005 tDiary plugin tb-send.rb vulnerable to cross-site scripting 2010-02-26T12:45+09:00 2010-02-26T12:45+09:00
jvndb-2009-002475 Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java 2010-02-09T14:03+09:00 2010-02-09T14:03+09:00
jvndb-2010-000004 Oracle Application Server vulnerable to cross-site scripting 2010-01-14T21:24+09:00 2010-01-14T21:24+09:00
jvndb-2010-000003 WebCalenderC3 vulnerable to directory traversal 2010-01-14T21:24+09:00 2010-01-14T21:24+09:00
jvndb-2010-000002 WebCalenderC3 cross-site scripting vulnerability 2010-01-14T21:23+09:00 2010-01-14T21:23+09:00
jvndb-2010-000001 Movable Type access restriction bypass vulnerability 2010-01-06T16:26+09:00 2010-01-06T16:26+09:00
jvndb-2009-002358 Fujitsu Interstage and Systemwalker SSL Vulnerabilities 2009-12-28T11:19+09:00 2009-12-28T11:19+09:00
ID Description Updated
ID Description
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
ID Description Published Updated
certfr-2024-avi-0048 Multiples vulnérabilités dans Oracle Systems 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0047 Multiples vulnérabilités dans Oracle PeopleSoft 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0046 Multiples vulnérabilités dans Oracle Java SE 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0045 Multiples vulnérabilités dans Oracle Database Server 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0044 Multiples vulnérabilités dans Oracle MySQL 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0043 Multiples vulnérabilités dans Trend Micro Deep Security Agent 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0042 Vulnérabilité dans MongoDB C-Driver 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0041 Multiples vulnérabilités dans Google Chrome 2024-01-17T00:00:00.000000 2024-01-17T00:00:00.000000
certfr-2024-avi-0040 Multiples vulnérabilités dans Atlassian Confluence et Jira 2024-01-16T00:00:00.000000 2024-01-16T00:00:00.000000
certfr-2024-avi-0039 Multiples vulnérabilités dans les produits Citrix 2024-01-16T00:00:00.000000 2024-01-16T00:00:00.000000
certfr-2024-avi-0038 Vulnérabilité dans les produits SonicWall 2024-01-16T00:00:00.000000 2024-01-18T00:00:00.000000
certfr-2024-avi-0037 Vulnérabilité dans VMware Aria Operations 2024-01-16T00:00:00.000000 2024-01-16T00:00:00.000000
certfr-2024-avi-0036 Vulnérabilité dans OpenSSL 2024-01-16T00:00:00.000000 2024-01-16T00:00:00.000000
certfr-2024-avi-0035 Vulnérabilité dans Synology Disk Station Manager 2024-01-16T00:00:00.000000 2024-01-16T00:00:00.000000
certfr-2024-avi-0034 Multiples vulnérabilités dans le noyau Linux d'Ubuntu 2024-01-12T00:00:00.000000 2024-01-12T00:00:00.000000
certfr-2024-avi-0033 Multiples vulnérabilités dans le noyau Linux de RedHat 2024-01-12T00:00:00.000000 2024-01-12T00:00:00.000000
certfr-2024-avi-0032 Vulnérabilité dans les produits WithSecure 2024-01-12T00:00:00.000000 2024-01-12T00:00:00.000000
certfr-2024-avi-0031 Multiples vulnérabilités dans les produits IBM 2024-01-12T00:00:00.000000 2024-01-12T00:00:00.000000
certfr-2024-avi-0030 Multiples vulnérabilités dans GitLab 2024-01-12T00:00:00.000000 2024-01-12T00:00:00.000000
certfr-2024-avi-0029 Multiples vulnérabilités dans Microsoft Edge 2024-01-12T00:00:00.000000 2024-01-12T00:00:00.000000
certfr-2024-avi-0028 Vulnérabilité dans SPIP 2024-01-12T00:00:00.000000 2024-01-12T00:00:00.000000
certfr-2024-avi-0027 Multiples vulnérabilités dans les produits Juniper Networks 2024-01-11T00:00:00.000000 2024-01-11T00:00:00.000000
certfr-2024-avi-0026 Vulnérabilité dans Cisco Unity Connection 2024-01-11T00:00:00.000000 2024-01-11T00:00:00.000000
certfr-2024-avi-0025 Vulnérabilité dans SPIP 2024-01-11T00:00:00.000000 2024-01-11T00:00:00.000000
certfr-2024-avi-0024 Multiples vulnérabilités dans les produits Microsoft 2024-01-10T00:00:00.000000 2024-01-10T00:00:00.000000
certfr-2024-avi-0023 Vulnérabilité dans Microsoft Azure 2024-01-10T00:00:00.000000 2024-01-10T00:00:00.000000
certfr-2024-avi-0022 Multiples vulnérabilités dans Microsoft .Net 2024-01-10T00:00:00.000000 2024-01-10T00:00:00.000000
certfr-2024-avi-0021 Multiples vulnérabilités dans Microsoft Windows 2024-01-10T00:00:00.000000 2024-01-10T00:00:00.000000
certfr-2024-avi-0020 Vulnérabilité dans Microsoft Office 2024-01-10T00:00:00.000000 2024-01-10T00:00:00.000000
certfr-2024-avi-0019 Multiples vulnérabilités dans les produits Fortinet 2024-01-10T00:00:00.000000 2024-01-10T00:00:00.000000
ID Description Published Updated