Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27199 |
6.3 (4.0)
|
Werkzeug safe_join() allows Windows special device names |
pallets |
werkzeug |
2026-02-21T05:15:53.335Z | 2026-02-24T19:02:19.689Z |
| CVE-2026-3131 |
N/A
|
Improper access control in multiple DVLS REST AP… |
Devolutions |
Server |
2026-02-24T19:01:29.096Z | 2026-02-24T19:01:29.096Z |
| CVE-2026-27198 |
8.8 (3.1)
|
Formwork Improperly Manages Privileges During User Creation |
getformwork |
formwork |
2026-02-21T05:11:42.535Z | 2026-02-24T19:01:22.284Z |
| CVE-2026-1768 |
N/A
|
A permission cache poisoning vulnerability in Dev… |
Devolutions |
Devolutions Server |
2026-02-24T19:01:07.640Z | 2026-02-24T19:01:07.640Z |
| CVE-2026-27477 |
4.6 (4.0)
|
Mastodon has SSRF via unvalidated FASP Provider base_url |
mastodon |
mastodon |
2026-02-24T19:00:20.590Z | 2026-02-24T19:00:20.590Z |
| CVE-2026-27197 |
9.1 (3.1)
|
Sentry: Improper Authentication on SAML SSO process al… |
getsentry |
sentry |
2026-02-21T04:35:14.635Z | 2026-02-24T19:00:07.663Z |
| CVE-2026-27196 |
8.1 (3.1)
|
Statamic affected by privilege escalation via stored C… |
statamic |
cms |
2026-02-21T04:30:05.184Z | 2026-02-24T18:59:19.390Z |
| CVE-2026-27194 |
8.1 (4.0)
|
D-Tale affected by Remote Code Execution through the /… |
man-group |
dtale |
2026-02-21T04:25:38.628Z | 2026-02-24T18:58:24.887Z |
| CVE-2026-27461 |
6.9 (4.0)
|
Pimcore vulnerable to SQL injection via unsanitized fi… |
pimcore |
pimcore |
2026-02-24T02:50:48.287Z | 2026-02-24T18:58:07.625Z |
| CVE-2026-27206 |
8.1 (3.1)
|
Zumba Json Serializer has a potential PHP Object Injec… |
zumba |
json-serializer |
2026-02-21T07:01:00.843Z | 2026-02-24T18:57:10.054Z |
| CVE-2026-27458 |
8.7 (4.0)
|
LinkAce: Stored XSS in Atom Feed via CDATA Escape in L… |
Kovah |
LinkAce |
2026-02-21T06:54:41.308Z | 2026-02-24T18:55:40.498Z |
| CVE-2026-3066 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
HummerRisk Cloud Compliance Scanning PlatformUtils.jav… |
n/a |
HummerRisk |
2026-02-24T03:02:07.364Z | 2026-02-24T18:55:12.566Z |
| CVE-2026-27452 |
9.2 (4.0)
|
ASN.1 TypeScript Library: Decoding an INTEGER could le… |
JonathanWilbur |
asn1-ts |
2026-02-21T06:50:35.877Z | 2026-02-24T18:54:48.702Z |
| CVE-2026-27471 |
9.3 (4.0)
|
ERP: Document access through endpoints due to missing … |
frappe |
erpnext |
2026-02-21T06:38:11.220Z | 2026-02-24T18:53:57.291Z |
| CVE-2026-27212 |
9.4 (4.0)
|
Swiper has a Prototype Pollution Vulnerability |
nolimits4web |
swiper |
2026-02-21T05:43:07.072Z | 2026-02-24T18:53:04.131Z |
| CVE-2025-69308 |
9.3 (3.1)
|
WordPress Nestbyte Core plugin <= 1.2 - SQL Injection … |
TeconceTheme |
Nestbyte Core |
2026-02-20T15:46:48.088Z | 2026-02-24T18:52:10.320Z |
| CVE-2026-27482 |
5.9 (3.1)
|
Ray: Dashboard DELETE endpoints allow unauthenticated … |
ray-project |
ray |
2026-02-21T09:18:26.027Z | 2026-02-24T18:52:03.874Z |
| CVE-2025-69309 |
9.3 (3.1)
|
WordPress Saasplate Core plugin <= 1.2.8 - SQL Injecti… |
TeconceTheme |
Saasplate Core |
2026-02-20T15:46:48.321Z | 2026-02-24T18:51:23.216Z |
| CVE-2026-27464 |
7.7 (3.1)
|
Metabase: Server-Side Template Injection via Notificat… |
metabase |
metabase |
2026-02-21T07:57:50.957Z | 2026-02-24T18:51:05.408Z |
| CVE-2025-69310 |
9.3 (3.1)
|
WordPress Woodly Core plugin <= 1.4 - SQL Injection vu… |
TeconceTheme |
Woodly Core |
2026-02-20T15:46:48.517Z | 2026-02-24T18:50:38.167Z |
| CVE-2026-27469 |
6.1 (3.1)
|
Isso: Stored XSS via comment website field |
isso-comments |
isso |
2026-02-21T07:24:38.971Z | 2026-02-24T18:50:07.650Z |
| CVE-2026-27467 |
2 (3.1)
|
BigBlueButton: Audio from participants to the server i… |
bigbluebutton |
bigbluebutton |
2026-02-21T07:18:26.156Z | 2026-02-24T18:49:12.218Z |
| CVE-2025-69325 |
5.3 (3.1)
|
WordPress Primer MyData for Woocommerce plugin <= 4.2.… |
primersoftware |
Primer MyData for Woocommerce |
2026-02-20T15:46:49.332Z | 2026-02-24T18:49:05.122Z |
| CVE-2026-27466 |
7.2 (3.1)
|
BigBlueButton: Exposed ClamAV port enables Denial of Service |
bigbluebutton |
bigbluebutton |
2026-02-21T07:14:49.851Z | 2026-02-24T18:48:15.788Z |
| CVE-2025-1789 |
5.8 (4.0)
|
Local privilege escalation in Genetec Update Serv… |
Genetec Inc. |
Genetec Update Service |
2026-02-24T18:47:24.913Z | 2026-02-24T18:47:24.913Z |
| CVE-2026-3067 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
HummerRisk Archive Extraction CommandUtils.java extrac… |
n/a |
HummerRisk |
2026-02-24T03:32:07.867Z | 2026-02-24T18:47:21.803Z |
| CVE-2026-27026 |
6.9 (4.0)
|
pypdf possibly has long runtimes for malformed FlateDe… |
py-pdf |
pypdf |
2026-02-20T21:12:33.537Z | 2026-02-24T18:47:02.304Z |
| CVE-2025-69328 |
8.8 (3.1)
|
WordPress Booking and Rental Manager plugin <= 2.5.9 -… |
magepeopleteam |
Booking and Rental Manager |
2026-02-20T15:46:49.714Z | 2026-02-24T18:46:52.734Z |
| CVE-2026-27111 |
5.3 (4.0)
|
Kargo has Missing Authorization Vulnerabilities in App… |
akuity |
kargo |
2026-02-20T21:17:07.383Z | 2026-02-24T18:46:03.564Z |
| CVE-2025-69329 |
9.8 (3.1)
|
WordPress Prestige theme < 1.4.1 - PHP Object Injectio… |
Jthemes |
Prestige |
2026-02-20T15:46:49.874Z | 2026-02-24T18:45:58.923Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2025-71241 | SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The co… | 2026-02-19T16:27:11.903 | 2026-02-24T18:57:39.160 |
| fkie_cve-2025-71240 | SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The app… | 2026-02-19T16:27:11.690 | 2026-02-24T18:53:21.910 |
| fkie_cve-2025-2149 | A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by thi… | 2025-03-10T13:15:36.290 | 2026-02-24T18:52:49.347 |
| fkie_cve-2025-14448 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting … | 2026-01-15T06:16:05.610 | 2026-02-24T18:47:57.383 |
| fkie_cve-2026-25795 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T01:16:14.137 | 2026-02-24T18:46:49.677 |
| fkie_cve-2026-25796 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T01:16:14.293 | 2026-02-24T18:46:13.680 |
| fkie_cve-2026-25798 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T01:16:14.603 | 2026-02-24T18:45:31.173 |
| fkie_cve-2026-25799 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T01:16:14.763 | 2026-02-24T18:44:52.853 |
| fkie_cve-2026-25897 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T02:16:00.837 | 2026-02-24T18:44:12.467 |
| fkie_cve-2026-25989 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T03:16:00.773 | 2026-02-24T18:43:16.560 |
| fkie_cve-2026-26066 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T03:16:00.937 | 2026-02-24T18:42:32.553 |
| fkie_cve-2026-26283 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T03:16:01.290 | 2026-02-24T18:41:35.010 |
| fkie_cve-2026-26284 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T03:16:01.543 | 2026-02-24T18:39:19.270 |
| fkie_cve-2026-26983 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prio… | 2026-02-24T03:16:02.107 | 2026-02-24T18:38:31.420 |
| fkie_cve-2025-9862 | Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal res… | 2025-09-17T15:15:43.937 | 2026-02-24T18:36:18.247 |
| fkie_cve-2026-2983 | A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted… | 2026-02-23T10:16:58.757 | 2026-02-24T18:32:54.093 |
| fkie_cve-2025-21015 | Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete… | 2025-08-06T05:15:34.070 | 2026-02-24T18:32:47.410 |
| fkie_cve-2026-0668 | Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualD… | 2026-01-07T18:15:52.873 | 2026-02-24T18:32:21.493 |
| fkie_cve-2026-2807 | Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence o… | 2026-02-24T14:16:29.220 | 2026-02-24T18:29:38.907 |
| fkie_cve-2026-2806 | Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and … | 2026-02-24T14:16:29.113 | 2026-02-24T18:29:38.817 |
| fkie_cve-2026-2805 | Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thu… | 2026-02-24T14:16:29.010 | 2026-02-24T18:29:38.727 |
| fkie_cve-2026-2804 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 a… | 2026-02-24T14:16:28.917 | 2026-02-24T18:29:38.577 |
| fkie_cve-2026-2803 | Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects … | 2026-02-24T14:16:28.810 | 2026-02-24T18:29:38.483 |
| fkie_cve-2026-2802 | Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunde… | 2026-02-24T14:16:28.703 | 2026-02-24T18:29:38.330 |
| fkie_cve-2026-2801 | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects … | 2026-02-24T14:16:28.610 | 2026-02-24T18:29:38.240 |
| fkie_cve-2026-2800 | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox… | 2026-02-24T14:16:28.503 | 2026-02-24T18:29:38.147 |
| fkie_cve-2026-2799 | Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thun… | 2026-02-24T14:16:28.400 | 2026-02-24T18:29:38.053 |
| fkie_cve-2026-2798 | Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thun… | 2026-02-24T14:16:28.307 | 2026-02-24T18:29:37.963 |
| fkie_cve-2026-2797 | Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunde… | 2026-02-24T14:16:28.200 | 2026-02-24T18:29:37.870 |
| fkie_cve-2026-2796 | JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 1… | 2026-02-24T14:16:28.100 | 2026-02-24T18:29:37.773 |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-gfvx-3cf3-5x6x |
10.0 (4.0)
|
Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoti… | 2026-02-24T18:31:03Z | 2026-02-24T18:31:03Z |
| ghsa-8fr6-83vj-w7xh |
6.2 (4.0)
|
A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor w… | 2026-02-24T18:31:03Z | 2026-02-24T18:31:03Z |
| ghsa-6xhx-53c5-f9qr |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lin… | 2026-02-24T18:31:03Z | 2026-02-24T18:31:03Z |
| ghsa-xx53-6qqj-gr7w |
|
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence o… | 2026-02-24T15:30:33Z | 2026-02-24T18:31:02Z |
| ghsa-xqx8-2c6c-9g3g |
4.9 (3.1)
|
A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to… | 2026-02-24T15:30:33Z | 2026-02-24T18:31:02Z |
| ghsa-xjw5-9f76-gvpv |
7.5 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-xfph-w5p7-mhh4 |
5.4 (3.1)
5.1 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-xchm-7954-5wvg |
|
Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148,… | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-wcpx-2xqg-ff43 |
|
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox… | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-vxjv-c6cq-74m6 |
|
Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148 and … | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-vrfc-p4p2-v8r2 |
|
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authe… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-pr9m-7cjw-258w |
4.9 (3.1)
|
A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash… | 2026-02-24T15:30:33Z | 2026-02-24T18:31:02Z |
| ghsa-pq5g-x5q3-3g25 |
4.9 (3.1)
|
Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management … | 2026-02-24T15:30:33Z | 2026-02-24T18:31:02Z |
| ghsa-p9gc-q2gc-jc6r |
4.2 (3.1)
|
Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148. | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-m84g-fpm8-mqg8 |
7.5 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user passwo… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-jvc5-7j9r-q4m6 |
|
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 14… | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-jj9w-3m27-jg69 |
8.1 (3.1)
8.6 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwor… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-hwjj-g6g7-p8cf |
|
Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148. | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-hjg3-g5mq-q5qp |
8.6 (4.0)
|
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances o… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-h79p-mfpr-8qm4 |
|
Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firef… | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-h4vm-j32v-95qm |
|
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148. | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-gvwq-qfp3-3pvf |
8.8 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command i… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-gvhp-5j8m-528x |
|
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148. | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-gmfh-mhfh-2g3q |
4.3 (3.1)
5.1 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protectio… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-fvj5-5qvq-g8wf |
|
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148. | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-cgrc-pwqf-64v8 |
|
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox… | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-c5fj-xq9f-fjxm |
|
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148 and Fir… | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-c3q8-4689-m4p6 |
|
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148. | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ghsa-9wv6-vw4x-jjg6 |
5.7 (4.0)
|
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malic… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-8g7m-g6r7-rqcp |
|
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148. | 2026-02-24T15:30:32Z | 2026-02-24T18:31:02Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2024-85 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-02-20T08:46:02.775917Z |
| pysec-2024-84 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-02-20T08:46:02.679012Z |
| pysec-2024-83 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-02-20T08:46:02.578402Z |
| pysec-2024-82 |
8.8 (3.1)
|
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… | mindsdb | 2024-09-12T13:15:00Z | 2026-02-20T08:46:02.480722Z |
| pysec-2023-278 |
5.3 (3.1)
|
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… | mindsdb | 2023-12-11T21:15:00Z | 2026-02-20T08:46:02.362066Z |
| pysec-2026-1 |
|
A PyPI user account compromised by an attacker and was able to upload a malicious version… | dydx-v4-client | 2026-01-28T21:09:02+00:00 | |
| pysec-2025-52 |
|
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | mlflow | 2025-06-23T15:15:29Z | 2025-12-05T13:25:55.146081Z |
| pysec-2020-220 |
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage coll… | ansible | 2020-10-05T14:15:00Z | 2025-10-31T04:43:53.616247Z |
| pysec-2025-72 |
|
The `num2words` project was compromised via a phishing attack and two new versions were u… | num2words | 2025-07-31T14:34:47+00:00 | |
| pysec-2025-71 |
|
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… | cadwyn | 2025-07-21T21:15:25+00:00 | 2025-07-23T15:24:03.825615+00:00 |
| pysec-2025-70 |
10.0 (3.1)
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… | langchain-community | 2025-06-23T21:15:25+00:00 | 2025-07-16T21:23:40.211079+00:00 |
| pysec-2024-259 |
9.8 (3.1)
|
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by m… | torch | 2024-10-29T21:15:04+00:00 | 2025-07-16T03:09:57.748865+00:00 |
| pysec-2024-258 |
|
In scrapy/scrapy, an issue was identified where the Authorization header is not removed d… | scrapy | 2024-05-20T08:15:08+00:00 | 2025-07-15T17:37:50.051730+00:00 |
| pysec-2025-69 |
|
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… | roundup | 2025-07-13T20:15:25+00:00 | 2025-07-13T21:23:01.161315+00:00 |
| pysec-2025-68 |
8.0 (3.1)
|
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.449399+00:00 |
| pysec-2025-67 |
9.8 (3.1)
|
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.385619+00:00 |
| pysec-2025-66 |
|
Improper privilege management in a REST interface allowed registered users to access unau… | streampipes | 2025-03-03T11:15:11+00:00 | 2025-07-08T15:23:46.628375+00:00 |
| pysec-2025-65 |
|
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… | llama-index | 2025-07-07T13:15:28+00:00 | 2025-07-07T15:23:42.730681+00:00 |
| pysec-2025-61 |
|
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … | pillow | 2025-07-01T19:15:27Z | 2025-07-07T14:12:46.226030Z |
| pysec-2025-64 |
9.8 (3.1)
|
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… | python-a2a | 2025-06-17T07:15:18+00:00 | 2025-07-02T21:23:13.806273+00:00 |
| pysec-2025-63 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… | vllm | 2025-03-19T16:15:32+00:00 | 2025-07-01T23:22:49.176005+00:00 |
| pysec-2025-62 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal… | vllm | 2025-02-07T20:15:34+00:00 | 2025-07-01T23:22:49.083695+00:00 |
| pysec-2025-60 |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… | apache-iotdb | 2025-05-14T11:16:28+00:00 | 2025-07-01T21:22:47.232036+00:00 |
| pysec-2025-59 |
|
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… | apache-iotdb | 2025-05-14T11:15:47+00:00 | 2025-07-01T21:22:47.177405+00:00 |
| pysec-2024-257 |
7.5 (3.1)
|
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… | mobsf | 2024-03-22T23:15:07+00:00 | 2025-06-30T15:23:50.085549+00:00 |
| pysec-2025-58 |
8.8 (3.1)
|
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl… | vllm | 2025-01-27T18:15:41+00:00 | 2025-06-27T21:22:36.583615+00:00 |
| pysec-2025-57 |
|
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… | zenml | 2025-03-20T10:15:48+00:00 | 2025-06-27T17:22:55.175431+00:00 |
| pysec-2025-56 |
4.3 (3.1)
|
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up t… | octoprint | 2025-04-22T18:15:59+00:00 | 2025-06-27T17:22:53.513680+00:00 |
| pysec-2024-256 |
|
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… | mobsf | 2024-12-03T16:15:24+00:00 | 2025-06-27T17:22:53.325430+00:00 |
| pysec-2025-55 |
|
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 u… | vllm | 2025-05-30T19:15:30+00:00 | 2025-06-26T21:23:06.407481+00:00 |
| ID | Description | Updated |
|---|---|---|
| gsd-2022-6083 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2022-297182 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2022-1002526 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2021-81810 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2021-47527 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2021-1002352 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2020-995566 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2020-245024 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2019-15690 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2019-1002162 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2019-1000032 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2019-1000029 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2018-161617 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2018-100199 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2017-171479 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2017-171069 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2016-1000247 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2016-1000212 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2015-9731 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2015-9679 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2014-1197 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2012-6884 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2010-26432 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2010-13616 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2009-5515 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2009-5243 | The format of the source doesn't require a description, click on the link for more details. | |
| gsd-2024-33884 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.534455Z |
| gsd-2024-33901 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.525896Z |
| gsd-2024-33887 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.503613Z |
| gsd-2024-33895 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.493081Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-1019 | Malicious code in spark-audit-notify (PyPI) | 2026-02-24T16:18:43Z | 2026-02-24T17:28:41Z |
| mal-2026-1025 | Malicious code in @unitedcapitalfinancialadvisors/finlife-component-library (npm) | 2026-02-24T16:56:49Z | 2026-02-24T16:56:56Z |
| mal-2026-1024 | Malicious code in @protonme/routing (npm) | 2026-02-24T16:56:49Z | 2026-02-24T16:56:49Z |
| mal-2026-1023 | Malicious code in @kiukicom/sidebar (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:49Z |
| mal-2026-1022 | Malicious code in @coinmetro/app (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:49Z |
| mal-2026-1021 | Malicious code in @atg-aml-shared/kyc-domain (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:48Z |
| mal-2026-1020 | Malicious code in @ai-studio-web/app (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:48Z |
| mal-2026-163 | Malicious code in do-not-install-this-package-002 (PyPI) | 2026-01-08T13:35:59Z | 2026-02-24T15:52:32Z |
| mal-2026-1018 | Malicious code in do-not-install-this-package-003 (PyPI) | 2026-02-24T15:18:17Z | 2026-02-24T15:18:17Z |
| mal-2026-1016 | Malicious code in js-multer (npm) | 2026-02-24T15:01:43Z | 2026-02-24T15:01:43Z |
| mal-2026-1014 | Malicious code in chai-iotype (npm) | 2026-02-24T15:01:43Z | 2026-02-24T15:01:43Z |
| mal-2026-1013 | Malicious code in chai-as-pause (npm) | 2026-02-24T14:59:19Z | 2026-02-24T14:59:19Z |
| mal-2026-1017 | Malicious code in json-mapping-srcs (npm) | 2026-02-24T14:49:33Z | 2026-02-24T14:49:33Z |
| mal-2026-1015 | Malicious code in es1int-config (npm) | 2026-02-24T14:44:00Z | 2026-02-24T14:44:01Z |
| mal-2026-1006 | Malicious code in chai-tools (npm) | 2026-02-24T14:31:45Z | 2026-02-24T14:31:46Z |
| mal-2026-1011 | Malicious code in node-argon (npm) | 2026-02-24T14:30:26Z | 2026-02-24T14:30:27Z |
| mal-2026-1005 | Malicious code in argon-web3-chain (npm) | 2026-02-24T14:30:26Z | 2026-02-24T14:30:27Z |
| mal-2025-2008 | Malicious code in usvr-agent (PyPI) | 2025-03-03T13:45:33Z | 2026-02-24T14:27:42Z |
| mal-2026-1007 | Malicious code in dotenvx-ext (npm) | 2026-02-24T14:25:56Z | 2026-02-24T14:25:56Z |
| mal-2026-1010 | Malicious code in modify-setting (npm) | 2026-02-24T14:18:58Z | 2026-02-24T14:18:58Z |
| mal-2026-1008 | Malicious code in es1int-re1ease (npm) | 2026-02-24T14:08:28Z | 2026-02-24T14:08:29Z |
| mal-2026-1012 | Malicious code in ultimates-express (npm) | 2026-02-24T14:01:31Z | 2026-02-24T14:01:32Z |
| mal-2026-1009 | Malicious code in express-soaps (npm) | 2026-02-24T14:01:31Z | 2026-02-24T14:01:32Z |
| mal-2026-1004 | Malicious code in request-httpx-9 (PyPI) | 2026-02-24T09:11:42Z | 2026-02-24T09:11:42Z |
| mal-2026-1002 | Malicious code in newrubylogger (RubyGems) | 2026-02-23T20:50:29Z | 2026-02-23T20:50:29Z |
| mal-2026-1003 | Malicious code in cnnct-eaas-corre (PyPI) | 2026-02-23T16:00:12Z | 2026-02-23T16:00:12Z |
| mal-2026-1001 | Malicious code in request-httpx-4 (PyPI) | 2026-02-23T12:37:17Z | 2026-02-23T12:37:17Z |
| mal-2026-1000 | Malicious code in scraper-npm (PyPI) | 2026-02-23T08:59:49Z | 2026-02-23T09:51:45Z |
| mal-2026-974 | Malicious code in yarsg (npm) | 2026-02-20T16:59:54Z | 2026-02-23T04:21:37Z |
| mal-2026-893 | Malicious code in xsstesting (npm) | 2026-02-13T13:50:54Z | 2026-02-23T04:21:37Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-superset-2021-28125 | Apache Superset Open Redirect | 2025-02-05T07:29:54.416Z | 2026-02-24T18:11:25.008Z |
| bit-tomcat-2026-24733 | Apache Tomcat: Security constraint bypass with HTTP/0.9 | 2026-02-20T09:52:58.708Z | 2026-02-24T09:11:39.593Z |
| bit-tomcat-2025-66614 | Apache Tomcat: Client certificate verification bypass due to virtual host mapping | 2026-02-20T09:52:57.300Z | 2026-02-24T09:11:39.593Z |
| bit-python-2026-0865 | wsgiref.headers.Headers allows header newline injection | 2026-01-26T14:50:04.789Z | 2026-02-24T09:11:39.593Z |
| bit-libpython-2026-0865 | wsgiref.headers.Headers allows header newline injection | 2026-01-26T14:43:33.890Z | 2026-02-24T09:11:39.593Z |
| bit-grafana-2025-41117 | XSS in Grafana Explore stack trace | 2026-02-20T08:41:19.089Z | 2026-02-24T09:11:39.593Z |
| bit-airflow-2025-65995 | Apache Airflow: Disclosure of secrets to UI via kwargs | 2026-02-24T08:38:47.831Z | 2026-02-24T09:11:39.593Z |
| bit-python-2026-1299 | email BytesGenerator header injection due to unquoted newlines | 2026-02-03T08:53:00.053Z | 2026-02-23T12:55:58.474Z |
| bit-python-2025-15282 | Header injection via newlines in data URL mediatype | 2026-01-26T14:49:40.631Z | 2026-02-23T12:55:58.474Z |
| bit-libpython-2026-1299 | email BytesGenerator header injection due to unquoted newlines | 2026-02-03T08:45:06.015Z | 2026-02-23T12:55:58.474Z |
| bit-libpython-2025-15282 | Header injection via newlines in data URL mediatype | 2026-01-26T14:43:08.856Z | 2026-02-23T12:55:58.474Z |
| bit-ghost-2026-26980 | Ghost has a SQL Injection in its Content API | 2026-02-21T08:39:22.999Z | 2026-02-21T09:08:21.332Z |
| bit-cosign-2026-24122 | Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked | 2026-02-21T08:36:39.661Z | 2026-02-21T09:08:21.332Z |
| bit-cilium-2026-26963 | Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled | 2026-02-21T08:36:53.368Z | 2026-02-21T09:08:21.332Z |
| bit-python-2026-0672 | Header injection in http.cookies.Morsel | 2026-01-26T14:50:03.015Z | 2026-02-20T15:52:56.451Z |
| bit-python-2025-11468 | Folding email comments of unfoldable characters doesn't preserve parenthesis | 2026-01-26T14:49:32.088Z | 2026-02-20T15:52:56.451Z |
| bit-libpython-2026-0672 | Header injection in http.cookies.Morsel | 2026-01-26T14:43:32.238Z | 2026-02-20T15:52:56.451Z |
| bit-libpython-2025-11468 | Folding email comments of unfoldable characters doesn't preserve parenthesis | 2026-01-26T14:42:59.991Z | 2026-02-20T15:52:56.451Z |
| bit-tomcat-2026-24734 | Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass | 2026-02-20T09:53:00.269Z | 2026-02-20T10:18:37.619Z |
| bit-nifi-2026-25903 | Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates | 2026-02-20T08:45:57.883Z | 2026-02-20T09:09:49.097Z |
| bit-milvus-2025-64513 | Milvus Proxy has Critical Authentication Bypass Vulnerability | 2026-02-20T08:43:34.608Z | 2026-02-20T09:09:49.097Z |
| bit-jenkins-2026-27100 | 2026-02-20T08:43:34.823Z | 2026-02-20T09:09:49.097Z | |
| bit-jenkins-2026-27099 | 2026-02-20T08:43:33.019Z | 2026-02-20T09:09:49.097Z | |
| bit-grafana-2026-21722 | Public Dashboards time range restriction on annotations can be bypassed | 2026-02-20T08:41:29.411Z | 2026-02-20T09:09:49.097Z |
| bit-grafana-2026-21721 | Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation | 2026-02-20T08:41:27.652Z | 2026-02-20T09:09:49.097Z |
| bit-milvus-2026-26190 | Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise | 2026-02-19T08:47:10.808Z | 2026-02-19T09:13:37.164Z |
| bit-gitlab-2021-22175 | 2024-03-06T11:20:35.887Z | 2026-02-19T09:13:37.164Z | |
| bit-grafana-2026-21720 | Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out | 2026-02-18T17:41:21.379Z | 2026-02-18T18:09:39.057Z |
| bit-appsmith-2026-24042 | Appsmith public apps can execute unpublished actions (viewMode confusion) | 2026-01-29T08:36:35.250Z | 2026-02-18T18:09:39.057Z |
| bit-apache-2021-41773 | Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 | 2024-03-06T10:54:39.310Z | 2026-02-18T18:09:39.057Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-yn08405 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 7.1.1-r7 | 2026-02-19T00:39:05.944714Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-oj16660 | Security fixes for GHSA-2gh3-rmm4-6rq5, GHSA-434x-w66g-qw3r, GHSA-r6v5-fh4h-64xc, GHSA-xwfj-jgwm-7wp5 applied in versions: 1.28.2-r0, 1.28.4-r0 | 2026-02-19T00:39:07.225007Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-nn87556 | Security fixes for GHSA-2gh3-rmm4-6rq5, GHSA-434x-w66g-qw3r, GHSA-r6v5-fh4h-64xc, GHSA-xwfj-jgwm-7wp5 applied in versions: 1.28.2-r0, 1.29.0-r0 | 2026-02-19T00:39:07.788394Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-ln12820 | vulnerability has been identified in Node | 2026-02-19T00:58:49.154512Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-kn30288 | Security fixes for GHSA-2gh3-rmm4-6rq5, GHSA-434x-w66g-qw3r, GHSA-r6v5-fh4h-64xc, GHSA-rhfx-m35p-ff5j, GHSA-xwfj-jgwm-7wp5 applied in versions: 1.27.5-r1, 1.27.6-r0 | 2026-02-19T00:39:07.163109Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-zt77083 | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers | 2026-02-18T00:40:43.959662Z | 2026-02-17T14:16:07Z |
| cleanstart-2026-lr19699 | Within HostnameError | 2026-02-18T00:37:41.636616Z | 2026-02-17T14:16:07Z |
| cleanstart-2026-dt95939 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-02-18T00:37:41.674179Z | 2026-02-17T14:16:07Z |
| cleanstart-2026-vg57433 | Within HostnameError | 2026-02-17T00:39:45.599344Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-uh39784 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process | 2026-02-17T00:40:45.017480Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-jr03360 | Within HostnameError | 2026-02-17T00:39:45.300172Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-gg58376 | Within HostnameError | 2026-02-17T00:41:15.939977Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-kk07808 | issue has been found in third-party PNM decoding associated with libpng 1 | 2026-02-14T00:37:45.311656Z | 2026-02-13T12:28:27Z |
| cleanstart-2026-wv76464 | libexpat in Expat before 2 | 2026-02-13T00:43:45.311968Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-tr92727 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ... | 2026-02-13T00:41:14.875956Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-mh09144 | issue was discovered in libexpat before 2 | 2026-02-13T00:45:17.459930Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-jb30245 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 0.47.2-r0 | 2026-02-13T00:39:45.274258Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-gv85693 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process | 2026-02-13T00:40:14.240914Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-fi29887 | During the TLS 1 | 2026-02-13T00:39:44.225771Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-ca79883 | Security fixes for GHSA-6v2p-p943-phr9, GHSA-c6gw-w398-hv78, GHSA-f6x5-jh6r-wrfv, GHSA-hcg3-p754-cr77, GHSA-j5w8-q4qc-rx2x, GHSA-qxp5-gw88-xv66, GHSA-v778-237x-gjrc, GHSA-vvgc-356p-c3xw applied in versions: 1.15.0-r1 | 2026-02-13T00:40:14.901695Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-xb34574 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-02-11T00:40:59.223419Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-ls08172 | Within HostnameError | 2026-02-11T00:41:59.030674Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-im73098 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-02-11T00:40:59.052841Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-cv28298 | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption | 2026-02-11T00:41:59.034081Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-by71381 | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption | 2026-02-11T00:41:59.117560Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-tj33788 | Within HostnameError | 2026-02-10T00:39:24.476012Z | 2026-02-09T12:51:17Z |
| cleanstart-2026-gp14462 | Security fixes for GHSA-vvgc-356p-c3xw applied in versions: 0.18.0-r0 | 2026-02-10T00:39:23.397354Z | 2026-02-09T12:51:17Z |
| cleanstart-2026-jn44153 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-gx3x-vq4p-mhhv, GHSA-j5w8-q4qc-rx2x applied in versions: 1.18.0-r0, 1.19.0-r1 | 2026-02-06T00:39:29.662228Z | 2026-02-05T12:20:16Z |
| cleanstart-2026-bz58799 | Within HostnameError | 2026-02-06T00:39:29.590361Z | 2026-02-05T12:20:16Z |
| cleanstart-2026-zm20570 | Moby is an open-source project created by Docker for software containerization | 2026-02-06T00:54:29.621254Z | 2026-02-03T13:35:45Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2026-009 | 2026-02-11T16:53:32.000Z | 2026-02-12T15:37:20.000Z | |
| drupal-contrib-2026-010 | 2026-02-11T16:54:18.000Z | 2026-02-11T16:54:18.000Z | |
| drupal-contrib-2026-008 | 2026-02-04T17:23:40.000Z | 2026-02-04T17:23:40.000Z | |
| drupal-contrib-2026-007 | 2026-01-28T17:29:32.000Z | 2026-01-28T17:29:32.000Z | |
| drupal-contrib-2026-006 | 2026-01-28T17:28:31.000Z | 2026-01-28T17:28:31.000Z | |
| drupal-contrib-2026-005 | 2026-01-14T17:57:31.000Z | 2026-01-14T18:33:02.000Z | |
| drupal-contrib-2026-004 | 2026-01-14T17:56:28.000Z | 2026-01-14T17:56:28.000Z | |
| drupal-contrib-2026-003 | 2026-01-14T17:55:41.000Z | 2026-01-14T17:55:41.000Z | |
| drupal-contrib-2026-002 | 2026-01-14T17:54:33.000Z | 2026-01-14T17:54:33.000Z | |
| drupal-contrib-2026-001 | 2026-01-14T17:53:33.000Z | 2026-01-14T17:53:33.000Z | |
| drupal-contrib-2025-126 | 2025-12-17T17:47:13.000Z | 2025-12-17T17:47:13.000Z | |
| drupal-contrib-2025-125 | 2025-12-10T17:53:01.000Z | 2025-12-10T19:09:57.000Z | |
| drupal-contrib-2025-119 | 2025-12-03T18:48:23.000Z | 2025-12-03T19:05:53.000Z | |
| drupal-contrib-2025-124 | 2025-12-03T18:49:57.000Z | 2025-12-03T18:49:57.000Z | |
| drupal-contrib-2025-123 | 2025-12-03T18:49:40.000Z | 2025-12-03T18:49:40.000Z | |
| drupal-contrib-2025-122 | 2025-12-03T18:49:18.000Z | 2025-12-03T18:49:18.000Z | |
| drupal-contrib-2025-121 | 2025-12-03T18:48:57.000Z | 2025-12-03T18:48:57.000Z | |
| drupal-contrib-2025-120 | 2025-12-03T18:48:37.000Z | 2025-12-03T18:48:37.000Z | |
| drupal-contrib-2025-118 | 2025-12-03T18:48:10.000Z | 2025-12-03T18:48:10.000Z | |
| drupal-contrib-2025-117 | 2025-12-03T18:47:37.000Z | 2025-12-03T18:47:37.000Z | |
| drupal-contrib-2025-088 | 2025-07-09T16:37:40.000Z | 2025-11-22T09:22:47.000Z | |
| drupal-contrib-2025-116 | 2025-11-05T18:09:13.000Z | 2025-11-05T18:09:13.000Z | |
| drupal-contrib-2025-115 | 2025-11-05T18:08:01.000Z | 2025-11-05T18:08:01.000Z | |
| drupal-contrib-2025-114 | 2025-10-29T16:44:39.000Z | 2025-10-29T20:15:52.000Z | |
| drupal-contrib-2025-113 | 2025-10-22T16:35:12.000Z | 2025-10-22T16:35:12.000Z | |
| drupal-contrib-2025-112 | 2025-10-22T16:34:46.000Z | 2025-10-22T16:34:46.000Z | |
| drupal-contrib-2025-111 | 2025-09-24T17:28:05.000Z | 2025-09-24T17:28:05.000Z | |
| drupal-contrib-2025-110 | 2025-09-24T17:27:41.000Z | 2025-09-24T17:27:41.000Z | |
| drupal-contrib-2025-109 | 2025-09-24T17:27:33.000Z | 2025-09-24T17:27:33.000Z | |
| drupal-contrib-2025-108 | 2025-09-24T17:27:20.000Z | 2025-09-24T17:27:20.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-004359 | Security information for Hitachi Disk Array Systems | 2026-02-20T18:35+09:00 | 2026-02-20T18:35+09:00 |
| jvndb-2026-000027 | WordPress Plugin "Survey Maker" vulnerable to cross-site scripting | 2026-02-20T12:32+09:00 | 2026-02-20T12:32+09:00 |
| jvndb-2026-000028 | Installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool may insecurely load Dynamic Link Libraries | 2026-02-20T12:31+09:00 | 2026-02-20T12:31+09:00 |
| jvndb-2026-003912 | Vulnerability in Cosminexus HTTP Server and Hitachi Web Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003911 | Vulnerability in Cosminexus HTTP Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003910 | Multiple Vulnerabilities in Cosminexus HTTP Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003909 | Multiple Vulnerabilities in Hitachi Command Suite products | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003908 | Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003907 | Multiple Vulnerabilities in JP1 | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003906 | Multiple Vulnerabilities in Cosminexus | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003905 | Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-000025 | Joomla! CMS vulnerable to cross-site scripting | 2026-02-17T12:46+09:00 | 2026-02-17T12:46+09:00 |
| jvndb-2026-000023 | FileZen vulnerable to OS command injection | 2026-02-13T16:51+09:00 | 2026-02-13T17:08+09:00 |
| jvndb-2026-000024 | Installer of M-Audio M-Track Duo HD may insecurely load Dynamic Link Libraries | 2026-02-12T13:32+09:00 | 2026-02-12T13:32+09:00 |
| jvndb-2026-000022 | Oki Electric Industry products and OEM products register Windows services with unquoted file paths | 2026-02-09T15:21+09:00 | 2026-02-09T15:21+09:00 |
| jvndb-2026-000021 | web2py vulnerable to open redirect | 2026-02-05T15:01+09:00 | 2026-02-05T15:01+09:00 |
| jvndb-2026-000017 | Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows | 2026-02-03T14:57+09:00 | 2026-02-05T14:41+09:00 |
| jvndb-2026-000020 | Multiple vulnerabilities in Movable Type | 2026-02-04T16:15+09:00 | 2026-02-04T16:15+09:00 |
| jvndb-2026-000016 | Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries | 2026-02-03T14:57+09:00 | 2026-02-04T12:39+09:00 |
| jvndb-2024-002831 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-02-22T08:15+09:00 | 2026-02-04T12:02+09:00 |
| jvndb-2025-000041 | Multiple vulnerabilities in ELECOM wireless LAN routers | 2025-06-24T14:50+09:00 | 2026-02-03T15:35+09:00 |
| jvndb-2024-000078 | Multiple vulnerabilities in ELECOM wireless LAN routers | 2024-07-30T15:34+09:00 | 2026-02-03T15:35+09:00 |
| jvndb-2026-000019 | Multiple vulnerabilities in ELECOM wireless LAN products | 2026-02-03T14:57+09:00 | 2026-02-03T14:57+09:00 |
| jvndb-2026-000015 | Sonatype Nexus Repository vulnerable to server-side request forgery | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000014 | OS command injection in raspap-webgui | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000013 | Multiple Microsoft Office products vulnerable to untrusted search path | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000012 | Multiple vulnerabilities in Cybozu Garoon | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000018 | Undocumented "TelnetEnable" functionality of End of Service NETGEAR products | 2026-01-30T14:23+09:00 | 2026-01-30T14:23+09:00 |
| jvndb-2026-002119 | Multiple vulnerabilities in BROTHER MFPs (multifunction printers) | 2026-01-30T11:26+09:00 | 2026-01-30T11:26+09:00 |
| jvndb-2026-002030 | Multiple Vulnerabilities in Cosminexus | 2026-01-29T10:32+09:00 | 2026-01-29T10:32+09:00 |
| ID | Description | Updated |
|---|---|---|
| ts-2026-001 | TS-2026-001 | 2026-01-15T00:00 |
| ts-2025-008 | TS-2025-008 | 2025-11-19T00:00 |
| ts-2025-007 | TS-2025-007 | 2025-11-07T00:00 |
| ts-2025-006 | TS-2025-006 | 2025-10-28T00:00 |
| ts-2025-005 | TS-2025-005 | 2025-08-07T00:00 |
| ts-2025-004 | TS-2025-004 | 2025-05-27T00:00 |
| ts-2025-003 | TS-2025-003 | 2025-05-21T00:00 |
| ts-2025-002 | TS-2025-002 | 2025-05-15T00:00 |
| ts-2025-001 | TS-2025-001 | 2025-03-07T00:00 |
| ts-2024-013 | TS-2024-013 | 2024-12-04T00:00 |
| ts-2024-012 | TS-2024-012 | 2024-10-02T00:00 |
| ts-2024-011 | TS-2024-011 | 2024-07-22T00:00 |
| ts-2024-010 | TS-2024-010 | 2024-07-19T00:00 |
| ts-2024-009 | TS-2024-009 | 2024-06-27T00:00 |
| ts-2024-008 | TS-2024-008 | 2024-06-14T00:00 |
| ts-2024-007 | TS-2024-007 | 2024-06-12T00:00 |
| ts-2024-006 | TS-2024-006 | 2024-05-22T00:00 |
| ts-2024-005 | TS-2024-005 | 2024-05-08T00:00 |
| ts-2024-004 | TS-2024-004 | 2024-05-06T00:00 |
| ts-2024-003 | TS-2024-003 | 2024-04-23T00:00 |
| ts-2024-002 | TS-2024-002 | 2024-01-30T00:00 |
| ts-2024-001 | TS-2024-001 | 2024-01-08T00:00 |
| ts-2023-009 | TS-2023-009 | 2023-12-22T00:00 |
| ts-2023-008 | TS-2023-008 | 2023-11-01T00:00 |
| ts-2023-007 | TS-2023-007 | 2023-10-26T00:00 |
| ts-2023-006 | TS-2023-006 | 2023-08-22T00:00 |
| ts-2023-005 | TS-2023-005 | 2023-04-28T00:00 |
| ts-2023-004 | TS-2023-004 | 2023-04-04T00:00 |
| ts-2023-003 | TS-2023-003 | 2023-03-22T00:00 |
| ts-2023-002 | TS-2023-002 | 2023-01-24T00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-10895 | WordPress插件Pixel Manager for WooCommerce信息泄露漏洞 | 2025-11-20 | 2026-02-14 |
| cnvd-2026-10894 | WordPress插件Quiz Maker信息泄露漏洞 | 2025-11-21 | 2026-02-14 |
| cnvd-2026-10893 | WordPress插件WP FullCalendar信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10892 | WordPress插件WP Directory Kit信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10891 | WordPress插件CubeWP – All-in-One Dynamic Content Framework信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10890 | WordPress插件Contact Form 7 GetResponse Extension信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10889 | WordPress插件Cargus信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10888 | WordPress插件Booking Ultra Pro信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10887 | MailEnable存在未明漏洞(CNVD-2026-10887) | 2025-12-18 | 2026-02-14 |
| cnvd-2026-10885 | FRRouting拒绝服务漏洞(CNVD-2026-10885) | 2025-10-31 | 2026-02-14 |
| cnvd-2026-06351 | 用友网络科技股份有限公司U8+渠道管理(高级版)存在SQL注入漏洞(CNVD-C-2025-1245200) | 2025-12-31 | 2026-02-14 |
| cnvd-2026-10886 | MailEnable存在未明漏洞 | 2025-12-18 | 2026-02-13 |
| cnvd-2026-10884 | FRRouting拒绝服务漏洞(CNVD-2026-10884) | 2025-10-31 | 2026-02-13 |
| cnvd-2026-10883 | FRRouting拒绝服务漏洞(CNVD-2026-10883) | 2025-10-31 | 2026-02-13 |
| cnvd-2026-10882 | FRRouting拒绝服务漏洞 | 2025-10-31 | 2026-02-13 |
| cnvd-2026-10881 | mall-swarm授权问题漏洞(CNVD-2026-10881) | 2025-11-18 | 2026-02-13 |
| cnvd-2026-10880 | mall-swarm存在未明漏洞 | 2025-11-18 | 2026-02-13 |
| cnvd-2026-10879 | mall-swarm授权问题漏洞(CNVD-2026-10879) | 2025-11-18 | 2026-02-13 |
| cnvd-2026-10878 | mall-swarm授权问题漏洞(CNVD-2026-10878) | 2025-11-18 | 2026-02-13 |
| cnvd-2026-10877 | mall-swarm授权问题漏洞(CNVD-2026-10877) | 2025-11-18 | 2026-02-13 |
| cnvd-2026-10876 | mall-swarm授权问题漏洞 | 2025-12-10 | 2026-02-13 |
| cnvd-2026-10875 | Huawei HarmonyOS卡框架模块多线程竞争条件漏洞 | 2026-01-19 | 2026-02-13 |
| cnvd-2026-10874 | Huawei HarmonyOS和EMUI克隆模块中间人攻击漏洞 | 2026-01-19 | 2026-02-13 |
| cnvd-2026-10873 | Huawei HarmonyOS和EMUI媒体库模块权限验证绕过漏洞(CNVD-2026-10873) | 2026-01-19 | 2026-02-13 |
| cnvd-2026-10872 | Huawei HarmonyOS和EMUI媒体库模块权限验证绕过漏洞 | 2026-01-19 | 2026-02-13 |
| cnvd-2026-10871 | WordPress插件metasync存在未明漏洞 | 2026-02-04 | 2026-02-12 |
| cnvd-2026-10870 | WordPress插件Simple User Registration访问控制错误漏洞 | 2026-02-04 | 2026-02-12 |
| cnvd-2026-10859 | Adobe Substance 3D Modeler越界写入漏洞(CNVD-2026-10859) | 2026-01-19 | 2026-02-12 |
| cnvd-2026-10858 | Adobe Substance 3D Modeler越界写入漏洞(CNVD-2026-10858) | 2026-01-19 | 2026-02-12 |
| cnvd-2026-10857 | Rockwell Automation FactoryTalk Linx权限提升漏洞(CNVD-2026-10857) | 2025-10-17 | 2026-02-12 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01844 | Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01843 | Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01842 | Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01841 | Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01840 | Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01839 | Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01838 | Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01837 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01836 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01835 | Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01834 | Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01833 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01832 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01831 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01830 | Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01829 | Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01827 | Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01826 | Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01825 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01824 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01823 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01822 | Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01821 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01820 | Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01819 | Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01818 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01817 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01816 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01815 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… | 16.02.2026 | 16.02.2026 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0203 | Vulnérabilité dans Microsoft Azure Linux | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0202 | Multiples vulnérabilités dans les produits SonicWall | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0201 | Multiples vulnérabilités dans Mattermost Server | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0200 | Vulnérabilité dans Centreon open tickets | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0199 | Multiples vulnérabilités dans les produits VMware | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0198 | Multiples vulnérabilités dans Google Chrome | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0197 | Multiples vulnérabilités dans Microsoft Edge | 2026-02-23T00:00:00.000000 | 2026-02-23T00:00:00.000000 |
| certfr-2026-avi-0187 | Multiples vulnérabilités dans Tenable Security Center | 2026-02-19T00:00:00.000000 | 2026-02-23T00:00:00.000000 |
| certfr-2026-avi-0196 | Multiples vulnérabilités dans les produits IBM | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0195 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0194 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0193 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0192 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0191 | Vulnérabilité dans Traefik | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0190 | Multiples vulnérabilités dans Microsoft Edge | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0189 | Vulnérabilité dans F5 BIG-IP | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0188 | Multiples vulnérabilités dans les produits Splunk | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0186 | Multiples vulnérabilités dans Google Chrome | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0185 | Vulnérabilité dans Microsoft Windows | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0184 | Multiples vulnérabilités dans Microsoft Edge | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0183 | Vulnérabilité dans HPE Aruba Networking ClearPass Policy Manager | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0182 | Multiples vulnérabilités dans Atlassian Confluence | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0181 | Vulnérabilité dans Apache Tomcat | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0180 | Vulnérabilité dans NetApp StorageGRID | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0179 | Multiples vulnérabilités dans SPIP | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0178 | Multiples vulnérabilités dans Tenable Security Center | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0177 | Multiples vulnérabilités dans Moodle | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| certfr-2026-avi-0176 | Vulnérabilité dans Mattermost Server | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| certfr-2026-avi-0175 | Multiples vulnérabilités dans les produits Mozilla | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| certfr-2026-avi-0174 | Multiples vulnérabilités dans LibreNMS | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-04T00:00:00.000000 | 2025-04-11T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-05-07T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-ale-001 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-01-09T00:00:00.000000 | 2025-04-01T00:00:00.000000 |
| certfr-2024-ale-014 | [MàJ] Multiples vulnérabilités dans Fortinet FortiManager | 2024-10-30T00:00:00.000000 | 2024-10-23T00:00:00.000000 |
| certfr-2024-ale-013 | Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) | 2025-03-31T00:00:00.000000 | 2024-10-25T00:00:00.000000 |
| certfr-2024-ale-015 | [MàJ] Multiples vulnérabilités sur l'interface d'administration des équipements Palo Alto Networks | 2024-11-15T00:00:00.000000 | 2024-11-18T00:00:00.000000 |
| certfr-2024-ale-012 | [MàJ] Vulnérabilités affectant OpenPrinting CUPS | 2024-09-27T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-011 | Vulnérabilité dans SonicWall | 2024-09-10T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-010 | Multiples vulnérabilités dans Roundcube | 2024-08-09T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-009 | Vulnérabilité dans OpenSSH | 2024-07-01T00:00:00.000000 | 2024-07-03T00:00:00.000000 |
| certfr-2024-ale-008 | [MàJ] Vulnérabilité dans les produits Check Point | 2024-05-30T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-007 | Multiples vulnérabilités dans les produits Cisco | 2024-04-25T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-006 | [MàJ] Vulnérabilité dans Palo Alto Networks GlobalProtect | 2024-04-12T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-004 | [MàJ] Vulnérabilité dans Fortinet FortiOS | 2024-02-09T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-005 | [MàJ] Vulnérabilité dans Microsoft Outlook | 2024-02-15T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| certfr-2024-ale-003 | [MàJ] Incident affectant les solutions AnyDesk | 2024-02-05T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| certfr-2024-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Connect Secure et Policy Secure Gateways | 2024-01-11T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| certfr-2024-ale-002 | [MàJ] Multiples Vulnérabilités dans GitLab | 2024-01-12T00:00:00.000000 | 2024-02-22T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2025-202 | UNKNOWN READ in _blit_xrgb32_lerp_spans | 2025-03-15T00:01:51.127135Z | 2026-02-24T14:28:08.371682Z |
| osv-2024-245 | Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept | 2024-04-08T00:11:03.595756Z | 2026-02-24T14:25:14.639761Z |
| osv-2023-395 | Stack-buffer-overflow in sc_path_print | 2023-05-14T14:00:57.078498Z | 2026-02-24T14:19:51.229594Z |
| osv-2022-1201 | Stack-buffer-overflow in msc_zero_object | 2022-11-24T13:00:10.344351Z | 2026-02-24T14:15:48.115519Z |
| osv-2022-1188 | Stack-buffer-overflow in authentic_get_tagged_data | 2022-11-20T13:01:57.719130Z | 2026-02-24T14:15:46.375365Z |
| osv-2024-387 | Heap-buffer-overflow in H5F_addr_encode | 2024-04-30T00:13:39.184262Z | 2026-02-21T16:08:55.576515Z |
| osv-2023-216 | Heap-buffer-overflow in H5G__node_cmp3 | 2023-03-23T13:00:48.081705Z | 2026-02-21T15:10:24.227224Z |
| osv-2023-430 | Heap-buffer-overflow in H5MM_xstrdup | 2023-05-26T14:00:26.078002Z | 2026-02-21T14:59:46.714683Z |
| osv-2023-370 | Heap-buffer-overflow in H5FS__sect_link | 2023-05-06T14:01:04.165113Z | 2026-02-21T14:59:05.344946Z |
| osv-2023-359 | Heap-buffer-overflow in H5MM_memcpy | 2023-05-01T14:02:33.841821Z | 2026-02-21T14:58:42.218274Z |
| osv-2023-392 | Negative-size-param in H5MM_memcpy | 2023-05-13T14:00:26.093088Z | 2026-02-21T14:58:35.196227Z |
| osv-2023-381 | UNKNOWN READ in H5FL__blk_gc_list | 2023-05-08T14:02:04.934252Z | 2026-02-21T14:57:47.361752Z |
| osv-2023-89 | Heap-buffer-overflow in H5O__mtime_new_encode | 2023-02-21T13:00:30.347876Z | 2026-02-21T14:56:49.681507Z |
| osv-2023-76 | Heap-buffer-overflow in H5SM_delete | 2023-02-18T13:00:50.471845Z | 2026-02-21T14:34:05.952250Z |
| osv-2023-133 | Heap-buffer-overflow in H5L__extern_traverse | 2023-03-02T13:02:08.499899Z | 2026-02-21T14:33:35.359548Z |
| osv-2022-1235 | Heap-buffer-overflow in _rrparse | 2022-12-04T13:00:30.303410Z | 2026-02-21T14:09:00.932849Z |
| osv-2022-1165 | Heap-buffer-overflow in parse_content_length | 2022-11-12T13:00:05.964113Z | 2026-02-19T14:11:05.455361Z |
| osv-2026-261 | Segv on unknown address in ___interceptor_strtol | 2026-02-19T00:09:21.893775Z | 2026-02-19T00:09:21.894076Z |
| osv-2026-259 | Use-of-uninitialized-value in tsip_parse_input | 2026-02-18T00:14:29.378028Z | 2026-02-18T00:14:29.378341Z |
| osv-2023-96 | Heap-buffer-overflow in load_buffer | 2023-02-23T13:00:28.515290Z | 2026-02-17T14:26:31.096424Z |
| osv-2023-35 | Heap-buffer-overflow in parse_classes_64 | 2023-01-29T13:01:45.762871Z | 2026-02-17T14:24:57.461377Z |
| osv-2022-993 | Stack-use-after-return in check_buffer | 2022-09-29T00:02:10.256639Z | 2026-02-17T14:24:32.097178Z |
| osv-2023-819 | Heap-buffer-overflow in ucl_object_dtor_unref_single | 2023-09-09T14:01:07.368928Z | 2026-02-17T14:21:16.973749Z |
| osv-2023-78 | Heap-buffer-overflow in ucl_object_dtor_unref_single | 2023-02-18T13:01:01.445224Z | 2026-02-17T14:21:11.808505Z |
| osv-2022-1137 | Heap-buffer-overflow in io_memory_read | 2022-11-05T00:00:44.243862Z | 2026-02-17T14:20:32.701723Z |
| osv-2021-1261 | UNKNOWN READ in kh_get_ucl_hash_node | 2021-09-15T00:00:41.384284Z | 2026-02-17T14:15:50.348749Z |
| osv-2026-255 | UNKNOWN WRITE in nmeaid_to_prn | 2026-02-17T00:17:19.574579Z | 2026-02-17T00:17:19.574905Z |
| osv-2021-525 | Use-of-uninitialized-value in void edge_filtering_chroma_internal<unsigned char> | 2021-03-16T00:00:19.176877Z | 2026-02-15T14:06:52.827050Z |
| osv-2026-244 | Use-of-uninitialized-value in ihevcd_fmt_conv | 2026-02-15T00:03:36.246033Z | 2026-02-15T00:03:36.246568Z |
| osv-2024-679 | Heap-buffer-overflow in readImage4v2 | 2024-07-25T00:14:34.485446Z | 2026-02-14T14:21:51.563139Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2026-0019 | `tracing-check` was removed from crates.io for malicious code | 2026-02-24T12:00:00Z | 2026-02-24T17:23:12Z |
| rustsec-2026-0018 | `rpc-check` was removed from crates.io for malicious code | 2026-02-24T12:00:00Z | 2026-02-24T16:32:13Z |
| rustsec-2025-0153 | hexchat crate is unsound and unmaintained | 2025-11-17T12:00:00Z | 2026-02-24T10:32:45Z |
| rustsec-2026-0013 | Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up | 2026-02-18T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2026-0010 | `polymarket-clients-sdk` was removed from crates.io for malicious code | 2026-02-06T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0148 | `finch-rust` was removed from crates.io for malicious code | 2025-12-05T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0147 | `evm-units` was removed from crates.io for malicious code | 2025-12-03T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0146 | `sha-rust` was removed from crates.io for malicious code | 2025-12-05T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0145 | `uniswap-utils` was removed from crates.io for malicious code | 2025-12-03T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2026-0017 | `clob-sdk` was removed from crates.io for malicious code | 2026-02-20T12:00:00Z | 2026-02-21T01:48:10Z |
| rustsec-2026-0016 | `polymarkets-rs-clob-client` was removed from crates.io for malicious code | 2026-02-20T12:00:00Z | 2026-02-20T18:09:09Z |
| rustsec-2026-0012 | Unsoundness in opt-in ARMv8 assembly backend for `keccak` | 2026-02-12T12:00:00Z | 2026-02-20T04:00:15Z |
| rustsec-2026-0015 | `polymarkets-client-sdk` was removed from crates.io for malicious code | 2026-02-19T12:00:00Z | 2026-02-19T22:41:14Z |
| rustsec-2026-0014 | `rpc-check` was removed from crates.io for malicious code | 2026-02-19T12:00:00Z | 2026-02-19T22:41:14Z |
| rustsec-2026-0011 | `polymarket-client-sdks` was removed from crates.io for malicious code | 2026-02-13T12:00:00Z | 2026-02-14T08:13:56Z |
| rustsec-2025-0152 | `finch_cli_rust` was removed from crates.io for malicious code | 2025-12-09T12:00:00Z | 2026-02-13T04:43:42Z |
| rustsec-2025-0151 | `sha-rst` was removed from crates.io for malicious code | 2025-12-09T12:00:00Z | 2026-02-13T04:43:42Z |
| rustsec-2025-0150 | `finch-rst` was removed from crates.io for malicious code | 2025-12-09T12:00:00Z | 2026-02-13T04:43:42Z |
| rustsec-2025-0142 | Segmentation fault and invalid memory read in `mnl::cb_run` | 2025-10-18T12:00:00Z | 2026-02-10T13:23:41Z |
| rustsec-2025-0149 | World Writable Directory in /var/log/below Allows Local Privilege Escalation | 2025-03-12T12:00:00Z | 2026-02-08T07:26:28Z |
| rustsec-2026-0009 | Denial of Service via Stack Exhaustion | 2026-02-05T12:00:00Z | 2026-02-06T09:12:16Z |
| rustsec-2026-0008 | Potential undefined behavior when dereferencing Buf struct | 2026-02-02T12:00:00Z | 2026-02-05T06:08:13Z |
| rustsec-2026-0007 | Integer overflow in `BytesMut::reserve` | 2026-02-03T12:00:00Z | 2026-02-04T06:56:11Z |
| rustsec-2025-0140 | Non-utf8 String can be created with `TimeBuf::as_str` | 2025-12-29T12:00:00Z | 2026-02-04T06:56:11Z |
| rustsec-2026-0006 | Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64 | 2026-01-26T12:00:00Z | 2026-01-30T05:41:11Z |
| rustsec-2025-0143 | Unsound APIs of public `constant::Reader` and `StructSchema` | 2025-12-24T12:00:00Z | 2026-01-29T05:56:50Z |
| rustsec-2025-0144 | Timing side-channel in ML-DSA decomposition | 2025-12-12T12:00:00Z | 2026-01-27T22:28:37Z |
| rustsec-2024-0436 | paste - no longer maintained | 2024-10-07T12:00:00Z | 2026-01-27T21:51:15Z |
| rustsec-2026-0005 | Potential use-after-free in `oneshot` when used asynchronously | 2026-01-25T12:00:00Z | 2026-01-27T05:50:51Z |
| rustsec-2026-0004 | Triton VM Soundness Vulnerability due to Improper Sampling of Randomness | 2026-01-21T12:00:00Z | 2026-01-23T05:50:29Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2026:2708 | Important: go-toolset:rhel8 security update | 2026-02-16T00:00:00Z | 2026-02-16T14:22:53Z |
| alsa-2026:2421 | Important: nodejs:22 security update | 2026-02-10T00:00:00Z | 2026-02-13T10:53:31Z |
| alsa-2026:2627 | Moderate: gcc-toolset-14-binutils security update | 2026-02-12T00:00:00Z | 2026-02-13T08:03:55Z |
| alsa-2026:0667 | Important: firefox security update | 2026-01-15T00:00:00Z | 2026-02-12T10:37:47Z |
| alsa-2026:1377 | Moderate: image-builder security update | 2026-01-27T00:00:00Z | 2026-02-12T10:36:07Z |
| alsa-2026:2212 | Moderate: kernel security update | 2026-02-09T00:00:00Z | 2026-02-12T10:34:27Z |
| alsa-2026:2282 | Moderate: kernel security update | 2026-02-09T00:00:00Z | 2026-02-12T10:29:43Z |
| alsa-2026:2420 | Important: nodejs:24 security update | 2026-02-10T00:00:00Z | 2026-02-12T10:19:24Z |
| alsa-2026:2422 | Important: nodejs:20 security update | 2026-02-10T00:00:00Z | 2026-02-12T10:15:50Z |
| alsa-2026:2438 | Important: pcs security update | 2026-02-10T00:00:00Z | 2026-02-12T10:14:13Z |
| alsa-2026:2452 | Important: pcs security update | 2026-02-10T00:00:00Z | 2026-02-12T10:12:36Z |
| alsa-2026:2470 | Moderate: php:7.4 security update | 2026-02-10T00:00:00Z | 2026-02-12T10:10:23Z |
| alsa-2026:2419 | Moderate: python3.12 security update | 2026-02-10T00:00:00Z | 2026-02-11T15:30:15Z |
| alsa-2026:2410 | Important: libsoup3 security update | 2026-02-10T00:00:00Z | 2026-02-11T15:26:55Z |
| alsa-2026:2224 | Critical: keylime security update | 2026-02-09T00:00:00Z | 2026-02-11T15:22:49Z |
| alsa-2026:2389 | Important: brotli security update | 2026-02-10T00:00:00Z | 2026-02-11T11:06:48Z |
| alsa-2026:2323 | Important: git-lfs security update | 2026-02-09T00:00:00Z | 2026-02-11T11:02:49Z |
| alsa-2026:2216 | Important: libsoup security update | 2026-02-09T00:00:00Z | 2026-02-10T10:37:43Z |
| alsa-2026:2222 | Important: freerdp security update | 2026-02-09T00:00:00Z | 2026-02-10T10:08:14Z |
| alsa-2026:2225 | Critical: keylime security update | 2026-02-09T00:00:00Z | 2026-02-10T10:06:14Z |
| alsa-2026:2230 | Important: fontforge security update | 2026-02-09T00:00:00Z | 2026-02-10T10:04:33Z |
| alsa-2026:2378 | Moderate: kernel-rt security update | 2026-02-10T00:00:00Z | 2026-02-10T09:34:16Z |
| alsa-2026:1852 | Moderate: util-linux security update | 2026-02-03T00:00:00Z | 2026-02-10T08:33:43Z |
| alsa-2026:1903 | Important: fence-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:31:08Z |
| alsa-2026:1904 | Important: resource-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:22:54Z |
| alsa-2026:1905 | Important: fence-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:20:49Z |
| alsa-2026:1906 | Important: fence-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:07:49Z |
| alsa-2026:1907 | Important: opentelemetry-collector security update | 2026-02-04T00:00:00Z | 2026-02-10T07:58:47Z |
| alsa-2026:1908 | Important: opentelemetry-collector security update | 2026-02-04T00:00:00Z | 2026-02-10T07:56:31Z |
| alsa-2026:1913 | Moderate: util-linux security update | 2026-02-04T00:00:00Z | 2026-02-10T07:54:49Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osec-2026-02 | ARP unbounded memory usage | 2026-02-18T10:30:00Z | 2026-02-18T10:30:00Z |
| osec-2022-01 | Infinite loop in console output on xen | 2022-12-07T00:00:00Z | 2026-02-18T09:30:00Z |
| osec-2026-01 | Buffer Over-Read in OCaml Marshal Deserialization | 2026-02-17T13:30:00Z | 2026-02-17T15:00:00Z |
| osec-2025-01 | Albatross console out of memory | 2025-08-15T00:18:22Z | 2026-01-13T12:00:00Z |
| osec-2019-02 | Grant unshare vulnerability in mirage-xen | 2019-04-26T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2019-01 | Memory disclosure in mirage-net-xen | 2019-03-21T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2016-02 | Memory disclosure in mirage-net-xen | 2016-05-03T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2023-01 | Time of check time of use issue in opam's cache | 2023-05-25T12:00:00Z | 2026-01-09T12:00:00Z |
| osec-2016-01 | Buffer overflow and information leak in OCaml < 4.03.0 | 2016-04-29T00:18:22Z | 2026-01-01T12:00:00Z |
| osec-2018-01 | An integer overflow in the `bigarray` serialization module leads to arbitrary code execution | 2018-04-06T18:29:00Z | 2025-12-16T12:00:00Z |
| osec-2017-01 | Local privilege escalation issue with ocaml binaries | 2017-06-23T15:19:47Z | 2025-12-16T12:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| hsec-2024-0004 | Hackage package and doc upload stored XSS vulnerability | 2026-01-16T11:18:20Z | 2026-01-16T11:18:20Z |
| hsec-2025-0007 | cmark-gfm: resource exhaustion due to quadratic complexity in parser | 2025-12-27T08:58:56Z | 2025-12-27T08:58:56Z |
| hsec-2025-0006 | Private key leak via inherited file descriptor | 2025-11-17T02:22:38Z | 2025-11-17T02:22:38Z |
| hsec-2025-0005 | cabal-install dependency confusion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0004 | Broken Path Sanitization in spacecookie Library | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0003 | Use after free in multithreaded lzma (.xz) decoder | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0002 | Double Public Key Signing Function Oracle Attack on Ed25519 | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0001 | Subword division operations may produce incorrect results | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0009 | Public key confusion in third-party blocks | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0008 | Sign extension error in the PPC64le FFI | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0007 | Sign extension error in the AArch64 NCG | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0006 | fromIntegral: conversion error | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0003 | process: command injection via argument list on Windows | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0002 | out-of-bounds write when there are many bzip2 selectors | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0001 | Reflected XSS vulnerability in keter | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0015 | cabal-install uses expired key policies | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0014 | Arbitrary file write is possible when using PDF output or --extract-media with untrusted input | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0013 | git-annex plaintext storage of embedded credentials on encrypted remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0012 | git-annex checksum exposure to encrypted special remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0011 | git-annex GPG decryption attack via compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0010 | git-annex private data exfiltration to compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0009 | git-annex command injection via malicious SSH hostname | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0008 | Stored XSS in hledger-web | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0007 | readFloat: memory exhaustion with large exponent | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0006 | x509-validation does not enforce pathLenConstraint | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0005 | tls-extra: certificate validation does not check Basic Constraints | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0004 | xml-conduit unbounded entity expansion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0003 | code injection in xmonad-contrib | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0002 | Improper Verification of Cryptographic Signature | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0001 | Hash flooding vulnerability in aeson | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |