Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-7435 |
8.6 (4.0)
7.2 (3.1)
|
SSCMS v7.4.0 SQL Injection via stl:sqlContent queryString |
siteserver |
SSCMS |
2026-04-30T20:09:17.935Z | 2026-05-04T13:24:44.833Z |
| CVE-2026-40601 |
7.5 (3.1)
|
Chartbrew: Missing Authorization in /api/chart/:chart_… |
chartbrew |
chartbrew |
2026-04-30T18:22:43.557Z | 2026-05-04T13:23:24.286Z |
| CVE-2026-33846 |
7.5 (3.1)
|
Gnutls: gnutls: denial of service via heap buffer over… |
Red Hat |
Red Hat Hardened Images |
2026-05-04T09:08:51.710Z | 2026-05-04T13:23:18.797Z |
| CVE-2026-5166 |
9.6 (3.1)
|
Path Traversal in TUBITAK BILGEM's Pardus Software Center |
TUBITAK BILGEM Software Technologies Research Institute |
Pardus Software Center |
2026-04-29T14:33:34.786Z | 2026-05-04T13:23:03.653Z |
| CVE-2026-7470 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda 4G300 SafeMacFilter sub_427C3C stack-based overflow |
Tenda |
4G300 |
2026-04-30T02:30:13.346Z | 2026-05-04T13:22:41.244Z |
| CVE-2026-7680 |
5.3 (4.0)
4.3 (3.1)
4.3 (3.0)
|
jsbroks COCO Annotator Data Endpoint datasets.py path … |
jsbroks |
COCO Annotator |
2026-05-03T04:30:11.891Z | 2026-05-04T13:22:41.014Z |
| CVE-2026-7692 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
Wavlink WL-WN570HA1 adm.cgi ping_ddns command injection |
Wavlink |
WL-WN570HA1 |
2026-05-03T11:00:12.931Z | 2026-05-04T13:21:44.129Z |
| CVE-2026-7699 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
Dromara MaxKey StrUtils.java StrUtils.checkSqlInjectio… |
Dromara |
MaxKey |
2026-05-03T14:00:17.835Z | 2026-05-04T13:21:09.093Z |
| CVE-2026-7443 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os … |
BurtTheCoder |
mcp-dnstwist |
2026-04-29T22:45:12.342Z | 2026-05-04T13:20:56.021Z |
| CVE-2026-5161 |
8.8 (3.1)
|
Improper Authentication in TUBITAK BILGEM's Pardus About |
TUBITAK BILGEM Software Technologies Research Institute |
Pardus About |
2026-04-29T14:27:21.690Z | 2026-05-04T13:20:54.929Z |
| CVE-2026-7705 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
JD Cloud JDCOS Service jdcap set_iptv_info command injection |
JD Cloud |
JDCOS |
2026-05-03T22:00:15.286Z | 2026-05-04T13:20:37.974Z |
| CVE-2026-7410 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
SourceCodester Pizzafy Ecommerce System ajax.php add_t… |
SourceCodester |
Pizzafy Ecommerce System |
2026-04-29T21:15:14.051Z | 2026-05-04T13:20:15.894Z |
| CVE-2026-7711 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
MindsDB Engine proc_wrapper.py exec unrestricted upload |
n/a |
MindsDB |
2026-05-03T23:30:25.535Z | 2026-05-04T13:20:13.307Z |
| CVE-2026-5140 |
8.8 (3.1)
|
Authorization Bypass in TUBITAK BILGEM's Pardus Update |
TUBITAK BILGEM Software Technologies Research Institute |
Pardus Update |
2026-04-29T13:02:08.216Z | 2026-05-04T13:18:26.012Z |
| CVE-2026-4060 |
7.5 (3.1)
|
Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL… |
cyberhobo |
Geo Mashup |
2026-05-02T11:16:09.209Z | 2026-05-04T13:18:21.949Z |
| CVE-2026-6817 |
5.8 (3.1)
|
Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored… |
ays-pro |
Quiz Maker by AYS |
2026-05-02T11:16:11.734Z | 2026-05-04T13:13:42.636Z |
| CVE-2026-7630 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
innocommerce InnoShop Installation Endpoint InstallSer… |
innocommerce |
InnoShop |
2026-05-02T13:15:13.485Z | 2026-05-04T13:12:56.976Z |
| CVE-2025-58074 |
8.8 (3.1)
|
A privilege escalation vulnerability exists durin… |
Gen Digital |
Norton Secure VPN |
2026-05-04T13:11:08.628Z | 2026-05-04T13:12:07.353Z |
| CVE-2026-7644 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
ChatGPTNextWeb NextChat actions.ts addMcpServer improp… |
ChatGPTNextWeb |
NextChat |
2026-05-02T15:00:13.502Z | 2026-05-04T13:09:05.752Z |
| CVE-2026-6948 |
4.9 (3.1)
|
Unbounded Memory Allocation in VQLResponse Result-Set Writer |
Rapid7 |
Velociraptor |
2026-05-03T23:55:40.555Z | 2026-05-04T13:08:18.314Z |
| CVE-2026-7671 |
6.3 (4.0)
3.7 (3.1)
3.7 (3.0)
|
CodeWise Tornet Scooter Mobile App TwoFactor excessive… |
CodeWise |
Tornet Scooter Mobile App |
2026-05-02T23:30:13.982Z | 2026-05-04T13:08:10.082Z |
| CVE-2026-7710 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationToke… |
YunaiV |
yudao-cloud |
2026-05-03T23:15:17.816Z | 2026-05-04T13:07:34.227Z |
| CVE-2026-33857 |
N/A
|
Apache HTTP Server: Off-by-one OOB reads in AJP getter… |
Apache Software Foundation |
Apache HTTP Server |
2026-05-04T13:07:30.753Z | 2026-05-04T13:07:30.753Z |
| CVE-2026-0964 |
5 (3.0)
|
Libssh: improper sanitation of paths received from scp… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-26T20:06:28.871Z | 2026-05-04T13:07:29.979Z |
| CVE-2026-7689 |
6.3 (4.0)
3.7 (3.1)
3.7 (3.0)
|
Dolibarr ERP CRM Online Signature security.lib.php dol… |
Dolibarr |
ERP CRM |
2026-05-03T09:30:13.135Z | 2026-05-04T13:07:29.907Z |
| CVE-2026-7677 |
5.1 (4.0)
3.5 (3.1)
3.5 (3.0)
|
kerwincui FastBee System Notice SysNoticeController.ja… |
kerwincui |
FastBee |
2026-05-03T03:15:33.853Z | 2026-05-04T13:06:52.647Z |
| CVE-2026-7683 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
Edimax BR-6428nC Web setWAN command injection |
Edimax |
BR-6428nC |
2026-05-03T06:30:11.859Z | 2026-05-04T13:06:16.272Z |
| CVE-2026-7696 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
Acrel Electrical EEMS Enterprise Power Operation and M… |
Acrel Electrical |
EEMS Enterprise Power Operation and Maintenance Cloud Platform |
2026-05-03T12:30:38.217Z | 2026-05-04T13:05:33.058Z |
| CVE-2026-7702 |
6.9 (4.0)
5.3 (3.1)
5.3 (3.0)
|
toeverything AFFiNE Public Markdown Preview Endpoint :… |
toeverything |
AFFiNE |
2026-05-03T15:45:10.969Z | 2026-05-04T13:04:55.344Z |
| CVE-2026-7704 |
5.3 (4.0)
4.3 (3.1)
4.3 (3.0)
|
AV Stumpfl Pixera Two Media Server Service Port 1338 p… |
AV Stumpfl |
Pixera Two Media Server |
2026-05-03T16:45:11.320Z | 2026-05-04T13:04:27.977Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2026-7750 | A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the fun… | 2026-05-04T10:16:01.203 | 2026-05-04T10:16:01.203 |
| fkie_cve-2026-7749 | A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the fun… | 2026-05-04T10:16:01.040 | 2026-05-04T10:16:01.040 |
| fkie_cve-2026-7748 | A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the fu… | 2026-05-04T10:16:00.850 | 2026-05-04T10:16:00.850 |
| fkie_cve-2026-33846 | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuT… | 2026-05-04T10:15:59.690 | 2026-05-04T10:15:59.690 |
| fkie_cve-2026-7747 | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerabil… | 2026-05-04T09:16:01.117 | 2026-05-04T09:16:01.117 |
| fkie_cve-2026-7746 | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. … | 2026-05-04T09:16:00.953 | 2026-05-04T09:16:00.953 |
| fkie_cve-2026-7745 | A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function … | 2026-05-04T09:16:00.793 | 2026-05-04T09:16:00.793 |
| fkie_cve-2026-31787 | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free v… | 2026-04-30T11:16:21.087 | 2026-05-04T09:16:00.667 |
| fkie_cve-2026-31786 | In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen… | 2026-04-30T11:16:20.967 | 2026-05-04T09:16:00.540 |
| fkie_cve-2026-23112 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks i… | 2026-02-13T14:16:10.403 | 2026-05-04T09:16:00.390 |
| fkie_cve-2026-23110 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error … | 2026-02-04T17:16:21.880 | 2026-05-04T09:16:00.240 |
| fkie_cve-2025-38693 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: … | 2025-09-04T16:15:37.593 | 2026-05-04T09:15:59.807 |
| fkie_cve-2025-14320 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability … | 2026-05-04T09:15:59.643 | 2026-05-04T09:15:59.643 |
| fkie_cve-2026-7744 | A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of th… | 2026-05-04T08:16:03.010 | 2026-05-04T08:16:03.010 |
| fkie_cve-2026-7743 | A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknow… | 2026-05-04T08:16:02.847 | 2026-05-04T08:16:02.847 |
| fkie_cve-2026-7742 | A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown functio… | 2026-05-04T08:16:02.683 | 2026-05-04T08:16:02.683 |
| fkie_cve-2026-7741 | A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of … | 2026-05-04T08:16:02.007 | 2026-05-04T08:16:02.007 |
| fkie_cve-2026-7740 | A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the… | 2026-05-04T07:16:02.257 | 2026-05-04T07:16:02.257 |
| fkie_cve-2026-7739 | A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the fun… | 2026-05-04T07:16:02.053 | 2026-05-04T07:16:02.053 |
| fkie_cve-2026-7738 | A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function cr… | 2026-05-04T07:16:01.873 | 2026-05-04T07:16:01.873 |
| fkie_cve-2026-7737 | A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BM… | 2026-05-04T07:16:01.700 | 2026-05-04T07:16:01.700 |
| fkie_cve-2026-7736 | A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the fun… | 2026-05-04T07:16:01.517 | 2026-05-04T07:16:01.517 |
| fkie_cve-2026-5335 | The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly acc… | 2026-05-04T07:16:01.343 | 2026-05-04T07:16:01.343 |
| fkie_cve-2026-43864 | mutt before 2.3.2 has a show_sig_summary NULL pointer dereference. | 2026-05-04T07:16:01.190 | 2026-05-04T07:16:01.190 |
| fkie_cve-2026-43863 | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | 2026-05-04T07:16:01.033 | 2026-05-04T07:16:01.033 |
| fkie_cve-2026-43862 | In mutt before 2.3.2, the imap_auth_gss security level is mishandled. | 2026-05-04T07:16:00.883 | 2026-05-04T07:16:00.883 |
| fkie_cve-2026-43861 | mutt before 2.3.2 does not check for '\0' in url_pct_decode. | 2026-05-04T07:16:00.730 | 2026-05-04T07:16:00.730 |
| fkie_cve-2026-43860 | mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest. | 2026-05-04T07:16:00.573 | 2026-05-04T07:16:00.573 |
| fkie_cve-2026-43859 | mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest. | 2026-05-04T07:16:00.400 | 2026-05-04T07:16:00.400 |
| fkie_cve-2026-29200 | A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11… | 2026-05-04T07:16:00.100 | 2026-05-04T07:16:00.100 |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-qc5p-3mg5-9fh8 |
8.8 (3.1)
|
Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources | 2026-04-24T16:11:28Z | 2026-04-24T16:11:28Z |
| ghsa-xqmj-j6mv-4862 |
8.6 (4.0)
|
LiteLLM: Server-Side Template Injection in /prompts/test endpoint | 2026-04-24T16:02:42Z | 2026-04-24T16:02:42Z |
| ghsa-f5c8-m5vw-rmgq |
6.5 (3.1)
|
nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields | 2026-04-24T16:00:09Z | 2026-04-24T16:00:09Z |
| ghsa-v638-38fc-rhfv |
4.7 (3.1)
5.7 (4.0)
|
AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache | 2026-04-24T15:59:17Z | 2026-04-24T15:59:17Z |
| ghsa-38c5-483c-4qqp |
6.2 (3.1)
|
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior | 2026-04-24T15:57:36Z | 2026-04-24T15:57:36Z |
| ghsa-58qw-9mgm-455v |
4.6 (4.0)
|
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files | 2026-04-20T18:31:48Z | 2026-04-24T15:48:17Z |
| ghsa-xff3-5c9p-2mr4 |
7.1 (3.1)
|
New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud | 2026-04-24T15:43:25Z | 2026-04-24T15:43:25Z |
| ghsa-x92x-px7w-4gx4 |
9.1 (3.1)
|
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field | 2026-04-24T15:41:42Z | 2026-04-24T15:41:42Z |
| ghsa-mrxx-39g5-ph77 |
9.1 (3.1)
|
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field | 2026-04-24T15:41:21Z | 2026-04-24T15:41:21Z |
| ghsa-f5v4-2wr6-hqmg |
7.5 (3.1)
|
russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler | 2026-04-24T15:39:37Z | 2026-04-24T15:39:37Z |
| ghsa-m2m6-cff5-3w7c |
5.3 (3.1)
|
RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions | 2026-04-24T15:36:52Z | 2026-04-24T15:36:52Z |
| ghsa-q339-8rmv-2mhv |
8.1 (3.1)
|
ERB has an @_init deserialization guard bypass via def_module / def_method / def_class | 2026-04-24T15:36:05Z | 2026-04-24T15:36:05Z |
| ghsa-4rc3-7j7w-m548 |
7.5 (3.1)
|
liquidjs has a Denial of Service via circular block reference in layout | 2026-04-24T15:34:00Z | 2026-04-24T15:34:00Z |
| ghsa-w24x-3wrx-8q34 |
|
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbon… | 2026-04-24T15:32:36Z | 2026-04-24T15:32:37Z |
| ghsa-vh7f-9w49-q39v |
|
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb be… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-v4m9-vrgr-8xm2 |
|
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-rv96-q2g6-r95w |
|
In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in bu… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-r2p4-96h8-cc74 |
|
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for i… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-mxvq-qhx2-fp47 |
|
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular l… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-m7w2-jxf2-6j36 |
|
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix use-aft… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-jj24-8c57-hf8x |
|
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres li… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-fm9r-m74h-jfjj |
|
In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak … | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-cg89-59r4-qfhp |
|
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in __m… | 2026-04-24T15:32:36Z | 2026-04-24T15:32:37Z |
| ghsa-8qfv-g522-p5wr |
|
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-8jfv-frvf-4g4v |
|
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized g… | 2026-04-24T15:32:36Z | 2026-04-24T15:32:37Z |
| ghsa-895h-4xx6-r95p |
|
In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow … | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-7wrc-m37g-996x |
|
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return va… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-7824-f4f9-2x77 |
4.0 (3.1)
|
bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-5fvv-6wpc-9mr7 |
|
In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding i… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ghsa-4j69-96h5-q8g9 |
|
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount unde… | 2026-04-24T15:32:37Z | 2026-04-24T15:32:37Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2025-52 |
|
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | mlflow | 2025-06-23T15:15:29Z | 2026-05-12T09:14:03.704411Z |
| pysec-2024-85 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.598639Z |
| pysec-2024-84 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.526718Z |
| pysec-2024-83 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.456202Z |
| pysec-2024-82 |
8.8 (3.1)
|
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.386659Z |
| pysec-2023-278 |
5.3 (3.1)
|
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… | mindsdb | 2023-12-11T21:15:00Z | 2026-04-23T07:43:20.300009Z |
| pysec-2026-3 |
|
After an API token exposure from an exploited Trivy dependency, two new releases of `teln… | telnyx | 2026-03-27T14:53:14Z | |
| pysec-2026-2 |
|
After an API Token exposure from an exploited Trivy dependency, two new releases of `lite… | litellm | 2026-03-24T15:35:32Z | |
| pysec-2023-121 |
|
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as a… | zstd | 2023-03-31T20:15:00+00:00 | 2026-02-25T19:20:58+00:00 |
| pysec-2026-1 |
|
A PyPI user account compromised by an attacker and was able to upload a malicious version… | dydx-v4-client | 2026-01-28T21:09:02+00:00 | |
| pysec-2020-220 |
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage coll… | ansible | 2020-10-05T14:15:00Z | 2025-10-31T04:43:53.616247Z |
| pysec-2025-72 |
|
The `num2words` project was compromised via a phishing attack and two new versions were u… | num2words | 2025-07-31T14:34:47+00:00 | |
| pysec-2025-71 |
|
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… | cadwyn | 2025-07-21T21:15:25+00:00 | 2025-07-23T15:24:03.825615+00:00 |
| pysec-2025-70 |
10.0 (3.1)
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… | langchain-community | 2025-06-23T21:15:25+00:00 | 2025-07-16T21:23:40.211079+00:00 |
| pysec-2024-259 |
9.8 (3.1)
|
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by m… | torch | 2024-10-29T21:15:04+00:00 | 2025-07-16T03:09:57.748865+00:00 |
| pysec-2024-258 |
|
In scrapy/scrapy, an issue was identified where the Authorization header is not removed d… | scrapy | 2024-05-20T08:15:08+00:00 | 2025-07-15T17:37:50.051730+00:00 |
| pysec-2025-69 |
|
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… | roundup | 2025-07-13T20:15:25+00:00 | 2025-07-13T21:23:01.161315+00:00 |
| pysec-2025-68 |
8.0 (3.1)
|
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.449399+00:00 |
| pysec-2025-67 |
9.8 (3.1)
|
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.385619+00:00 |
| pysec-2025-66 |
|
Improper privilege management in a REST interface allowed registered users to access unau… | streampipes | 2025-03-03T11:15:11+00:00 | 2025-07-08T15:23:46.628375+00:00 |
| pysec-2025-65 |
|
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… | llama-index | 2025-07-07T13:15:28+00:00 | 2025-07-07T15:23:42.730681+00:00 |
| pysec-2025-61 |
|
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … | pillow | 2025-07-01T19:15:27Z | 2025-07-07T14:12:46.226030Z |
| pysec-2025-64 |
9.8 (3.1)
|
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… | python-a2a | 2025-06-17T07:15:18+00:00 | 2025-07-02T21:23:13.806273+00:00 |
| pysec-2025-63 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… | vllm | 2025-03-19T16:15:32+00:00 | 2025-07-01T23:22:49.176005+00:00 |
| pysec-2025-62 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal… | vllm | 2025-02-07T20:15:34+00:00 | 2025-07-01T23:22:49.083695+00:00 |
| pysec-2025-60 |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… | apache-iotdb | 2025-05-14T11:16:28+00:00 | 2025-07-01T21:22:47.232036+00:00 |
| pysec-2025-59 |
|
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… | apache-iotdb | 2025-05-14T11:15:47+00:00 | 2025-07-01T21:22:47.177405+00:00 |
| pysec-2024-257 |
7.5 (3.1)
|
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… | mobsf | 2024-03-22T23:15:07+00:00 | 2025-06-30T15:23:50.085549+00:00 |
| pysec-2025-58 |
8.8 (3.1)
|
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl… | vllm | 2025-01-27T18:15:41+00:00 | 2025-06-27T21:22:36.583615+00:00 |
| pysec-2025-57 |
|
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… | zenml | 2025-03-20T10:15:48+00:00 | 2025-06-27T17:22:55.175431+00:00 |
| ID | Description | Updated |
|---|---|---|
| gsd-2024-33884 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.534455Z |
| gsd-2024-33901 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.525896Z |
| gsd-2024-33887 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.503613Z |
| gsd-2024-33895 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.493081Z |
| gsd-2024-33894 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.488420Z |
| gsd-2024-33902 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.486429Z |
| gsd-2024-33888 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.468423Z |
| gsd-2024-33885 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.441746Z |
| gsd-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via th… | 2024-04-29T05:02:07.412035Z |
| gsd-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the scr… | 2024-04-29T05:02:07.400574Z |
| gsd-2024-33889 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.392587Z |
| gsd-2024-33893 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.381761Z |
| gsd-2024-33892 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.378170Z |
| gsd-2024-33890 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.344384Z |
| gsd-2024-33896 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.313250Z |
| gsd-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pede… | 2024-04-29T05:02:07.295775Z |
| gsd-2024-33900 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.290639Z |
| gsd-2024-33898 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.287632Z |
| gsd-2024-33886 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.287167Z |
| gsd-2024-33897 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.283756Z |
| gsd-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certa… | 2024-04-29T05:02:07.271727Z |
| gsd-2024-4303 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.716348Z |
| gsd-2024-4300 | E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remo… | 2024-04-29T05:02:05.715239Z |
| gsd-2024-4297 | The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlo… | 2024-04-29T05:02:05.700888Z |
| gsd-2024-4301 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.678292Z |
| gsd-2024-4296 | The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock… | 2024-04-29T05:02:05.621428Z |
| gsd-2024-4299 | The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSheroc… | 2024-04-29T05:02:05.606402Z |
| gsd-2024-4302 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.603637Z |
| gsd-2024-4298 | The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, Audit… | 2024-04-29T05:02:05.598531Z |
| gsd-2024-33876 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.990196Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-3659 | Malicious code in rich-util (PyPI) | 2026-05-13T15:24:25Z | 2026-05-13T15:24:25Z |
| mal-2026-3658 | Malicious code in load-bufferjs (npm) | 2026-05-13T14:14:24Z | 2026-05-13T14:14:25Z |
| mal-2026-3656 | Malicious code in buffer-export (npm) | 2026-05-13T14:14:24Z | 2026-05-13T14:14:25Z |
| mal-2026-3657 | Malicious code in chai-as-streamed (npm) | 2026-05-13T14:03:47Z | 2026-05-13T14:03:48Z |
| mal-2026-3655 | Malicious code in puppeteer-core (npm) | 2026-05-13T13:21:56Z | 2026-05-13T13:21:56Z |
| mal-2026-3654 | Malicious code in @puppeteer/browsers (npm) | 2026-05-13T13:11:26Z | 2026-05-13T13:11:27Z |
| mal-2026-3509 | Malicious code in pp-react-v5 (npm) | 2026-05-11T00:00:00Z | 2026-05-13T08:31:58Z |
| mal-2026-3638 | Malicious code in openai-spellcheckers (PyPI) | 2026-05-13T05:52:24Z | 2026-05-13T05:52:25Z |
| mal-2026-3636 | Malicious code in knot-simple-formatter (RubyGems) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3635 | Malicious code in knot-rspec-formatter-json (RubyGems) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3634 | Malicious code in knot-rails-assets-pipeline (RubyGems) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3633 | Malicious code in knot-rack-session-store (RubyGems) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3632 | Malicious code in knot-devise-jwt-helper (RubyGems) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3631 | Malicious code in knot-date-utils-rb (RubyGems) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3630 | Malicious code in knot-activesupport-logger (RubyGems) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3629 | Malicious code in github.com/BufferZoneCorp/net-helper (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3628 | Malicious code in github.com/BufferZoneCorp/log-core (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3627 | Malicious code in github.com/BufferZoneCorp/grpc-client (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3626 | Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3625 | Malicious code in github.com/BufferZoneCorp/go-stdlog (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3624 | Malicious code in github.com/BufferZoneCorp/go-stdlib-ext (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3623 | Malicious code in github.com/BufferZoneCorp/go-retryablehttp (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3622 | Malicious code in github.com/BufferZoneCorp/go-metrics-sdk (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3621 | Malicious code in github.com/BufferZoneCorp/go-envconfig (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3620 | Malicious code in github.com/BufferZoneCorp/config-loader (Go) | 2026-05-13T03:09:00Z | 2026-05-13T03:51:44Z |
| mal-2026-3637 | Malicious code in intercom-php (Packagist) | 2026-05-13T03:14:00Z | 2026-05-13T03:14:00Z |
| mal-2026-3653 | Malicious code in @design-system-coopeuch/web (npm) | 2026-05-13T02:46:17Z | 2026-05-13T02:46:17Z |
| mal-2026-3652 | Malicious code in supabase-javascript (npm) | 2026-05-13T00:00:00Z | 2026-05-13T00:00:00Z |
| mal-2026-3651 | Malicious code in ms-graph-types (npm) | 2026-05-13T00:00:00Z | 2026-05-13T00:00:00Z |
| mal-2026-3650 | Malicious code in microsoft-applicationinsights-common (npm) | 2026-05-13T00:00:00Z | 2026-05-13T00:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-minio-2026-42600 | MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint | 2026-05-13T15:13:37.429Z | 2026-05-13T15:43:44.805Z |
| bit-minio-2026-39414 | MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing | 2026-04-13T10:10:51.384Z | 2026-05-13T15:43:44.805Z |
| bit-varnish-2023-44487 | 2024-03-06T11:07:44.095Z | 2026-05-13T12:07:18.771Z | |
| bit-tomcat-2025-61795 | Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS | 2025-11-06T13:00:35.478Z | 2026-05-13T12:07:18.771Z |
| bit-tomcat-2025-55754 | Apache Tomcat: console manipulation via escape sequences in log messages | 2025-11-06T13:00:33.572Z | 2026-05-13T12:07:18.771Z |
| bit-tomcat-2025-55752 | Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled | 2025-11-06T13:00:31.694Z | 2026-05-13T12:07:18.771Z |
| bit-tomcat-2025-48989 | Apache Tomcat: h2 DoS - Made You Reset | 2025-08-18T08:14:11.138Z | 2026-05-13T12:07:18.771Z |
| bit-tomcat-2023-44487 | 2025-07-17T08:09:39.495Z | 2026-05-13T12:07:18.771Z | |
| bit-python-2026-7210 | The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection | 2026-05-13T11:45:48.123Z | 2026-05-13T12:07:18.771Z |
| bit-python-2023-27043 | 2024-10-22T12:06:11.918Z | 2026-05-13T12:07:18.771Z | |
| bit-node-2023-44487 | 2024-03-06T10:58:56.877Z | 2026-05-13T12:07:18.771Z | |
| bit-nginx-2023-44487 | 2024-03-06T10:58:49.980Z | 2026-05-13T12:07:18.771Z | |
| bit-libpython-2026-7210 | The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection | 2026-05-13T11:37:03.321Z | 2026-05-13T12:07:18.771Z |
| bit-libpython-2023-27043 | 2025-08-11T13:52:20.772Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2026-21947 | 2026-05-08T05:47:47.840Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2026-21945 | 2026-05-08T05:47:46.400Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2026-21933 | 2026-05-08T05:47:45.025Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2026-21932 | 2026-05-08T05:47:43.724Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2026-21925 | 2026-05-08T05:47:42.250Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2025-7425 | Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr | 2026-05-08T05:47:31.932Z | 2026-05-13T12:07:18.771Z |
| bit-jre-2025-61748 | 2026-05-08T05:47:29.144Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2025-6052 | Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring | 2026-05-08T05:47:27.428Z | 2026-05-13T12:07:18.771Z |
| bit-jre-2025-6021 | Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2 | 2026-05-08T05:47:25.732Z | 2026-05-13T12:07:18.771Z |
| bit-jre-2025-53066 | 2026-05-08T05:47:24.374Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2025-53057 | 2026-05-08T05:47:23.090Z | 2026-05-13T12:07:18.771Z | |
| bit-jre-2025-47219 | 2026-05-08T05:47:16.770Z | 2026-05-13T12:07:18.771Z | |
| bit-jenkins-2023-44487 | 2024-03-06T10:54:03.578Z | 2026-05-13T12:07:18.771Z | |
| bit-java-2026-21947 | 2026-05-06T14:46:05.330Z | 2026-05-13T12:07:18.771Z | |
| bit-java-2026-21945 | 2026-05-06T14:46:04.020Z | 2026-05-13T12:07:18.771Z | |
| bit-java-2026-21933 | 2026-05-06T14:46:02.521Z | 2026-05-13T12:07:18.771Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-gn46454 | When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written | 2026-04-30T00:36:57.162497Z | 2026-04-29T13:34:44Z |
| cleanstart-2026-fu04414 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-30T00:38:58.272669Z | 2026-04-29T09:22:25Z |
| cleanstart-2026-cz07385 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-30T00:39:59.023250Z | 2026-04-29T09:21:35Z |
| cleanstart-2026-fk30234 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web To... | 2026-04-30T00:36:57.018431Z | 2026-04-29T09:20:07Z |
| cleanstart-2026-cn84623 | Within HostnameError | 2026-04-30T00:53:26.653377Z | 2026-04-29T09:12:44Z |
| cleanstart-2026-gy48351 | Within HostnameError | 2026-04-30T00:53:26.601522Z | 2026-04-29T09:10:13Z |
| cleanstart-2026-mi12470 | Within HostnameError | 2026-04-30T00:49:56.616377Z | 2026-04-29T09:05:33Z |
| cleanstart-2026-fr97108 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T00:58:27.074156Z | 2026-04-29T07:50:05Z |
| cleanstart-2026-kt28044 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T01:03:26.906365Z | 2026-04-29T07:43:21Z |
| cleanstart-2026-hq88036 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T01:00:58.604637Z | 2026-04-29T07:41:49Z |
| cleanstart-2026-do31246 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T01:04:59.604515Z | 2026-04-29T07:38:43Z |
| cleanstart-2026-dn20646 | spdystream is a Go library for multiplexing streams over SPDY connections | 2026-04-30T01:01:32.482507Z | 2026-04-29T07:32:10Z |
| cleanstart-2026-md91760 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-04-30T01:00:59.806172Z | 2026-04-29T07:27:32Z |
| cleanstart-2026-hv96032 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-04-30T01:01:32.104241Z | 2026-04-29T07:26:58Z |
| cleanstart-2026-cz64396 | Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-wjrx-6529-hcj3 applied in versions: 0.37.1-r1 | 2026-04-30T01:01:28.425053Z | 2026-04-29T07:22:17Z |
| cleanstart-2026-lz84631 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-04-30T01:01:45.829893Z | 2026-04-29T07:14:23Z |
| cleanstart-2026-bu99819 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-29T00:37:56.608985Z | 2026-04-28T06:46:53Z |
| cleanstart-2026-ms93111 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-28T00:36:04.248443Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-kl42544 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-04-28T00:36:04.463924Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-jp09281 | In libexpat before 2 | 2026-04-28T00:36:34.505244Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-dj93523 | In libexpat before 2 | 2026-04-28T00:37:35.208500Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-hq78610 | Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java | 2026-04-25T00:45:02.559999Z | 2026-04-24T22:46:48Z |
| cleanstart-2026-ly60131 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-25T00:38:42.064940Z | 2026-04-24T13:16:02Z |
| cleanstart-2026-ij61309 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-25T00:38:42.251779Z | 2026-04-24T13:16:02Z |
| cleanstart-2026-kx82113 | In libexpat before 2 | 2026-04-23T00:37:25.300123Z | 2026-04-22T09:49:02Z |
| cleanstart-2026-hm96194 | In libexpat before 2 | 2026-04-23T00:37:25.660354Z | 2026-04-22T09:49:02Z |
| cleanstart-2026-is05941 | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native | 2026-04-23T00:39:55.461024Z | 2026-04-22T06:13:27Z |
| cleanstart-2026-fo49462 | Security fixes for ghsa-3xc5-wrhm-f963 applied in versions: 1.31.1-r0 | 2026-04-22T00:36:28.593230Z | 2026-04-21T09:53:20Z |
| cleanstart-2026-kb76878 | When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written | 2026-04-22T00:39:59.241183Z | 2026-04-21T09:47:18Z |
| cleanstart-2026-al68245 | filippo | 2026-04-22T00:37:28.755649Z | 2026-04-21T09:29:42Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2026-033 | 2026-04-22T17:47:43.000Z | 2026-04-22T17:47:43.000Z | |
| drupal-contrib-2026-032 | 2026-04-08T16:09:54.000Z | 2026-04-10T16:51:06.000Z | |
| drupal-contrib-2026-031 | 2026-04-01T16:38:14.000Z | 2026-04-02T14:13:13.000Z | |
| drupal-contrib-2026-029 | 2026-03-11T16:35:02.000Z | 2026-03-26T19:50:52.000Z | |
| drupal-contrib-2026-028 | 2026-03-11T16:33:14.000Z | 2026-03-26T19:43:59.000Z | |
| drupal-contrib-2026-030 | 2026-03-18T16:10:00.000Z | 2026-03-18T16:10:00.000Z | |
| drupal-contrib-2026-015 | 2026-02-25T18:47:57.000Z | 2026-03-17T13:20:54.000Z | |
| drupal-contrib-2026-024 | 2026-03-04T17:59:51.000Z | 2026-03-05T14:03:05.000Z | |
| drupal-contrib-2026-027 | 2026-03-04T18:02:59.000Z | 2026-03-04T18:02:59.000Z | |
| drupal-contrib-2026-026 | 2026-03-04T18:02:14.000Z | 2026-03-04T18:02:14.000Z | |
| drupal-contrib-2026-025 | 2026-03-04T18:00:41.000Z | 2026-03-04T18:00:41.000Z | |
| drupal-contrib-2026-023 | 2026-03-04T17:58:55.000Z | 2026-03-04T17:58:55.000Z | |
| drupal-contrib-2026-022 | 2026-03-04T17:57:58.000Z | 2026-03-04T17:57:58.000Z | |
| drupal-contrib-2026-021 | 2026-03-04T17:56:18.000Z | 2026-03-04T17:56:18.000Z | |
| drupal-contrib-2026-020 | 2026-03-04T17:54:27.000Z | 2026-03-04T17:54:27.000Z | |
| drupal-contrib-2026-016 | 2026-02-25T18:49:59.000Z | 2026-02-25T19:30:03.000Z | |
| drupal-contrib-2026-019 | 2026-02-25T18:51:43.000Z | 2026-02-25T18:51:43.000Z | |
| drupal-contrib-2026-018 | 2026-02-25T18:51:26.000Z | 2026-02-25T18:51:26.000Z | |
| drupal-contrib-2026-017 | 2026-02-25T18:51:01.000Z | 2026-02-25T18:51:01.000Z | |
| drupal-contrib-2026-014 | 2026-02-25T18:46:10.000Z | 2026-02-25T18:46:10.000Z | |
| drupal-contrib-2026-013 | 2026-02-25T18:45:13.000Z | 2026-02-25T18:45:13.000Z | |
| drupal-contrib-2026-012 | 2026-02-25T18:44:38.000Z | 2026-02-25T18:44:38.000Z | |
| drupal-contrib-2026-011 | 2026-02-25T18:43:32.000Z | 2026-02-25T18:43:32.000Z | |
| drupal-contrib-2026-010 | 2026-02-11T16:54:18.000Z | 2026-02-25T17:17:46.000Z | |
| drupal-contrib-2026-009 | 2026-02-11T16:53:32.000Z | 2026-02-12T15:37:20.000Z | |
| drupal-contrib-2026-008 | 2026-02-04T17:23:40.000Z | 2026-02-04T17:23:40.000Z | |
| drupal-contrib-2026-007 | 2026-01-28T17:29:32.000Z | 2026-01-28T17:29:32.000Z | |
| drupal-contrib-2026-006 | 2026-01-28T17:28:31.000Z | 2026-01-28T17:28:31.000Z | |
| drupal-contrib-2026-005 | 2026-01-14T17:57:31.000Z | 2026-01-14T18:33:02.000Z | |
| drupal-contrib-2026-004 | 2026-01-14T17:56:28.000Z | 2026-01-14T17:56:28.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-000075 | Bytello Share (Windows Edition) installer executable insecurely loads Dynamic Link Libraries | 2026-05-13T15:41+09:00 | 2026-05-13T15:41+09:00 |
| jvndb-2026-000072 | GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow | 2026-05-13T15:41+09:00 | 2026-05-13T15:41+09:00 |
| jvndb-2026-000069 | Android App "Anshin Filter for au" vulnerable to cleartext transmission of sensitive information | 2026-05-13T15:41+09:00 | 2026-05-13T15:41+09:00 |
| jvndb-2026-000073 | Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026) | 2026-05-12T15:16+09:00 | 2026-05-12T15:16+09:00 |
| jvndb-2026-015132 | Canon Production Printers and Office Multifunction Printers vulnerable to information disclosure | 2026-05-12T14:04+09:00 | 2026-05-12T14:04+09:00 |
| jvndb-2026-000071 | GROWI vulnerable to path traversal | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| jvndb-2026-000070 | libXpm vulnerable to out-of-bounds read | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| jvndb-2026-000068 | Lhaz and Lhaz+ vulnerable to path traversal | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| jvndb-2026-000067 | "Kura Sushi Official App" vulnerable to improper certificate validation | 2026-05-11T18:20+09:00 | 2026-05-11T18:20+09:00 |
| jvndb-2026-000066 | Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor | 2026-04-30T17:02+09:00 | 2026-04-30T17:02+09:00 |
| jvndb-2026-000064 | GROWI vulnerable to Regular expression Denial-of-Service (ReDoS) | 2026-04-23T16:57+09:00 | 2026-04-30T12:19+09:00 |
| jvndb-2026-006408 | Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810] | 2026-04-24T17:56+09:00 | 2026-04-24T17:56+09:00 |
| jvndb-2026-012056 | Multiple vulnerabilities in silex technology SD-330AC and AMC Manager | 2026-04-21T15:27+09:00 | 2026-04-23T17:57+09:00 |
| jvndb-2026-000063 | IP Setting Software may insecurely load Dynamic Link Libraries | 2026-04-23T16:57+09:00 | 2026-04-23T16:57+09:00 |
| jvndb-2026-000062 | CMS ALAYA vulnerable to SQL injection | 2026-04-23T16:57+09:00 | 2026-04-23T16:57+09:00 |
| jvndb-2026-000059 | Multiple vulnerabilities in LogonTracer | 2026-04-23T16:57+09:00 | 2026-04-23T16:57+09:00 |
| jvndb-2026-000061 | Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries | 2026-04-22T15:45+09:00 | 2026-04-22T15:45+09:00 |
| jvndb-2026-000060 | DeepL Chrome browser extension vulnerable to cross-site scripting | 2026-04-22T15:45+09:00 | 2026-04-22T15:45+09:00 |
| jvndb-2026-000058 | Ziostation2 vulnerable to path traversal | 2026-04-22T15:45+09:00 | 2026-04-22T15:45+09:00 |
| jvndb-2026-000051 | SKYSEA Client View and SKYMEC IT Manager improper file access permission settings | 2026-04-20T14:47+09:00 | 2026-04-20T14:47+09:00 |
| jvndb-2026-011472 | OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries | 2026-04-17T14:54+09:00 | 2026-04-17T14:54+09:00 |
| jvndb-2026-000057 | Multiple vulnerabilities in CubeCart | 2026-04-17T13:32+09:00 | 2026-04-17T13:32+09:00 |
| jvndb-2026-000056 | Arcserve UDP Console vulnerable to redirect to a dummy URL | 2026-04-16T17:29+09:00 | 2026-04-16T17:29+09:00 |
| jvndb-2026-000055 | GROWI vulnerable to stored cross-site scripting | 2026-04-15T17:21+09:00 | 2026-04-15T17:21+09:00 |
| jvndb-2026-010851 | Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers | 2026-04-14T18:13+09:00 | 2026-04-14T18:13+09:00 |
| jvndb-2026-000053 | EmoCheck loads Dynamic Link Libraries insecurely | 2026-04-10T13:38+09:00 | 2026-04-10T13:38+09:00 |
| jvndb-2026-007973 | Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005) | 2026-03-23T14:54+09:00 | 2026-04-09T13:55+09:00 |
| jvndb-2026-000052 | Multiple vulnerabilities in MATCHA series | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-000050 | Multiple vulnerabilities in Movable Type | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-010301 | Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| ID | Description | Updated |
|---|---|---|
| ts-2026-001 | TS-2026-001 | 2026-01-15T00:00 |
| ts-2025-008 | TS-2025-008 | 2025-11-19T00:00 |
| ts-2025-007 | TS-2025-007 | 2025-11-07T00:00 |
| ts-2025-006 | TS-2025-006 | 2025-10-28T00:00 |
| ts-2025-005 | TS-2025-005 | 2025-08-07T00:00 |
| ts-2025-004 | TS-2025-004 | 2025-05-27T00:00 |
| ts-2025-003 | TS-2025-003 | 2025-05-21T00:00 |
| ts-2025-002 | TS-2025-002 | 2025-05-15T00:00 |
| ts-2025-001 | TS-2025-001 | 2025-03-07T00:00 |
| ts-2024-013 | TS-2024-013 | 2024-12-04T00:00 |
| ts-2024-012 | TS-2024-012 | 2024-10-02T00:00 |
| ts-2024-011 | TS-2024-011 | 2024-07-22T00:00 |
| ts-2024-010 | TS-2024-010 | 2024-07-19T00:00 |
| ts-2024-009 | TS-2024-009 | 2024-06-27T00:00 |
| ts-2024-008 | TS-2024-008 | 2024-06-14T00:00 |
| ts-2024-007 | TS-2024-007 | 2024-06-12T00:00 |
| ts-2024-006 | TS-2024-006 | 2024-05-22T00:00 |
| ts-2024-005 | TS-2024-005 | 2024-05-08T00:00 |
| ts-2024-004 | TS-2024-004 | 2024-05-06T00:00 |
| ts-2024-003 | TS-2024-003 | 2024-04-23T00:00 |
| ts-2024-002 | TS-2024-002 | 2024-01-30T00:00 |
| ts-2024-001 | TS-2024-001 | 2024-01-08T00:00 |
| ts-2023-009 | TS-2023-009 | 2023-12-22T00:00 |
| ts-2023-008 | TS-2023-008 | 2023-11-01T00:00 |
| ts-2023-007 | TS-2023-007 | 2023-10-26T00:00 |
| ts-2023-006 | TS-2023-006 | 2023-08-22T00:00 |
| ts-2023-005 | TS-2023-005 | 2023-04-28T00:00 |
| ts-2023-004 | TS-2023-004 | 2023-04-04T00:00 |
| ts-2023-003 | TS-2023-003 | 2023-03-22T00:00 |
| ts-2023-002 | TS-2023-002 | 2023-01-24T00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-19056 | Google Android权限提升漏洞(CNVD-2026-19056) | 2026-03-06 | 2026-04-30 |
| cnvd-2026-19046 | WordPress插件WCFM Marketplace SQL注入漏洞 | 2026-04-21 | 2026-04-30 |
| cnvd-2026-19045 | 多款Apple产品拒绝服务漏洞(CNVD-2026-19045) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19044 | Linux kernel本地权限提升漏洞(CNVD-2026-19044) | 2026-04-23 | 2026-04-30 |
| cnvd-2026-19043 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19043) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19042 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19042) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19041 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19041) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19040 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19040) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19039 | Apple macOS Tahoe堆缓冲区溢出漏洞 | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19038 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19038) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19037 | Apple macOS存在未明漏洞(CNVD-2026-19037) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19036 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19036) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19035 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19035) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19034 | Apple macOS存在未明漏洞(CNVD-2026-19034) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19033 | Apple macOS信息泄露漏洞(CNVD-2026-19033) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19032 | Apple macOS拒绝服务漏洞(CNVD-2026-19032) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19031 | WordPress插件YouTube Showcase跨站脚本漏洞 | 2026-04-21 | 2026-04-30 |
| cnvd-2026-19030 | OpenClaw存在未明漏洞(CNVD-2026-19030) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19029 | OpenClaw存在未明漏洞(CNVD-2026-19029) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19028 | OpenClaw后置链接漏洞(CNVD-2026-19028) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19027 | OpenClaw路径遍历漏洞(CNVD-2026-19027) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19026 | OpenClaw存在未明漏洞(CNVD-2026-19026) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19025 | Flowise信息泄露漏洞 | 2026-04-24 | 2026-04-30 |
| cnvd-2026-19013 | Delta Electronics AS320T拒绝服务漏洞 | 2026-04-25 | 2026-04-29 |
| cnvd-2026-18831 | TOTOLINK A3300R password参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18823 | TOTOLINK A3300R provider参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18822 | TOTOLINK A3300R ttlWay参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18821 | TOTOLINK A3300R dhcpMtu参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18820 | TOTOLINK A3300R pppoeMtu参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18819 | TOTOLINK A3300R pppoeServiceName参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01844 | Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01843 | Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01842 | Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01841 | Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01840 | Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01839 | Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01838 | Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01837 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01836 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01835 | Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01834 | Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01833 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01832 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01831 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01830 | Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01829 | Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01827 | Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01826 | Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01825 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01824 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01823 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01822 | Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01821 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01820 | Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01819 | Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01818 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01817 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01816 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01815 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… | 16.02.2026 | 16.02.2026 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0572 | Multiples vulnérabilités dans les produits Centreon | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0571 | Multiples vulnérabilités dans Microsoft Azure | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0570 | Multiples vulnérabilités dans Microsoft Edge | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0569 | Multiples vulnérabilités dans les produits Nextcloud | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0568 | Multiples vulnérabilités dans les produits Axis | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0567 | Multiples vulnérabilités dans les produits SAP | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0566 | Multiples vulnérabilités dans les produits Schneider Electric | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0565 | Multiples vulnérabilités dans les produits Siemens | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0564 | Multiples vulnérabilités dans SPIP | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0563 | Multiples vulnérabilités dans les produits Apple | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0562 | Multiples vulnérabilités dans LibreNMS | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0561 | Vulnérabilité dans Traefik | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0560 | Vulnérabilité dans CPython | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0559 | Multiples vulnérabilités dans PostgreSQL PgBouncer | 2026-05-12T00:00:00.000000 | 2026-05-12T00:00:00.000000 |
| certfr-2026-avi-0558 | Multiples vulnérabilités dans Microsoft Azure Linux | 2026-05-11T00:00:00.000000 | 2026-05-11T00:00:00.000000 |
| certfr-2026-avi-0557 | Multiples vulnérabilités dans Microsoft Edge | 2026-05-11T00:00:00.000000 | 2026-05-11T00:00:00.000000 |
| certfr-2026-avi-0556 | Multiples vulnérabilités dans les produits VMware | 2026-05-11T00:00:00.000000 | 2026-05-11T00:00:00.000000 |
| certfr-2026-avi-0555 | Multiples vulnérabilités dans les produits Mozilla | 2026-05-11T00:00:00.000000 | 2026-05-11T00:00:00.000000 |
| certfr-2026-avi-0554 | Multiples vulnérabilités dans les produits Spring | 2026-05-11T00:00:00.000000 | 2026-05-11T00:00:00.000000 |
| certfr-2026-avi-0553 | Multiples vulnérabilités dans PHP | 2026-05-11T00:00:00.000000 | 2026-05-11T00:00:00.000000 |
| certfr-2026-avi-0552 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0551 | Multiples vulnérabilités dans GLPI | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0550 | Multiples vulnérabilités dans les produits IBM | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0549 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0548 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0547 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0546 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0545 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0544 | Multiples vulnérabilités dans les produits Cisco | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0543 | Multiples vulnérabilités dans Spring Cloud Config | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-ale-003 | Note d’alerte – Ciblage des messageries instantanées | 2026-03-20T00:00:00.000000 | 2026-04-20T00:00:00.000000 |
| certfr-2026-ale-004 | Vulnérabilité dans F5 BIG-IP Access Policy Manager | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-ale-002 | [MàJ] Vulnérabilité dans Cisco Catalyst SD-WAN | 2026-02-25T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-04T00:00:00.000000 | 2025-04-11T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-05-07T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-ale-001 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-01-09T00:00:00.000000 | 2025-04-01T00:00:00.000000 |
| certfr-2024-ale-014 | [MàJ] Multiples vulnérabilités dans Fortinet FortiManager | 2024-10-30T00:00:00.000000 | 2024-10-23T00:00:00.000000 |
| certfr-2024-ale-013 | Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) | 2025-03-31T00:00:00.000000 | 2024-10-25T00:00:00.000000 |
| certfr-2024-ale-015 | [MàJ] Multiples vulnérabilités sur l'interface d'administration des équipements Palo Alto Networks | 2024-11-15T00:00:00.000000 | 2024-11-18T00:00:00.000000 |
| certfr-2024-ale-012 | [MàJ] Vulnérabilités affectant OpenPrinting CUPS | 2024-09-27T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-011 | Vulnérabilité dans SonicWall | 2024-09-10T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-010 | Multiples vulnérabilités dans Roundcube | 2024-08-09T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-009 | Vulnérabilité dans OpenSSH | 2024-07-01T00:00:00.000000 | 2024-07-03T00:00:00.000000 |
| certfr-2024-ale-008 | [MàJ] Vulnérabilité dans les produits Check Point | 2024-05-30T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-007 | Multiples vulnérabilités dans les produits Cisco | 2024-04-25T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-006 | [MàJ] Vulnérabilité dans Palo Alto Networks GlobalProtect | 2024-04-12T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-004 | [MàJ] Vulnérabilité dans Fortinet FortiOS | 2024-02-09T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-005 | [MàJ] Vulnérabilité dans Microsoft Outlook | 2024-02-15T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2026-720 | Heap-buffer-overflow in coap_persist_startup_lkd | 2026-05-13T00:02:09.009363Z | 2026-05-13T00:02:09.009863Z |
| osv-2024-269 | Security exception in java.base/java.util.stream.AbstractPipeline.evaluate | 2024-04-18T00:04:02.456948Z | 2026-05-12T14:29:48.398636Z |
| osv-2022-312 | Heap-buffer-overflow in dhcp_reply | 2022-04-07T00:00:40.457052Z | 2026-05-12T14:13:16.734679Z |
| osv-2026-718 | Heap-buffer-overflow in md_parse | 2026-05-12T00:14:15.556208Z | 2026-05-12T00:14:15.556499Z |
| osv-2026-717 | Stack-use-after-scope in enter_block_callback | 2026-05-12T00:11:13.428437Z | 2026-05-12T00:11:13.428832Z |
| osv-2023-1073 | Heap-buffer-overflow in H5D__scatter_mem | 2023-10-27T13:00:49.296462Z | 2026-05-09T14:20:11.557656Z |
| osv-2021-586 | Use-of-uninitialized-value in void intra_prediction_angular<unsigned short> | 2021-03-31T00:01:03.787831Z | 2026-05-09T14:16:42.782117Z |
| osv-2024-86 | Security exception in org.threeten.bp.format.DateTimeFormatterBuilder$CompositePrinterParser.parse | 2024-02-09T00:00:11.154046Z | 2026-05-08T14:31:17.736503Z |
| osv-2024-679 | Heap-buffer-overflow in readImage4v2 | 2024-07-25T00:14:34.485446Z | 2026-05-08T14:27:54.722416Z |
| osv-2024-398 | Use-of-uninitialized-value in wabt::BinaryReaderObjdump::PrintInitExpr | 2024-05-01T00:11:38.602555Z | 2026-05-08T14:27:10.852606Z |
| osv-2024-184 | Security exception in org.threeten.bp.format.DateTimeFormatterBuilder$CompositePrinterParser.parse | 2024-03-21T00:13:27.175097Z | 2026-05-08T14:24:54.753298Z |
| osv-2024-171 | Security exception in org.threeten.bp.format.DateTimeFormatterBuilder$CompositePrinterParser.parse | 2024-03-15T00:08:01.855772Z | 2026-05-08T14:24:36.961202Z |
| osv-2023-800 | Heap-buffer-overflow in XCFImageFormat::loadTileRLE | 2023-09-07T14:00:27.693270Z | 2026-05-08T14:21:09.976488Z |
| osv-2023-55 | Index-out-of-bounds in LibRaw::apply_tiff | 2023-02-07T13:00:07.438565Z | 2026-05-08T14:20:48.773644Z |
| osv-2023-346 | UNKNOWN WRITE in void std::__1::allocator_traits<std::__1::allocator<wabt::interp::HandlerDesc> > | 2023-04-27T14:02:25.286668Z | 2026-05-08T14:15:46.330131Z |
| osv-2022-834 | Heap-use-after-free in mk_event_timeout_destroy | 2022-09-04T00:00:31.605787Z | 2026-05-08T14:14:40.090388Z |
| osv-2022-916 | Container-overflow in wabt::interp::BinaryReaderInterp::BeginFunctionBody | 2022-09-20T00:00:42.122902Z | 2026-05-08T14:13:59.903744Z |
| osv-2022-1277 | Heap-use-after-free in mk_event_timeout_destroy | 2023-06-26T14:01:01.876870Z | 2026-05-08T14:11:05.043800Z |
| osv-2022-1263 | Null-dereference READ | 2022-12-20T13:01:53.219707Z | 2026-05-08T14:10:11.915156Z |
| osv-2022-1018 | Index-out-of-bounds in LibRaw::kodak_radc_load_raw | 2022-10-06T00:02:27.511658Z | 2026-05-08T14:09:09.848150Z |
| osv-2021-972 | UNKNOWN READ in void mc_chroma<unsigned short> | 2021-07-13T00:00:16.631711Z | 2026-05-08T14:09:08.411360Z |
| osv-2021-948 | Use-of-uninitialized-value in residual_coding | 2021-07-10T00:01:12.890029Z | 2026-05-08T14:09:06.789490Z |
| osv-2020-876 | Use-of-uninitialized-value in XCFImageFormat::mergeRGBToRGB | 2020-07-14T22:13:55.541274Z | 2026-05-08T14:08:54.986399Z |
| osv-2020-868 | Use-of-uninitialized-value in fetchARGB32ToRGBA64PM_avx2 | 2020-07-14T22:13:50.828646Z | 2026-05-08T14:08:52.889556Z |
| osv-2021-735 | Use-of-uninitialized-value in decode_CABAC_FL_bypass | 2021-05-08T00:00:14.355747Z | 2026-05-08T14:08:48.023198Z |
| osv-2021-525 | Use-of-uninitialized-value in void edge_filtering_chroma_internal<unsigned char> | 2021-03-16T00:00:19.176877Z | 2026-05-08T14:08:44.353715Z |
| osv-2026-630 | Use-of-uninitialized-value in JXRHandlerPrivate::readTextMeta | 2026-04-27T00:02:58.068470Z | 2026-05-08T14:05:17.157586Z |
| osv-2026-632 | Use-of-uninitialized-value in PKFormatConverter_InitializeConvert | 2026-04-27T00:03:49.004685Z | 2026-05-08T14:03:34.563798Z |
| osv-2026-699 | Use-of-uninitialized-value in Mat_VarGetSize | 2026-05-08T00:20:46.769191Z | 2026-05-08T00:20:46.769443Z |
| osv-2026-696 | Use-of-uninitialized-value in JXRHandler::read | 2026-05-08T00:02:49.156616Z | 2026-05-08T00:02:49.156925Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2026-0140 | DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport | 2026-05-12T12:00:00Z | 2026-05-13T15:15:09Z |
| rustsec-2026-0139 | Null-pointer dereference and double-free via safe APIs | 2026-05-02T12:00:00Z | 2026-05-13T14:54:08Z |
| rustsec-2026-0138 | Unsound access to padding bytes while serializing date/time values using the Mysql backend | 2026-04-30T12:00:00Z | 2026-05-13T14:16:31Z |
| rustsec-2026-0137 | Possible unaligned data access for implementations of `SqliteAggregate` | 2026-04-24T12:00:00Z | 2026-05-13T14:16:31Z |
| rustsec-2026-0136 | Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` | 2026-04-24T12:00:00Z | 2026-05-13T14:16:31Z |
| rustsec-2026-0135 | Unsound transmute while debug/display printing batch Insert statements in Diesel's SQLite backend | 2026-04-24T12:00:00Z | 2026-05-13T14:16:31Z |
| rustsec-2026-0134 | Unsound access to padding bytes while serializing date/time values using the Mysql backend | 2026-04-24T12:00:00Z | 2026-05-13T14:16:31Z |
| rustsec-2026-0133 | Invalid pointer arithmetic in `iter()` and `iter_mut()` | 2026-05-02T12:00:00Z | 2026-05-13T12:38:12Z |
| rustsec-2026-0132 | Potential out-of-bounds write via public `Context` fields | 2026-05-02T12:00:00Z | 2026-05-13T12:38:12Z |
| rustsec-2026-0131 | Double-free in `Chomp::inner()` | 2026-05-02T12:00:00Z | 2026-05-13T12:38:12Z |
| rustsec-2026-0130 | Out-of-bounds read/write in `Index` and `IndexMut` implementations | 2026-05-02T12:00:00Z | 2026-05-13T12:34:44Z |
| rustsec-2026-0129 | Buffer overflow in `Clusterings::from_i32_column_major_order()` | 2026-05-02T12:00:00Z | 2026-05-13T12:34:44Z |
| rustsec-2026-0128 | Double-free and use-after-free in `Keys::next()` | 2026-05-02T12:00:00Z | 2026-05-13T12:19:05Z |
| rustsec-2026-0127 | Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption | 2026-05-02T12:00:00Z | 2026-05-13T12:16:15Z |
| rustsec-2026-0126 | AVX2 Implementation Did Not Fully Reduce Intermediate Values | 2026-04-27T12:00:00Z | 2026-05-13T10:05:44Z |
| rustsec-2026-0125 | Signature Verification on AVX2 Platforms Mishandles Edge Case | 2026-05-05T12:00:00Z | 2026-05-13T10:05:44Z |
| rustsec-2026-0124 | Potential Panic on Overlong Ciphertext Buffer | 2026-03-29T12:00:00Z | 2026-05-13T10:05:44Z |
| rustsec-2026-0123 | Out-of-bounds read in `bytes_helper` public safe functions | 2026-05-02T12:00:00Z | 2026-05-12T17:04:47Z |
| rustsec-2026-0121 | Denial of service in Steamworks game clients/servers using P2P authentication | 2026-05-05T12:00:00Z | 2026-05-12T05:04:00Z |
| rustsec-2026-0122 | Potential use-after-free due to lack of panic safety in `InlineVec::clear` and `SerVec::clear` | 2026-04-23T12:00:00Z | 2026-05-11T13:59:32Z |
| rustsec-2026-0120 | NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0119 | CPU exhaustion during message encoding due to O(n²) name compression | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0118 | NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0117 | Fragile bounds check when sampling from image | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0116 | Improper check of an invariant resulting in incorrect bounds checks | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0115 | Fragile bounds check when sampling from image | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0114 | Panic when allocating a table exceeding the size of the host's address space | 2026-04-30T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0111 | Possible UTF-8 corruption in Diesels SQLite backend | 2026-04-24T12:00:00Z | 2026-05-06T06:32:50Z |
| rustsec-2026-0109 | Broken hard revocation handling | 2026-04-21T12:00:00Z | 2026-05-06T06:32:50Z |
| rustsec-2026-0108 | `sui-execution-cut` was removed from crates.io for malicious code | 2026-04-23T12:00:00Z | 2026-05-06T06:32:50Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osec-2026-03 | opam install sandbox escape | 2026-04-15T22:00:00Z | 2026-04-16T21:00:00Z |
| osec-2026-01 | Buffer Over-Read in OCaml Marshal Deserialization | 2026-02-17T13:30:00Z | 2026-02-27T09:30:00Z |
| osec-2026-02 | ARP unbounded memory usage | 2026-02-18T10:30:00Z | 2026-02-18T10:30:00Z |
| osec-2022-01 | Infinite loop in console output on xen | 2022-12-07T00:00:00Z | 2026-02-18T09:30:00Z |
| osec-2025-01 | Albatross console out of memory | 2025-08-15T00:18:22Z | 2026-01-13T12:00:00Z |
| osec-2019-02 | Grant unshare vulnerability in mirage-xen | 2019-04-26T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2019-01 | Memory disclosure in mirage-net-xen | 2019-03-21T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2016-02 | Memory disclosure in mirage-net-xen | 2016-05-03T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2023-01 | Time of check time of use issue in opam's cache | 2023-05-25T12:00:00Z | 2026-01-09T12:00:00Z |
| osec-2016-01 | Buffer overflow and information leak in OCaml < 4.03.0 | 2016-04-29T00:18:22Z | 2026-01-01T12:00:00Z |
| osec-2018-01 | An integer overflow in the `bigarray` serialization module leads to arbitrary code execution | 2018-04-06T18:29:00Z | 2025-12-16T12:00:00Z |
| osec-2017-01 | Local privilege escalation issue with ocaml binaries | 2017-06-23T15:19:47Z | 2025-12-16T12:00:00Z |