Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-2367 |
6.4 (3.1)
|
Secure Copy Content Protection and Content Locking <= … |
ays-pro |
Secure Copy Content Protection and Content Locking |
2026-02-25T09:26:51.702Z | 2026-02-25T21:02:20.114Z |
| CVE-2026-2301 |
4.3 (3.1)
|
Post Duplicator <= 3.0.8 - Missing Authorization to Au… |
metaphorcreations |
Post Duplicator |
2026-02-25T09:26:51.333Z | 2026-02-25T21:00:43.772Z |
| CVE-2026-2410 |
4.3 (3.1)
|
Disable Admin Notices – Hide Dashboard Notifications <… |
themeisle |
Disable Admin Notices – Hide Dashboard Notifications |
2026-02-25T09:26:50.985Z | 2026-02-25T21:11:38.154Z |
| CVE-2025-14742 |
4.3 (3.1)
|
WP Recipe Maker <= 10.2.3 - Missing Authorization to A… |
brechtvds |
WP Recipe Maker |
2026-02-25T09:26:50.441Z | 2026-02-25T16:33:45.643Z |
| CVE-2026-3171 |
5.1 (4.0)
3.5 (3.1)
3.5 (3.0)
|
SourceCodester/Patrick Mvuma Patients Waiting Area Que… |
SourceCodester |
Patients Waiting Area Queue Management System |
2026-02-25T08:32:07.369Z | 2026-02-25T16:34:51.471Z |
| CVE-2026-1929 |
8.8 (3.1)
|
Advanced Woo Labels <= 2.37 - Authenticated (Contribut… |
mihail-barinov |
Advanced Woo Labels – Product Labels & Badges for WooCommerce |
2026-02-25T08:25:31.823Z | 2026-02-25T16:37:12.800Z |
| CVE-2026-2416 |
7.5 (3.1)
|
Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection … |
cyberhobo |
Geo Mashup |
2026-02-25T08:25:31.427Z | 2026-02-25T16:37:56.454Z |
| CVE-2026-1916 |
7.5 (3.1)
|
WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Auth… |
javmah |
WPGSI: Spreadsheet Integration |
2026-02-25T08:25:31.051Z | 2026-02-25T16:50:00.569Z |
| CVE-2026-2479 |
5 (3.1)
|
Responsive Lightbox & Gallery <= 2.7.1 - Authenticated… |
dfactory |
Responsive Lightbox & Gallery |
2026-02-25T08:25:30.385Z | 2026-02-25T16:51:05.012Z |
| CVE-2026-3170 |
4.8 (4.0)
2.4 (3.1)
2.4 (3.0)
|
SourceCodester/Patrick Mvuma Patients Waiting Area Que… |
SourceCodester |
Patients Waiting Area Queue Management System |
2026-02-25T08:02:07.373Z | 2026-02-25T16:53:08.594Z |
| CVE-2026-3169 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda F453 httpd SafeEmailFilter fromSafeEmailFilter b… |
Tenda |
F453 |
2026-02-25T07:32:10.362Z | 2026-02-25T16:54:22.533Z |
| CVE-2025-11563 |
4.6 (3.1)
|
wcurl path traversal with percent-encoded slashes |
curl |
curl |
2026-02-25T07:20:47.012Z | 2026-02-25T18:53:58.252Z |
| CVE-2026-3168 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda F453 httpd NatStaticSetting fromNatStaticSetting… |
Tenda |
F453 |
2026-02-25T07:02:14.956Z | 2026-02-25T16:56:35.819Z |
| CVE-2026-3167 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda F453 httpd webtypelibrary formWebTypeLibrary buf… |
Tenda |
F453 |
2026-02-25T07:02:09.039Z | 2026-02-25T21:10:24.702Z |
| CVE-2026-1614 |
6.4 (3.1)
|
Rise Blocks – A Complete Gutenberg Page Builder <= 3.7… |
eaglethemes |
Rise Blocks – A Complete Gutenberg Page Builder |
2026-02-25T06:54:51.794Z | 2026-02-25T21:09:39.421Z |
| CVE-2026-3166 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda F453 httpd RouteStatic fromRouteStatic buffer overflow |
Tenda |
F453 |
2026-02-25T06:32:09.666Z | 2026-02-25T21:08:45.250Z |
| CVE-2026-3165 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda F453 httpd AdvSetWrlsafeset fromSetWifiGusetBasi… |
Tenda |
F453 |
2026-02-25T06:02:12.166Z | 2026-02-25T21:06:06.743Z |
| CVE-2026-3164 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
itsourcecode News Portal Project contactus.php sql injection |
itsourcecode |
News Portal Project |
2026-02-25T06:02:08.666Z | 2026-02-25T21:15:54.230Z |
| CVE-2026-25785 |
9.8 (3.0)
9.3 (4.0)
|
Path traversal vulnerability exists in Lanscope E… |
MOTEX Inc. |
Lanscope Endpoint Manager (On-Premises) Sub-Manager Server |
2026-02-25T06:01:05.327Z | 2026-02-25T21:15:15.207Z |
| CVE-2026-3179 |
9.2 (4.0)
|
A path traversal vulnerability was found in the FTP Ba… |
ASUSTOR |
ADM |
2026-02-25T05:55:07.325Z | 2026-02-25T17:41:00.546Z |
| CVE-2026-3100 |
8.3 (4.0)
|
An improper certificate validation vulnerability was f… |
ASUSTOR |
ADM |
2026-02-25T05:52:20.196Z | 2026-02-25T06:13:16.227Z |
| CVE-2026-3163 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
SourceCodester Website Link Extractor URL file_get_con… |
SourceCodester |
Website Link Extractor |
2026-02-25T05:32:11.029Z | 2026-02-25T18:35:10.498Z |
| CVE-2026-3153 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
itsourcecode Document Management System register.php s… |
itsourcecode |
Document Management System |
2026-02-25T05:32:08.264Z | 2026-02-25T14:46:50.679Z |
| CVE-2026-3152 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
itsourcecode College Management System teacher-salary.… |
itsourcecode |
College Management System |
2026-02-25T05:02:11.127Z | 2026-02-25T14:47:28.790Z |
| CVE-2026-3151 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
itsourcecode College Management System login.php sql i… |
itsourcecode |
College Management System |
2026-02-25T05:02:08.228Z | 2026-02-25T14:48:08.218Z |
| CVE-2026-3150 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
itsourcecode College Management System display-teacher… |
itsourcecode |
College Management System |
2026-02-25T04:32:08.455Z | 2026-02-25T14:49:09.203Z |
| CVE-2025-0976 |
4.7 (3.1)
|
Information Exposure Vulnerability in Hitachi Configur… |
Hitachi |
Hitachi Ops Center API Configuration Manager |
2026-02-25T04:17:58.080Z | 2026-02-25T14:49:52.515Z |
| CVE-2026-27696 |
8.6 (3.1)
|
changedetection.io Vulnerable to Server-Side Request F… |
dgtlmoon |
changedetection.io |
2026-02-25T04:16:22.764Z | 2026-02-25T14:51:16.695Z |
| CVE-2026-27645 |
6.1 (3.1)
|
changedetection.io Vulnerable to Reflected XSS in RSS … |
dgtlmoon |
changedetection.io |
2026-02-25T04:06:58.183Z | 2026-02-25T14:55:58.413Z |
| CVE-2026-27624 |
7.2 (3.1)
|
Coturn: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses deni… |
coturn |
coturn |
2026-02-25T04:04:17.009Z | 2026-02-25T15:09:21.716Z |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-879p-475x-rqh2 |
6.9 (4.0)
|
Caddy is vulnerable to cross-origin config application via local admin API /load | 2026-02-24T20:37:35Z | 2026-02-24T20:37:35Z |
| ghsa-x76f-jf84-rqj8 |
7.7 (4.0)
|
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth… | 2026-02-24T20:34:01Z | 2026-02-24T20:34:01Z |
| ghsa-g7pc-pc7g-h8jh |
7.7 (4.0)
|
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth… | 2026-02-24T20:31:31Z | 2026-02-24T20:31:31Z |
| ghsa-hffm-g8v7-wrv7 |
8.8 (4.0)
|
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed | 2026-02-24T20:22:53Z | 2026-02-24T20:22:53Z |
| ghsa-4xrr-hq4w-6vf4 |
6.9 (4.0)
|
Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security prot… | 2026-02-24T20:16:55Z | 2026-02-24T20:16:56Z |
| ghsa-m2cq-xjgm-f668 |
9.2 (4.0)
|
ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints | 2026-02-24T20:13:30Z | 2026-02-24T20:13:30Z |
| ghsa-hhfx-5x8j-f5f6 |
6.5 (3.1)
|
Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads | 2026-02-24T20:10:32Z | 2026-02-24T20:10:32Z |
| ghsa-4894-xqv6-vrfq |
8.8 (3.1)
|
MindsDB: Path Traversal in /api/files Leading to Remote Code Execution | 2026-02-24T20:07:58Z | 2026-02-24T20:07:59Z |
| ghsa-vxg3-v4p6-f3fp |
6.9 (4.0)
|
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause | 2026-02-24T20:03:23Z | 2026-02-24T20:03:23Z |
| ghsa-78qv-3mpx-9cqq |
6.1 (3.1)
8.6 (4.0)
|
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution | 2026-02-24T19:56:18Z | 2026-02-24T19:56:18Z |
| ghsa-gfvx-3cf3-5x6x |
10.0 (4.0)
|
Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoti… | 2026-02-24T18:31:03Z | 2026-02-24T18:31:03Z |
| ghsa-8fr6-83vj-w7xh |
7.8 (3.1)
6.2 (4.0)
|
A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor w… | 2026-02-24T18:31:03Z | 2026-02-26T21:31:30Z |
| ghsa-6xhx-53c5-f9qr |
6.6 (3.1)
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lin… | 2026-02-24T18:31:03Z | 2026-02-24T21:31:45Z |
| ghsa-xjw5-9f76-gvpv |
7.5 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-xfph-w5p7-mhh4 |
5.4 (3.1)
5.1 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized… | 2026-02-24T18:31:02Z | 2026-02-25T18:31:36Z |
| ghsa-vrfc-p4p2-v8r2 |
8.8 (3.1)
|
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authe… | 2026-02-24T18:31:02Z | 2026-02-25T18:31:35Z |
| ghsa-m84g-fpm8-mqg8 |
7.5 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user passwo… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-jj9w-3m27-jg69 |
8.1 (3.1)
8.6 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwor… | 2026-02-24T18:31:02Z | 2026-02-25T18:31:35Z |
| ghsa-hjg3-g5mq-q5qp |
7.1 (3.1)
8.6 (4.0)
|
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances o… | 2026-02-24T18:31:02Z | 2026-02-26T21:31:29Z |
| ghsa-gvwq-qfp3-3pvf |
8.8 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command i… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-gmfh-mhfh-2g3q |
4.3 (3.1)
5.1 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protectio… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-9wv6-vw4x-jjg6 |
5.7 (4.0)
|
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malic… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-7c8p-f6jq-w42v |
9.8 (3.1)
9.3 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded … | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-69fx-mvcm-v5g3 |
9.1 (3.1)
9.3 (4.0)
|
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictabl… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-4r4r-4jp4-wwf9 |
9.8 (3.1)
|
FUXA has JWT Authentication Bypass via HTTP Referer header spoofing | 2026-02-24T18:31:02Z | 2026-02-26T15:45:40Z |
| ghsa-3547-c34m-73j3 |
6.5 (3.1)
6.9 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement ra… | 2026-02-24T18:31:02Z | 2026-02-25T18:31:36Z |
| ghsa-qrvq-68c2-7grw |
5.9 (3.1)
|
nats-server websockets are vulnerable to pre-auth memory DoS | 2026-02-24T16:04:53Z | 2026-02-24T16:04:53Z |
| ghsa-9fww-8cpr-q66r |
6.1 (3.1)
|
Isso affected by Stored XSS via comment website field | 2026-02-24T16:03:04Z | 2026-02-24T16:03:04Z |
| ghsa-v264-xqh4-9xmm |
9.9 (3.1)
|
OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE | 2026-02-24T16:00:56Z | 2026-02-24T16:00:56Z |
| ghsa-v2gc-rm6g-wrw9 |
5.5 (4.0)
|
Craft CMS: Cloud Metadata SSRF Protection Bypass via IPv6 Resolution | 2026-02-24T15:51:07Z | 2026-02-24T15:51:07Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2023-202 |
6.5 (3.1)
|
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows au… | apache-airflow | 2023-10-14T10:15:00+00:00 | 2023-10-18T20:24:08.482939+00:00 |
| pysec-2023-197 |
|
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user… | apache-airflow | 2023-10-14T10:15:00+00:00 | 2023-10-14T12:46:00.410542+00:00 |
| pysec-2023-201 |
4.3 (3.1)
|
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/colla… | vantage6 | 2023-10-11T20:15:00+00:00 | 2023-10-18T05:26:18.202930+00:00 |
| pysec-2023-200 |
4.3 (3.1)
|
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is… | vantage6 | 2023-10-11T20:15:00+00:00 | 2023-10-18T05:26:18.112311+00:00 |
| pysec-2023-198 |
5.4 (3.1)
|
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0,… | vantage6-node | 2023-10-11T20:15:00+00:00 | 2023-10-17T18:31:16.643410+00:00 |
| pysec-2023-196 |
7.2 (3.1)
|
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0… | vantage6 | 2023-10-11T18:15:00+00:00 | 2023-10-13T22:28:56.802294+00:00 |
| pysec-2023-199 |
4.9 (3.1)
|
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foun… | matrix-synapse | 2023-10-10T18:15:00+00:00 | 2023-10-17T22:26:17.611846+00:00 |
| pysec-2023-194 |
9.8 (3.1)
|
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and exe… | langchain-experimental | 2023-10-09T20:15:00Z | 2025-02-23T07:46:11Z |
| pysec-2023-195 |
6.5 (3.1)
|
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1… | octoprint | 2023-10-09T16:15:00+00:00 | 2023-10-13T20:25:14.968230+00:00 |
| pysec-2023-193 |
4.8 (3.1)
|
Zope is an open-source web application server. The title property, available on most Zope… | zope | 2023-10-04T21:15:00+00:00 | 2023-10-10T20:21:16.174482+00:00 |
| pysec-2023-192 |
8.1 (3.1)
|
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Coo… | urllib3 | 2023-10-04T17:15:00+00:00 | 2023-10-10T14:28:19.389317+00:00 |
| pysec-2023-190 |
7.5 (3.1)
|
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) s… | asyncua | 2023-10-03T05:15:00+00:00 | 2023-10-04T18:37:48.407821+00:00 |
| pysec-2023-189 |
7.5 (3.1)
|
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication s… | asyncua | 2023-10-03T05:15:00+00:00 | 2023-10-04T18:37:48.328804+00:00 |
| pysec-2023-187 |
|
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration fil… | pretix | 2023-10-02T20:15:00+00:00 | 2023-10-02T22:26:51.461030+00:00 |
| pysec-2023-183 |
|
opencv-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulne… | opencv-python | 2023-09-29T21:15:28.039030+00:00 | |
| pysec-2023-184 |
|
opencv-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that … | opencv-python-headless | 2023-09-29T21:15:27.980982+00:00 | |
| pysec-2023-181 |
|
opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that a… | opencv-contrib-python | 2023-09-29T21:15:27.924031+00:00 | |
| pysec-2023-182 |
|
opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in whee… | opencv-contrib-python-headless | 2023-09-29T21:15:27.863960+00:00 | |
| pysec-2023-188 |
7.5 (3.1)
|
When deserializing untrusted or corrupted data, it is possible for a reader to consume me… | avro | 2023-09-29T17:15:00+00:00 | 2023-10-03T22:26:25.361706+00:00 |
| pysec-2023-186 |
8.8 (3.1)
|
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffwe… | rdiffweb | 2023-09-29T14:15:00+00:00 | 2023-10-02T20:24:26.790735+00:00 |
| pysec-2023-179 |
|
This affects versions of the package pydash before 6.0.0. A number of pydash methods such… | pydash | 2023-09-28T05:15:00+00:00 | 2023-09-28T10:29:02.604249+00:00 |
| pysec-2023-191 |
7.5 (3.1)
|
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function doe… | vyper | 2023-09-27T15:19:00+00:00 | 2023-10-04T20:26:42.494872+00:00 |
| pysec-2023-185 |
3.7 (3.1)
|
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foun… | matrix-synapse | 2023-09-27T15:19:00+00:00 | 2023-09-30T05:24:54.158504+00:00 |
| pysec-2023-180 |
4.3 (3.1)
|
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foun… | matrix-synapse | 2023-09-27T15:19:00+00:00 | 2023-09-29T20:23:39.578838+00:00 |
| pysec-2023-175 |
|
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to … | pillow | 2023-09-25T17:25:13.946374Z | |
| pysec-2023-177 |
|
An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges … | gevent | 2023-09-25T12:15:00+00:00 | 2023-09-25T14:28:09.019811+00:00 |
| pysec-2023-310 |
7.5 (3.1)
|
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NO… | mobsf | 2023-09-21T22:15:11+00:00 | 2025-04-09T17:27:26.663665+00:00 |
| pysec-2023-311 |
5.4 (3.1)
|
plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depen… | plone-namedfile | 2023-09-21T15:15:10+00:00 | 2025-04-09T17:27:27.153848+00:00 |
| pysec-2023-178 |
7.5 (3.1)
|
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. … | plone-rest | 2023-09-21T15:15:00Z | 2023-10-28T20:22:08.431825Z |
| pysec-2023-174 |
|
imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulner… | imagecodecs | 2023-09-20T05:12:42.403706+00:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-639 | Malicious code in connection-api-requests (PyPI) | 2026-02-02T06:49:31Z | 2026-02-02T06:49:31Z |
| mal-2026-638 | Malicious code in solhint-plugin-hyperlane (npm) | 2026-02-02T05:19:43Z | 2026-02-03T08:27:44Z |
| mal-2026-637 | Malicious code in launchdarkly-cpp-networking (npm) | 2026-02-02T05:19:43Z | 2026-02-03T03:16:52Z |
| mal-2026-636 | Malicious code in idv-script (npm) | 2026-02-02T05:19:43Z | 2026-02-04T05:37:04Z |
| mal-2026-635 | Malicious code in finnairshop (npm) | 2026-02-02T05:19:43Z | 2026-02-02T05:19:43Z |
| mal-2026-634 | Malicious code in eslint-config-minecraft-scripting (npm) | 2026-02-02T05:19:43Z | 2026-02-03T08:27:41Z |
| mal-2026-633 | Malicious code in cowsay-fancy (npm) | 2026-02-02T05:19:43Z | 2026-02-02T05:19:43Z |
| mal-2026-632 | Malicious code in cowsay-deluxe (npm) | 2026-02-02T05:19:43Z | 2026-02-02T05:19:43Z |
| mal-2026-631 | Malicious code in cowsay-caps (npm) | 2026-02-02T05:19:43Z | 2026-02-02T05:19:43Z |
| mal-2026-630 | Malicious code in cowsay-allcaps (npm) | 2026-02-02T05:19:43Z | 2026-02-02T05:19:43Z |
| mal-2026-629 | Malicious code in client-desktop-web-installer (npm) | 2026-02-02T05:19:43Z | 2026-02-02T05:19:43Z |
| mal-2026-628 | Malicious code in @casaverso/frontend-core (npm) | 2026-02-02T05:19:43Z | 2026-02-04T15:31:04Z |
| mal-2026-625 | Malicious code in hangimani (PyPI) | 2026-02-02T00:02:05Z | 2026-02-04T17:50:02Z |
| mal-2026-624 | Malicious code in hultine (PyPI) | 2026-02-01T21:00:48Z | 2026-02-01T21:00:48Z |
| mal-2026-621 | Malicious code in base-local-planner (PyPI) | 2026-02-01T19:14:02Z | 2026-02-01T19:27:08Z |
| mal-2026-623 | Malicious code in marshl (PyPI) | 2026-02-01T19:10:30Z | 2026-02-26T09:50:46Z |
| mal-2026-622 | Malicious code in genvia-utils (PyPI) | 2026-02-01T19:06:58Z | 2026-02-01T19:06:58Z |
| mal-2026-619 | Malicious code in colorss (PyPI) | 2026-02-01T10:28:48Z | 2026-02-01T11:10:26Z |
| mal-2026-620 | Malicious code in wandb-widget (PyPI) | 2026-02-01T10:15:33Z | 2026-02-01T10:15:33Z |
| mal-2026-618 | Malicious code in learning-curve-projects (PyPI) | 2026-01-31T19:19:08Z | 2026-01-31T19:23:36Z |
| mal-2026-617 | Malicious code in roots-cms-client (npm) | 2026-01-31T17:27:21Z | 2026-02-03T03:16:53Z |
| mal-2026-616 | Malicious code in c11dff444 (npm) | 2026-01-31T16:58:54Z | 2026-02-02T06:41:02Z |
| mal-2026-615 | Malicious code in teaser-nav (npm) | 2026-01-31T13:35:28Z | 2026-02-02T05:56:30Z |
| mal-2026-614 | Malicious code in mkdocs-dataopslive (PyPI) | 2026-01-31T02:09:30Z | 2026-01-31T02:09:33Z |
| mal-2026-612 | Malicious code in sharedclasses (npm) | 2026-01-30T23:47:34Z | 2026-02-02T05:56:30Z |
| mal-2026-613 | Malicious code in fastpi (PyPI) | 2026-01-30T23:26:42Z | 2026-01-30T23:30:09Z |
| mal-2026-611 | Malicious code in mbo-letters-cl (npm) | 2026-01-30T23:13:08Z | 2026-02-02T05:56:29Z |
| mal-2026-610 | Malicious code in snapshot-date (PyPI) | 2026-01-30T19:09:41Z | 2026-01-30T19:09:41Z |
| mal-2026-609 | Malicious code in euskalplantxa (npm) | 2026-01-30T15:31:12Z | 2026-02-02T05:56:27Z |
| mal-2026-608 | Malicious code in ezviz-shop-mall (npm) | 2026-01-30T13:08:07Z | 2026-02-02T05:56:27Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-elk-2025-25009 | Kibana Cross-Site Scripting (XSS) | 2025-10-09T08:39:52.493Z | 2025-11-06T13:25:46.476Z |
| bit-valkey-2025-46819 | Redis is vulnerable to DoS via specially crafted LUA scripts | 2025-10-08T08:52:39.220Z | 2025-11-06T13:25:46.476Z |
| bit-valkey-2025-46818 | Redis: Authenticated users can execute LUA scripts as a different user | 2025-10-08T08:52:37.720Z | 2025-11-06T13:25:46.476Z |
| bit-valkey-2025-46817 | Lua library commands may lead to integer overflow and potential RCE | 2025-10-08T08:52:36.400Z | 2025-11-13T11:23:28.166Z |
| bit-redis-2025-46819 | Redis is vulnerable to DoS via specially crafted LUA scripts | 2025-10-08T08:51:28.594Z | 2025-11-06T13:25:46.476Z |
| bit-redis-2025-46818 | Redis: Authenticated users can execute LUA scripts as a different user | 2025-10-08T08:51:27.125Z | 2025-10-11T09:07:57.990Z |
| bit-redis-2025-46817 | Lua library commands may lead to integer overflow and potential RCE | 2025-10-08T08:51:25.578Z | 2025-11-13T11:23:28.166Z |
| bit-keydb-2025-46819 | Redis is vulnerable to DoS via specially crafted LUA scripts | 2025-10-08T08:43:23.522Z | 2025-11-06T13:25:46.476Z |
| bit-keydb-2025-46818 | Redis: Authenticated users can execute LUA scripts as a different user | 2025-10-08T08:43:21.875Z | 2025-10-11T09:07:57.990Z |
| bit-keydb-2025-46817 | Lua library commands may lead to integer overflow and potential RCE | 2025-10-08T08:43:20.393Z | 2025-11-13T11:23:28.166Z |
| bit-django-2025-59681 | 2025-10-08T08:40:24.312Z | 2025-11-06T13:25:46.476Z | |
| bit-tensorflow-2025-55559 | 2025-10-05T23:59:43.523Z | 2025-10-06T00:06:00.502Z | |
| bit-tensorflow-2025-55556 | 2025-10-05T23:59:42.019Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-55558 | 2025-10-05T23:47:59.108Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-55557 | 2025-10-05T23:47:57.792Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-55554 | 2025-10-05T23:47:56.493Z | 2025-10-16T00:08:58.048Z | |
| bit-pytorch-2025-55553 | 2025-10-05T23:47:55.078Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-55552 | 2025-10-05T23:47:53.725Z | 2025-10-16T00:08:58.048Z | |
| bit-pytorch-2025-55551 | 2025-10-05T23:47:52.236Z | 2025-10-16T00:08:58.048Z | |
| bit-pytorch-2025-46153 | 2025-10-05T23:47:50.900Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-46152 | 2025-10-05T23:47:49.619Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-46150 | 2025-10-05T23:47:48.186Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-46149 | 2025-10-05T23:47:46.869Z | 2025-10-06T00:06:00.502Z | |
| bit-pytorch-2025-46148 | 2025-10-05T23:47:45.481Z | 2025-10-06T00:06:00.502Z | |
| bit-mongodb-2025-7259 | Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash | 2025-10-05T23:44:19.761Z | 2025-10-06T00:06:00.502Z |
| bit-mongodb-2025-6714 | Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections | 2025-10-05T23:44:18.162Z | 2025-10-06T00:06:00.502Z |
| bit-mongodb-2025-6713 | MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage | 2025-10-05T23:44:16.574Z | 2025-10-06T00:06:00.502Z |
| bit-mongodb-2025-6712 | MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation | 2025-10-05T23:44:14.958Z | 2025-10-06T00:06:00.502Z |
| bit-mongodb-2025-6711 | Incomplete Redaction of Sensitive Information in MongoDB Server Logs | 2025-10-05T23:44:13.320Z | 2025-10-06T00:06:00.502Z |
| bit-discourse-2025-59337 | Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments | 2025-10-05T23:41:00.220Z | 2025-10-06T00:06:00.502Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2018-067 | 2018-10-17T16:29:08.000Z | 2023-08-11T21:21:48.000Z | |
| drupal-contrib-2018-059 | 2018-09-05T17:22:50.000Z | 2023-08-11T21:18:37.000Z | |
| drupal-contrib-2018-057 | 2018-08-29T16:26:33.000Z | 2023-08-11T21:25:35.000Z | |
| drupal-contrib-2018-055 | 2018-08-08T17:14:32.000Z | 2023-08-11T21:24:54.000Z | |
| drupal-contrib-2018-040 | 2018-06-06T13:05:27.000Z | 2023-08-11T21:31:17.000Z | |
| drupal-contrib-2018-039 | 2018-06-06T13:01:46.000Z | 2023-08-11T21:29:11.000Z | |
| drupal-contrib-2018-038 | 2018-06-06T12:58:31.000Z | 2023-08-11T21:28:55.000Z | |
| drupal-contrib-2018-027 | 2018-05-09T20:28:16.000Z | 2023-08-11T21:40:01.000Z | |
| drupal-contrib-2018-025 | 2018-05-09T14:16:32.000Z | 2023-08-11T21:39:24.000Z | |
| drupal-contrib-2018-021 | 2018-04-25T17:43:28.000Z | 2023-08-11T21:38:48.000Z | |
| drupal-contrib-2018-022 | 2018-04-25T17:37:20.000Z | 2023-08-11T21:38:26.000Z | |
| drupal-contrib-2018-018 | 2018-04-18T15:45:18.000Z | 2023-08-11T21:35:30.000Z | |
| drupal-contrib-2018-017 | 2018-03-21T17:05:41.000Z | 2023-08-11T21:44:22.000Z | |
| drupal-contrib-2018-016 | 2018-03-21T16:59:32.000Z | 2023-08-11T21:44:04.000Z | |
| drupal-contrib-2018-015 | 2018-02-21T20:12:22.000Z | 2023-08-11T21:43:40.000Z | |
| drupal-contrib-2018-014 | 2018-02-21T19:04:59.000Z | 2023-08-11T21:43:18.000Z | |
| drupal-contrib-2018-008 | 2018-02-07T18:45:12.000Z | 2023-08-11T21:41:56.000Z | |
| drupal-contrib-2018-002 | 2018-01-10T18:02:19.000Z | 2023-08-11T21:46:04.000Z | |
| drupal-contrib-2018-001 | 2018-01-10T17:57:53.000Z | 2023-08-11T21:45:33.000Z | |
| drupal-contrib-2017-094 | 2017-12-20T14:12:47.000Z | 2023-08-21T13:28:00.000Z | |
| drupal-contrib-2017-091 | 2017-12-06T18:44:03.000Z | 2023-08-21T13:26:56.000Z | |
| drupal-contrib-2017-083 | 2017-11-08T17:22:08.000Z | 2023-08-21T13:31:18.000Z | |
| drupal-contrib-2017-082 | 2017-11-08T17:16:30.000Z | 2023-08-21T13:31:01.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-002050 | Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers | 2024-02-07T15:39+09:00 | 2024-03-08T18:05+09:00 |
| jvndb-2024-001882 | Sharp NEC Display Solutions' public displays vulnerable to local file inclusion | 2024-02-07T14:25+09:00 | 2024-07-11T14:27+09:00 |
| jvndb-2020-013805 | Zeroshell vulnerable to OS command injection | 2024-02-07T13:38+09:00 | 2024-02-07T13:38+09:00 |
| jvndb-2024-001804 | Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2 | 2024-02-06T15:02+09:00 | 2024-03-11T17:32+09:00 |
| jvndb-2024-001785 | Incorrect permission assignment vulnerability in Trend Micro uiAirSupport | 2024-02-06T14:46+09:00 | 2024-03-11T17:42+09:00 |
| jvndb-2024-000017 | Cybozu KUNAI for Android vulnerable to denial-of-service (DoS) | 2024-02-06T13:25+09:00 | 2024-06-27T13:28+09:00 |
| jvndb-2024-001462 | File and Directory Permissions Vulnerability in Hitachi Tuning Manager | 2024-02-05T14:54+09:00 | 2024-02-05T14:54+09:00 |
| jvndb-2024-000016 | Group Office vulnerable to cross-site scripting | 2024-02-01T13:48+09:00 | 2024-03-11T18:04+09:00 |
| jvndb-2024-000015 | Payment EX vulnerable to information disclosure | 2024-02-01T13:41+09:00 | 2024-03-11T17:42+09:00 |
| jvndb-2024-001161 | Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services | 2024-01-31T16:01+09:00 | 2024-01-31T16:01+09:00 |
| jvndb-2024-001160 | File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter | 2024-01-31T15:25+09:00 | 2024-03-11T17:41+09:00 |
| jvndb-2024-001062 | Yamaha wireless LAN access point devices vulnerable to active debug code | 2024-01-24T17:16+09:00 | 2024-03-13T17:24+09:00 |
| jvndb-2024-001061 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-01-24T17:16+09:00 | 2025-02-13T14:31+09:00 |
| jvndb-2024-000014 | Oracle WebLogic Server vulnerable to HTTP header injection | 2024-01-24T13:53+09:00 | 2024-01-24T13:53+09:00 |
| jvndb-2024-000005 | "Mercari" App for Android fails to restrict custom URL schemes properly | 2024-01-24T13:46+09:00 | 2024-03-04T18:01+09:00 |
| jvndb-2024-000008 | Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" | 2024-01-23T16:57+09:00 | 2024-03-13T17:40+09:00 |
| jvndb-2024-000013 | Android App "Spoon" uses a hard-coded API key for an external service | 2024-01-23T16:53+09:00 | 2024-03-14T17:44+09:00 |
| jvndb-2024-000010 | Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)" | 2024-01-23T15:25+09:00 | 2024-03-14T17:33+09:00 |
| jvndb-2024-000009 | Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense | 2024-01-23T15:13+09:00 | 2024-03-13T17:46+09:00 |
| jvndb-2024-000012 | Access analysis CGI An-Analyzer vulnerable to open redirect | 2024-01-22T15:57+09:00 | 2024-03-13T17:34+09:00 |
| jvndb-2024-000011 | Multiple vulnerabilities in a-blog cms | 2024-01-22T15:08+09:00 | 2024-03-13T17:50+09:00 |
| jvndb-2024-000006 | FusionPBX vulnerable to cross-site scripting | 2024-01-19T12:30+09:00 | 2024-03-12T17:31+09:00 |
| jvndb-2024-000007 | Multiple Dahua Technology products vulnerable to authentication bypass | 2024-01-18T13:43+09:00 | 2024-07-11T16:10+09:00 |
| jvndb-2024-000004 | Drupal vulnerable to improper handling of structural elements | 2024-01-16T13:41+09:00 | 2024-03-12T17:33+09:00 |
| jvndb-2024-000003 | Pleasanter vulnerable to cross-site scripting | 2024-01-15T15:59+09:00 | 2024-01-15T15:59+09:00 |
| jvndb-2024-000002 | Thermal camera TMC series vulnerable to insufficient technical documentation | 2024-01-15T15:19+09:00 | 2024-03-11T18:17+09:00 |
| jvndb-2024-000001 | Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin" | 2024-01-12T13:51+09:00 | 2024-03-14T12:28+09:00 |
| jvndb-2024-001002 | Multiple TP-Link products vulnerable to OS command injection | 2024-01-10T13:57+09:00 | 2024-03-14T13:52+09:00 |
| jvndb-2024-001001 | Multiple vulnerabilities in Panasonic Control FPWIN Pro7 | 2024-01-10T13:46+09:00 | 2024-01-10T13:46+09:00 |
| jvndb-2023-000126 | Multiple vulnerabilities in PowerCMS | 2023-12-26T16:46+09:00 | 2024-03-18T17:58+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-00829 | Student File Management System login_query.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-05 |
| cnvd-2026-00828 | Student File Management System /delete_student.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-05 |
| cnvd-2026-00827 | Prison Management System search1.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-06 |
| cnvd-2026-00826 | Prison Management System search.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-06 |
| cnvd-2026-00825 | Online Appointment Booking System deletemanager.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-06 |
| cnvd-2026-00794 | UTT 进取 512W内存损坏漏洞 | 2025-12-25 | 2026-01-08 |
| cnvd-2026-00694 | Computer Laboratory System文件上传漏洞 | 2025-12-25 | 2026-01-07 |
| cnvd-2026-00677 | WordPress插件VikBooking Hotel Booking Engine & PMS信息泄露漏洞 | 2025-12-25 | 2026-01-07 |
| cnvd-2026-00676 | WordPress插件Ultimate Member Widgets for Elementor信息泄露漏洞 | 2025-12-25 | 2026-01-07 |
| cnvd-2026-00675 | WordPress插件Restaurant Menu by MotoPress信息泄露漏洞 | 2025-12-25 | 2026-01-07 |
| cnvd-2026-00012 | Microsoft Azure Cosmos DB欺骗漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00011 | Microsoft Azure Cognitive Service for Language权限提升漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00010 | Microsoft Edge (Chromium-based)欺骗漏洞(CNVD-2026-00010) | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00009 | WordPress插件MasterStudy LMS Pro信息泄露漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00008 | WordPress插件Follow My Blog Post息泄露漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00007 | Apache StreamPark安全绕过漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00006 | Apache Fineract信息泄露漏洞(CNVD-2026-00006) | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00005 | Apache Fineract信息泄露漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00004 | Apache Fineract安全绕过漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00003 | Apache Airflow信息泄露漏洞(CNVD-2026-00003) | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00002 | WordPress插件myCred信息泄露漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2026-00001 | WordPress插件Appointment Booking Calendar信息泄露漏洞 | 2025-12-25 | 2026-01-04 |
| cnvd-2025-31388 | Apache StreamPark弱算法漏洞 | 2025-12-25 | 2025-12-25 |
| cnvd-2025-31387 | Apache HugeGraph-Server反序列化漏洞 | 2025-12-25 | 2025-12-25 |
| cnvd-2026-06416 | 深圳市广联智通科技有限公司AR300M16路由器存在命令执行漏洞(CNVD-C-2025-1171570) | 2025-12-24 | 2026-02-07 |
| cnvd-2026-06411 | 杭州飞致云信息科技有限公司SQLBot存在命令执行漏洞 | 2025-12-24 | 2026-02-01 |
| cnvd-2026-07559 | WordPress Brizy – Page Builder plugin信息泄露漏洞 | 2025-12-22 | 2026-01-28 |
| cnvd-2026-07558 | WordPress插件Ultimate Auction信息泄露漏洞 | 2025-12-22 | 2026-01-28 |
| cnvd-2026-07557 | WordPress插件SendPulse Email Marketing Newsletter信息泄露漏洞 | 2025-12-22 | 2026-01-28 |
| cnvd-2026-07556 | WordPress插件Export WP Page to Static HTML & PDF信息泄露漏洞 | 2025-12-22 | 2026-01-28 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01273 | Уязвимость функции smb2_reconnect_server() модуля fs/smb/client/smb2pdu.c поддержки клие… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01272 | Уязвимость функции amd_iommu_report_page_fault() модуля drivers/iommu/amd/iommu.c драйвер… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01271 | Уязвимость функции parse_features() модуля drivers/md/dm-flakey.c драйвера нескольких уст… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01270 | Уязвимость функции mt7921_usb_sdio_tx_prepare_skb() модуля drivers/net/wireless/mediatek/… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01269 | Уязвимость функции txBegin() модуля fs/jfs/jfs_txnmgr.c файловой системы JFS ядра операци… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01268 | Уязвимость функции btracker_destroy() модуля drivers/md/dm-cache-background-tracker.c дра… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01267 | Уязвимость функции usbtmc_ioctl_request() модуля drivers/usb/class/usbtmc.c драйвера устр… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01266 | Уязвимость функции brcmf_set_pmk() модуля drivers/net/wireless/broadcom/brcm80211/brcmfma… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01265 | Уязвимость функции nfs_set_pgio_error() модуля fs/nfs/pagelist.c поддержки клиентов NFS я… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01264 | Уязвимость функции alloc_event_waiters() модуля drivers/gpu/drm/amd/amdkfd/kfd_events.c д… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01263 | Уязвимость функции vmbus_bus_init() модуля drivers/hv/vmbus_drv.c драйвера поддержки гост… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01262 | Уязвимость функции longhaul_exit() модуля drivers/cpufreq/longhaul.c драйвера масштабиров… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01261 | Уязвимость функции dcn401_init_hw() модуля drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01260 | Уязвимость функции hci_conn_complete_evt() модуля net/bluetooth/hci_event.c ядра операцио… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01259 | Уязвимость функции binder_inc_ref_for_node() модуля drivers/android/binder.c драйвера свя… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01258 | Уязвимость функции pm8001_chip_fw_flash_update_req() модуля drivers/scsi/pm8001/pm8001_hw… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01257 | Уязвимость функции interrupt_preinit_v3_hw() модуля drivers/scsi/hisi_sas/hisi_sas_v3_hw.… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01256 | Уязвимость функции ill_acc_of_setup() модуля arch/mips/ralink/ill_acc.c поддержки архитек… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01255 | Уязвимость функции gc_worker_can_early_drop() модуля net/netfilter/nf_conntrack_core.c ко… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01254 | Уязвимость функции _nfs42_proc_copy_notify() модуля fs/nfs/nfs42proc.c поддержки клиентов… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01253 | Уязвимость функций init() и fini() модуля drivers/char/virtio_console.c драйвера поддержк… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01252 | Уязвимость функции ext4_bmap() модуля fs/ext4/inode.c файловой системы Ext4 ядра операцио… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01251 | Уязвимость функции exfat_find() модуля fs/exfat/namei.c файловой системы exFAT ядра опера… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01250 | Уязвимость функции virtio_net_hdr_to_skb() модуля include/linux/virtio_net.h ядра операци… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01249 | Уязвимость функции asm () модуля kernel/kheaders.c ядра операционной системы Linux, позво… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01248 | Уязвимость функции ffa_device_remove() модуля drivers/firmware/arm_ffa/bus.c драйвера про… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01247 | Уязвимость функции batch_clear_carry() модуля drivers/iommu/iommufd/pages.c драйвера IOMM… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01246 | Уязвимость функции ext4_xattr_move_to_block() модуля fs/ext4/xattr.c файловой системы Ext… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01245 | Уязвимость функции ssif_info_find() модуля drivers/char/ipmi/ipmi_ssif.c драйвера алфавит… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01244 | Уязвимость функции gl861_i2c_master_xfer() модуля drivers/media/usb/dvb-usb-v2/gl861.c д… | 05.02.2026 | 05.02.2026 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0940 | Vulnérabilité dans Liferay | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0939 | Multiples vulnérabilités dans les produits Splunk | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0938 | Multiples vulnérabilités dans les produits VMware | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0937 | Multiples vulnérabilités dans Google Chrome | 2025-10-30T00:00:00.000000 | 2025-10-30T00:00:00.000000 |
| certfr-2025-avi-0936 | Multiples vulnérabilités dans Mattermost Server | 2025-10-29T00:00:00.000000 | 2025-12-01T00:00:00.000000 |
| certfr-2025-avi-0935 | Multiples vulnérabilités dans les produits VMware | 2025-10-29T00:00:00.000000 | 2025-10-29T00:00:00.000000 |
| certfr-2025-avi-0934 | Vulnérabilité dans les produits Mozilla | 2025-10-29T00:00:00.000000 | 2025-10-29T00:00:00.000000 |
| certfr-2025-avi-0933 | Multiples vulnérabilités dans Apache Tomcat | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0932 | Multiples vulnérabilités dans Liferay | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0931 | Vulnérabilité dans StrongSwan | 2025-10-28T00:00:00.000000 | 2025-10-28T00:00:00.000000 |
| certfr-2025-avi-0930 | Vulnérabilité dans Microsoft Windows Server Update Service | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0929 | Vulnérabilité dans le client VPN de TheGreenBow | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0928 | Vulnérabilité dans Microsoft Configuration Manager | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0927 | Vulnérabilité dans Xen | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0926 | Vulnérabilité dans le pilote ODBC de MongoDB | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0925 | Vulnérabilité dans les produits Belden | 2025-10-27T00:00:00.000000 | 2025-10-27T00:00:00.000000 |
| certfr-2025-avi-0924 | Multiples vulnérabilités dans les produits IBM | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0923 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0922 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0921 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0920 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0919 | Multiples vulnérabilités dans Microsoft Azure | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0918 | Multiples vulnérabilités dans Liferay | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0917 | Multiples vulnérabilités dans les produits Moxa | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0916 | Vulnérabilité dans le pilote MongoDB Pilote Atlas SQL ODBC | 2025-10-24T00:00:00.000000 | 2025-10-24T00:00:00.000000 |
| certfr-2025-avi-0915 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0914 | Multiples vulnérabilités dans les produits Centreon | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0913 | Multiples vulnérabilités dans ISC BIND | 2025-10-23T00:00:00.000000 | 2025-10-23T00:00:00.000000 |
| certfr-2025-avi-0912 | Vulnérabilité dans SolarWinds Observability | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0911 | Multiples vulnérabilités dans Oracle Weblogic | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2024-679 | Heap-buffer-overflow in readImage4v2 | 2024-07-25T00:14:34.485446Z | 2026-02-14T14:21:51.563139Z |
| osv-2024-678 | Use-of-uninitialized-value in FLAC__replaygain_synthesis__apply_gain | 2024-07-25T00:09:08.389428Z | 2025-02-11T14:21:01.793416Z |
| osv-2024-677 | Segv on unknown address in gs_gc_reclaim | 2024-07-25T00:06:43.762625Z | 2025-09-09T14:37:05.973820Z |
| osv-2024-675 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-07-24T00:07:37.523933Z | 2026-01-13T04:45:52.716176Z |
| osv-2024-668 | Security exception in jflex.core.NFA.insertNFA | 2024-07-20T00:01:48.807354Z | 2024-07-20T00:01:48.807879Z |
| osv-2024-664 | Heap-buffer-overflow in gf_dash_group_get_template | 2024-07-18T00:13:55.576218Z | 2026-02-05T14:31:14.693832Z |
| osv-2024-662 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-07-18T00:06:40.832938Z | 2026-01-13T04:48:14.077313Z |
| osv-2024-661 | Security exception in java.base/java.util.ArrayList.<init> | 2024-07-18T00:05:57.665844Z | 2025-12-01T14:21:01.321021Z |
| osv-2024-659 | Index-out-of-bounds in gf_vvc_parse_nalu_bs | 2024-07-18T00:01:18.765548Z | 2026-02-05T14:30:28.253307Z |
| osv-2024-655 | Stack-buffer-overflow in UnrollChunkyBytes | 2024-07-17T00:06:15.877340Z | 2025-05-23T07:44:18.608203Z |
| osv-2024-641 | Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr | 2024-07-14T00:06:37.034414Z | 2026-02-06T14:17:23.672112Z |
| osv-2024-640 | Null-dereference READ | 2024-07-13T00:15:12.997693Z | 2024-07-13T00:15:12.998025Z |
| osv-2024-638 | Heap-buffer-overflow in ih264d_format_convert | 2024-07-13T00:12:13.793261Z | 2024-07-16T14:18:45.507955Z |
| osv-2024-637 | Heap-buffer-overflow in ih264d_format_convert | 2024-07-13T00:08:20.097992Z | 2024-07-16T14:17:43.815608Z |
| osv-2024-636 | Null-dereference READ in evp_mac_final | 2024-07-13T00:04:18.446520Z | 2024-07-13T00:04:18.446812Z |
| osv-2024-635 | Null-dereference READ in do_evp_kdf | 2024-07-13T00:03:44.593921Z | 2024-07-13T00:03:44.594307Z |
| osv-2024-634 | Heap-buffer-overflow in htmlCurrentChar | 2024-07-13T00:03:44.049545Z | 2024-07-13T00:03:44.049863Z |
| osv-2024-627 | Heap-buffer-overflow in gf_hevc_parse_nalu_bs | 2024-07-12T00:01:41.960899Z | 2024-07-12T00:01:41.961272Z |
| osv-2024-602 | Heap-buffer-overflow in ultrahdr::getYuv420Pixel | 2024-06-29T00:09:20.554523Z | 2024-06-29T00:09:20.554958Z |
| osv-2024-592 | UNKNOWN READ in spvtools::disassemble::InstructionDisassembler::EmitInstruction | 2024-06-27T00:03:46.520119Z | 2025-01-10T05:00:09.280885Z |
| osv-2024-577 | Heap-use-after-free in sputs | 2024-06-22T00:14:08.186738Z | 2024-06-22T00:14:08.187320Z |
| osv-2024-575 | UNKNOWN READ in H5SL_remove | 2024-06-20T00:03:37.435999Z | 2024-06-20T00:03:37.436551Z |
| osv-2024-574 | Heap-buffer-overflow in spvtools::disassemble::InstructionDisassembler::EmitInstruction | 2024-06-19T00:15:01.983925Z | 2024-06-25T14:22:08.649397Z |
| osv-2024-567 | Security exception in jflex.core.NFA.insertNFA | 2024-06-16T00:06:55.824759Z | 2024-06-16T00:06:55.825276Z |
| osv-2024-555 | Heap-buffer-overflow in ArduinoJson::V704HB22::detail::MsgPackDeserializer<ArduinoJson::V704HB22::detail | 2024-06-13T00:06:28.782972Z | 2024-06-28T14:18:08.360826Z |
| osv-2024-552 | UNKNOWN READ in ndpi_search_zoom | 2024-06-12T00:12:06.312903Z | 2024-06-12T00:12:06.313282Z |
| osv-2024-551 | Heap-buffer-overflow in mz_zip_mem_read_func | 2024-06-12T00:06:30.075962Z | 2024-06-12T00:06:30.076324Z |
| osv-2024-550 | Heap-buffer-overflow in mz_zip_mem_read_func | 2024-06-12T00:06:02.418206Z | 2024-06-12T00:06:02.418563Z |
| osv-2024-548 | Use-of-uninitialized-value in icalmemory_strdup | 2024-06-12T00:00:26.364017Z | 2024-06-12T00:00:26.364669Z |
| osv-2024-539 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-06-07T00:08:30.308579Z | 2024-07-16T14:19:14.406686Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2022-0077 | `claim` is Unmaintained | 2022-12-04T12:00:00Z | 2023-02-04T10:58:43Z |
| rustsec-2022-0074 | Force cast a &Vec<T> to &[T] | 2022-12-02T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0080 | parity-util-mem Unmaintained | 2022-11-30T12:00:00Z | 2023-01-16T09:26:23Z |
| rustsec-2022-0070 | Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code | 2022-11-30T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0069 | Improper validation of Windows paths could lead to directory traversal attack | 2022-11-30T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0068 | out-of-bounds read possible when setting list-of-pointers | 2022-11-30T12:00:00Z | 2022-11-30T22:16:39Z |
| rustsec-2022-0094 | Mimalloc Can Allocate Memory with Bad Alignment | 2022-11-23T12:00:00Z | 2025-10-28T06:02:18Z |
| rustsec-2022-0089 | `aliyun-oss-client` secret exposure | 2022-11-19T12:00:00Z | 2023-02-07T22:07:40Z |
| rustsec-2022-0076 | Bug in Wasmtime implementation of pooling instance allocator | 2022-11-10T12:00:00Z | 2023-03-15T23:49:40Z |
| rustsec-2022-0075 | Bug in pooling instance allocator | 2022-11-10T12:00:00Z | 2023-01-14T00:56:30Z |
| rustsec-2022-0097 | Out of bounds write in `wasmtime_trap_code` C API function | 2022-11-07T12:00:00Z | 2025-05-02T08:23:27Z |
| rustsec-2022-0102 | Out of bounds read/write with zero-memory-pages configuration | 2022-11-05T12:00:00Z | 2025-05-02T08:23:27Z |
| rustsec-2022-0098 | Data leakage between instances in the pooling allocator | 2022-11-05T12:00:00Z | 2025-05-02T08:23:27Z |
| rustsec-2022-0065 | X.509 Email Address Variable Length Buffer Overflow | 2022-11-01T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0064 | X.509 Email Address 4-byte Buffer Overflow | 2022-11-01T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0079 | ELF header parsing library doesn't check for valid offset | 2022-10-31T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0066 | Denial of Service from unchecked request length | 2022-10-30T12:00:00Z | 2022-11-02T22:38:38Z |
| rustsec-2022-0083 | evm incorrect state transition | 2022-10-25T12:00:00Z | 2023-02-02T11:20:42Z |
| rustsec-2022-0062 | matrix-sdk 0.6.0 logs access tokens | 2022-10-24T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0067 | Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value` | 2022-10-22T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0060 | orbtk is Unmaintained | 2022-10-13T12:00:00Z | 2022-10-19T01:14:12Z |
| rustsec-2022-0059 | Using a Custom Cipher with `NID_undef` may lead to NULL encryption | 2022-10-11T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0087 | Slack Webhooks secrets leak in debug logs | 2022-10-10T12:00:00Z | 2023-02-02T11:45:24Z |
| rustsec-2022-0061 | Crate `parity-wasm` deprecated by the author | 2022-10-01T12:00:00Z | 2022-10-23T11:05:06Z |
| rustsec-2022-0085 | matrix-sdk Impersonation of room keys | 2022-09-29T12:00:00Z | 2023-02-02T11:35:31Z |
| rustsec-2022-0058 | Library exclusively intended to inject UB into safe Rust. | 2022-09-28T12:00:00Z | 2022-10-11T10:32:22Z |
| rustsec-2022-0091 | `tauri` filesystem scope partial bypass | 2022-09-19T12:00:00Z | 2023-02-25T15:16:50Z |
| rustsec-2022-0063 | Multiple vulnerabilities resulting in out-of-bounds writes | 2022-09-07T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0057 | badge is Unmaintained | 2022-08-31T12:00:00Z | 2023-02-09T03:11:29Z |
| rustsec-2022-0055 | No default limit put on request bodies | 2022-08-31T12:00:00Z | 2023-06-13T13:10:24Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2025:17398 | Moderate: kernel-rt security update | 2025-10-06T00:00:00Z | 2025-10-08T10:05:33Z |
| alsa-2025:17397 | Moderate: kernel security update | 2025-10-06T00:00:00Z | 2025-10-08T10:24:28Z |
| alsa-2025:17396 | Moderate: kernel security update | 2025-10-06T00:00:00Z | 2025-10-09T07:54:11Z |
| alsa-2025:17377 | Moderate: kernel security update | 2025-10-06T00:00:00Z | 2025-10-09T07:42:18Z |
| alsa-2025:17163 | Moderate: perl-JSON-XS security update | 2025-10-01T00:00:00Z | 2025-10-20T12:34:11Z |
| alsa-2025:17162 | Moderate: perl-JSON-XS security update | 2025-10-01T00:00:00Z | 2025-10-20T12:33:11Z |
| alsa-2025:17129 | Important: idm:DL1 security update | 2025-10-01T00:00:00Z | 2025-10-03T08:44:05Z |
| alsa-2025:17119 | Moderate: perl-JSON-XS security update | 2025-09-30T00:00:00Z | 2025-10-01T12:21:59Z |
| alsa-2025:17084 | Important: ipa security update | 2025-09-30T00:00:00Z | 2025-10-22T13:15:47Z |
| alsa-2025:16920 | Moderate: kernel-rt security update | 2025-09-29T00:00:00Z | 2025-10-01T08:47:05Z |
| alsa-2025:16919 | Moderate: kernel security update | 2025-09-29T00:00:00Z | 2025-10-01T09:28:42Z |
| alsa-2025:16904 | Moderate: kernel security update | 2025-09-29T00:00:00Z | 2025-10-03T09:19:26Z |
| alsa-2025:16880 | Moderate: kernel security update | 2025-09-29T00:00:00Z | 2025-10-01T09:18:26Z |
| alsa-2025:16861 | Moderate: mysql:8.0 security update | 2025-09-29T00:00:00Z | 2025-10-01T08:52:50Z |
| alsa-2025:16823 | Moderate: openssh security update | 2025-09-25T00:00:00Z | 2025-10-01T08:38:24Z |
| alsa-2025:16589 | Important: thunderbird security update | 2025-09-24T00:00:00Z | 2025-09-25T15:05:39Z |
| alsa-2025:16441 | Moderate: avahi security update | 2025-09-23T00:00:00Z | 2025-09-29T08:38:23Z |
| alsa-2025:16432 | Moderate: opentelemetry-collector security update | 2025-09-23T00:00:00Z | 2025-09-29T09:41:45Z |
| alsa-2025:16428 | Moderate: libtpms security update | 2025-09-23T00:00:00Z | 2025-09-29T08:40:24Z |
| alsa-2025:16398 | Moderate: kernel security update | 2025-09-22T00:00:00Z | 2025-09-29T08:44:37Z |
| alsa-2025:16373 | Moderate: kernel-rt security update | 2025-09-22T00:00:00Z | 2025-09-24T11:00:38Z |
| alsa-2025:16372 | Moderate: kernel security update | 2025-09-22T00:00:00Z | 2025-09-24T11:04:13Z |
| alsa-2025:16354 | Moderate: kernel security update | 2025-09-22T00:00:00Z | 2025-09-29T09:27:52Z |
| alsa-2025:16260 | Important: firefox security update | 2025-09-22T00:00:00Z | 2025-09-25T15:01:51Z |
| alsa-2025:16157 | Important: thunderbird security update | 2025-09-18T00:00:00Z | 2025-09-26T09:47:50Z |
| alsa-2025:16156 | Important: thunderbird security update | 2025-09-18T00:00:00Z | 2025-09-26T11:14:21Z |
| alsa-2025:16154 | Moderate: grub2 security update | 2025-09-18T00:00:00Z | 2025-09-25T11:34:59Z |
| alsa-2025:16116 | Moderate: gnutls security, bug fix, and enhancement update | 2025-09-17T00:00:00Z | 2025-09-29T08:47:08Z |
| alsa-2025:16115 | Moderate: gnutls security, bug fix, and enhancement update | 2025-09-17T00:00:00Z | 2025-09-18T08:34:55Z |
| alsa-2025:16109 | Important: firefox security update | 2025-09-17T00:00:00Z | 2025-09-25T15:04:05Z |