Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-71380 |
8.7 (4.0)
8.8 (3.1)
|
n8n - Arbitrary Command Execution via Execute Command Node |
n8n |
n8n |
2026-07-04T01:23:42.800Z | 2026-07-04T01:23:42.800Z |
| CVE-2025-71375 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Undetected Remote Code Execution via _ope… |
picklescan |
picklescan |
2026-07-04T01:23:42.157Z | 2026-07-04T01:23:42.157Z |
| CVE-2025-71373 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Remote Code Execution via operator.method… |
picklescan |
picklescan |
2026-07-04T01:23:41.446Z | 2026-07-04T01:23:41.446Z |
| CVE-2025-71372 |
7.6 (4.0)
8.1 (3.1)
|
Picklescan - Arbitrary Code Execution via numpy.f2py.c… |
Picklescan |
Picklescan |
2026-07-04T01:23:40.728Z | 2026-07-04T01:23:40.728Z |
| CVE-2025-71369 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Unsafe Deserialization via torch.utils.da… |
picklescan |
picklescan |
2026-07-04T01:23:40.021Z | 2026-07-04T01:23:40.021Z |
| CVE-2025-71367 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Remote Code Execution via _operator.attrg… |
picklescan |
picklescan |
2026-07-04T01:23:39.319Z | 2026-07-04T01:23:39.319Z |
| CVE-2025-71366 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Arbitrary Code Execution via torch.utils.… |
picklescan |
picklescan |
2026-07-04T01:23:38.638Z | 2026-07-04T01:23:38.638Z |
| CVE-2025-71364 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Arbitrary Code Execution via Undetected a… |
picklescan |
picklescan |
2026-07-04T01:23:37.959Z | 2026-07-04T01:23:37.959Z |
| CVE-2025-71362 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Arbitrary Code Execution via Unsafe Deser… |
picklescan |
picklescan |
2026-07-04T01:23:37.271Z | 2026-07-04T01:23:37.271Z |
| CVE-2025-71360 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Remote Code Execution via Undetected idle… |
picklescan |
picklescan |
2026-07-04T01:23:36.583Z | 2026-07-04T01:23:36.583Z |
| CVE-2025-71359 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Unsafe Deserialization via lib2to3.pgen2.… |
picklescan |
picklescan |
2026-07-04T01:23:35.892Z | 2026-07-04T01:23:35.892Z |
| CVE-2025-71356 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Arbitrary Code Execution via torch.fx.exp… |
picklescan |
picklescan |
2026-07-04T01:23:35.187Z | 2026-07-04T01:23:35.187Z |
| CVE-2025-71353 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Remote Code Execution via torch._dynamo.g… |
picklescan |
picklescan |
2026-07-04T01:23:34.482Z | 2026-07-04T01:23:34.482Z |
| CVE-2025-71347 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Undetected Remote Code Execution via nump… |
picklescan |
picklescan |
2026-07-04T01:23:33.794Z | 2026-07-04T01:23:33.794Z |
| CVE-2025-71345 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Arbitrary Code Execution via torch.utils.… |
picklescan |
picklescan |
2026-07-04T01:23:33.086Z | 2026-07-04T01:23:33.086Z |
| CVE-2025-71343 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Arbitrary Code Execution via lib2to3.pgen… |
picklescan |
picklescan |
2026-07-04T01:23:32.430Z | 2026-07-04T01:23:32.430Z |
| CVE-2025-71342 |
7.6 (4.0)
8.1 (3.1)
|
picklescan - Undetected Remote Code Execution via idle… |
picklescan |
picklescan |
2026-07-04T01:23:31.768Z | 2026-07-04T01:23:31.768Z |
| CVE-2026-12252 |
7.8 (3.0)
|
Untrusted JAR Code Execution in Multiple Stanford Inte… |
nltk |
nltk/nltk |
2026-07-04T00:58:58.930Z | 2026-07-04T00:58:58.930Z |
| CVE-2026-54424 |
8.4 (3.1)
|
An Incorrect Use of Privileged APIs vulnerability… |
Unity |
Parsec |
2026-07-04T00:45:24.208Z | 2026-07-04T00:45:24.208Z |
| CVE-2026-14617 |
2.3 (4.0)
3.1 (3.1)
3.1 (3.0)
|
NousResearch hermes-agent Streaming Reasoning Tag Filt… |
NousResearch |
hermes-agent |
2026-07-03T21:45:10.246Z | 2026-07-03T21:45:10.246Z |
| CVE-2026-58523 |
6.5 (3.1)
|
Microsoft Edge for Android Security Feature Bypass Vul… |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T21:26:27.550Z | 2026-07-03T21:26:27.550Z |
| CVE-2026-58291 |
6.1 (3.1)
|
Microsoft Edge (Chromium-based) Information Disclosure… |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:37.453Z | 2026-07-03T21:26:27.026Z |
| CVE-2026-45489 |
6.5 (3.1)
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:36.906Z | 2026-07-03T21:26:26.488Z |
| CVE-2026-54998 |
8.8 (3.1)
|
Microsoft Exchange Online Elevation of Privilege Vulne… |
Microsoft |
Microsoft Exchange Online |
2026-07-02T22:18:58.222Z | 2026-07-03T21:26:25.955Z |
| CVE-2026-58597 |
4.3 (3.1)
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:35.815Z | 2026-07-03T21:26:25.344Z |
| CVE-2026-58524 |
5.4 (3.1)
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:35.191Z | 2026-07-03T21:26:24.809Z |
| CVE-2026-58300 |
6.2 (3.1)
|
Microsoft Edge for Android Information Disclosure Vuln… |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:34.726Z | 2026-07-03T21:26:24.282Z |
| CVE-2026-58298 |
7.2 (3.1)
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:34.186Z | 2026-07-03T21:26:23.651Z |
| CVE-2026-58297 |
7.1 (3.1)
|
Microsoft Edge for Android Information Disclosure Vuln… |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:33.630Z | 2026-07-03T21:26:23.184Z |
| CVE-2026-58296 |
7.1 (3.1)
|
Microsoft Edge for Android Information Disclosure Vuln… |
Microsoft |
Microsoft Edge (Chromium-based) |
2026-07-03T20:35:33.018Z | 2026-07-03T21:26:22.643Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2026-54424 | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a poten… | 2026-07-04T01:16:27.340 | 2026-07-04T01:16:27.340 |
| fkie_cve-2026-58523 | Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a s… | 2026-07-03T22:16:55.740 | 2026-07-03T22:16:55.740 |
| fkie_cve-2026-14617 | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected i… | 2026-07-03T22:16:52.943 | 2026-07-03T22:16:52.943 |
| fkie_cve-2026-58597 | Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauth… | 2026-07-03T21:17:06.127 | 2026-07-03T21:17:06.127 |
| fkie_cve-2026-58524 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… | 2026-07-03T21:17:06.000 | 2026-07-03T21:17:06.000 |
| fkie_cve-2026-58522 | Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… | 2026-07-03T21:17:05.883 | 2026-07-03T21:17:05.883 |
| fkie_cve-2026-58426 | Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cros… | 2026-07-03T21:17:05.770 | 2026-07-03T21:17:05.770 |
| fkie_cve-2026-58424 | Permanent Fork PR Workflow Approval Gate Bypass | 2026-07-03T21:17:05.660 | 2026-07-03T21:17:05.660 |
| fkie_cve-2026-58423 | LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private rep… | 2026-07-03T21:17:05.550 | 2026-07-03T21:17:05.550 |
| fkie_cve-2026-58422 | Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | 2026-07-03T21:17:05.447 | 2026-07-03T21:17:05.447 |
| fkie_cve-2026-58421 | Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | 2026-07-03T21:17:05.347 | 2026-07-03T21:17:05.347 |
| fkie_cve-2026-58419 | Notification API leaks private issue metadata after access revocation | 2026-07-03T21:17:05.243 | 2026-07-03T21:17:05.243 |
| fkie_cve-2026-58418 | SSRF via HTTP Redirect in Repository Migration | 2026-07-03T21:17:05.140 | 2026-07-03T21:17:05.140 |
| fkie_cve-2026-58300 | Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… | 2026-07-03T21:17:05.023 | 2026-07-03T21:17:05.023 |
| fkie_cve-2026-58299 | Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthori… | 2026-07-03T21:17:04.907 | 2026-07-03T21:17:04.907 |
| fkie_cve-2026-58298 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… | 2026-07-03T21:17:04.790 | 2026-07-03T21:17:04.790 |
| fkie_cve-2026-58297 | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… | 2026-07-03T21:17:04.663 | 2026-07-03T21:17:04.663 |
| fkie_cve-2026-58296 | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… | 2026-07-03T21:17:04.547 | 2026-07-03T21:17:04.547 |
| fkie_cve-2026-58295 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:17:04.417 | 2026-07-03T21:17:04.417 |
| fkie_cve-2026-58294 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:17:04.293 | 2026-07-03T21:17:04.293 |
| fkie_cve-2026-58293 | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized att… | 2026-07-03T21:17:04.143 | 2026-07-03T21:17:04.143 |
| fkie_cve-2026-58292 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to exe… | 2026-07-03T21:17:04.013 | 2026-07-03T21:17:04.013 |
| fkie_cve-2026-58291 | Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an un… | 2026-07-03T21:17:03.890 | 2026-07-03T21:17:03.890 |
| fkie_cve-2026-58290 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:17:03.770 | 2026-07-03T21:17:03.770 |
| fkie_cve-2026-58289 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:17:03.640 | 2026-07-03T21:17:03.640 |
| fkie_cve-2026-58288 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:17:03.523 | 2026-07-03T21:17:03.523 |
| fkie_cve-2026-58287 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:17:03.413 | 2026-07-03T21:17:03.413 |
| fkie_cve-2026-58286 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perfo… | 2026-07-03T21:17:03.293 | 2026-07-03T21:17:03.293 |
| fkie_cve-2026-58285 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:17:03.180 | 2026-07-03T21:17:03.180 |
| fkie_cve-2026-58284 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execut… | 2026-07-03T21:17:03.057 | 2026-07-03T21:17:03.057 |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-pxqg-8rwp-q2x2 |
3.1 (3.1)
1.3 (4.0)
|
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected i… | 2026-07-04T00:31:23Z | 2026-07-04T00:31:23Z |
| ghsa-49m2-v6xm-3fhr |
6.5 (3.1)
|
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a s… | 2026-07-04T00:31:23Z | 2026-07-04T00:31:23Z |
| ghsa-v5h7-6v7v-x933 |
6.8 (3.1)
|
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… | 2026-07-03T21:31:41Z | 2026-07-03T21:31:41Z |
| ghsa-h677-5v32-7m48 |
6.2 (3.1)
|
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose i… | 2026-07-03T21:31:41Z | 2026-07-03T21:31:41Z |
| ghsa-g4pq-v493-r36h |
7.5 (3.1)
|
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthori… | 2026-07-03T21:31:41Z | 2026-07-03T21:31:41Z |
| ghsa-8ghg-xp59-w7pg |
7.2 (3.1)
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… | 2026-07-03T21:31:41Z | 2026-07-03T21:31:41Z |
| ghsa-443f-8vj4-c2c4 |
5.4 (3.1)
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft E… | 2026-07-03T21:31:41Z | 2026-07-03T21:31:41Z |
| ghsa-3p86-rw86-vj98 |
4.3 (3.1)
|
Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauth… | 2026-07-03T21:31:41Z | 2026-07-03T21:31:41Z |
| ghsa-x7pj-r739-2qv7 |
8.3 (3.1)
|
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-wrqp-3qp3-gqcj |
7.5 (3.1)
|
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-vfc9-fgwm-8mwp |
7.1 (3.1)
|
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-rp87-gqr5-74pm |
7.5 (3.1)
|
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to exe… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-qqhm-6qqw-68j4 |
7.5 (3.1)
|
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-pp6w-gfj2-hq6c |
7.1 (3.1)
|
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android all… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-mm5h-w49f-qxp5 |
8.1 (3.1)
|
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized att… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-jjfj-r463-g4c7 |
8.3 (3.1)
|
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-7xpx-9crg-rx5q |
8.3 (3.1)
|
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-6p36-3w3p-mr82 |
8.1 (3.1)
|
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perfo… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-4prc-gc25-x2h7 |
8.3 (3.1)
|
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-39f3-ggrp-rph3 |
9.0 (3.1)
|
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-36w9-qq4h-pv36 |
6.1 (3.1)
|
Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an un… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-28f5-cgmh-4pfj |
8.3 (3.1)
|
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execut… | 2026-07-03T21:31:40Z | 2026-07-03T21:31:40Z |
| ghsa-vw2p-73gr-hwh5 |
7.5 (3.1)
|
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:31:39Z | 2026-07-03T21:31:39Z |
| ghsa-vfww-fwcc-xcp7 |
8.1 (3.1)
|
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perfo… | 2026-07-03T21:31:39Z | 2026-07-03T21:31:39Z |
| ghsa-pwgr-7g5c-fjgv |
7.5 (3.1)
|
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o… | 2026-07-03T21:31:39Z | 2026-07-03T21:31:39Z |
| ghsa-pgfj-jh8g-79g5 |
6.5 (3.1)
|
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attack… | 2026-07-03T21:31:38Z | 2026-07-03T21:31:39Z |
| ghsa-mp46-jq23-75j9 |
7.6 (3.1)
|
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to exe… | 2026-07-03T21:31:38Z | 2026-07-03T21:31:39Z |
| ghsa-hq62-8562-72xh |
7.4 (3.1)
|
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attack… | 2026-07-03T21:31:39Z | 2026-07-03T21:31:39Z |
| ghsa-c7hg-fxjp-q9jp |
7.4 (3.1)
|
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) a… | 2026-07-03T21:31:39Z | 2026-07-03T21:31:39Z |
| ghsa-9h2j-pmwx-xhhx |
8.1 (3.1)
|
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) al… | 2026-07-03T21:31:39Z | 2026-07-03T21:31:39Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-616 |
7.3 (3.1)
|
Wagtail is an open source content management system built on Django. In versions prior to… | wagtail | 2026-07-01T22:16:49.917Z | 2026-07-03T12:58:59.937124Z |
| pysec-2026-615 |
4.3 (3.1)
|
Wagtail is an open source content management system built on Django. In versions prior to… | wagtail | 2026-07-01T22:16:49.787Z | 2026-07-03T12:58:59.841624Z |
| pysec-2026-614 |
6.5 (3.1)
|
Wagtail is an open source content management system built on Django. In versions prior to… | wagtail | 2026-07-01T22:16:49.653Z | 2026-07-03T12:58:59.721161Z |
| pysec-2026-613 |
2.7 (3.1)
|
Wagtail is an open source content management system built on Django. In versions prior to… | wagtail | 2026-07-01T22:16:49.523Z | 2026-07-03T12:58:59.603248Z |
| pysec-2026-612 |
4.3 (3.1)
|
Wagtail is an open source content management system built on Django. In versions prior to… | wagtail | 2026-07-01T22:16:49.297Z | 2026-07-03T12:58:59.464451Z |
| pysec-2025-102 |
6.6 (3.1)
|
Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows at… | dagster-ge | 2025-07-22T17:15:33.543Z | 2026-07-02T16:38:31.076371Z |
| pysec-2026-564 |
9.1 (3.1)
|
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a use… | vitrage | 2026-06-29T11:50:51.052829Z | 2026-07-02T12:46:52.359910Z |
| pysec-2026-529 |
9.6 (3.1)
|
Directory traversal vulnerability in recv_file method allows arbitrary files to be writte… | salt | 2026-06-29T11:50:38.396059Z | 2026-07-02T12:46:49.599506Z |
| pysec-2026-528 |
9.9 (3.1)
9.4 (4.0)
|
### Summary A SQL injection vulnerability in the Oracle path of `FilterEngine.create_sql… | rucio | 2026-06-29T11:50:50.519440Z | 2026-07-02T12:46:49.461769Z |
| pysec-2026-527 |
9.9 (3.1)
9.0 (4.0)
|
### Summary A SQL injection vulnerability in `FilterEngine.create_postgres_query` allows… | rucio | 2026-06-29T11:50:49.082878Z | 2026-07-02T12:46:49.308804Z |
| pysec-2026-510 |
9.8 (3.1)
|
### Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedde… | qiskit | 2026-06-29T11:50:34.769394Z | 2026-07-02T12:46:47.918376Z |
| pysec-2026-461 |
9.6 (3.1)
|
The `execute_command` function and workflow shell execution are exposed to user-controlle… | praisonai | 2026-06-29T11:50:47.321761Z | 2026-07-02T12:46:43.492217Z |
| pysec-2026-440 |
9.1 (3.1)
|
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 di… | os-vif | 2026-06-29T11:50:32.870631Z | 2026-07-02T12:46:41.101315Z |
| pysec-2026-433 |
9.1 (3.1)
|
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allow… | octavia | 2026-06-29T11:50:32.761316Z | 2026-07-02T12:46:40.385416Z |
| pysec-2026-431 |
9.1 (3.1)
|
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows re… | neutron | 2026-06-29T11:50:32.602905Z | 2026-07-02T12:46:40.013240Z |
| pysec-2026-373 |
9.3 (3.1)
|
## Summary A serialization injection vulnerability exists in LangChain's `dumps()` and `… | langchain-core | 2026-06-29T11:50:38.732432Z | 2026-07-02T12:46:34.720444Z |
| pysec-2026-361 |
9.2 (4.0)
|
### Summary The `ExceededSizeError` exception messages are embedded with non-decoded JWT … | joserfc | 2026-06-29T11:50:36.396676Z | 2026-07-02T12:46:33.470203Z |
| pysec-2026-360 |
9.1 (3.1)
|
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 … | ipsilon | 2026-06-29T11:50:32.271750Z | 2026-07-02T12:46:33.387299Z |
| pysec-2026-344 |
9.3 (4.0)
|
A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit… | google-adk | 2026-06-29T11:50:47.550836Z | 2026-07-02T12:46:31.941760Z |
| pysec-2026-316 |
9.8 (3.1)
|
### Summary utils.get_shared_secret() always returns -1 - allows anyone to connect to co… | cobbler | 2026-06-29T11:50:40.621509Z | 2026-07-02T12:46:28.475482Z |
| pysec-2026-312 |
9.8 (3.1)
|
Specific vulnerabilities: * Arbitrary file write in `resource_create` and `package_updat… | ckan | 2026-06-29T11:50:42.696551Z | 2026-07-02T12:46:28.203386Z |
| pysec-2026-290 |
9.8 (3.1)
|
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary… | backend-ai | 2026-06-29T11:50:38.333670Z | 2026-07-02T12:46:26.496828Z |
| pysec-2026-284 |
9.9 (3.1)
|
### Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Da… | aries-cloudagent | 2026-06-29T11:50:41.397353Z | 2026-07-02T12:46:25.890941Z |
| pysec-2026-265 |
9.1 (3.1)
|
## 1. Summary The Binary Stream Capture (BSC) component exposes an unauthenticated HTTP … | ait-core | 2026-06-29T11:50:52.843259Z | 2026-07-02T12:46:24.494788Z |
| pysec-2026-508 |
9.8 (3.1)
9.3 (4.0)
|
# Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions **Published:… | pytorch-lightning | 2026-06-29T11:50:50.913630Z | 2026-07-02T12:33:00Z |
| pysec-2026-432 |
9.8 (3.1)
|
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14… | nova | 2026-06-29T11:50:32.179235Z | 2026-07-02T12:33:00Z |
| pysec-2009-13 |
|
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to… | moin | 2009-04-03T18:30:00Z | 2026-07-02T12:33:00Z |
| pysec-2007-4 |
|
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrar… | plone | 2007-11-07T21:46:00Z | 2026-07-02T12:33:00Z |
| pysec-2026-603 |
8.1 (3.1)
|
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token… | keystone | 2026-05-28T19:16:38.223Z | 2026-07-02T12:26:33.242409Z |
| pysec-2026-602 |
8.0 (3.1)
|
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not… | keystone | 2026-05-01T09:16:17.273Z | 2026-07-02T12:26:33.147876Z |
| ID | Description | Updated |
|---|---|---|
| gsd-2024-33901 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.525896Z |
| gsd-2024-33902 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.486429Z |
| gsd-2024-33885 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.441746Z |
| gsd-2024-33893 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.381761Z |
| gsd-2024-33892 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.378170Z |
| gsd-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pede… | 2024-04-29T05:02:07.295775Z |
| gsd-2024-33898 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.287632Z |
| gsd-2024-33897 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.283756Z |
| gsd-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certa… | 2024-04-29T05:02:07.271727Z |
| gsd-2024-4300 | E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remo… | 2024-04-29T05:02:05.715239Z |
| gsd-2024-4297 | The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlo… | 2024-04-29T05:02:05.700888Z |
| gsd-2024-4302 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.603637Z |
| gsd-2024-33874 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.959238Z |
| gsd-2024-33850 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.952536Z |
| gsd-2024-33856 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.944669Z |
| gsd-2024-33854 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.916266Z |
| gsd-2024-33875 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.862083Z |
| gsd-2024-33858 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.848478Z |
| gsd-2024-33872 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.839468Z |
| gsd-2024-33853 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.825026Z |
| gsd-2024-33863 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.824810Z |
| gsd-2024-33867 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.808129Z |
| gsd-2024-33871 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.800751Z |
| gsd-2024-33862 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.799465Z |
| gsd-2024-33869 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.784255Z |
| gsd-2024-33851 | phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point… | 2024-04-28T05:02:07.732559Z |
| gsd-2024-33879 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.727068Z |
| gsd-2024-4295 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:06.068263Z |
| gsd-2023-52722 | An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER … | 2024-04-28T05:01:28.746814Z |
| gsd-2022-48684 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:00:27.715598Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-6750 | Malicious code in procwire (PyPI) | 2026-07-03T23:38:06Z | 2026-07-04T00:46:41Z |
| mal-2026-6749 | Malicious code in ipa-user-collector (PyPI) | 2026-07-03T22:45:17Z | 2026-07-03T23:53:28Z |
| mal-2026-6748 | Malicious code in haproxy-config-client (PyPI) | 2026-07-03T22:43:15Z | 2026-07-03T23:53:28Z |
| mal-2026-6751 | Malicious code in bytekit (PyPI) | 2026-07-03T23:50:32Z | 2026-07-03T23:50:32Z |
| mal-2026-6753 | Malicious code in schemavault (PyPI) | 2026-07-03T23:47:04Z | 2026-07-03T23:47:04Z |
| mal-2026-6752 | Malicious code in confighub (PyPI) | 2026-07-03T23:44:02Z | 2026-07-03T23:44:02Z |
| mal-2026-5188 | Malicious code in hello244a (npm) | 2026-06-04T20:49:51Z | 2026-07-03T21:55:02Z |
| mal-2026-5396 | Malicious code in @sqlite-node/createsql (npm) | 2026-06-09T15:59:00Z | 2026-07-03T16:47:39Z |
| mal-2026-5395 | Malicious code in @sql-trigger/nodesql (npm) | 2026-06-09T15:46:48Z | 2026-07-03T16:47:39Z |
| mal-2026-5394 | Malicious code in @sql-access/nodesql (npm) | 2026-06-09T15:58:52Z | 2026-07-03T16:47:39Z |
| mal-2026-6209 | Malicious code in @antoncarlos1/nodelamp (npm) | 2026-06-19T15:02:53Z | 2026-07-03T16:47:38Z |
| mal-2026-6746 | Malicious code in typescript-util-core (npm) | 2026-07-03T16:06:55Z | 2026-07-03T16:06:58Z |
| mal-2026-6747 | Malicious code in web-api-node (npm) | 2026-07-03T16:06:55Z | 2026-07-03T16:06:55Z |
| mal-2026-6745 | Malicious code in ts-node-utils (npm) | 2026-07-03T16:06:55Z | 2026-07-03T16:06:55Z |
| mal-2026-6744 | Malicious code in api-ts-utils (npm) | 2026-07-03T16:06:54Z | 2026-07-03T16:06:55Z |
| mal-2026-6743 | Malicious code in api-node-utils (npm) | 2026-07-03T16:06:54Z | 2026-07-03T16:06:55Z |
| mal-2026-6742 | Malicious code in alder_morrgan (npm) | 2026-07-03T16:00:00Z | 2026-07-03T16:00:00Z |
| mal-2026-6741 | Malicious code in @node-cloud/create (npm) | 2026-07-03T15:59:09Z | 2026-07-03T15:59:09Z |
| mal-2026-6739 | Malicious code in @lodash-en/lodash-en (npm) | 2026-07-03T15:44:35Z | 2026-07-03T15:44:36Z |
| mal-2026-6740 | Malicious code in decode-sdks (npm) | 2026-07-03T15:37:44Z | 2026-07-03T15:37:44Z |
| mal-2026-6738 | Malicious code in @jacobtan/decode-sdk (npm) | 2026-07-03T15:37:43Z | 2026-07-03T15:37:44Z |
| mal-2026-6737 | Malicious code in epic-internal-tools (npm) | 2026-07-02T21:32:03Z | 2026-07-02T21:32:03Z |
| mal-2026-6734 | Malicious code in horde-python-client (PyPI) | 2026-07-02T21:23:53Z | 2026-07-02T21:23:53Z |
| mal-2026-6733 | Malicious code in epic-build-scripts (PyPI) | 2026-07-02T21:23:22Z | 2026-07-02T21:23:22Z |
| mal-2026-6735 | Malicious code in ue-python-tools (PyPI) | 2026-07-02T21:22:54Z | 2026-07-02T21:22:54Z |
| mal-2026-6736 | Malicious code in unreal-mladapter (PyPI) | 2026-07-02T21:22:11Z | 2026-07-02T21:22:11Z |
| mal-2026-6730 | Malicious code in ue-automation-scripts (npm) | 2026-07-02T21:20:58Z | 2026-07-02T21:20:58Z |
| mal-2026-6729 | Malicious code in robomerge (npm) | 2026-07-02T21:12:05Z | 2026-07-02T21:12:05Z |
| mal-2026-6732 | Malicious code in unreal-horde-dashboard (npm) | 2026-07-02T21:11:59Z | 2026-07-02T21:11:59Z |
| mal-2026-6731 | Malicious code in ue-jenkins-buildkite (npm) | 2026-07-02T21:11:58Z | 2026-07-02T21:11:58Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-seaweedfs-2026-54917 | SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access | 2026-06-30T23:51:29.287Z | 2026-07-01T00:07:50.168Z |
| bit-rclone-2026-49980 | Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix | 2026-06-30T23:50:55.025Z | 2026-07-01T00:07:50.168Z |
| bit-jre-2025-10911 | Libxslt: use-after-free with key data stored cross-rvt | 2026-05-08T05:46:52.544Z | 2026-07-01T00:07:50.168Z |
| bit-java-2025-10911 | Libxslt: use-after-free with key data stored cross-rvt | 2026-05-06T14:45:14.224Z | 2026-07-01T00:07:50.168Z |
| bit-haproxy-2026-33555 | 2026-06-30T23:39:33.320Z | 2026-07-01T00:07:50.168Z | |
| bit-ghost-2026-53950 | @tryghost/activitypub: XSS in Ghost's ActivityPub client | 2026-06-30T23:39:27.609Z | 2026-07-01T00:07:50.168Z |
| bit-ghost-2026-53949 | Ghost Content API filter bypass reveals private fields | 2026-06-30T23:39:26.128Z | 2026-07-01T00:07:50.168Z |
| bit-ghost-2026-53948 | Ghost: File Upload Content-Type Spoofing | 2026-06-30T23:39:24.628Z | 2026-07-01T00:07:50.168Z |
| bit-ghost-2026-53947 | Ghost: Member existence leak via magic link sign-in response | 2026-06-30T23:39:23.088Z | 2026-07-01T00:07:50.168Z |
| bit-ghost-2026-53946 | Ghost: Mobiledoc image-size fetch SSRF | 2026-06-30T23:39:21.576Z | 2026-07-01T00:07:50.168Z |
| bit-ghost-2026-53945 | Ghost: Server-side request forgery via DNS rebinding in external request handling | 2026-06-30T23:39:20.070Z | 2026-07-01T00:07:50.168Z |
| bit-ghost-2026-53944 | Ghost: Private IP filtering bypass to make server-side requests to internal services | 2026-06-30T23:39:18.559Z | 2026-07-01T00:07:50.168Z |
| bit-ghost-2026-53943 | Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header | 2026-06-30T23:39:17.098Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-48743 | Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length | 2026-06-30T23:39:39.412Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-48706 | Envoy Heap Buffer Overflow in TcpStatsdSink | 2026-06-30T23:39:38.029Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-48497 | Envoy: Abnormal process termination in DNS UDP filter | 2026-06-30T23:39:36.641Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-48090 | Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk) | 2026-06-30T23:39:35.098Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-48044 | Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion | 2026-06-30T23:39:33.609Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-48042 | Envoy: Stack overflow in destructor of highly nested JSON | 2026-06-30T23:39:32.025Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-47778 | Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass) | 2026-06-30T23:39:30.542Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-47775 | Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption | 2026-06-30T23:39:29.055Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-47220 | Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format | 2026-06-30T23:39:23.144Z | 2026-07-01T00:07:50.168Z |
| bit-envoy-2026-47205 | Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides | 2026-06-30T23:39:20.226Z | 2026-07-01T00:07:50.168Z |
| bit-appsmith-2026-49979 | Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter | 2026-06-30T23:35:48.224Z | 2026-07-01T00:07:50.168Z |
| bit-grafana-2026-42127 | Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler | 2026-06-26T08:43:07.401Z | 2026-06-29T14:45:12.993Z |
| bit-python-2026-11972 | tarfile opened in streaming mode mishandles EOF | 2026-06-29T11:14:51.652Z | 2026-06-29T11:33:52.451Z |
| bit-python-2026-11940 | tarfile extraction filter bypass allows escaping the destination directory | 2026-06-29T11:14:50.493Z | 2026-06-29T11:33:52.451Z |
| bit-python-2026-0864 | Configuration Injection via Carriage Return (\r) in write() method | 2026-06-29T11:14:48.032Z | 2026-06-29T11:33:52.451Z |
| bit-libpython-2026-11972 | tarfile opened in streaming mode mishandles EOF | 2026-06-29T11:10:24.594Z | 2026-06-29T11:33:52.451Z |
| bit-libpython-2026-11940 | tarfile extraction filter bypass allows escaping the destination directory | 2026-06-29T11:10:23.524Z | 2026-06-29T11:33:52.451Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-wa48911 | authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users | 2026-06-11T00:51:16.571546Z | 2026-06-10T14:18:06Z |
| cleanstart-2026-kv53168 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU | 2026-06-11T00:37:12.717829Z | 2026-06-10T12:58:45Z |
| cleanstart-2026-xw33274 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU | 2026-06-11T00:37:12.627665Z | 2026-06-10T12:56:13Z |
| cleanstart-2026-lo88261 | Within HostnameError | 2026-06-11T00:37:42.858635Z | 2026-06-10T12:54:57Z |
| cleanstart-2026-gu65783 | Within HostnameError | 2026-06-11T00:37:42.823413Z | 2026-06-10T12:53:55Z |
| cleanstart-2026-nm83456 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python | 2026-06-11T00:58:47.477773Z | 2026-06-10T12:40:12Z |
| cleanstart-2026-kn74022 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU | 2026-06-11T00:37:42.722881Z | 2026-06-10T12:36:28Z |
| cleanstart-2026-yp53663 | Security fixes for ghsa-m5vv-6r4h-3vj9 applied in versions: 1.8.1-r2 | 2026-06-11T00:37:43.523332Z | 2026-06-10T12:34:40Z |
| cleanstart-2026-jy46135 | Security fixes for ghsa-m5vv-6r4h-3vj9 applied in versions: 0.12.0-r3 | 2026-06-11T00:37:43.592316Z | 2026-06-10T12:33:26Z |
| cleanstart-2026-xc13942 | Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service | 2026-06-11T00:53:46.780652Z | 2026-06-10T12:31:48Z |
| cleanstart-2026-ym13650 | Netty is an asynchronous, event-driven network application framework | 2026-06-11T00:38:12.802983Z | 2026-06-10T11:02:26Z |
| cleanstart-2026-hw72470 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-06-11T00:40:14.004644Z | 2026-06-10T11:02:26Z |
| cleanstart-2026-gb30250 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-06-11T00:37:44.484382Z | 2026-06-10T11:02:26Z |
| cleanstart-2026-cc73064 | In Eclipse Jetty, the HTTP/1 | 2026-06-11T00:40:13.261602Z | 2026-06-10T11:02:26Z |
| cleanstart-2026-ao11810 | Netty is an asynchronous, event-driven network application framework | 2026-06-11T00:41:43.575059Z | 2026-06-10T11:02:26Z |
| cleanstart-2026-ok35650 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ... | 2026-06-11T00:41:13.291496Z | 2026-06-10T10:37:02Z |
| cleanstart-2026-bm78291 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU | 2026-06-11T00:59:17.738426Z | 2026-06-10T10:16:46Z |
| cleanstart-2026-sq76279 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU | 2026-06-11T00:58:17.245789Z | 2026-06-10T10:10:23Z |
| cleanstart-2026-eg39405 | Netty is an asynchronous, event-driven network application framework | 2026-06-11T01:01:54.682665Z | 2026-06-10T07:43:19Z |
| cleanstart-2026-eu52554 | In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files | 2026-06-10T01:02:24.789269Z | 2026-06-09T13:34:51Z |
| cleanstart-2026-tl44561 | (*x509 | 2026-06-10T00:38:54.116504Z | 2026-06-09T13:30:46Z |
| cleanstart-2026-my46883 | (*x509 | 2026-06-10T00:38:54.111064Z | 2026-06-09T13:30:06Z |
| cleanstart-2026-bd44609 | On Unix platforms, when listing the contents of a directory using File | 2026-06-10T00:39:54.267778Z | 2026-06-09T12:29:26Z |
| cleanstart-2026-xg53366 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-06-10T00:38:54.873637Z | 2026-06-09T11:22:37Z |
| cleanstart-2026-vg07087 | In Eclipse Jetty, the HTTP/1 | 2026-06-10T00:43:24.120927Z | 2026-06-09T11:22:37Z |
| cleanstart-2026-lb01734 | Netty is an asynchronous, event-driven network application framework | 2026-06-10T00:39:24.166306Z | 2026-06-09T11:22:37Z |
| cleanstart-2026-jr82778 | Netty is an asynchronous, event-driven network application framework | 2026-06-10T00:41:54.655147Z | 2026-06-09T11:22:37Z |
| cleanstart-2026-la96053 | ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label | 2026-06-10T00:57:24.592105Z | 2026-06-09T10:09:47Z |
| cleanstart-2026-rf77222 | ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label | 2026-06-10T01:02:24.689199Z | 2026-06-09T10:08:47Z |
| cleanstart-2026-en66750 | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing | 2026-06-10T00:46:54.779122Z | 2026-06-09T08:06:55Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2026-069 | 2026-07-01T17:24:05.000Z | 2026-07-01T18:36:44.000Z | |
| drupal-contrib-2026-068 | 2026-07-01T17:22:46.000Z | 2026-07-01T17:22:46.000Z | |
| drupal-contrib-2026-067 | 2026-07-01T17:21:57.000Z | 2026-07-01T17:21:57.000Z | |
| drupal-contrib-2026-066 | 2026-07-01T17:21:09.000Z | 2026-07-01T17:21:09.000Z | |
| drupal-contrib-2026-065 | 2026-07-01T17:20:16.000Z | 2026-07-01T17:20:16.000Z | |
| drupal-contrib-2026-064 | 2026-06-26T15:27:49.000Z | 2026-06-26T15:56:05.000Z | |
| drupal-contrib-2026-058 | 2026-06-24T18:40:07.000Z | 2026-06-25T07:10:08.000Z | |
| drupal-contrib-2026-063 | 2026-06-24T18:48:15.000Z | 2026-06-24T18:48:15.000Z | |
| drupal-contrib-2026-062 | 2026-06-24T18:46:12.000Z | 2026-06-24T18:46:12.000Z | |
| drupal-contrib-2026-061 | 2026-06-24T18:43:16.000Z | 2026-06-24T18:43:16.000Z | |
| drupal-contrib-2026-060 | 2026-06-24T18:42:30.000Z | 2026-06-24T18:42:30.000Z | |
| drupal-contrib-2026-059 | 2026-06-24T18:40:57.000Z | 2026-06-24T18:40:57.000Z | |
| drupal-contrib-2026-057 | 2026-06-24T18:39:24.000Z | 2026-06-24T18:39:24.000Z | |
| drupal-contrib-2026-056 | 2026-06-24T18:38:33.000Z | 2026-06-24T18:38:33.000Z | |
| drupal-contrib-2026-055 | 2026-06-24T18:37:45.000Z | 2026-06-24T18:37:45.000Z | |
| drupal-contrib-2026-054 | 2026-06-24T18:36:54.000Z | 2026-06-24T18:36:54.000Z | |
| drupal-contrib-2026-053 | 2026-06-24T18:36:06.000Z | 2026-06-24T18:36:06.000Z | |
| drupal-contrib-2026-052 | 2026-06-24T18:35:16.000Z | 2026-06-24T18:35:16.000Z | |
| drupal-contrib-2026-051 | 2026-06-24T18:32:15.000Z | 2026-06-24T18:32:15.000Z | |
| drupal-contrib-2026-050 | 2026-06-17T18:40:21.000Z | 2026-06-17T18:40:21.000Z | |
| drupal-contrib-2026-049 | 2026-06-17T18:39:26.000Z | 2026-06-17T18:39:26.000Z | |
| drupal-contrib-2026-048 | 2026-06-17T18:38:38.000Z | 2026-06-17T18:38:38.000Z | |
| drupal-contrib-2026-047 | 2026-06-10T17:10:26.000Z | 2026-06-10T17:10:26.000Z | |
| drupal-contrib-2026-046 | 2026-06-10T17:09:45.000Z | 2026-06-10T17:09:45.000Z | |
| drupal-contrib-2026-045 | 2026-06-10T17:08:53.000Z | 2026-06-10T17:08:53.000Z | |
| drupal-contrib-2026-044 | 2026-06-10T17:07:55.000Z | 2026-06-10T17:07:55.000Z | |
| drupal-contrib-2026-043 | 2026-06-10T17:07:12.000Z | 2026-06-10T17:07:12.000Z | |
| drupal-contrib-2026-040 | 2026-06-03T16:11:51.000Z | 2026-06-03T19:47:39.000Z | |
| drupal-contrib-2026-042 | 2026-06-03T16:14:56.000Z | 2026-06-03T16:14:56.000Z | |
| drupal-contrib-2026-041 | 2026-06-03T16:13:55.000Z | 2026-06-03T16:13:55.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|---|---|
| ts-2026-003 | TS-2026-003 | 2026-05-29T00:00 |
| ts-2026-002 | TS-2026-002 | 2026-05-13T00:00 |
| ts-2026-001 | TS-2026-001 | 2026-01-15T00:00 |
| ts-2025-008 | TS-2025-008 | 2025-11-19T00:00 |
| ts-2025-007 | TS-2025-007 | 2025-11-07T00:00 |
| ts-2025-006 | TS-2025-006 | 2025-10-28T00:00 |
| ts-2025-005 | TS-2025-005 | 2025-08-07T00:00 |
| ts-2025-004 | TS-2025-004 | 2025-05-27T00:00 |
| ts-2025-003 | TS-2025-003 | 2025-05-21T00:00 |
| ts-2025-002 | TS-2025-002 | 2025-05-15T00:00 |
| ts-2025-001 | TS-2025-001 | 2025-03-07T00:00 |
| ts-2024-013 | TS-2024-013 | 2024-12-04T00:00 |
| ts-2024-012 | TS-2024-012 | 2024-10-02T00:00 |
| ts-2024-011 | TS-2024-011 | 2024-07-22T00:00 |
| ts-2024-010 | TS-2024-010 | 2024-07-19T00:00 |
| ts-2024-009 | TS-2024-009 | 2024-06-27T00:00 |
| ts-2024-008 | TS-2024-008 | 2024-06-14T00:00 |
| ts-2024-007 | TS-2024-007 | 2024-06-12T00:00 |
| ts-2024-006 | TS-2024-006 | 2024-05-22T00:00 |
| ts-2024-005 | TS-2024-005 | 2024-05-08T00:00 |
| ts-2024-004 | TS-2024-004 | 2024-05-06T00:00 |
| ts-2024-003 | TS-2024-003 | 2024-04-23T00:00 |
| ts-2024-002 | TS-2024-002 | 2024-01-30T00:00 |
| ts-2024-001 | TS-2024-001 | 2024-01-08T00:00 |
| ts-2023-009 | TS-2023-009 | 2023-12-22T00:00 |
| ts-2023-008 | TS-2023-008 | 2023-11-01T00:00 |
| ts-2023-007 | TS-2023-007 | 2023-10-26T00:00 |
| ts-2023-006 | TS-2023-006 | 2023-08-22T00:00 |
| ts-2023-005 | TS-2023-005 | 2023-04-28T00:00 |
| ts-2023-004 | TS-2023-004 | 2023-04-04T00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-25470 | WordPress插件Formidable Kinetic跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25465 | WordPress插件Firebase Support and Chat Management存在未明漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25456 | WordPress插件Felan Framework跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25450 | WordPress插件Events In City跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25444 | WordPress插件Endless Scroll跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25438 | WordPress插件Easy Prism Syntax Highlighter跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25434 | WordPress插件Dideo跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25433 | WordPress插件Cryptocurrency Prijsvergelijking Widget跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25432 | WordPress插件Content Slideshow跨站脚本漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25431 | WordPress插件CM Ad Changer跨站请求伪造漏洞 | 2026-05-29 | 2026-06-26 |
| cnvd-2026-25396 | NVIDIA Display Driver拒绝服务漏洞 | 2026-05-29 | 2026-06-25 |
| cnvd-2026-25395 | NVIDIA DALI堆缓冲区溢出漏洞 | 2026-06-11 | 2026-06-25 |
| cnvd-2026-25394 | NVIDIA NeMo Framework反序列化漏洞(CNVD-2026-25394) | 2026-06-22 | 2026-06-25 |
| cnvd-2026-25393 | NVIDIA NeMo Framework任意代码执行漏洞 | 2026-06-22 | 2026-06-25 |
| cnvd-2026-25389 | Huawei HarmonyOS缓冲区溢出漏洞(CNVD-2026-25389) | 2023-11-06 | 2026-06-25 |
| cnvd-2026-25388 | Huawei HarmonyOS授权问题漏洞(CNVD-2026-25388) | 2023-12-07 | 2026-06-25 |
| cnvd-2026-25136 | Online Product Reservation System /left_cart.php文件SQL注入漏洞 | 2026-01-09 | 2026-06-25 |
| cnvd-2026-25135 | Tenda W15E formPortalAuth函数缓冲区溢出漏洞 | 2026-06-11 | 2026-06-25 |
| cnvd-2026-25134 | Textpattern CMS文件上传漏洞 | 2026-05-18 | 2026-06-25 |
| cnvd-2026-25133 | CouchCMS跨站脚本漏洞 | 2026-05-20 | 2026-06-25 |
| cnvd-2026-25132 | Cisco Integrated Management Controller命令注入漏洞 | 2026-04-10 | 2026-06-25 |
| cnvd-2026-25131 | Cisco IoT Field Network Director路径遍历漏洞 | 2026-05-07 | 2026-06-25 |
| cnvd-2026-25130 | Cisco IoT Field Network Director命令注入漏洞 | 2026-05-07 | 2026-06-25 |
| cnvd-2026-25129 | Cisco Enterprise Chat and Email跨站脚本漏洞 | 2026-05-07 | 2026-06-25 |
| cnvd-2026-25128 | Cisco Catalyst SD-WAN Manager XML外部实体注入漏洞 | 2026-05-20 | 2026-06-25 |
| cnvd-2026-25127 | Cisco ThousandEyes Enterprise Agent BrowserBot组件命令注入漏洞 | 2026-05-21 | 2026-06-25 |
| cnvd-2026-25126 | Cisco Secure Workload访问控制错误漏洞 | 2026-05-21 | 2026-06-25 |
| cnvd-2026-25125 | Cisco Webex Meetings跨站脚本漏洞(CNVD-2026-25125) | 2026-06-04 | 2026-06-25 |
| cnvd-2026-25142 | Zyxel DX3301-T0资源管理错误漏洞 | 2025-11-20 | 2026-06-24 |
| cnvd-2026-25141 | Zyxel DX3300-T0操作系统命令注入漏洞 | 2025-11-20 | 2026-06-24 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01844 | Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01843 | Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01842 | Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01841 | Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01840 | Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01839 | Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01838 | Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01837 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01836 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01835 | Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01834 | Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01833 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01832 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01831 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01830 | Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01829 | Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01827 | Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01826 | Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01825 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01824 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01823 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01822 | Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01821 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01820 | Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01819 | Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01818 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01817 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01816 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01815 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… | 16.02.2026 | 16.02.2026 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0829 | Multiples vulnérabilités dans Google Chrome | 2026-07-02T00:00:00.000000 | 2026-07-02T00:00:00.000000 |
| certfr-2026-avi-0828 | Vulnérabilité dans CPython | 2026-07-02T00:00:00.000000 | 2026-07-02T00:00:00.000000 |
| certfr-2026-avi-0827 | Multiples vulnérabilités dans Mozilla Thunderbird | 2026-07-02T00:00:00.000000 | 2026-07-02T00:00:00.000000 |
| certfr-2026-avi-0826 | Multiples vulnérabilités dans les produits Elastic | 2026-07-02T00:00:00.000000 | 2026-07-02T00:00:00.000000 |
| certfr-2026-avi-0825 | Multiples vulnérabilités dans les produits Cisco | 2026-07-02T00:00:00.000000 | 2026-07-02T00:00:00.000000 |
| certfr-2026-avi-0824 | Multiples vulnérabilités dans ClamAV | 2026-07-02T00:00:00.000000 | 2026-07-02T00:00:00.000000 |
| certfr-2026-avi-0823 | Multiples vulnérabilités dans Traefik | 2026-07-02T00:00:00.000000 | 2026-07-02T00:00:00.000000 |
| certfr-2026-avi-0822 | Multiples vulnérabilités dans les produits Citrix | 2026-07-01T00:00:00.000000 | 2026-07-01T00:00:00.000000 |
| certfr-2026-avi-0821 | Multiples vulnérabilités dans Adobe ColdFusion | 2026-07-01T00:00:00.000000 | 2026-07-01T00:00:00.000000 |
| certfr-2026-avi-0820 | Vulnérabilité dans Mozilla Firefox | 2026-07-01T00:00:00.000000 | 2026-07-01T00:00:00.000000 |
| certfr-2026-avi-0819 | Multiples vulnérabilités dans Synology MailPlus Server | 2026-06-30T00:00:00.000000 | 2026-06-30T00:00:00.000000 |
| certfr-2026-avi-0818 | Multiples vulnérabilités dans les produits Apple | 2026-06-30T00:00:00.000000 | 2026-06-30T00:00:00.000000 |
| certfr-2026-avi-0817 | Multiples vulnérabilités dans Apache Tomcat | 2026-06-30T00:00:00.000000 | 2026-06-30T00:00:00.000000 |
| certfr-2026-avi-0816 | Multiples vulnérabilités dans Stormshield Management Center | 2026-06-29T00:00:00.000000 | 2026-06-29T00:00:00.000000 |
| certfr-2026-avi-0815 | Multiples vulnérabilités dans KeyCloak | 2026-06-29T00:00:00.000000 | 2026-06-29T00:00:00.000000 |
| certfr-2026-avi-0814 | Vulnérabilité dans HAProxy | 2026-06-29T00:00:00.000000 | 2026-06-29T00:00:00.000000 |
| certfr-2026-avi-0813 | Multiples vulnérabilités dans Mattermost Server | 2026-06-29T00:00:00.000000 | 2026-06-29T00:00:00.000000 |
| certfr-2026-avi-0812 | Multiples vulnérabilités dans Microsoft Azure Linux | 2026-06-29T00:00:00.000000 | 2026-06-29T00:00:00.000000 |
| certfr-2026-avi-0811 | Multiples vulnérabilités dans Microsoft Edge | 2026-06-29T00:00:00.000000 | 2026-06-29T00:00:00.000000 |
| certfr-2026-avi-0810 | Multiples vulnérabilités dans les produits IBM | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0809 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0808 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0807 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0806 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0805 | Multiples vulnérabilités dans Asterisk | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0804 | Multiples vulnérabilités dans Tenable Nessus | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0803 | Multiples vulnérabilités dans Google Chrome | 2026-06-26T00:00:00.000000 | 2026-06-26T00:00:00.000000 |
| certfr-2026-avi-0802 | Multiples vulnérabilités dans Microsoft Azure Linux | 2026-06-25T00:00:00.000000 | 2026-06-25T00:00:00.000000 |
| certfr-2026-avi-0801 | Multiples vulnérabilités dans Google Chrome | 2026-06-25T00:00:00.000000 | 2026-06-25T00:00:00.000000 |
| certfr-2026-avi-0800 | Multiples vulnérabilités dans CPython | 2026-06-25T00:00:00.000000 | 2026-06-25T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-ale-003 | Note d’alerte – Ciblage des messageries instantanées | 2026-03-20T00:00:00.000000 | 2026-06-18T00:00:00.000000 |
| certfr-2026-ale-005 | [Màj] Vulnérabilité dans Microsoft Exchange Server | 2026-05-15T00:00:00.000000 | 2026-06-11T00:00:00.000000 |
| certfr-2026-ale-004 | Vulnérabilité dans F5 BIG-IP Access Policy Manager | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-ale-002 | [MàJ] Vulnérabilité dans Cisco Catalyst SD-WAN | 2026-02-25T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-09T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-12-09T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-03T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-01-14T00:00:00.000000 | 2025-05-07T00:00:00.000000 |
| certfr-2025-ale-001 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-01-09T00:00:00.000000 | 2025-05-07T00:00:00.000000 |
| certfr-2024-ale-014 | [MàJ] Multiples vulnérabilités dans Fortinet FortiManager | 2024-10-23T00:00:00.000000 | 2025-03-31T00:00:00.000000 |
| certfr-2024-ale-013 | Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) | 2024-10-22T00:00:00.000000 | 2025-03-31T00:00:00.000000 |
| certfr-2024-ale-015 | [MàJ] Multiples vulnérabilités sur l'interface d'administration des équipements Palo Alto Networks | 2024-11-15T00:00:00.000000 | 2025-01-27T00:00:00.000000 |
| certfr-2024-ale-012 | [MàJ] Vulnérabilités affectant OpenPrinting CUPS | 2024-09-27T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-011 | Vulnérabilité dans SonicWall | 2024-09-10T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-010 | Multiples vulnérabilités dans Roundcube | 2024-08-09T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-009 | Vulnérabilité dans OpenSSH | 2024-07-01T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-008 | [MàJ] Vulnérabilité dans les produits Check Point | 2024-05-30T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-007 | Multiples vulnérabilités dans les produits Cisco | 2024-04-25T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-006 | [MàJ] Vulnérabilité dans Palo Alto Networks GlobalProtect | 2024-04-12T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-004 | [MàJ] Vulnérabilité dans Fortinet FortiOS | 2024-02-09T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2026-521 | UNKNOWN READ in unsigned long Assimp::StreamReader<true, true>::Get<unsigned long> | 2026-04-04T00:05:03.478370Z | 2026-07-03T14:33:49.012945Z |
| osv-2024-679 | Heap-buffer-overflow in readImage4v2 | 2024-07-25T00:14:34.485446Z | 2026-07-03T14:30:45.965049Z |
| osv-2023-307 | Heap-buffer-overflow in bit_read_BB | 2023-04-13T14:02:09.774988Z | 2026-07-03T14:29:50.647286Z |
| osv-2022-714 | Heap-buffer-overflow in dynapi_set_helper | 2022-08-15T00:00:47.794062Z | 2026-07-03T14:28:06.190186Z |
| osv-2023-800 | Heap-buffer-overflow in XCFImageFormat::loadTileRLE | 2023-09-07T14:00:27.693270Z | 2026-07-03T14:26:48.988394Z |
| osv-2023-55 | Index-out-of-bounds in LibRaw::apply_tiff | 2023-02-07T13:00:07.438565Z | 2026-07-03T14:26:43.914162Z |
| osv-2022-653 | Heap-double-free in dwg_free_common_entity_data | 2022-07-30T00:01:52.491112Z | 2026-07-03T14:26:30.753720Z |
| osv-2022-379 | Segv on unknown address in bit_write_TV | 2022-04-27T00:00:44.539231Z | 2026-07-03T14:25:41.977091Z |
| osv-2022-372 | Heap-buffer-overflow in dwg_encode_VERTEX_2D | 2022-04-26T00:00:09.352798Z | 2026-07-03T14:25:39.667564Z |
| osv-2022-400 | Heap-double-free in dwg_free_XRECORD_private | 2022-05-08T00:00:40.782520Z | 2026-07-03T14:25:30.517073Z |
| osv-2022-388 | Segv on unknown address in dwg_ref_get_object | 2022-05-01T00:01:54.904711Z | 2026-07-03T14:25:20.846223Z |
| osv-2022-1176 | Heap-double-free in dwg_free | 2022-11-18T13:00:26.857477Z | 2026-07-03T14:25:19.477988Z |
| osv-2022-1198 | Heap-buffer-overflow in dwg_json_LTYPE | 2022-11-23T13:02:06.623044Z | 2026-07-03T14:25:08.407786Z |
| osv-2022-1259 | Heap-buffer-overflow in dwg_decode_INSERT_private | 2022-12-13T13:00:46.870838Z | 2026-07-03T14:25:06.327217Z |
| osv-2021-1343 | Heap-buffer-overflow in get_next_owned_entity | 2021-09-21T00:01:33.177403Z | 2026-07-03T14:24:50.304929Z |
| osv-2021-1086 | Heap-buffer-overflow in dwg_convert_SAB_to_SAT1 | 2021-08-02T00:00:31.888461Z | 2026-07-03T14:24:47.299427Z |
| osv-2022-1018 | Index-out-of-bounds in LibRaw::kodak_radc_load_raw | 2022-10-06T00:02:27.511658Z | 2026-07-03T14:21:32.924619Z |
| osv-2021-948 | Use-of-uninitialized-value in residual_coding | 2021-07-10T00:01:12.890029Z | 2026-07-03T14:21:32.786484Z |
| osv-2021-735 | Use-of-uninitialized-value in decode_CABAC_FL_bypass | 2021-05-08T00:00:14.355747Z | 2026-07-03T14:21:28.344483Z |
| osv-2020-876 | Use-of-uninitialized-value in XCFImageFormat::mergeRGBToRGB | 2020-07-14T22:13:55.541274Z | 2026-07-03T14:21:12.031817Z |
| osv-2021-525 | Use-of-uninitialized-value in void edge_filtering_chroma_internal<unsigned char> | 2021-03-16T00:00:19.176877Z | 2026-07-03T14:21:10.014691Z |
| osv-2022-94 | Heap-buffer-overflow in cli_strlcat | 2022-01-27T00:02:12.465969Z | 2026-07-02T14:18:53.169872Z |
| osv-2022-636 | UNKNOWN READ in fp_cmp_mag | 2022-07-27T00:00:35.300337Z | 2026-07-02T14:18:38.394740Z |
| osv-2022-725 | Heap-buffer-overflow in jxl::N_EMU128::WriteToU8Stage::ProcessRow | 2022-08-18T00:01:05.918943Z | 2026-07-02T14:15:24.884839Z |
| osv-2022-608 | Heap-use-after-free in jxl::WriteToPixelCallbackStage::ProcessRow | 2022-07-21T00:01:50.967627Z | 2026-07-02T14:14:37.672111Z |
| osv-2022-1068 | UNKNOWN READ in fp_cmp_mag | 2022-10-21T00:00:11.246872Z | 2026-07-02T14:14:24.006556Z |
| osv-2023-1328 | Stack-buffer-overflow in icu_75::TZDBTimeZoneNames::getMetaZoneNames | 2023-12-18T00:13:09.643640Z | 2026-07-01T17:45:35.791405Z |
| osv-2026-987 | Index-out-of-bounds in print_insn_tic6x | 2026-06-28T00:11:41.291924Z | 2026-06-30T17:41:55.689855Z |
| osv-2026-995 | Heap-double-free in dxf_entities_read | 2026-06-29T00:21:08.898692Z | 2026-06-30T14:52:30.093783Z |
| osv-2026-973 | Heap-buffer-overflow in bfd_getl16 | 2026-06-27T00:10:11.183882Z | 2026-06-29T20:05:30.805716Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2026-0198 | `Report::frames_mut` allows aliased mutable references | 2026-07-03T12:00:00Z | 2026-07-03T14:33:41Z |
| rustsec-2026-0197 | `Matrix{2,3,4}::swap_columns` can trigger undefined behavior for identical indices | 2026-03-11T12:00:00Z | 2026-07-03T13:44:38Z |
| rustsec-2026-0196 | `cgmath` is unmaintained | 2026-07-01T12:00:00Z | 2026-07-03T13:44:38Z |
| rustsec-2026-0151 | Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms | 2026-05-29T12:00:00Z | 2026-07-03T06:12:08Z |
| rustsec-2026-0195 | Unbounded namespace-declaration allocation in `NsReader` enables memory-exhaustion denial of service | 2026-06-29T12:00:00Z | 2026-07-02T08:52:02Z |
| rustsec-2026-0194 | Quadratic run time when checking a start tag for duplicate attribute names | 2026-06-29T12:00:00Z | 2026-07-02T07:59:25Z |
| rustsec-2025-0166 | Multiple soundness issues in `stackvector` | 2025-10-23T12:00:00Z | 2026-07-02T07:59:25Z |
| rustsec-2026-0193 | mXSS in ammonia via MathML `annotation-xml` encoding strip | 2026-06-30T12:00:00Z | 2026-07-01T05:03:44Z |
| rustsec-2026-0189 | DNS rebinding vulnerability in rmcp Streamable HTTP server transport | 2026-04-29T12:00:00Z | 2026-06-30T07:16:56Z |
| rustsec-2026-0192 | `ttf-parser` is unmaintained | 2026-06-28T12:00:00Z | 2026-06-29T20:59:47Z |
| rustsec-2025-0165 | i_tree allowed out-of-bounds access through safe public node accessors | 2025-07-04T12:00:00Z | 2026-06-29T15:03:09Z |
| rustsec-2026-0191 | `EbpfVm::invoke_function` performs out-of-bounds pointer arithmetic | 2026-05-28T12:00:00Z | 2026-06-29T14:39:58Z |
| rustsec-2026-0190 | Unsoundness in `Error::downcast_mut()` | 2026-06-25T12:00:00Z | 2026-06-29T14:05:53Z |
| rustsec-2026-0188 | WASI hard links and renames bypass wasmtime-wasi's FilePerms for destination | 2026-06-24T12:00:00Z | 2026-06-29T12:36:02Z |
| rustsec-2026-0187 | Stack overflow in lopdf via deeply nested PDF objects | 2026-06-21T12:00:00Z | 2026-06-26T09:58:24Z |
| rustsec-2025-0164 | `DTriangle` accessors may read out of bounds in affected versions | 2025-04-24T12:00:00Z | 2026-06-23T11:22:47Z |
| rustsec-2026-0186 | Unchecked pointer offset in crate `memmap2` | 2026-06-20T12:00:00Z | 2026-06-22T18:11:20Z |
| rustsec-2026-0185 | Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly | 2026-06-22T12:00:00Z | 2026-06-22T18:11:20Z |
| rustsec-2022-0104 | `structopt` is in maintenance mode | 2022-02-08T12:00:00Z | 2026-06-22T09:22:04Z |
| rustsec-2026-0184 | Potential undefined behavior with Signature from a buffer-created BlameHunk | 2026-05-13T12:00:00Z | 2026-06-17T13:50:20Z |
| rustsec-2026-0183 | Potential undefined behavior when calling Remote::list() | 2026-05-12T12:00:00Z | 2026-06-17T12:56:48Z |
| rustsec-2026-0182 | Leak in WASIp1 `fd_renumber` implementation | 2026-06-15T12:00:00Z | 2026-06-15T23:29:39Z |
| rustsec-2026-0181 | DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths | 2026-06-06T12:00:00Z | 2026-06-13T08:34:52Z |
| rustsec-2026-0177 | Missing `Sync` bound on `PyCFunction::new_closure` closures | 2026-06-11T12:00:00Z | 2026-06-13T06:16:34Z |
| rustsec-2026-0176 | Out-of-bounds read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators | 2026-06-11T12:00:00Z | 2026-06-13T06:16:34Z |
| rustsec-2026-0180 | Panic decoding a malformed `hstore` value allows denial of service | 2026-06-12T12:00:00Z | 2026-06-12T17:27:58Z |
| rustsec-2026-0179 | Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service | 2026-06-12T12:00:00Z | 2026-06-12T17:27:58Z |
| rustsec-2026-0178 | Panic on a `DataRow` with fewer fields than columns allows denial of service | 2026-06-12T12:00:00Z | 2026-06-12T17:27:58Z |
| rustsec-2021-0156 | Triton VM Soundness Vulnerability due to Missing Constraint | 2021-06-11T12:00:00Z | 2026-06-11T11:35:08Z |
| rustsec-2026-0175 | `onering` 1.4.1 was removed from crates.io for malicious code | 2026-06-10T12:00:00Z | 2026-06-10T19:02:16Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osec-2026-05 | Windows command execution via filename quotes. | 2026-06-18T13:45:00Z | 2026-06-18T13:45:00Z |
| osec-2026-04 | Bigarray.reshape integer overflow | 2026-06-18T13:20:00Z | 2026-06-18T13:20:00Z |
| osec-2026-09 | Albatross-console memory exhaustion | 2026-05-28T08:59:44Z | |
| osec-2026-08 | Path traversal vulnerability in ocaml-tar | 2026-05-22T20:55:00Z | 2026-05-22T20:55:00Z |
| osec-2026-07 | TLS-server does insufficient client certificate checks (missing KeyUsage and ExtendedKeyUsage validation) | 2026-05-20T13:50:00Z | 2026-05-20T13:50:00Z |
| osec-2026-06 | TLS-client (with TLS 1.3) does insufficient certificate checks (missing KeyUsage and ExtendedKeyUsage validation) | 2026-05-20T13:50:00Z | 2026-05-20T13:50:00Z |
| osec-2026-03 | opam install sandbox escape | 2026-04-15T22:00:00Z | 2026-04-16T21:00:00Z |
| osec-2026-01 | Buffer Over-Read in OCaml Marshal Deserialization | 2026-02-17T13:30:00Z | 2026-02-27T09:30:00Z |
| osec-2026-02 | ARP unbounded memory usage | 2026-02-18T10:30:00Z | 2026-02-18T10:30:00Z |
| osec-2022-01 | Infinite loop in console output on xen | 2022-12-07T00:00:00Z | 2026-02-18T09:30:00Z |
| osec-2025-01 | Albatross console out of memory | 2025-08-15T00:18:22Z | 2026-01-13T12:00:00Z |
| osec-2019-02 | Grant unshare vulnerability in mirage-xen | 2019-04-26T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2019-01 | Memory disclosure in mirage-net-xen | 2019-03-21T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2016-02 | Memory disclosure in mirage-net-xen | 2016-05-03T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2023-01 | Time of check time of use issue in opam's cache | 2023-05-25T12:00:00Z | 2026-01-09T12:00:00Z |
| osec-2016-01 | Buffer overflow and information leak in OCaml < 4.03.0 | 2016-04-29T00:18:22Z | 2026-01-01T12:00:00Z |
| osec-2018-01 | An integer overflow in the `bigarray` serialization module leads to arbitrary code execution | 2018-04-06T18:29:00Z | 2025-12-16T12:00:00Z |
| osec-2017-01 | Local privilege escalation issue with ocaml binaries | 2017-06-23T15:19:47Z | 2025-12-16T12:00:00Z |