Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27645 |
6.1 (3.1)
|
changedetection.io Vulnerable to Reflected XSS in RSS … |
dgtlmoon |
changedetection.io |
2026-02-25T04:06:58.183Z | 2026-02-25T14:55:58.413Z |
| CVE-2026-27624 |
7.2 (3.1)
|
Coturn: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses deni… |
coturn |
coturn |
2026-02-25T04:04:17.009Z | 2026-02-25T15:09:21.716Z |
| CVE-2026-3149 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
itsourcecode College Management System asign-single-st… |
itsourcecode |
College Management System |
2026-02-25T04:02:18.965Z | 2026-02-25T15:10:12.905Z |
| CVE-2026-3148 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
SourceCodester Simple and Nice Shopping Cart Script si… |
SourceCodester |
Simple and Nice Shopping Cart Script |
2026-02-25T04:02:12.325Z | 2026-02-25T21:14:25.878Z |
| CVE-2026-27597 |
10 (3.1)
|
@enclave-vm/core is vulnerable to Sandbox Escape |
agentfront |
enclave |
2026-02-25T03:56:25.927Z | 2026-02-25T21:13:32.747Z |
| CVE-2026-27641 |
9.8 (3.1)
|
Flask-Reuploaded vulnerable to Remote Code Execution v… |
jugmac00 |
flask-reuploaded |
2026-02-25T03:54:54.391Z | 2026-02-25T21:12:45.608Z |
| CVE-2026-27640 |
8.5 (4.0)
|
tfplan2md has Sensitive Value Exposure in Generated Reports |
oocx |
tfplan2md |
2026-02-25T03:52:26.615Z | 2026-02-25T21:21:08.940Z |
| CVE-2026-27627 |
8.2 (3.1)
|
Karakeep's Reddit plugin content bypasses DOMPurify sa… |
karakeep-app |
karakeep |
2026-02-25T03:48:07.431Z | 2026-02-25T21:20:03.257Z |
| CVE-2026-27639 |
8.5 (4.0)
|
Mercator vulnerable to stored XSS via unescaped Blade … |
dbarzin |
mercator |
2026-02-25T03:44:26.241Z | 2026-02-25T15:20:41.753Z |
| CVE-2026-27636 |
8.8 (3.1)
|
FreeScout: Missing .htaccess in Restricted File Extens… |
freescout-help-desk |
freescout |
2026-02-25T03:41:33.166Z | 2026-02-25T15:25:24.822Z |
| CVE-2026-27637 |
9.8 (3.1)
|
FreeScout's Predictable Authentication Token Enables A… |
freescout-help-desk |
freescout |
2026-02-25T03:41:23.478Z | 2026-02-25T15:21:52.817Z |
| CVE-2026-3147 |
4.8 (4.0)
5.3 (3.1)
5.3 (3.0)
|
libvips csvload.c vips_foreign_load_csv_build heap-bas… |
n/a |
libvips |
2026-02-25T03:32:09.025Z | 2026-02-25T15:32:34.675Z |
| CVE-2026-27743 |
9.3 (4.0)
9.8 (3.1)
|
SPIP referer_spam <= 1.2.1 Unauthenticated SQL Injection |
SPIP |
referer_spam |
2026-02-25T03:08:39.325Z | 2026-02-26T19:55:07.890Z |
| CVE-2026-27744 |
9.3 (4.0)
9.8 (3.1)
|
SPIP tickets < 4.3.3 Unauthenticated RCE |
SPIP |
tickets |
2026-02-25T03:08:24.714Z | 2026-02-26T19:55:34.974Z |
| CVE-2026-27745 |
8.7 (4.0)
8.8 (3.1)
|
SPIP interface_traduction_objets < 2.2.2 Authenticated RCE |
SPIP |
interface_traduction_objets |
2026-02-25T03:08:11.502Z | 2026-02-26T19:56:06.952Z |
| CVE-2026-27746 |
5.1 (4.0)
6.1 (3.1)
|
SPIP jeux < 4.1.1 Reflected XSS via index Parameters |
SPIP |
jeux |
2026-02-25T03:07:57.179Z | 2026-02-26T19:56:32.551Z |
| CVE-2026-27747 |
7.1 (4.0)
6.5 (3.1)
|
SPIP interface_traduction_objets < 2.2.2 Authenticated… |
SPIP |
interface_traduction_objets |
2026-02-25T03:07:44.532Z | 2026-02-26T19:56:56.048Z |
| CVE-2026-3146 |
4.8 (4.0)
3.3 (3.1)
3.3 (3.0)
|
libvips matrixload.c vips_foreign_load_matrix_header n… |
n/a |
libvips |
2026-02-25T03:02:09.172Z | 2026-02-25T15:52:33.882Z |
| CVE-2025-5781 |
5.2 (3.1)
|
Information Exposure Vulnerability in Hitachi Configur… |
Hitachi |
Hitachi Ops Center API Configuration Manager |
2026-02-25T03:01:21.623Z | 2026-02-26T17:00:34.754Z |
| CVE-2026-27632 |
2.6 (3.1)
|
Talishar Vulnerable to Cross-Site Request Forgery (CSRF) |
Talishar |
Talishar |
2026-02-25T02:52:10.061Z | 2026-02-26T21:33:41.129Z |
| CVE-2026-27629 |
5.9 (3.1)
|
InvenTree Vulnerable to Server Side Template Injection… |
inventree |
InvenTree |
2026-02-25T02:48:41.934Z | 2026-02-26T21:33:40.971Z |
| CVE-2026-27628 |
1.2 (4.0)
|
pypdf has a possible infinite loop when loading circul… |
py-pdf |
pypdf |
2026-02-25T02:45:37.543Z | 2026-02-25T15:58:33.339Z |
| CVE-2026-27626 |
10 (3.1)
|
OliveTin vulnerable to OS Command Injection via `passw… |
OliveTin |
OliveTin |
2026-02-25T02:43:08.189Z | 2026-02-25T02:43:08.189Z |
| CVE-2026-27612 |
6.1 (3.1)
|
Repostat Vulnerable to Reflected Cross-Site Scripting … |
denpiligrim |
repostat |
2026-02-25T02:38:05.548Z | 2026-02-26T21:33:40.838Z |
| CVE-2026-27621 |
6.8 (4.0)
|
TypiCMS Core has Stored Cross-Site Scripting (XSS) via… |
TypiCMS |
Core |
2026-02-25T02:36:12.353Z | 2026-02-26T20:59:12.644Z |
| CVE-2026-27615 |
8.8 (4.0)
|
ADB-Explorer: UNC Path Support in ManualAdbPath Leads … |
Alex4SSB |
ADB-Explorer |
2026-02-25T02:33:53.553Z | 2026-02-25T02:33:53.553Z |
| CVE-2026-27614 |
9.3 (3.1)
|
Bugsink is vulnerable to Stored XSS via Pygments fallb… |
bugsink |
bugsink |
2026-02-25T02:31:17.880Z | 2026-02-25T20:01:45.861Z |
| CVE-2026-27611 |
7.1 (4.0)
|
FileBrowser Quantum: Password Protection Not Enforced … |
gtsteffaniak |
filebrowser |
2026-02-25T02:24:48.357Z | 2026-02-25T02:24:48.357Z |
| CVE-2026-27595 |
9.9 (4.0)
|
Parse Dashboard has incomplete authentication on AI Ag… |
parse-community |
parse-dashboard |
2026-02-25T02:21:33.428Z | 2026-02-25T02:21:33.428Z |
| CVE-2026-27610 |
7 (4.0)
|
Parse Dashboard Has a Cache Key Collision that Leaks M… |
parse-community |
parse-dashboard |
2026-02-25T02:19:56.022Z | 2026-02-25T02:21:23.731Z |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-gvwq-qfp3-3pvf |
8.8 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command i… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-gmfh-mhfh-2g3q |
4.3 (3.1)
5.1 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protectio… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-9wv6-vw4x-jjg6 |
5.7 (4.0)
|
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malic… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-7c8p-f6jq-w42v |
9.8 (3.1)
9.3 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded … | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-69fx-mvcm-v5g3 |
9.1 (3.1)
9.3 (4.0)
|
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictabl… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-4r4r-4jp4-wwf9 |
9.8 (3.1)
|
FUXA has JWT Authentication Bypass via HTTP Referer header spoofing | 2026-02-24T18:31:02Z | 2026-02-26T15:45:40Z |
| ghsa-3547-c34m-73j3 |
6.5 (3.1)
6.9 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement ra… | 2026-02-24T18:31:02Z | 2026-02-25T18:31:36Z |
| ghsa-qrvq-68c2-7grw |
5.9 (3.1)
|
nats-server websockets are vulnerable to pre-auth memory DoS | 2026-02-24T16:04:53Z | 2026-02-24T16:04:53Z |
| ghsa-9fww-8cpr-q66r |
6.1 (3.1)
|
Isso affected by Stored XSS via comment website field | 2026-02-24T16:03:04Z | 2026-02-24T16:03:04Z |
| ghsa-v264-xqh4-9xmm |
9.9 (3.1)
|
OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE | 2026-02-24T16:00:56Z | 2026-02-24T16:00:56Z |
| ghsa-v2gc-rm6g-wrw9 |
5.5 (4.0)
|
Craft CMS: Cloud Metadata SSRF Protection Bypass via IPv6 Resolution | 2026-02-24T15:51:07Z | 2026-02-24T15:51:07Z |
| ghsa-w8mw-frc6-r7m8 |
5.3 (3.1)
|
ImageMagick: Invalid MSL <map> can result in a use after free | 2026-02-24T15:46:49Z | 2026-02-24T15:46:49Z |
| ghsa-gwr3-x37h-h84v |
6.2 (3.1)
|
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent` | 2026-02-24T15:46:25Z | 2026-02-24T15:46:25Z |
| ghsa-v994-63cg-9wj3 |
6.2 (3.1)
|
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile | 2026-02-24T15:46:03Z | 2026-02-24T15:46:03Z |
| ghsa-7355-pwx2-pm84 |
7.5 (3.1)
|
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the i… | 2026-02-24T15:45:35Z | 2026-02-24T15:45:35Z |
| ghsa-782x-jh29-9mf7 |
5.3 (3.1)
|
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images | 2026-02-24T15:45:13Z | 2026-02-24T15:45:13Z |
| ghsa-42p5-62qq-mmh7 |
5.3 (3.1)
|
ImageMagick has a heap buffer over-read in its MAP image decoder | 2026-02-24T15:44:47Z | 2026-02-24T15:44:47Z |
| ghsa-v7g2-m8c5-mf84 |
7.5 (3.1)
|
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder | 2026-02-24T15:44:19Z | 2026-02-24T15:44:19Z |
| ghsa-fwqw-2x5x-w566 |
5.3 (3.1)
|
ImageMagick has Use After Free in MSLStartElement in "coders/msl.c" | 2026-02-24T15:43:54Z | 2026-02-24T15:43:55Z |
| ghsa-xgm3-v4r9-wfgm |
5.3 (3.1)
|
Image Magick has a Memory Leak in coders/ashlar.c | 2026-02-24T15:43:28Z | 2026-02-24T15:43:28Z |
| ghsa-72hf-fj62-w6j4 |
7.4 (3.1)
|
ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field | 2026-02-24T15:43:02Z | 2026-02-24T15:43:02Z |
| ghsa-xwc6-v6g8-pw2h |
5.9 (3.1)
|
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to std… | 2026-02-24T15:42:37Z | 2026-02-24T15:42:38Z |
| ghsa-8jvj-p28h-9gm7 |
8.6 (3.1)
|
ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured… | 2026-02-24T15:40:06Z | 2026-02-24T15:40:06Z |
| ghsa-vpxv-r9pg-7gpr |
6.5 (3.1)
|
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer | 2026-02-24T15:39:11Z | 2026-02-24T15:39:11Z |
| ghsa-6j5f-24fw-pqp4 |
6.5 (3.1)
|
ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write | 2026-02-24T15:38:35Z | 2026-02-24T15:38:35Z |
| ghsa-543g-8grm-9cw6 |
5.3 (3.1)
|
ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash | 2026-02-24T15:37:53Z | 2026-02-24T15:37:53Z |
| ghsa-p863-5fgm-rgq4 |
5.3 (3.1)
|
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image | 2026-02-24T15:36:08Z | 2026-02-24T15:36:08Z |
| ghsa-rw6c-xp26-225v |
5.7 (3.1)
|
ImageMagick: Code Injection via PostScript header in ps coders | 2026-02-24T15:34:26Z | 2026-02-24T15:34:26Z |
| ghsa-g2pr-qxjg-7r2w |
5.3 (3.1)
|
ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-r… | 2026-02-24T15:33:56Z | 2026-02-24T15:33:57Z |
| ghsa-p33r-fqw2-rqmm |
5.3 (3.1)
|
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) | 2026-02-24T15:32:34Z | 2026-02-24T15:32:34Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2023-306 |
8.1 (3.1)
|
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In ve… | vyper | 2023-09-18T21:16:00+00:00 | 2024-11-21T14:23:02.752932+00:00 |
| pysec-2023-305 |
5.3 (3.1)
|
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Start… | vyper | 2023-09-18T21:16:00+00:00 | 2024-11-21T14:23:02.698147+00:00 |
| pysec-2023-176 |
6.5 (3.1)
|
GeoNode is an open source platform that facilitates the creation, sharing, and collaborat… | geonode | 2023-09-15T21:15:00+00:00 | 2023-09-20T17:25:44.504117+00:00 |
| pysec-2023-173 |
5.3 (3.1)
|
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior… | piccolo | 2023-09-12T21:15:00+00:00 | 2023-09-19T05:26:00.954782+00:00 |
| pysec-2023-171 |
|
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authent… | apache-airflow | 2023-09-12T12:15:00+00:00 | 2023-09-12T14:27:23.735580+00:00 |
| pysec-2023-170 |
|
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authent… | apache-airflow | 2023-09-12T12:15:00+00:00 | 2023-09-12T14:27:23.660908+00:00 |
| pysec-2023-172 |
4.3 (3.1)
|
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, … | hana-ml | 2023-09-12T02:15:00Z | 2023-09-29T22:26:12.812435Z |
| pysec-2023-169 |
7.8 (3.1)
|
Git Providers can read from the wrong environment because they get the same cache directo… | salt | 2023-09-05T11:15:00+00:00 | 2023-09-08T20:23:17.288300+00:00 |
| pysec-2023-166 |
5.3 (3.1)
|
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving se… | salt | 2023-09-05T11:15:00+00:00 | 2023-09-07T20:23:20.197102+00:00 |
| pysec-2023-168 |
5.3 (3.1)
|
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation… | vyper | 2023-09-04T18:15:00+00:00 | 2023-09-08T16:30:59.497777+00:00 |
| pysec-2023-167 |
5.3 (3.1)
|
Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) … | vyper | 2023-09-04T18:15:00+00:00 | 2023-09-08T15:22:00.929480+00:00 |
| pysec-2023-163 |
9.8 (3.1)
|
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary… | numexpr | 2023-09-01T16:15:00Z | 2025-02-20T09:11:38.521949Z |
| pysec-2023-162 |
9.8 (3.1)
|
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary… | langchain | 2023-09-01T16:15:00Z | 2023-10-04T16:56:57.465474Z |
| pysec-2023-165 |
6.5 (3.1)
|
GitPython is a python library used to interact with Git repositories. In order to resolv… | gitpython | 2023-08-30T22:15:00+00:00 | 2023-09-07T14:33:25.683922+00:00 |
| pysec-2023-164 |
4.7 (3.1)
|
borgbackup is an opensource, deduplicating archiver with compression and authenticated en… | borgbackup | 2023-08-30T18:15:00+00:00 | 2023-09-06T16:31:20.448538+00:00 |
| pysec-2023-159 |
7.7 (3.1)
|
RestrictedPython is a restricted execution environment for Python to run untrusted code. … | restrictedpython | 2023-08-30T18:15:00+00:00 | 2023-09-05T16:32:17.658660+00:00 |
| pysec-2023-157 |
6.1 (3.1)
|
jupyter-server is the backend for Jupyter web applications. Improper cross-site credentia… | jupyter-server | 2023-08-28T21:15:00+00:00 | 2023-09-01T20:23:47.344401+00:00 |
| pysec-2023-155 |
6.1 (3.1)
|
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. … | jupyter-server | 2023-08-28T21:15:00+00:00 | 2023-09-01T16:31:48.441782+00:00 |
| pysec-2023-161 |
7.8 (3.1)
|
GitPython is a python library used to interact with Git repositories. When resolving a p… | gitpython | 2023-08-28T18:15:00+00:00 | 2023-09-05T22:26:14.587281+00:00 |
| pysec-2023-156 |
8.8 (3.1)
|
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphe… | apache-airflow-providers-apache-spark | 2023-08-28T08:15:00+00:00 | 2023-09-01T18:27:11.679668+00:00 |
| pysec-2023-160 |
6.5 (3.1)
|
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-resp… | keylime | 2023-08-25T17:15:00+00:00 | 2023-09-05T20:22:36.414406+00:00 |
| pysec-2023-154 |
5.3 (3.1)
|
Datasette is an open source multi-tool for exploring and publishing data. This bug affect… | datasette | 2023-08-25T01:15:00Z | 2023-10-08T16:12:24.555320Z |
| pysec-2023-269 |
7.5 (3.1)
|
GeoNode is an open source platform that facilitates the creation, sharing, and collaborat… | geonode | 2023-08-24T23:15:00+00:00 | 2024-11-21T14:22:50.995218+00:00 |
| pysec-2023-158 |
8.0 (3.1)
|
The session fixation vulnerability allowed the authenticated user to continue accessing A… | apache-airflow | 2023-08-23T16:15:00+00:00 | 2023-09-04T08:29:37.781470+00:00 |
| pysec-2023-152 |
8.1 (3.1)
|
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be… | apache-airflow | 2023-08-23T16:15:00+00:00 | 2023-08-29T18:28:28.180958+00:00 |
| pysec-2023-153 |
6.1 (3.1)
|
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_u… | horizon | 2023-08-22T19:16:00+00:00 | 2023-08-30T18:28:45.068261+00:00 |
| pysec-2023-151 |
9.8 (3.1)
|
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via th… | langchain | 2023-08-22T19:16:00Z | 2023-08-29T15:11:37.047967Z |
| pysec-2023-149 |
|
The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabl… | json2xml | 2023-08-22T19:16:00+00:00 | 2023-08-22T20:23:14.541580+00:00 |
| pysec-2023-150 |
7.8 (3.1)
|
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 a… | exiv2 | 2023-08-22T19:15:00+00:00 | 2023-08-25T18:28:13.546911+00:00 |
| pysec-2023-148 |
9.8 (3.1)
|
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary… | llama-index | 2023-08-15T17:15:00+00:00 | 2023-08-22T18:27:29.213194+00:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-610 | Malicious code in snapshot-date (PyPI) | 2026-01-30T19:09:41Z | 2026-01-30T19:09:41Z |
| mal-2026-609 | Malicious code in euskalplantxa (npm) | 2026-01-30T15:31:12Z | 2026-02-02T05:56:27Z |
| mal-2026-608 | Malicious code in ezviz-shop-mall (npm) | 2026-01-30T13:08:07Z | 2026-02-02T05:56:27Z |
| mal-2026-607 | Malicious code in banquet-runtime-modules (npm) | 2026-01-30T12:50:57Z | 2026-02-04T17:33:26Z |
| mal-2026-606 | Malicious code in userver-requires-at-least-python-3-10 (PyPI) | 2026-01-30T10:14:10Z | 2026-01-30T10:14:10Z |
| mal-2026-605 | Malicious code in dhgshop (npm) | 2026-01-29T15:50:42Z | 2026-02-02T05:56:27Z |
| mal-2026-627 | Malicious code in theanswre (PyPI) | 2026-01-29T13:57:51Z | 2026-02-02T01:40:48Z |
| mal-2026-604 | Malicious code in securedrop-workstation-dom0-config (PyPI) | 2026-01-29T13:50:57Z | 2026-01-29T13:50:57Z |
| mal-2026-603 | Malicious code in mcp-pdftool-plus (PyPI) | 2026-01-29T13:25:53Z | 2026-01-29T13:25:53Z |
| mal-2026-602 | Malicious code in tableasets (PyPI) | 2026-01-29T11:22:50Z | 2026-01-29T11:22:50Z |
| mal-2026-601 | Malicious code in tableautes (PyPI) | 2026-01-29T10:08:47Z | 2026-01-29T11:16:21Z |
| mal-2026-600 | Malicious code in researchpoc2 (npm) | 2026-01-29T04:22:59Z | 2026-02-02T05:56:30Z |
| mal-2026-599 | Malicious code in jwt-pack (npm) | 2026-01-29T04:14:08Z | 2026-02-02T05:56:28Z |
| mal-2026-597 | Malicious code in n8n-nodes-comfyui-illu (npm) | 2026-01-29T03:52:09Z | 2026-02-02T05:56:29Z |
| mal-2026-598 | Malicious code in wallet-icon-font (npm) | 2026-01-29T03:47:06Z | 2026-02-02T05:56:31Z |
| mal-2026-596 | Malicious code in turbotax (npm) | 2026-01-29T00:03:56Z | 2026-02-02T05:56:31Z |
| mal-2026-595 | Malicious code in morty-package (PyPI) | 2026-01-28T19:48:56Z | 2026-01-28T19:48:56Z |
| mal-2026-594 | Malicious code in epic-asset-uploader (npm) | 2026-01-28T19:45:45Z | 2026-02-03T08:27:41Z |
| mal-2026-593 | Malicious code in pypi-package-explore (PyPI) | 2026-01-28T17:56:33Z | 2026-01-28T17:56:33Z |
| mal-2026-592 | Malicious code in lvldragdrop (npm) | 2026-01-28T16:39:23Z | 2026-02-02T05:56:28Z |
| mal-2026-591 | Malicious code in kol7a (npm) | 2026-01-28T16:39:23Z | 2026-02-02T05:56:28Z |
| mal-2026-590 | Malicious code in pytorch-mutex (PyPI) | 2026-01-28T16:28:32Z | 2026-01-28T17:47:09Z |
| mal-2026-584 | Malicious code in chai-as-extended (npm) | 2026-01-28T15:06:22Z | 2026-02-02T05:56:26Z |
| mal-2026-589 | Malicious code in dotenv-embed (npm) | 2026-01-28T14:56:54Z | 2026-02-02T05:56:27Z |
| mal-2026-585 | Malicious code in chai-async-tests (npm) | 2026-01-28T14:56:54Z | 2026-02-02T05:56:26Z |
| mal-2026-588 | Malicious code in chai-sub (npm) | 2026-01-28T14:53:28Z | 2026-02-02T05:56:26Z |
| mal-2026-587 | Malicious code in chai-px (npm) | 2026-01-28T14:48:04Z | 2026-02-02T05:56:26Z |
| mal-2026-586 | Malicious code in chai-chains-async (npm) | 2026-01-28T14:46:57Z | 2026-02-02T05:56:26Z |
| mal-2026-583 | Malicious code in vuejavascript (npm) | 2026-01-28T13:59:24Z | 2026-02-02T05:56:31Z |
| mal-2026-582 | Malicious code in somsodamsd (npm) | 2026-01-28T13:59:24Z | 2026-02-02T05:56:30Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-discourse-2025-58055 | Discourse AI Suggestions Contain Insecure Direct Object Reference | 2025-10-05T23:40:58.710Z | 2025-10-24T15:07:36.996Z |
| bit-discourse-2025-58054 | Discourse is vulnerable to XSS when quoting chat messages | 2025-10-05T23:40:57.314Z | 2025-10-24T15:07:36.996Z |
| bit-powershell-2025-49734 | PowerShell Direct Elevation of Privilege Vulnerability | 2025-10-03T08:49:03.988Z | 2025-10-03T09:07:39.166Z |
| bit-mongodb-2024-10921 | Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server | 2025-10-02T14:44:36.017Z | 2025-10-02T15:07:00.184Z |
| bit-mongoose-2024-53900 | 2025-10-02T14:44:18.222Z | 2025-11-06T13:25:46.476Z | |
| bit-gitlab-2025-9958 | Insertion of Sensitive Information Into Sent Data in GitLab | 2025-10-01T15:13:13.235Z | 2025-11-07T09:06:54.375Z |
| bit-gitlab-2025-9642 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | 2025-10-01T15:13:11.350Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-8014 | Allocation of Resources Without Limits or Throttling in GitLab | 2025-10-01T15:13:07.496Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-7691 | Privilege Defined With Unsafe Actions in GitLab | 2025-10-01T15:13:01.621Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-5069 | Incorrect Ownership Assignment in GitLab | 2025-10-01T15:12:30.475Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-11042 | Allocation of Resources Without Limits or Throttling in GitLab | 2025-10-01T15:11:04.156Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-10871 | Missing Authorization in GitLab | 2025-10-01T15:11:02.199Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-10868 | Business Logic Errors in GitLab | 2025-10-01T15:11:00.230Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-10867 | Allocation of Resources Without Limits or Throttling in GitLab | 2025-10-01T15:10:58.294Z | 2025-10-01T15:14:38.852Z |
| bit-gitlab-2025-10858 | Allocation of Resources Without Limits or Throttling in GitLab | 2025-10-01T15:10:56.334Z | 2025-10-01T15:14:38.852Z |
| bit-mongodb-2024-3374 | MongoDB Server (mongod) may crash when generating ftdc | 2025-10-01T14:49:48.814Z | 2025-10-01T15:14:38.852Z |
| bit-jupyterlab-2025-59842 | JupyterLab LaTeX typesetter links did not enforce `noopener` attribute | 2025-10-01T14:43:22.333Z | 2025-10-01T15:14:38.852Z |
| bit-airflow-2025-54831 | Apache Airflow: Connection sensitive details exposed to users with READ permissions | 2025-10-01T14:39:16.556Z | 2025-11-06T13:25:46.476Z |
| bit-zookeeper-2025-58457 | Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands | 2025-09-26T08:51:26.070Z | 2025-11-06T13:25:46.476Z |
| bit-pip-2025-8869 | Fallback tar extraction in pip doesn't check symbolic links point to extraction directory | 2025-09-26T08:48:13.610Z | 2025-11-06T13:25:46.476Z |
| bit-wordpress-2025-58674 | WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability | 2025-09-25T08:55:10.378Z | 2025-10-02T15:07:00.184Z |
| bit-wordpress-2025-58246 | WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability | 2025-09-25T08:55:08.592Z | 2025-10-02T15:07:00.184Z |
| bit-valkey-2025-46686 | 2025-09-25T08:53:41.270Z | 2025-09-25T09:09:38.625Z | |
| bit-redis-2025-46686 | 2025-09-25T08:52:27.726Z | 2025-10-03T15:12:57.579Z | |
| bit-mlflow-2025-52967 | 2025-09-25T08:47:37.376Z | 2025-09-25T09:09:38.625Z | |
| bit-mongodb-2025-3085 | MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked | 2025-09-25T08:47:27.812Z | 2025-09-25T09:09:38.625Z |
| bit-mongodb-2025-3084 | MongoDB Server may crash due to improper validation of explain command | 2025-09-25T08:47:26.320Z | 2025-09-25T09:09:38.625Z |
| bit-mongoose-2025-23061 | 2025-09-25T08:46:40.232Z | 2025-10-06T00:06:00.502Z | |
| bit-keydb-2025-46686 | 2025-09-25T08:44:35.725Z | 2025-09-25T09:09:38.625Z | |
| bit-django-2025-57833 | 2025-09-25T08:40:38.586Z | 2025-11-06T13:25:46.476Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-000125 | Multiple vulnerabilities in BUFFALO VR-S1000 | 2023-12-26T15:51+09:00 | 2024-03-19T17:56+09:00 |
| jvndb-2023-014781 | Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access | 2023-12-26T09:27+09:00 | 2024-03-18T18:05+09:00 |
| jvndb-2023-012042 | WordPress plugin "MW WP Form" vulnerable to arbitrary file upload | 2023-12-15T15:17+09:00 | 2024-03-26T17:39+09:00 |
| jvndb-2023-000123 | Multiple vulnerabilities in GROWI | 2023-12-13T15:30+09:00 | 2024-03-19T17:46+09:00 |
| jvndb-2023-011403 | ELECOM wireless LAN routers vulnerable to OS command injection | 2023-12-13T15:06+09:00 | 2024-04-18T17:22+09:00 |
| jvndb-2023-000122 | Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series | 2023-12-11T14:12+09:00 | 2024-04-22T16:55+09:00 |
| jvndb-2023-009966 | FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection Critical | 2023-12-07T15:09+09:00 | 2023-12-25T16:54+09:00 |
| jvndb-2023-009619 | OS command injection vulnerability in DT900 | 2023-12-06T14:43+09:00 | 2023-12-06T14:43+09:00 |
| jvndb-2023-000121 | RakRak Document Plus vulnerable to path traversal | 2023-12-04T13:45+09:00 | 2024-01-24T12:06+09:00 |
| jvndb-2023-000119 | Ruckus Access Point contains a cross-site scripting vulnerability. | 2023-12-01T14:58+09:00 | 2024-04-23T17:51+09:00 |
| jvndb-2023-000117 | Multiple vulnerabilities in LuxCal Web Calendar | 2023-11-20T17:15+09:00 | 2023-11-20T17:15+09:00 |
| jvndb-2023-007152 | Multiple vulnerabilities in EXPRESSCLUSTER X | 2023-11-20T14:09+09:00 | 2024-05-01T18:10+09:00 |
| jvndb-2023-007150 | Multiple vulnerabilities in First Corporation's DVRs | 2023-11-17T17:31+09:00 | 2024-07-11T17:05+09:00 |
| jvndb-2023-000116 | Redmine vulnerable to cross-site scripting | 2023-11-17T14:32+09:00 | 2024-05-09T17:55+09:00 |
| jvndb-2023-000118 | Multiple vulnerabilities in CubeCart | 2023-11-17T14:22+09:00 | 2024-04-30T18:15+09:00 |
| jvndb-2023-006588 | Multiple vulnerabilities in ELECOM and LOGITEC routers | 2023-11-15T18:27+09:00 | 2024-04-26T15:22+09:00 |
| jvndb-2023-006578 | ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control | 2023-11-15T17:44+09:00 | 2024-04-30T18:08+09:00 |
| jvndb-2023-000115 | OSS Calendar vulnerable to SQL injection | 2023-11-14T14:05+09:00 | 2024-05-01T17:38+09:00 |
| jvndb-2023-006199 | Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023) | 2023-11-13T17:28+09:00 | 2024-03-13T17:28+09:00 |
| jvndb-2023-000112 | Multiple vulnerabilities in Pleasanter | 2023-11-13T15:57+09:00 | 2024-04-22T17:56+09:00 |
| jvndb-2023-000114 | Multiple vulnerabilities in Cisco Firepower Management Center Software | 2023-11-13T14:01+09:00 | 2024-05-07T15:07+09:00 |
| jvndb-2023-000113 | HOTELDRUID vulnerable to cross-site scripting | 2023-11-10T14:41+09:00 | 2024-05-01T17:47+09:00 |
| jvndb-2023-000111 | Remarshal unlimitedly expanding YAML alias nodes | 2023-11-10T14:41+09:00 | 2024-05-08T17:53+09:00 |
| jvndb-2023-000107 | EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution | 2023-11-07T13:47+09:00 | 2024-05-09T17:17+09:00 |
| jvndb-2023-004919 | FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength | 2023-11-02T17:21+09:00 | 2024-05-07T15:25+09:00 |
| jvndb-2023-000110 | Improper restriction of XML external entity references (XXE) in e-Tax software | 2023-11-02T13:38+09:00 | 2024-05-01T18:41+09:00 |
| jvndb-2023-004790 | Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2023-11-02T12:14+09:00 | 2023-11-02T12:14+09:00 |
| jvndb-2023-004754 | MCL Technologies MCL-Net vulnerable to directory traversal | 2023-11-01T16:49+09:00 | 2023-11-01T16:49+09:00 |
| jvndb-2023-000109 | Cybozu Remote Service vulnerable to uncontrolled resource consumption | 2023-10-31T13:43+09:00 | 2024-05-07T15:51+09:00 |
| jvndb-2023-000108 | Inkdrop vulnerable to code injection | 2023-10-30T13:48+09:00 | 2024-05-07T16:09+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-04454 | 北京神州视翰科技有限公司多媒体综合业务显示系统存在SQL注入漏洞(CNVD-C-2025-1134083) | 2025-12-22 | 2026-01-21 |
| cnvd-2025-31336 | WordPress Hide Email Address plugin跨站脚本漏洞 | 2025-12-22 | 2025-12-24 |
| cnvd-2025-31335 | WordPress HelloLeads CRM Form Shortcode plugin缺少授权漏洞 | 2025-12-22 | 2025-12-24 |
| cnvd-2025-31334 | WordPress Header Footer Script Adder plugin跨站脚本漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31333 | WordPress Grider for Elementor plugin缺少授权漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31332 | WordPress GPXpress plugin跨站脚本漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31331 | WordPress FX Currency Converter plugin跨站脚本漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31330 | WordPress Freshchat plugin跨站请求伪造漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31329 | WordPress Fix Media Library plugin信息泄露漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31328 | WordPress Filebird Plugin缺少授权漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31327 | WordPress FileBird Pro plugin缺失授权漏洞 | 2025-12-22 | 2025-12-25 |
| cnvd-2025-31115 | WordPress Fancy Product Designer plugin信息泄露漏洞 | 2025-12-22 | 2025-12-23 |
| cnvd-2025-31114 | WordPress Fancy Product Designer plugin服务器端请求伪造漏洞 | 2025-12-22 | 2025-12-23 |
| cnvd-2025-31113 | WordPress Events Manager Plugin信息泄露漏洞 | 2025-12-22 | 2025-12-23 |
| cnvd-2026-05361 | ChurchCRM legacy端点SQL注入漏洞 | 2025-12-19 | 2026-01-19 |
| cnvd-2026-04239 | Apple macOS Tahoe安全绕过漏洞(CNVD-2026-04239) | 2025-12-19 | 2026-01-16 |
| cnvd-2025-31154 | Apple macOS Tahoe权限问题漏洞 | 2025-12-19 | 2025-12-22 |
| cnvd-2025-31153 | Apple macOS Tahoe符号链接处理不当漏洞(CNVD-2025-3115302) | 2025-12-19 | 2025-12-22 |
| cnvd-2025-31152 | Apple macOS Tahoe注入漏洞 | 2025-12-19 | 2025-12-22 |
| cnvd-2025-31151 | Apple macOS Tahoe内存处理不当漏洞 | 2025-12-19 | 2025-12-22 |
| cnvd-2025-31150 | Apple macOS Tahoe沙盒限制不足漏洞 | 2025-12-19 | 2025-12-22 |
| cnvd-2025-31149 | Apple macOS Tahoe逻辑限制不足漏洞 | 2025-12-19 | 2025-12-23 |
| cnvd-2025-31148 | Apple macOS Tahoe符号链接验证不足漏洞 | 2025-12-19 | 2025-12-23 |
| cnvd-2025-31147 | Apple macOS Tahoe验证不足漏洞 | 2025-12-19 | 2025-12-23 |
| cnvd-2025-31146 | Apple macOS Tahoe检查不足漏洞(CNVD-2025-3114612) | 2025-12-19 | 2025-12-23 |
| cnvd-2025-31145 | Apple macOS Tahoe权限限制不足漏洞 | 2025-12-19 | 2025-12-23 |
| cnvd-2025-31144 | Apple macOS Tahoe检查不足漏洞 | 2025-12-19 | 2025-12-23 |
| cnvd-2026-10887 | MailEnable存在未明漏洞(CNVD-2026-10887) | 2025-12-18 | 2026-02-14 |
| cnvd-2026-10886 | MailEnable存在未明漏洞 | 2025-12-18 | 2026-02-13 |
| cnvd-2026-10328 | Google Pixel gxp_fence_manager.cc文件输入验证错误漏洞 | 2025-12-18 | 2026-02-06 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01243 | Уязвимость функции btrfs_delete_free_space_tree() модуля fs/btrfs/free-space-tree.c файло… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01242 | Уязвимость функции btrfs_finish_ordered_zoned() модуля fs/btrfs/zoned.c файловой системы … | 05.02.2026 | 05.02.2026 |
| bdu:2026-01241 | Уязвимость функции __ocfs2_move_extent() модуля fs/ocfs2/move_extents.c файловой системы … | 05.02.2026 | 05.02.2026 |
| bdu:2026-01240 | Уязвимость функции ext4_mb_new_inode_pa() модуля fs/ext4/mballoc.c файловой системы Ext4 … | 05.02.2026 | 05.02.2026 |
| bdu:2026-01239 | Уязвимость функции tegra_xusb_port_unregister() модуля drivers/phy/tegra/xusb.c драйвера … | 05.02.2026 | 05.02.2026 |
| bdu:2026-01238 | Уязвимость функции snd_dg00x_stream_init_duplex() модуля sound/firewire/digi00x/digi00x-s… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01237 | Уязвимость функции BTF_ID() модуля kernel/bpf/verifier.c поддержки интерпретатора BPF ядр… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01236 | Уязвимость функции drm_client_target_cloned() модуля drivers/gpu/drm/drm_client_modeset.c… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01235 | Уязвимость функции anysee_master_xfer() модуля drivers/media/usb/dvb-usb-v2/anysee.c драй… | 05.02.2026 | 05.02.2026 |
| bdu:2026-01234 | Уязвимость функции skb_segment_list() модуля net/core/skbuff.c поддержки сетевых функций … | 04.02.2026 | 04.02.2026 |
| bdu:2026-01233 | Уязвимость функции fail_iommu_bus_notify() модуля arch/powerpc/kernel/iommu.c поддержки п… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01232 | Уязвимость функции intel_gvt_debugfs_init() модуля drivers/gpu/drm/i915/gvt/debugfs.c дра… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01231 | Уязвимость функции ntfs_link_inode() модуля fs/ntfs3/inode.c файловой системы NTFS 3 ядра… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01230 | Уязвимость функции isAccessAllowed() программного средства управления и запуска OCI-конте… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01229 | Уязвимость функции __qedi_remove() модуля drivers/scsi/qedi/qedi_main.c драйвера устройст… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01228 | Уязвимость функции drm_fb_helper_damage() модуля drivers/gpu/drm/drm_fb_helper.c драйвера… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01227 | Уязвимость почтового сервера SmarterTools SmarterMail, связанная с использованием имени с… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01226 | Уязвимость метода API ConnectToHub почтового сервера SmarterTools SmarterMail, позволяюща… | 04.02.2026 | 06.02.2026 |
| bdu:2026-01225 | Уязвимость функции sc16is7xx_probe() модуля drivers/tty/serial/sc16is7xx.c драйвера консо… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01224 | Уязвимость параметра weights_only функции torch.load() фреймворка машинного обучения PyTo… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01223 | Уязвимость файлов формата PKCS#12 библиотеки OpenSSL, позволяющая нарушителю вызвать отка… | 04.02.2026 | 10.02.2026 |
| bdu:2026-01222 | Уязвимость инструмента командной строки openssl dgst библиотеки OpenSSL, позволяющая нару… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01221 | Уязвимость функции btrfs_drop_extent_map_range() модуля fs/btrfs/extent_map.c файловой си… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01220 | Уязвимость функции PKCS7_digest_from_attributes() библиотеки OpenSSL, позволяющая нарушит… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01219 | Уязвимость функции TS_RESP_verify_response() библиотеки OpenSSL, позволяющая нарушителю в… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01218 | Уязвимость функции PKCS12_item_decrypt_d2i_ex() библиотеки OpenSSL, позволяющая нарушител… | 04.02.2026 | 10.02.2026 |
| bdu:2026-01217 | Уязвимость функции PKCS12_get_friendlyname() библиотеки OpenSSL, позволяющая нарушителю в… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01216 | Уязвимость функции BIO_f_linebuffer() библиотеки OpenSSL, позволяющая нарушителю вызвать … | 04.02.2026 | 04.02.2026 |
| bdu:2026-01215 | Уязвимость функции SSL_CIPHER_find() библиотеки OpenSSL, позволяющая нарушителю вызвать о… | 04.02.2026 | 04.02.2026 |
| bdu:2026-01214 | Уязвимость кода парсинга файлов формата PKCS#12 библиотеки OpenSSL, позволяющая нарушител… | 04.02.2026 | 10.02.2026 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0910 | Multiples vulnérabilités dans Oracle Virtualization | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0909 | Multiples vulnérabilités dans Oracle Systems | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0908 | Multiples vulnérabilités dans Oracle PeopleSoft | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0907 | Multiples vulnérabilités dans Oracle MySQL | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0906 | Multiples vulnérabilités dans Oracle Java SE | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0905 | Multiples vulnérabilités dans Oracle Database Server | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0904 | Multiples vulnérabilités dans GitLab | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0903 | Multiples vulnérabilités dans les produits Atlassian | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0902 | Multiples vulnérabilités dans Xen | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0901 | Vulnérabilité dans Google Chrome | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0900 | Multiples vulnérabilités dans Centreon Web | 2025-10-22T00:00:00.000000 | 2025-10-22T00:00:00.000000 |
| certfr-2025-avi-0899 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-20T00:00:00.000000 | 2025-10-20T00:00:00.000000 |
| certfr-2025-avi-0898 | Vulnérabilité dans Microsoft Edge | 2025-10-20T00:00:00.000000 | 2025-10-20T00:00:00.000000 |
| certfr-2025-avi-0897 | Multiples vulnérabilités dans Tenable Identity Exposure | 2025-10-20T00:00:00.000000 | 2025-10-20T00:00:00.000000 |
| certfr-2025-avi-0896 | Multiples vulnérabilités dans les produits IBM | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0895 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0894 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0893 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0892 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0891 | Vulnérabilité dans MongoDB Connector for BI pour Windows | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0890 | Multiples vulnérabilités dans les produits Moxa | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0889 | Vulnérabilité dans Squid | 2025-10-17T00:00:00.000000 | 2025-10-17T00:00:00.000000 |
| certfr-2025-avi-0888 | Multiples vulnérabilités dans les produits Mattermost | 2025-10-16T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-0887 | Vulnérabilité dans Synacor Zimbra Collaboration | 2025-10-16T00:00:00.000000 | 2025-10-16T00:00:00.000000 |
| certfr-2025-avi-0886 | Multiples vulnérabilités dans les produits F5 | 2025-10-16T00:00:00.000000 | 2025-10-16T00:00:00.000000 |
| certfr-2025-avi-0885 | Multiples vulnérabilités dans Samba | 2025-10-16T00:00:00.000000 | 2025-10-16T00:00:00.000000 |
| certfr-2025-avi-0884 | Multiples vulnérabilités dans les produits Cisco | 2025-10-16T00:00:00.000000 | 2025-10-16T00:00:00.000000 |
| certfr-2025-avi-0883 | Multiples vulnérabilités dans les produits Spring | 2025-10-16T00:00:00.000000 | 2025-10-16T00:00:00.000000 |
| certfr-2025-avi-0882 | Multiples vulnérabilités dans les produits Microsoft | 2025-10-15T00:00:00.000000 | 2025-10-15T00:00:00.000000 |
| certfr-2025-avi-0881 | Multiples vulnérabilités dans Microsoft Azure | 2025-10-15T00:00:00.000000 | 2025-10-15T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2024-538 | Use-of-uninitialized-value in QUICVariableInt::size | 2024-06-06T00:12:59.950768Z | 2024-07-16T14:22:07.747083Z |
| osv-2024-535 | Use-of-uninitialized-value in spvTextEncodeOperand | 2024-06-06T00:00:55.007699Z | 2024-06-25T14:21:53.898093Z |
| osv-2024-521 | Heap-buffer-overflow in ubidi_writeReordered_76 | 2024-05-31T00:06:51.180600Z | 2024-05-31T00:06:51.181049Z |
| osv-2024-518 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-05-30T00:16:42.628026Z | 2024-06-24T14:17:55.597576Z |
| osv-2024-517 | Segv on unknown address in od_ec_dec_init | 2024-05-30T00:05:57.060200Z | 2024-07-16T14:24:59.011170Z |
| osv-2024-504 | Heap-buffer-overflow in ultrahdr::getYuv420Pixel | 2024-05-25T00:01:08.542552Z | 2024-05-25T00:01:08.543179Z |
| osv-2024-503 | Heap-buffer-overflow in pdf_save_viewer_state | 2024-05-24T00:02:37.047119Z | 2024-05-24T00:02:37.047771Z |
| osv-2024-496 | UNKNOWN READ in chunk_free_object | 2024-05-22T00:06:41.510071Z | 2024-05-22T00:06:41.510555Z |
| osv-2024-495 | UNKNOWN READ in chunk_free_object | 2024-05-22T00:04:27.058012Z | 2024-05-22T00:04:27.058432Z |
| osv-2024-493 | UNKNOWN READ in chunk_free_object | 2024-05-22T00:00:49.459478Z | 2024-05-22T00:00:49.459808Z |
| osv-2024-490 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-05-20T00:07:13.417197Z | 2024-05-20T00:07:13.417898Z |
| osv-2024-477 | Heap-buffer-overflow in ultrahdr::gain_map_metadata::decodeGainmapMetadata | 2024-05-16T00:07:25.350135Z | 2024-05-16T00:07:25.350518Z |
| osv-2024-476 | Heap-buffer-overflow in ultrahdr::getYuv420Pixel | 2024-05-16T00:01:52.617825Z | 2024-05-16T00:01:52.618175Z |
| osv-2024-473 | Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr | 2024-05-15T00:13:12.880068Z | 2024-07-16T14:20:15.561933Z |
| osv-2024-471 | Use-of-uninitialized-value in vpx_codec_peek_stream_info | 2024-05-15T00:02:46.464995Z | 2024-05-15T00:02:46.465573Z |
| osv-2024-469 | Heap-buffer-overflow in check_content_type_and_change_protocol | 2024-05-13T00:06:08.552810Z | 2024-05-13T00:06:08.553286Z |
| osv-2024-460 | UNKNOWN READ in glslang::TInfoSinkBase::location | 2024-05-11T00:04:46.149516Z | 2025-01-10T05:21:00.966877Z |
| osv-2024-456 | Heap-buffer-overflow in ih264d_read_coeff4x4_cabac | 2024-05-09T00:08:35.451422Z | 2024-05-27T14:02:56.983104Z |
| osv-2024-453 | Use-of-uninitialized-value in encode_base64_differential | 2024-05-08T00:15:55.868630Z | 2024-05-08T00:15:55.868890Z |
| osv-2024-451 | Use-of-uninitialized-value in XpackDynamicTable::_make_space | 2024-05-08T00:14:48.544622Z | 2026-02-12T14:18:05.600525Z |
| osv-2024-450 | Use-of-uninitialized-value in ink_filepath_merge | 2024-05-08T00:13:15.436703Z | 2024-05-08T00:13:15.437003Z |
| osv-2024-449 | Use-of-uninitialized-value in YAML::Stream::Stream | 2024-05-08T00:10:19.320498Z | 2024-05-08T00:10:19.320806Z |
| osv-2024-440 | UNKNOWN READ | 2024-05-07T00:06:11.033336Z | 2025-07-01T14:30:06.613574Z |
| osv-2024-434 | Use-of-uninitialized-value in validate_bluetooth_device_address | 2024-05-05T00:16:24.885047Z | 2024-05-05T00:16:24.885336Z |
| osv-2024-432 | Use-of-uninitialized-value in ssl_ctx_make_profiles | 2024-05-05T00:15:04.589857Z | 2024-05-08T03:26:30Z |
| osv-2024-431 | Use-of-uninitialized-value in Lexer::ReadToken | 2024-05-05T00:14:47.078358Z | 2024-05-05T00:14:47.078742Z |
| osv-2024-430 | Use-of-uninitialized-value in ssl_str_to_group_ids | 2024-05-05T00:14:35.047133Z | 2024-05-08T03:26:30Z |
| osv-2024-423 | Use-of-uninitialized-value in Lexer::Error | 2024-05-05T00:12:07.769152Z | 2024-05-05T00:12:07.769622Z |
| osv-2024-422 | Use-of-uninitialized-value in cdc_task | 2024-05-05T00:07:53.114978Z | 2024-05-05T00:07:53.115405Z |
| osv-2024-420 | Use-of-uninitialized-value in Lexer::Error | 2024-05-05T00:06:56.111677Z | 2024-05-05T00:06:56.112011Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2022-0052 | `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr | 2022-08-26T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0051 | Memory corruption in liblz4 | 2022-08-25T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0053 | mapr is Unmaintained | 2022-08-24T12:00:00Z | 2023-02-09T03:11:29Z |
| rustsec-2022-0049 | Use after free in MacOS / iOS implementation | 2022-08-15T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0088 | `tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope | 2022-08-07T12:00:00Z | 2023-02-05T18:48:17Z |
| rustsec-2022-0050 | Interledger is Unmaintained | 2022-08-04T12:00:00Z | 2022-08-19T05:34:11Z |
| rustsec-2022-0090 | `libsqlite3-sys` via C SQLite CVE-2022-35737 | 2022-08-03T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0035 | Unbounded memory allocation based on untrusted length | 2022-08-01T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0045 | Post-Quantum Key Encapsulation Mechanism SIKE broken | 2022-07-30T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0038 | Denial of service on deeply nested fragment requests | 2022-07-28T12:00:00Z | 2022-08-02T17:59:55Z |
| rustsec-2022-0086 | Slack OAuth Secrets leak in debug logs | 2022-07-22T12:00:00Z | 2023-02-02T11:43:48Z |
| rustsec-2022-0034 | Safety issues in `pkcs11` | 2022-07-22T12:00:00Z | 2022-07-25T17:19:15Z |
| rustsec-2022-0037 | Denial of service on deeply nested fragment requests | 2022-07-21T12:00:00Z | 2022-08-06T06:41:24Z |
| rustsec-2022-0100 | Use After Free with `externref`s in Wasmtime | 2022-07-12T12:00:00Z | 2025-05-02T08:23:27Z |
| rustsec-2022-0084 | libp2p Lack of resource management DoS | 2022-07-12T12:00:00Z | 2023-02-02T11:22:51Z |
| rustsec-2022-0101 | Miscompilation of constant values in division on AArch64 | 2022-07-05T12:00:00Z | 2025-10-28T06:02:18Z |
| rustsec-2022-0033 | Heap memory corruption with RSA private key operation | 2022-07-05T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0032 | AES OCB fails to encrypt some bytes | 2022-07-05T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0095 | Miscompilation of `i8x16.swizzle` and `select` with v128 inputs | 2022-06-27T12:00:00Z | 2025-05-02T08:23:27Z |
| rustsec-2022-0056 | clipboard is Unmaintained | 2022-06-25T12:00:00Z | 2022-09-24T11:52:27Z |
| rustsec-2022-0093 | Double Public Key Signing Function Oracle Attack on `ed25519-dalek` | 2022-06-11T12:00:00Z | 2025-10-28T06:02:18Z |
| rustsec-2022-0029 | `MsQueue` `push`/`pop` use the wrong orderings | 2022-06-07T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0028 | Use after free in Neon external buffers | 2022-05-22T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0031 | Panic due to improper UTF-8 indexing | 2022-05-21T12:00:00Z | 2022-06-26T20:01:26Z |
| rustsec-2022-0030 | Stack overflow during recursive expression parsing | 2022-05-21T12:00:00Z | 2022-06-26T19:44:13Z |
| rustsec-2022-0054 | wee_alloc is Unmaintained | 2022-05-11T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0046 | Out-of-bounds read when opening multiple column families with TTL | 2022-05-11T12:00:00Z | 2023-06-13T13:10:24Z |
| rustsec-2022-0024 | double-checked-cell is unmaintained | 2022-05-11T12:00:00Z | 2022-05-11T21:13:02Z |
| rustsec-2022-0023 | `static_type_map` has been renamed to `erased_set` | 2022-05-11T12:00:00Z | 2022-05-11T19:44:11Z |
| rustsec-2022-0042 | malicious crate `rustdecimal` | 2022-05-10T12:00:00Z | 2025-12-17T17:06:41Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2025:16108 | Important: firefox security update | 2025-09-17T00:00:00Z | 2025-09-29T08:52:33Z |
| alsa-2025:16086 | Moderate: mysql security update | 2025-09-17T00:00:00Z | 2025-09-29T08:50:56Z |
| alsa-2025:16046 | Moderate: mysql:8.4 security update | 2025-09-17T00:00:00Z | 2025-09-18T08:40:08Z |
| alsa-2025:15904 | Important: container-tools:rhel8 security update | 2025-09-16T00:00:00Z | 2025-09-17T08:50:36Z |
| alsa-2025:15901 | Important: podman security update | 2025-09-16T00:00:00Z | 2025-09-16T07:54:29Z |
| alsa-2025:15900 | Important: podman security update | 2025-09-16T00:00:00Z | 2025-09-29T08:49:02Z |
| alsa-2025:15887 | Moderate: opentelemetry-collector security update | 2025-09-16T00:00:00Z | 2025-09-18T08:42:35Z |
| alsa-2025:15874 | Moderate: python-cryptography security update | 2025-09-16T00:00:00Z | 2025-09-18T10:25:39Z |
| alsa-2025:15786 | Important: kernel-rt security update | 2025-09-15T00:00:00Z | 2025-09-15T15:57:02Z |
| alsa-2025:15785 | Important: kernel security update | 2025-09-15T00:00:00Z | 2025-09-23T12:06:04Z |
| alsa-2025:15782 | Moderate: kernel security update | 2025-09-15T00:00:00Z | 2025-09-26T10:01:17Z |
| alsa-2025:15740 | Moderate: kernel security update | 2025-09-15T00:00:00Z | 2025-09-25T08:48:24Z |
| alsa-2025:15702 | Important: cups security update | 2025-09-11T00:00:00Z | 2025-09-12T09:35:34Z |
| alsa-2025:15701 | Important: cups security update | 2025-09-11T00:00:00Z | 2025-09-29T09:01:08Z |
| alsa-2025:15700 | Important: cups security update | 2025-09-11T00:00:00Z | 2025-09-29T08:59:02Z |
| alsa-2025:15699 | Moderate: mysql-selinux and mysql8.4 security update | 2025-09-11T00:00:00Z | 2025-09-12T10:30:08Z |
| alsa-2025:15687 | Moderate: php:8.2 security update | 2025-09-11T00:00:00Z | 2025-09-29T08:55:43Z |
| alsa-2025:15662 | Important: kernel security update | 2025-09-11T00:00:00Z | 2025-09-17T11:09:33Z |
| alsa-2025:15661 | Important: kernel security update | 2025-09-11T00:00:00Z | 2025-09-16T09:35:20Z |
| alsa-2025:15608 | Important: python3.12-cryptography security update | 2025-09-10T00:00:00Z | 2025-09-10T18:06:18Z |
| alsa-2025:15472 | Important: kernel-rt security update | 2025-09-08T00:00:00Z | 2025-09-09T07:30:13Z |
| alsa-2025:15471 | Important: kernel security update | 2025-09-08T00:00:00Z | 2025-09-09T09:32:18Z |
| alsa-2025:15447 | Important: kernel security update | 2025-09-08T00:00:00Z | 2025-09-15T08:57:56Z |
| alsa-2025:15429 | Important: kernel security update | 2025-09-08T00:00:00Z | 2025-09-15T09:02:39Z |
| alsa-2025:15123 | Moderate: httpd:2.4 security update | 2025-09-03T00:00:00Z | 2025-09-04T10:27:23Z |
| alsa-2025:15115 | Important: postgresql:12 security update | 2025-09-03T00:00:00Z | 2025-09-03T11:08:48Z |
| alsa-2025:15099 | Important: pam security update | 2025-09-03T00:00:00Z | 2025-09-03T08:51:39Z |
| alsa-2025:15095 | Moderate: httpd security update | 2025-09-02T00:00:00Z | 2025-09-03T08:58:50Z |
| alsa-2025:15023 | Moderate: httpd security update | 2025-09-02T00:00:00Z | 2025-09-29T09:03:21Z |
| alsa-2025:15022 | Important: postgresql:15 security update | 2025-09-02T00:00:00Z | 2025-09-29T09:08:26Z |