Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-26351 |
4.8 (4.0)
|
GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php |
GetSimpleCMS-CE |
GetSimpleCMS-CE |
2026-02-24T22:05:54.420Z | 2026-02-24T22:05:54.420Z |
| CVE-2026-27117 |
5.5 (3.1)
|
bit7z has a path traversal vulnerability |
rikyoz |
bit7z |
2026-02-24T21:46:12.714Z | 2026-02-24T21:46:12.714Z |
| CVE-2026-27593 |
9.3 (3.1)
|
Statamic is vulnerable to account takeover via passwor… |
statamic |
cms |
2026-02-24T21:38:17.354Z | 2026-02-24T21:38:17.354Z |
| CVE-2026-27572 |
6.9 (4.0)
|
Wasmtime can panic when adding excessive fields to a `… |
bytecodealliance |
wasmtime |
2026-02-24T21:31:50.186Z | 2026-02-24T21:31:50.186Z |
| CVE-2026-27204 |
6.9 (4.0)
|
Wasmtime WASI implementations are vulnerable to guest-… |
bytecodealliance |
wasmtime |
2026-02-24T21:23:47.007Z | 2026-02-24T21:23:47.007Z |
| CVE-2026-27195 |
6.9 (4.0)
|
Wasmtime is vulnerable to panic when dropping a `[Type… |
bytecodealliance |
wasmtime |
2026-02-24T21:15:20.366Z | 2026-02-24T21:36:54.122Z |
| CVE-2026-25899 |
7.5 (3.1)
|
Fiber is Vulnerable to Denial of Service via Flash Coo… |
gofiber |
fiber |
2026-02-24T21:11:17.804Z | 2026-02-24T21:37:33.970Z |
| CVE-2026-25891 |
7.7 (4.0)
|
Fiber has an Arbitrary File Read in Static Middleware … |
gofiber |
fiber |
2026-02-24T21:08:48.675Z | 2026-02-24T21:39:11.118Z |
| CVE-2026-25882 |
5.5 (4.0)
|
Fiber has a Denial of Service Vulnerability via Route … |
gofiber |
fiber |
2026-02-24T21:05:28.211Z | 2026-02-24T21:39:51.170Z |
| CVE-2026-22553 |
9.8 (3.1)
9.3 (4.0)
|
InSAT MasterSCADA BUK-TS OS Command Injection |
InSAT |
MasterSCADA BUK-TS |
2026-02-24T20:56:14.099Z | 2026-02-24T21:00:29.951Z |
| CVE-2026-21410 |
9.8 (3.1)
9.3 (4.0)
|
InSAT MasterSCADA BUK-TS SQL Injection |
InSAT |
MasterSCADA BUK-TS |
2026-02-24T20:53:55.150Z | 2026-02-24T21:00:53.595Z |
| CVE-2025-46320 |
6.1 (3.1)
|
A cross-site scripting (XSS) vulnerability in a F… |
Claris |
FileMaker Server |
2026-02-24T20:30:26.139Z | 2026-02-24T21:19:06.285Z |
| CVE-2026-24443 |
8.6 (4.0)
|
EventSentry < 6.0.1.20 Web Reports Unverified Password… |
NETIKUS.NET ltd |
EventSentry |
2026-02-24T20:14:44.688Z | 2026-02-24T21:40:48.632Z |
| CVE-2026-23859 |
2.7 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS… |
Dell |
Wyse Management Suite |
2026-02-24T19:35:02.937Z | 2026-02-24T21:41:09.368Z |
| CVE-2026-23858 |
5.4 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS… |
Dell |
Wyse Management Suite |
2026-02-24T19:31:31.325Z | 2026-02-24T21:45:53.723Z |
| CVE-2026-22766 |
7.2 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS… |
Dell |
Wyse Management Suite |
2026-02-24T19:28:14.566Z | 2026-02-24T20:54:20.065Z |
| CVE-2026-22765 |
8.8 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS… |
Dell |
Wyse Management Suite |
2026-02-24T19:24:21.497Z | 2026-02-24T21:14:16.952Z |
| CVE-2026-3131 |
N/A
|
Improper access control in multiple DVLS REST AP… |
Devolutions |
Server |
2026-02-24T19:01:29.096Z | 2026-02-24T19:01:29.096Z |
| CVE-2026-1768 |
N/A
|
A permission cache poisoning vulnerability in Dev… |
Devolutions |
Devolutions Server |
2026-02-24T19:01:07.640Z | 2026-02-24T19:01:07.640Z |
| CVE-2026-27477 |
4.6 (4.0)
|
Mastodon has SSRF via unvalidated FASP Provider base_url |
mastodon |
mastodon |
2026-02-24T19:00:20.590Z | 2026-02-24T19:00:20.590Z |
| CVE-2025-1789 |
5.8 (4.0)
|
Local privilege escalation in Genetec Update Serv… |
Genetec Inc. |
Genetec Update Service |
2026-02-24T18:47:24.913Z | 2026-02-24T18:47:24.913Z |
| CVE-2025-1787 |
5.8 (4.0)
|
Local admin could to leak information from the Ge… |
Genetec Inc. |
Genetec Update Service |
2026-02-24T18:44:36.705Z | 2026-02-24T21:17:58.063Z |
| CVE-2026-24241 |
4.3 (3.1)
|
NVIDIA Delegated Licensing Service for all applia… |
NVIDIA |
DLS component of NVIDIA License System |
2026-02-24T18:42:56.703Z | 2026-02-24T21:26:40.416Z |
| CVE-2025-33181 |
7.3 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a … |
NVIDIA |
Cumulus Linux GA |
2026-02-24T18:42:04.490Z | 2026-02-24T21:29:14.387Z |
| CVE-2025-33180 |
8 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a … |
NVIDIA |
Cumulus Linux GA |
2026-02-24T18:41:48.632Z | 2026-02-24T21:31:41.482Z |
| CVE-2025-33179 |
8 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a … |
NVIDIA |
Cumulus Linux GA |
2026-02-24T18:41:32.821Z | 2026-02-24T18:41:32.821Z |
| CVE-2026-26342 |
8.7 (4.0)
|
Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient … |
Tattile s.r.l. |
Smart+ |
2026-02-24T18:41:09.935Z | 2026-02-24T18:41:09.935Z |
| CVE-2026-26341 |
9.3 (4.0)
|
Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials |
Tattile s.r.l. |
Smart+ |
2026-02-24T18:40:54.212Z | 2026-02-24T21:33:18.810Z |
| CVE-2026-26340 |
8.7 (4.0)
|
Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticat… |
Tattile s.r.l. |
Smart+ |
2026-02-24T18:40:35.393Z | 2026-02-24T21:34:06.523Z |
| CVE-2026-3105 |
7.6 (3.1)
|
SQL Injection in Contact Activity API Sorting |
Mautic |
Mautic |
2026-02-24T18:39:03.352Z | 2026-02-24T18:39:03.352Z |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-6v48-fcq6-ff23 |
7.1 (4.0)
|
Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory | 2026-02-24T21:43:15Z | 2026-02-24T21:43:15Z |
| ghsa-mxhj-88fx-4pcv |
8.6 (4.0)
|
Fickling: OBJ opcode call invisibility bypasses all safety checks | 2026-02-24T21:41:31Z | 2026-02-24T21:41:31Z |
| ghsa-wxjg-wxm8-w2qc |
9.8 (3.1)
9.3 (4.0)
|
All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-wh6f-f7pf-3hqg |
9.8 (3.1)
9.3 (4.0)
|
InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious … | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-w6wm-hqx9-7cq8 |
8.7 (4.0)
|
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an au… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-mjm8-6393-j3wg |
|
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to u… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-hr94-5hp8-p3qr |
4.3 (3.1)
|
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an at… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-c8xr-66ch-xcpx |
8.7 (4.0)
|
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP str… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-8c83-cvgq-pp7w |
8.6 (4.0)
|
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the a… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-682g-r279-6gq6 |
9.3 (4.0)
|
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with defau… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-3fr2-qc88-c4cv |
|
Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and… | 2026-02-24T21:31:47Z | 2026-02-24T21:31:47Z |
| ghsa-xph9-72vf-6x2f |
5.8 (4.0)
|
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows use… | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-vcqv-v77g-qhch |
5.4 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input … | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-qv39-5mwf-4pj2 |
8.0 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-p… | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-p5fg-p22w-8pfg |
7.3 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-p… | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-mhh4-8fhx-47qg |
8.0 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-p… | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-fc3q-vg8h-qrfp |
|
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypa… | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-f46g-p3mm-9g3p |
2.7 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-… | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-cp7r-fhjg-f2vc |
7.2 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with … | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-58vr-q64v-x475 |
8.8 (3.1)
|
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerabilit… | 2026-02-24T21:31:46Z | 2026-02-24T21:31:46Z |
| ghsa-fpg9-3qpq-vpm5 |
5.8 (4.0)
|
Local admin could to leak information from the Genetec Update Service configuration web page. An au… | 2026-02-24T21:31:45Z | 2026-02-24T21:31:46Z |
| ghsa-jxq9-79vj-rgvw |
9.3 (3.1)
|
Statamic is vulnerable to account takeover via password reset link injection | 2026-02-24T21:09:23Z | 2026-02-24T21:09:23Z |
| ghsa-243v-98vx-264h |
6.9 (4.0)
|
Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance | 2026-02-24T21:08:06Z | 2026-02-24T21:08:06Z |
| ghsa-mrq8-rjmw-wpq3 |
6.9 (4.0)
|
Fiber has a Denial of Service Vulnerability via Route Parameter Overflow | 2026-02-24T21:04:07Z | 2026-02-24T21:04:07Z |
| ghsa-2mr3-m5q5-wgp6 |
7.5 (3.1)
|
Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation | 2026-02-24T20:57:25Z | 2026-02-24T20:57:25Z |
| ghsa-m3c2-496v-cw3v |
8.7 (4.0)
|
Fiber has an Arbitrary File Read in Static Middleware on Windows | 2026-02-24T20:51:01Z | 2026-02-24T20:51:01Z |
| ghsa-852m-cvvp-9p4w |
5.9 (4.0)
|
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion | 2026-02-24T20:47:08Z | 2026-02-24T20:47:09Z |
| ghsa-xjhv-v822-pf94 |
6.9 (4.0)
|
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future | 2026-02-24T20:44:46Z | 2026-02-24T20:44:46Z |
| ghsa-5r3v-vc8m-m96g |
8.9 (4.0)
|
Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport | 2026-02-24T20:39:08Z | 2026-02-24T20:39:08Z |
| ghsa-879p-475x-rqh2 |
6.9 (4.0)
|
Caddy is vulnerable to cross-origin config application via local admin API /load | 2026-02-24T20:37:35Z | 2026-02-24T20:37:35Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-1 |
|
A PyPI user account compromised by an attacker and was able to upload a malicious version… | dydx-v4-client | 2026-01-28T21:09:02+00:00 | |
| pysec-2025-72 |
|
The `num2words` project was compromised via a phishing attack and two new versions were u… | num2words | 2025-07-31T14:34:47+00:00 | |
| pysec-2025-71 |
|
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… | cadwyn | 2025-07-21T21:15:25+00:00 | 2025-07-23T15:24:03.825615+00:00 |
| pysec-2025-69 |
|
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… | roundup | 2025-07-13T20:15:25+00:00 | 2025-07-13T21:23:01.161315+00:00 |
| pysec-2025-65 |
|
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… | llama-index | 2025-07-07T13:15:28+00:00 | 2025-07-07T15:23:42.730681+00:00 |
| pysec-2025-61 |
|
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … | pillow | 2025-07-01T19:15:27Z | 2025-07-07T14:12:46.226030Z |
| pysec-2025-51 |
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) v… | apache-airflow-providers-snowflake | 2025-06-24T08:15:24+00:00 | 2025-06-26T21:23:03.132527+00:00 |
| pysec-2025-70 |
10.0 (3.1)
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… | langchain-community | 2025-06-23T21:15:25+00:00 | 2025-07-16T21:23:40.211079+00:00 |
| pysec-2025-52 |
|
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | mlflow | 2025-06-23T15:15:29Z | 2025-12-05T13:25:55.146081Z |
| pysec-2025-68 |
8.0 (3.1)
|
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.449399+00:00 |
| pysec-2025-67 |
9.8 (3.1)
|
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.385619+00:00 |
| pysec-2025-64 |
9.8 (3.1)
|
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… | python-a2a | 2025-06-17T07:15:18+00:00 | 2025-07-02T21:23:13.806273+00:00 |
| pysec-2025-47 |
|
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2… | django | 2025-06-05T03:15:25+00:00 | 2025-06-05T05:23:28.296596+00:00 |
| pysec-2025-44 |
|
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in mod… | django-helpdesk | 2025-05-31T01:15:19+00:00 | 2025-05-31T03:09:35.357757+00:00 |
| pysec-2025-55 |
|
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 u… | vllm | 2025-05-30T19:15:30+00:00 | 2025-06-26T21:23:06.407481+00:00 |
| pysec-2025-54 |
|
vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8… | vllm | 2025-05-30T19:15:30+00:00 | 2025-06-26T21:23:06.319321+00:00 |
| pysec-2025-50 |
|
vLLM, an inference and serving engine for large language models (LLMs), has a Regular Exp… | vllm | 2025-05-30T18:15:32+00:00 | 2025-06-19T03:02:28.572160+00:00 |
| pysec-2025-53 |
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to versio… | vllm | 2025-05-29T17:15:21+00:00 | 2025-06-26T21:23:06.231251+00:00 |
| pysec-2025-43 |
|
vLLM is an inference and serving engine for large language models (LLMs). In versions sta… | vllm | 2025-05-29T17:15:21+00:00 | 2025-05-29T19:21:01.611587+00:00 |
| pysec-2025-46 |
5.5 (3.1)
|
A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as cri… | pypickle | 2025-05-26T08:15:19+00:00 | 2025-06-03T17:36:58.579358+00:00 |
| pysec-2025-45 |
7.8 (3.1)
|
A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic.… | pypickle | 2025-05-26T07:15:26+00:00 | 2025-06-03T17:36:58.528116+00:00 |
| pysec-2025-40 |
7.5 (3.1)
|
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils`… | transformers | 2025-05-19T12:15:19+00:00 | 2025-05-21T19:22:10.801823+00:00 |
| pysec-2025-49 |
8.8 (3.1)
|
setuptools is a package that allows users to download, build, install, upgrade, and unins… | setuptools | 2025-05-17T16:15:19+00:00 | 2025-06-12T22:23:11.115559+00:00 |
| pysec-2025-39 |
|
motionEye is an online interface for the software motion, a video surveillance program wi… | motioneye | 2025-05-14T16:15:29+00:00 | 2025-05-14T17:22:51.050788+00:00 |
| pysec-2025-60 |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… | apache-iotdb | 2025-05-14T11:16:28+00:00 | 2025-07-01T21:22:47.232036+00:00 |
| pysec-2025-59 |
|
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… | apache-iotdb | 2025-05-14T11:15:47+00:00 | 2025-07-01T21:22:47.177405+00:00 |
| pysec-2025-38 |
|
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during im… | ironic | 2025-05-08T17:16:01Z | 2025-05-13T04:24:03.083929Z |
| pysec-2025-37 |
|
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2… | django | 2025-05-08T04:17:18+00:00 | 2025-05-08T05:23:16.210893+00:00 |
| pysec-2025-42 |
9.8 (3.1)
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Ver… | vllm | 2025-04-30T01:15:51+00:00 | 2025-05-28T21:23:12.396609+00:00 |
| pysec-2025-34 |
|
The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_… | picklescan | 2025-04-24T01:15:49+00:00 | 2025-04-24T03:08:15.436691+00:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-1026 | Malicious code in rncalendareventsexample (npm) | 2026-02-24T21:35:58Z | 2026-02-24T21:35:58Z |
| mal-2026-1027 | Malicious code in rtxbbtyols (npm) | 2026-02-24T18:40:07Z | 2026-02-24T18:40:07Z |
| mal-2026-1025 | Malicious code in @unitedcapitalfinancialadvisors/finlife-component-library (npm) | 2026-02-24T16:56:49Z | 2026-02-24T16:56:56Z |
| mal-2026-1024 | Malicious code in @protonme/routing (npm) | 2026-02-24T16:56:49Z | 2026-02-24T16:56:49Z |
| mal-2026-1023 | Malicious code in @kiukicom/sidebar (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:49Z |
| mal-2026-1022 | Malicious code in @coinmetro/app (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:49Z |
| mal-2026-1021 | Malicious code in @atg-aml-shared/kyc-domain (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:48Z |
| mal-2026-1020 | Malicious code in @ai-studio-web/app (npm) | 2026-02-24T16:56:48Z | 2026-02-24T16:56:48Z |
| mal-2026-1019 | Malicious code in spark-audit-notify (PyPI) | 2026-02-24T16:18:43Z | 2026-02-24T17:28:41Z |
| mal-2026-1018 | Malicious code in do-not-install-this-package-003 (PyPI) | 2026-02-24T15:18:17Z | 2026-02-24T15:18:17Z |
| mal-2026-1016 | Malicious code in js-multer (npm) | 2026-02-24T15:01:43Z | 2026-02-24T15:01:43Z |
| mal-2026-1014 | Malicious code in chai-iotype (npm) | 2026-02-24T15:01:43Z | 2026-02-24T15:01:43Z |
| mal-2026-1013 | Malicious code in chai-as-pause (npm) | 2026-02-24T14:59:19Z | 2026-02-24T14:59:19Z |
| mal-2026-1017 | Malicious code in json-mapping-srcs (npm) | 2026-02-24T14:49:33Z | 2026-02-24T14:49:33Z |
| mal-2026-1015 | Malicious code in es1int-config (npm) | 2026-02-24T14:44:00Z | 2026-02-24T14:44:01Z |
| mal-2026-1006 | Malicious code in chai-tools (npm) | 2026-02-24T14:31:45Z | 2026-02-24T14:31:46Z |
| mal-2026-1011 | Malicious code in node-argon (npm) | 2026-02-24T14:30:26Z | 2026-02-24T14:30:27Z |
| mal-2026-1005 | Malicious code in argon-web3-chain (npm) | 2026-02-24T14:30:26Z | 2026-02-24T14:30:27Z |
| mal-2026-1007 | Malicious code in dotenvx-ext (npm) | 2026-02-24T14:25:56Z | 2026-02-24T14:25:56Z |
| mal-2026-1010 | Malicious code in modify-setting (npm) | 2026-02-24T14:18:58Z | 2026-02-24T14:18:58Z |
| mal-2026-1008 | Malicious code in es1int-re1ease (npm) | 2026-02-24T14:08:28Z | 2026-02-24T14:08:29Z |
| mal-2026-1012 | Malicious code in ultimates-express (npm) | 2026-02-24T14:01:31Z | 2026-02-24T14:01:32Z |
| mal-2026-1009 | Malicious code in express-soaps (npm) | 2026-02-24T14:01:31Z | 2026-02-24T14:01:32Z |
| mal-2026-1004 | Malicious code in request-httpx-9 (PyPI) | 2026-02-24T09:11:42Z | 2026-02-24T09:11:42Z |
| mal-2026-1002 | Malicious code in newrubylogger (RubyGems) | 2026-02-23T20:50:29Z | 2026-02-23T20:50:29Z |
| mal-2026-1003 | Malicious code in cnnct-eaas-corre (PyPI) | 2026-02-23T16:00:12Z | 2026-02-23T16:00:12Z |
| mal-2026-1001 | Malicious code in request-httpx-4 (PyPI) | 2026-02-23T12:37:17Z | 2026-02-23T12:37:17Z |
| mal-2026-1000 | Malicious code in scraper-npm (PyPI) | 2026-02-23T08:59:49Z | 2026-02-23T09:51:45Z |
| mal-2026-999 | Malicious code in react-dropzone-truffle (npm) | 2026-02-23T02:22:35Z | 2026-02-23T04:21:35Z |
| mal-2026-997 | Malicious code in npm-security-testing (npm) | 2026-02-23T02:20:31Z | 2026-02-23T04:21:34Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-airflow-2025-65995 | Apache Airflow: Disclosure of secrets to UI via kwargs | 2026-02-24T08:38:47.831Z | 2026-02-24T09:11:39.593Z |
| bit-ghost-2026-26980 | Ghost has a SQL Injection in its Content API | 2026-02-21T08:39:22.999Z | 2026-02-21T09:08:21.332Z |
| bit-cilium-2026-26963 | Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled | 2026-02-21T08:36:53.368Z | 2026-02-21T09:08:21.332Z |
| bit-cosign-2026-24122 | Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked | 2026-02-21T08:36:39.661Z | 2026-02-21T09:08:21.332Z |
| bit-tomcat-2026-24734 | Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass | 2026-02-20T09:53:00.269Z | 2026-02-20T10:18:37.619Z |
| bit-tomcat-2026-24733 | Apache Tomcat: Security constraint bypass with HTTP/0.9 | 2026-02-20T09:52:58.708Z | 2026-02-24T09:11:39.593Z |
| bit-tomcat-2025-66614 | Apache Tomcat: Client certificate verification bypass due to virtual host mapping | 2026-02-20T09:52:57.300Z | 2026-02-24T09:11:39.593Z |
| bit-nifi-2026-25903 | Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates | 2026-02-20T08:45:57.883Z | 2026-02-20T09:09:49.097Z |
| bit-jenkins-2026-27100 | 2026-02-20T08:43:34.823Z | 2026-02-20T09:09:49.097Z | |
| bit-milvus-2025-64513 | Milvus Proxy has Critical Authentication Bypass Vulnerability | 2026-02-20T08:43:34.608Z | 2026-02-20T09:09:49.097Z |
| bit-jenkins-2026-27099 | 2026-02-20T08:43:33.019Z | 2026-02-20T09:09:49.097Z | |
| bit-grafana-2026-21722 | Public Dashboards time range restriction on annotations can be bypassed | 2026-02-20T08:41:29.411Z | 2026-02-20T09:09:49.097Z |
| bit-grafana-2026-21721 | Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation | 2026-02-20T08:41:27.652Z | 2026-02-20T09:09:49.097Z |
| bit-grafana-2025-41117 | XSS in Grafana Explore stack trace | 2026-02-20T08:41:19.089Z | 2026-02-24T09:11:39.593Z |
| bit-milvus-2026-26190 | Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise | 2026-02-19T08:47:10.808Z | 2026-02-19T09:13:37.164Z |
| bit-grafana-2026-21720 | Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out | 2026-02-18T17:41:21.379Z | 2026-02-18T18:09:39.057Z |
| bit-gitlab-2026-1458 | Allocation of Resources Without Limits or Throttling in GitLab | 2026-02-16T16:31:06.973Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2026-1456 | Allocation of Resources Without Limits or Throttling in GitLab | 2026-02-16T16:31:05.146Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2026-1282 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab | 2026-02-16T16:31:03.017Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2026-1094 | Improper Validation of Unsafe Equivalence in Input in GitLab | 2026-02-16T16:30:59.417Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2026-0958 | Interpretation Conflict in GitLab | 2026-02-16T16:30:57.233Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2026-0595 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | 2026-02-16T16:30:53.679Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2025-8099 | Allocation of Resources Without Limits or Throttling in GitLab | 2026-02-16T16:30:40.312Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2025-7659 | Origin Validation Error in GitLab | 2026-02-16T16:30:29.449Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2025-14594 | Authorization Bypass Through User-Controlled Key in GitLab | 2026-02-16T16:28:35.547Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2025-14592 | Missing Authorization in GitLab | 2026-02-16T16:28:33.785Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2025-14560 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | 2026-02-16T16:28:32.048Z | 2026-02-16T16:32:40.318Z |
| bit-gitlab-2025-12073 | Server-Side Request Forgery (SSRF) in GitLab | 2026-02-16T16:27:53.661Z | 2026-02-16T16:32:40.318Z |
| bit-postgresql-2026-2007 | PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory | 2026-02-16T16:03:46.313Z | 2026-02-16T16:32:40.318Z |
| bit-postgresql-2026-2006 | PostgreSQL missing validation of multibyte character length executes arbitrary code | 2026-02-16T16:03:41.880Z | 2026-02-16T16:32:40.318Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-ln12820 | vulnerability has been identified in Node | 2026-02-19T00:58:49.154512Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-nn87556 | Security fixes for GHSA-2gh3-rmm4-6rq5, GHSA-434x-w66g-qw3r, GHSA-r6v5-fh4h-64xc, GHSA-xwfj-jgwm-7wp5 applied in versions: 1.28.2-r0, 1.29.0-r0 | 2026-02-19T00:39:07.788394Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-oj16660 | Security fixes for GHSA-2gh3-rmm4-6rq5, GHSA-434x-w66g-qw3r, GHSA-r6v5-fh4h-64xc, GHSA-xwfj-jgwm-7wp5 applied in versions: 1.28.2-r0, 1.28.4-r0 | 2026-02-19T00:39:07.225007Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-kn30288 | Security fixes for GHSA-2gh3-rmm4-6rq5, GHSA-434x-w66g-qw3r, GHSA-r6v5-fh4h-64xc, GHSA-rhfx-m35p-ff5j, GHSA-xwfj-jgwm-7wp5 applied in versions: 1.27.5-r1, 1.27.6-r0 | 2026-02-19T00:39:07.163109Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-yn08405 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 7.1.1-r7 | 2026-02-19T00:39:05.944714Z | 2026-02-18T09:40:19Z |
| cleanstart-2026-zt77083 | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers | 2026-02-18T00:40:43.959662Z | 2026-02-17T14:16:07Z |
| cleanstart-2026-dt95939 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-02-18T00:37:41.674179Z | 2026-02-17T14:16:07Z |
| cleanstart-2026-lr19699 | Within HostnameError | 2026-02-18T00:37:41.636616Z | 2026-02-17T14:16:07Z |
| cleanstart-2026-gg58376 | Within HostnameError | 2026-02-17T00:41:15.939977Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-uh39784 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process | 2026-02-17T00:40:45.017480Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-vg57433 | Within HostnameError | 2026-02-17T00:39:45.599344Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-jr03360 | Within HostnameError | 2026-02-17T00:39:45.300172Z | 2026-02-16T09:23:22Z |
| cleanstart-2026-kk07808 | issue has been found in third-party PNM decoding associated with libpng 1 | 2026-02-14T00:37:45.311656Z | 2026-02-13T12:28:27Z |
| cleanstart-2026-mh09144 | issue was discovered in libexpat before 2 | 2026-02-13T00:45:17.459930Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-wv76464 | libexpat in Expat before 2 | 2026-02-13T00:43:45.311968Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-tr92727 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ... | 2026-02-13T00:41:14.875956Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-ca79883 | Security fixes for GHSA-6v2p-p943-phr9, GHSA-c6gw-w398-hv78, GHSA-f6x5-jh6r-wrfv, GHSA-hcg3-p754-cr77, GHSA-j5w8-q4qc-rx2x, GHSA-qxp5-gw88-xv66, GHSA-v778-237x-gjrc, GHSA-vvgc-356p-c3xw applied in versions: 1.15.0-r1 | 2026-02-13T00:40:14.901695Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-gv85693 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process | 2026-02-13T00:40:14.240914Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-jb30245 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 0.47.2-r0 | 2026-02-13T00:39:45.274258Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-fi29887 | During the TLS 1 | 2026-02-13T00:39:44.225771Z | 2026-02-12T13:07:54Z |
| cleanstart-2026-by71381 | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption | 2026-02-11T00:41:59.117560Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-cv28298 | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption | 2026-02-11T00:41:59.034081Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-ls08172 | Within HostnameError | 2026-02-11T00:41:59.030674Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-xb34574 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-02-11T00:40:59.223419Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-im73098 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-02-11T00:40:59.052841Z | 2026-02-10T22:11:02Z |
| cleanstart-2026-tj33788 | Within HostnameError | 2026-02-10T00:39:24.476012Z | 2026-02-09T12:51:17Z |
| cleanstart-2026-gp14462 | Security fixes for GHSA-vvgc-356p-c3xw applied in versions: 0.18.0-r0 | 2026-02-10T00:39:23.397354Z | 2026-02-09T12:51:17Z |
| cleanstart-2026-xe32069 | Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ... | 2026-02-06T01:10:32.733224Z | 2026-02-03T13:35:45Z |
| cleanstart-2026-wx01708 | vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device | 2026-02-06T01:10:02.024980Z | 2026-02-03T13:35:45Z |
| cleanstart-2026-zm20570 | Moby is an open-source project created by Docker for software containerization | 2026-02-06T00:54:29.621254Z | 2026-02-03T13:35:45Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2026-010 | 2026-02-11T16:54:18.000Z | 2026-02-11T16:54:18.000Z | |
| drupal-contrib-2026-009 | 2026-02-11T16:53:32.000Z | 2026-02-12T15:37:20.000Z | |
| drupal-contrib-2026-008 | 2026-02-04T17:23:40.000Z | 2026-02-04T17:23:40.000Z | |
| drupal-contrib-2026-007 | 2026-01-28T17:29:32.000Z | 2026-01-28T17:29:32.000Z | |
| drupal-contrib-2026-006 | 2026-01-28T17:28:31.000Z | 2026-01-28T17:28:31.000Z | |
| drupal-contrib-2026-005 | 2026-01-14T17:57:31.000Z | 2026-01-14T18:33:02.000Z | |
| drupal-contrib-2026-004 | 2026-01-14T17:56:28.000Z | 2026-01-14T17:56:28.000Z | |
| drupal-contrib-2026-003 | 2026-01-14T17:55:41.000Z | 2026-01-14T17:55:41.000Z | |
| drupal-contrib-2026-002 | 2026-01-14T17:54:33.000Z | 2026-01-14T17:54:33.000Z | |
| drupal-contrib-2026-001 | 2026-01-14T17:53:33.000Z | 2026-01-14T17:53:33.000Z | |
| drupal-contrib-2025-126 | 2025-12-17T17:47:13.000Z | 2025-12-17T17:47:13.000Z | |
| drupal-contrib-2025-125 | 2025-12-10T17:53:01.000Z | 2025-12-10T19:09:57.000Z | |
| drupal-contrib-2025-124 | 2025-12-03T18:49:57.000Z | 2025-12-03T18:49:57.000Z | |
| drupal-contrib-2025-123 | 2025-12-03T18:49:40.000Z | 2025-12-03T18:49:40.000Z | |
| drupal-contrib-2025-122 | 2025-12-03T18:49:18.000Z | 2025-12-03T18:49:18.000Z | |
| drupal-contrib-2025-121 | 2025-12-03T18:48:57.000Z | 2025-12-03T18:48:57.000Z | |
| drupal-contrib-2025-120 | 2025-12-03T18:48:37.000Z | 2025-12-03T18:48:37.000Z | |
| drupal-contrib-2025-119 | 2025-12-03T18:48:23.000Z | 2025-12-03T19:05:53.000Z | |
| drupal-contrib-2025-118 | 2025-12-03T18:48:10.000Z | 2025-12-03T18:48:10.000Z | |
| drupal-contrib-2025-117 | 2025-12-03T18:47:37.000Z | 2025-12-03T18:47:37.000Z | |
| drupal-contrib-2025-116 | 2025-11-05T18:09:13.000Z | 2025-11-05T18:09:13.000Z | |
| drupal-contrib-2025-115 | 2025-11-05T18:08:01.000Z | 2025-11-05T18:08:01.000Z | |
| drupal-contrib-2025-114 | 2025-10-29T16:44:39.000Z | 2025-10-29T20:15:52.000Z | |
| drupal-contrib-2025-113 | 2025-10-22T16:35:12.000Z | 2025-10-22T16:35:12.000Z | |
| drupal-contrib-2025-112 | 2025-10-22T16:34:46.000Z | 2025-10-22T16:34:46.000Z | |
| drupal-contrib-2025-111 | 2025-09-24T17:28:05.000Z | 2025-09-24T17:28:05.000Z | |
| drupal-contrib-2025-110 | 2025-09-24T17:27:41.000Z | 2025-09-24T17:27:41.000Z | |
| drupal-contrib-2025-109 | 2025-09-24T17:27:33.000Z | 2025-09-24T17:27:33.000Z | |
| drupal-contrib-2025-108 | 2025-09-24T17:27:20.000Z | 2025-09-24T17:27:20.000Z | |
| drupal-contrib-2025-107 | 2025-09-24T17:18:08.000Z | 2025-09-24T17:18:08.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-004359 | Security information for Hitachi Disk Array Systems | 2026-02-20T18:35+09:00 | 2026-02-20T18:35+09:00 |
| jvndb-2026-000027 | WordPress Plugin "Survey Maker" vulnerable to cross-site scripting | 2026-02-20T12:32+09:00 | 2026-02-20T12:32+09:00 |
| jvndb-2026-000028 | Installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool may insecurely load Dynamic Link Libraries | 2026-02-20T12:31+09:00 | 2026-02-20T12:31+09:00 |
| jvndb-2026-003912 | Vulnerability in Cosminexus HTTP Server and Hitachi Web Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003911 | Vulnerability in Cosminexus HTTP Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003910 | Multiple Vulnerabilities in Cosminexus HTTP Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003909 | Multiple Vulnerabilities in Hitachi Command Suite products | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003908 | Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003907 | Multiple Vulnerabilities in JP1 | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003906 | Multiple Vulnerabilities in Cosminexus | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-003905 | Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server | 2026-02-17T20:46+09:00 | 2026-02-17T20:46+09:00 |
| jvndb-2026-000025 | Joomla! CMS vulnerable to cross-site scripting | 2026-02-17T12:46+09:00 | 2026-02-17T12:46+09:00 |
| jvndb-2026-000023 | FileZen vulnerable to OS command injection | 2026-02-13T16:51+09:00 | 2026-02-13T17:08+09:00 |
| jvndb-2026-000024 | Installer of M-Audio M-Track Duo HD may insecurely load Dynamic Link Libraries | 2026-02-12T13:32+09:00 | 2026-02-12T13:32+09:00 |
| jvndb-2026-000022 | Oki Electric Industry products and OEM products register Windows services with unquoted file paths | 2026-02-09T15:21+09:00 | 2026-02-09T15:21+09:00 |
| jvndb-2026-000021 | web2py vulnerable to open redirect | 2026-02-05T15:01+09:00 | 2026-02-05T15:01+09:00 |
| jvndb-2026-000020 | Multiple vulnerabilities in Movable Type | 2026-02-04T16:15+09:00 | 2026-02-04T16:15+09:00 |
| jvndb-2026-000019 | Multiple vulnerabilities in ELECOM wireless LAN products | 2026-02-03T14:57+09:00 | 2026-02-03T14:57+09:00 |
| jvndb-2026-000017 | Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows | 2026-02-03T14:57+09:00 | 2026-02-05T14:41+09:00 |
| jvndb-2026-000016 | Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries | 2026-02-03T14:57+09:00 | 2026-02-04T12:39+09:00 |
| jvndb-2026-000015 | Sonatype Nexus Repository vulnerable to server-side request forgery | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000014 | OS command injection in raspap-webgui | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000013 | Multiple Microsoft Office products vulnerable to untrusted search path | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000012 | Multiple vulnerabilities in Cybozu Garoon | 2026-02-02T15:18+09:00 | 2026-02-02T15:18+09:00 |
| jvndb-2026-000018 | Undocumented "TelnetEnable" functionality of End of Service NETGEAR products | 2026-01-30T14:23+09:00 | 2026-01-30T14:23+09:00 |
| jvndb-2026-002119 | Multiple vulnerabilities in BROTHER MFPs (multifunction printers) | 2026-01-30T11:26+09:00 | 2026-01-30T11:26+09:00 |
| jvndb-2026-002030 | Multiple Vulnerabilities in Cosminexus | 2026-01-29T10:32+09:00 | 2026-01-29T10:32+09:00 |
| jvndb-2026-001972 | Archer MR600 vulnerable to OS command injection | 2026-01-28T10:41+09:00 | 2026-01-28T10:41+09:00 |
| jvndb-2026-000011 | beat-access for Windows may insecurely load Dynamic Link Libraries | 2026-01-27T18:22+09:00 | 2026-01-27T18:22+09:00 |
| jvndb-2026-001732 | Multiple Brother software installers may insecurely load Dynamic Link Libraries | 2026-01-26T16:04+09:00 | 2026-01-26T16:04+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-10652 | Google Chrome代码执行漏洞(CNVD-2026-10652) | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10651 | Google SentencePiece缓冲区溢出漏洞 | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10650 | Google Go代码执行漏洞(CNVD-2026-10650) | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10649 | Google Go拒绝服务漏洞(CNVD-2026-10649) | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10648 | Google Go代码执行漏洞 | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10647 | Google Go拒绝服务漏洞(CNVD-2026-10647) | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10646 | Google Go信息泄露漏洞(CNVD-2026-10646) | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10645 | Google Chrome信息泄露漏洞(CNVD-2026-10645) | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10641 | Google Android信息泄露漏洞(CNVD-2026-10641) | 2026-02-05 | 2026-02-09 |
| cnvd-2026-10356 | TOTOLINK X6000R命令注入漏洞(CNVD-2026-10356) | 2026-02-05 | 2026-02-05 |
| cnvd-2026-10871 | WordPress插件metasync存在未明漏洞 | 2026-02-04 | 2026-02-12 |
| cnvd-2026-10870 | WordPress插件Simple User Registration访问控制错误漏洞 | 2026-02-04 | 2026-02-12 |
| cnvd-2026-10893 | WordPress插件WP FullCalendar信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10892 | WordPress插件WP Directory Kit信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10891 | WordPress插件CubeWP – All-in-One Dynamic Content Framework信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10890 | WordPress插件Contact Form 7 GetResponse Extension信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10889 | WordPress插件Cargus信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10888 | WordPress插件Booking Ultra Pro信息泄露漏洞 | 2026-01-30 | 2026-02-14 |
| cnvd-2026-10855 | Rockwell Automation CompactLogix 5370拒绝服务漏洞 | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10854 | Rockwell Automation ArmorStart LT拒绝服务漏洞(CNVD-2026-10854) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10852 | Rockwell Automation ArmorStart LT拒绝服务漏洞(CNVD-2026-10852) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10851 | Rockwell Automation ArmorStart LT拒绝服务漏洞(CNVD-2026-10851) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10850 | Rockwell Automation ArmorStart LT拒绝服务漏洞(CNVD-2026-10850) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10849 | Rockwell Automation ArmorStart LT拒绝服务漏洞(CNVD-2026-10849) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10848 | Rockwell Automation ArmorStart LT拒绝服务漏洞 | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10666 | MedDream PACS Premium任意文件读取漏洞 | 2026-01-30 | 2026-02-11 |
| cnvd-2026-10665 | MedDream PACS Premium跨站脚本漏洞 | 2026-01-30 | 2026-02-11 |
| cnvd-2026-10664 | IBM Aspera Console日志信息泄露漏洞 | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10663 | IBM Concert代码问题漏洞 | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10662 | IBM Concert信息泄露漏洞(CNVD-2026-10662) | 2026-01-30 | 2026-02-10 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01844 | Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01843 | Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01842 | Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01841 | Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01840 | Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01839 | Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01838 | Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01837 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01836 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01835 | Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01834 | Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01833 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01832 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01831 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01830 | Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01829 | Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01827 | Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01826 | Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01825 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01824 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01823 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01822 | Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01821 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01820 | Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01819 | Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01818 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01817 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01816 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01815 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… | 16.02.2026 | 16.02.2026 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0203 | Vulnérabilité dans Microsoft Azure Linux | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0202 | Multiples vulnérabilités dans les produits SonicWall | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0201 | Multiples vulnérabilités dans Mattermost Server | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0200 | Vulnérabilité dans Centreon open tickets | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0199 | Multiples vulnérabilités dans les produits VMware | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0198 | Multiples vulnérabilités dans Google Chrome | 2026-02-24T00:00:00.000000 | 2026-02-24T00:00:00.000000 |
| certfr-2026-avi-0197 | Multiples vulnérabilités dans Microsoft Edge | 2026-02-23T00:00:00.000000 | 2026-02-23T00:00:00.000000 |
| certfr-2026-avi-0196 | Multiples vulnérabilités dans les produits IBM | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0195 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0194 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0193 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0192 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0191 | Vulnérabilité dans Traefik | 2026-02-20T00:00:00.000000 | 2026-02-20T00:00:00.000000 |
| certfr-2026-avi-0190 | Multiples vulnérabilités dans Microsoft Edge | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0189 | Vulnérabilité dans F5 BIG-IP | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0188 | Multiples vulnérabilités dans les produits Splunk | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0187 | Multiples vulnérabilités dans Tenable Security Center | 2026-02-19T00:00:00.000000 | 2026-02-23T00:00:00.000000 |
| certfr-2026-avi-0186 | Multiples vulnérabilités dans Google Chrome | 2026-02-19T00:00:00.000000 | 2026-02-19T00:00:00.000000 |
| certfr-2026-avi-0185 | Vulnérabilité dans Microsoft Windows | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0184 | Multiples vulnérabilités dans Microsoft Edge | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0183 | Vulnérabilité dans HPE Aruba Networking ClearPass Policy Manager | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0182 | Multiples vulnérabilités dans Atlassian Confluence | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0181 | Vulnérabilité dans Apache Tomcat | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0180 | Vulnérabilité dans NetApp StorageGRID | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0179 | Multiples vulnérabilités dans SPIP | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0178 | Multiples vulnérabilités dans Tenable Security Center | 2026-02-18T00:00:00.000000 | 2026-02-18T00:00:00.000000 |
| certfr-2026-avi-0177 | Multiples vulnérabilités dans Moodle | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| certfr-2026-avi-0176 | Vulnérabilité dans Mattermost Server | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| certfr-2026-avi-0175 | Multiples vulnérabilités dans les produits Mozilla | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| certfr-2026-avi-0174 | Multiples vulnérabilités dans LibreNMS | 2026-02-17T00:00:00.000000 | 2026-02-17T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-05-07T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-04T00:00:00.000000 | 2025-04-11T00:00:00.000000 |
| certfr-2024-ale-013 | Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) | 2025-03-31T00:00:00.000000 | 2024-10-25T00:00:00.000000 |
| certfr-2025-ale-001 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-01-09T00:00:00.000000 | 2025-04-01T00:00:00.000000 |
| certfr-2024-ale-015 | [MàJ] Multiples vulnérabilités sur l'interface d'administration des équipements Palo Alto Networks | 2024-11-15T00:00:00.000000 | 2024-11-18T00:00:00.000000 |
| certfr-2024-ale-014 | [MàJ] Multiples vulnérabilités dans Fortinet FortiManager | 2024-10-30T00:00:00.000000 | 2024-10-23T00:00:00.000000 |
| certfr-2024-ale-012 | [MàJ] Vulnérabilités affectant OpenPrinting CUPS | 2024-09-27T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-011 | Vulnérabilité dans SonicWall | 2024-09-10T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-010 | Multiples vulnérabilités dans Roundcube | 2024-08-09T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-009 | Vulnérabilité dans OpenSSH | 2024-07-01T00:00:00.000000 | 2024-07-03T00:00:00.000000 |
| certfr-2024-ale-008 | [MàJ] Vulnérabilité dans les produits Check Point | 2024-05-30T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-007 | Multiples vulnérabilités dans les produits Cisco | 2024-04-25T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-006 | [MàJ] Vulnérabilité dans Palo Alto Networks GlobalProtect | 2024-04-12T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-005 | [MàJ] Vulnérabilité dans Microsoft Outlook | 2024-02-15T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| certfr-2024-ale-004 | [MàJ] Vulnérabilité dans Fortinet FortiOS | 2024-02-09T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-003 | [MàJ] Incident affectant les solutions AnyDesk | 2024-02-05T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| certfr-2024-ale-002 | [MàJ] Multiples Vulnérabilités dans GitLab | 2024-01-12T00:00:00.000000 | 2024-02-22T00:00:00.000000 |
| certfr-2024-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Connect Secure et Policy Secure Gateways | 2024-01-11T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2026-261 | Segv on unknown address in ___interceptor_strtol | 2026-02-19T00:09:21.893775Z | 2026-02-19T00:09:21.894076Z |
| osv-2026-259 | Use-of-uninitialized-value in tsip_parse_input | 2026-02-18T00:14:29.378028Z | 2026-02-18T00:14:29.378341Z |
| osv-2026-255 | UNKNOWN WRITE in nmeaid_to_prn | 2026-02-17T00:17:19.574579Z | 2026-02-17T00:17:19.574905Z |
| osv-2026-244 | Use-of-uninitialized-value in ihevcd_fmt_conv | 2026-02-15T00:03:36.246033Z | 2026-02-15T00:03:36.246568Z |
| osv-2026-240 | Use-of-uninitialized-value in packet_get1 | 2026-02-14T00:09:50.559032Z | 2026-02-14T00:09:50.559326Z |
| osv-2026-229 | Segv on unknown address in aiAnimation::~aiAnimation | 2026-02-11T00:12:18.313233Z | 2026-02-11T00:12:18.313574Z |
| osv-2026-226 | UNKNOWN WRITE in decode_xa2_00 | 2026-02-11T00:10:08.757600Z | 2026-02-11T00:10:08.757920Z |
| osv-2026-216 | Heap-buffer-overflow in mg_mqtt_next_prop | 2026-02-10T00:08:51.349946Z | 2026-02-11T14:08:38.238200Z |
| osv-2026-212 | UNKNOWN READ in gpsd_poll | 2026-02-09T00:15:09.775765Z | 2026-02-09T00:15:09.776491Z |
| osv-2026-209 | Use-of-uninitialized-value in ntrip_parse_url | 2026-02-08T00:06:08.137216Z | 2026-02-08T00:06:08.137699Z |
| osv-2026-205 | UNKNOWN READ in gpsd_poll | 2026-02-07T00:03:03.099317Z | 2026-02-07T00:03:03.099778Z |
| osv-2026-204 | Segv on unknown address in icalarray_append | 2026-02-06T00:20:37.969087Z | 2026-02-06T00:20:37.969390Z |
| osv-2026-200 | Global-buffer-overflow in nameMatch | 2026-02-06T00:15:58.927791Z | 2026-02-06T00:15:58.928058Z |
| osv-2026-189 | Global-buffer-overflow in gpsd_poll | 2026-02-04T00:05:14.950372Z | 2026-02-04T00:05:14.950857Z |
| osv-2026-182 | Use-of-uninitialized-value in json_internal_read_object | 2026-02-03T00:11:05.023029Z | 2026-02-03T00:11:05.023344Z |
| osv-2026-177 | Security exception in org.apache.poi.util.IOUtils.safelyAllocate | 2026-02-02T00:20:01.368972Z | 2026-02-02T00:20:01.369362Z |
| osv-2026-167 | Use-of-uninitialized-value in aivdm_analyze | 2026-01-31T00:10:49.750917Z | 2026-01-31T00:10:49.751204Z |
| osv-2026-166 | Use-of-uninitialized-value in ntrip_parse_url | 2026-01-31T00:10:39.163525Z | 2026-01-31T00:10:39.163931Z |
| osv-2026-156 | Segv on unknown address in aivdm_analyze | 2026-01-28T00:06:24.327227Z | 2026-01-28T00:06:24.327712Z |
| osv-2026-144 | Use-of-uninitialized-value in initFilter | 2026-01-26T00:05:57.473672Z | 2026-01-26T00:05:57.473958Z |
| osv-2026-141 | Segv on unknown address in yuv2rgb4_X_c | 2026-01-26T00:03:47.552290Z | 2026-01-26T00:03:47.552807Z |
| osv-2026-136 | Memcpy-param-overlap in grk::memStreamRead | 2026-01-25T00:10:48.352834Z | 2026-01-25T00:10:48.353140Z |
| osv-2026-122 | Use-of-uninitialized-value in rtcm2_unpack | 2026-01-24T00:18:15.169881Z | 2026-01-24T00:18:15.170285Z |
| osv-2026-121 | Use-of-uninitialized-value in trySubset | 2026-01-24T00:15:22.824642Z | 2026-01-24T14:24:01.498986Z |
| osv-2026-119 | Segv on unknown address in gpsd_poll | 2026-01-23T00:09:08.434854Z | 2026-01-23T00:09:08.435286Z |
| osv-2026-112 | Use-of-uninitialized-value in PrintSERPacket | 2026-01-23T00:01:50.403598Z | 2026-01-23T00:01:50.404362Z |
| osv-2026-105 | Use-of-uninitialized-value in pcpp::SSLServerHelloMessage::ServerHelloTLSFingerprint::toString | 2026-01-22T00:08:03.696405Z | 2026-01-22T00:08:03.696709Z |
| osv-2026-97 | Heap-buffer-overflow in vpx_wb_write_literal | 2026-01-21T00:09:09.897624Z | 2026-01-28T14:23:52.198239Z |
| osv-2026-91 | Use-after-poison in compress.cc | 2026-01-20T00:09:07.159786Z | 2026-01-20T00:09:07.160128Z |
| osv-2026-87 | Security exception in org.apache.poi.util.IOUtils.safelyAllocate | 2026-01-18T00:18:36.932063Z | 2026-01-20T14:24:38.539978Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2026-0022 | Panic when dropping a `[Typed]Func::call_async` future | 2026-02-24T12:00:00Z | 2026-02-24T19:42:18Z |
| rustsec-2026-0021 | Panic adding excessive fields to a `wasi:http/types.fields` instance | 2026-02-24T12:00:00Z | 2026-02-24T19:42:18Z |
| rustsec-2026-0020 | Guest-controlled resource exhaustion in WASI implementations | 2026-02-24T12:00:00Z | 2026-02-24T19:42:18Z |
| rustsec-2026-0019 | `tracing-check` was removed from crates.io for malicious code | 2026-02-24T12:00:00Z | 2026-02-24T17:23:12Z |
| rustsec-2026-0018 | `rpc-check` was removed from crates.io for malicious code | 2026-02-24T12:00:00Z | 2026-02-24T16:32:13Z |
| rustsec-2026-0017 | `clob-sdk` was removed from crates.io for malicious code | 2026-02-20T12:00:00Z | 2026-02-21T01:48:10Z |
| rustsec-2026-0016 | `polymarkets-rs-clob-client` was removed from crates.io for malicious code | 2026-02-20T12:00:00Z | 2026-02-20T18:09:09Z |
| rustsec-2026-0015 | `polymarkets-client-sdk` was removed from crates.io for malicious code | 2026-02-19T12:00:00Z | 2026-02-19T22:41:14Z |
| rustsec-2026-0014 | `rpc-check` was removed from crates.io for malicious code | 2026-02-19T12:00:00Z | 2026-02-19T22:41:14Z |
| rustsec-2026-0013 | Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up | 2026-02-18T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2026-0011 | `polymarket-client-sdks` was removed from crates.io for malicious code | 2026-02-13T12:00:00Z | 2026-02-14T08:13:56Z |
| rustsec-2026-0012 | Unsoundness in opt-in ARMv8 assembly backend for `keccak` | 2026-02-12T12:00:00Z | 2026-02-20T04:00:15Z |
| rustsec-2026-0010 | `polymarket-clients-sdk` was removed from crates.io for malicious code | 2026-02-06T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2026-0009 | Denial of Service via Stack Exhaustion | 2026-02-05T12:00:00Z | 2026-02-06T09:12:16Z |
| rustsec-2026-0007 | Integer overflow in `BytesMut::reserve` | 2026-02-03T12:00:00Z | 2026-02-04T06:56:11Z |
| rustsec-2026-0008 | Potential undefined behavior when dereferencing Buf struct | 2026-02-02T12:00:00Z | 2026-02-05T06:08:13Z |
| rustsec-2026-0006 | Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64 | 2026-01-26T12:00:00Z | 2026-01-30T05:41:11Z |
| rustsec-2026-0005 | Potential use-after-free in `oneshot` when used asynchronously | 2026-01-25T12:00:00Z | 2026-01-27T05:50:51Z |
| rustsec-2026-0004 | Triton VM Soundness Vulnerability due to Improper Sampling of Randomness | 2026-01-21T12:00:00Z | 2026-01-23T05:50:29Z |
| rustsec-2026-0003 | Non-constant-time code generation on ARM32 targets | 2026-01-14T12:00:00Z | 2026-01-15T17:45:42Z |
| rustsec-2026-0002 | `IterMut` violates Stacked Borrows by invalidating internal pointer | 2026-01-07T12:00:00Z | 2026-01-08T05:46:06Z |
| rustsec-2026-0001 | Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM | 2026-01-05T12:00:00Z | 2026-01-06T15:33:19Z |
| rustsec-2025-0139 | theshit vulnerable to unsafe loading of user-owned Python rules when running as root | 2025-12-30T12:00:00Z | 2026-01-04T20:34:25Z |
| rustsec-2025-0140 | Non-utf8 String can be created with `TimeBuf::as_str` | 2025-12-29T12:00:00Z | 2026-02-04T06:56:11Z |
| rustsec-2025-0143 | Unsound APIs of public `constant::Reader` and `StructSchema` | 2025-12-24T12:00:00Z | 2026-01-29T05:56:50Z |
| rustsec-2025-0137 | Unsoundness of safe `reciprocal_mg10` | 2025-12-22T12:00:00Z | 2025-12-28T09:42:26Z |
| rustsec-2025-0141 | Bincode is unmaintained | 2025-12-16T12:00:00Z | 2026-01-16T11:04:42Z |
| rustsec-2025-0144 | Timing side-channel in ML-DSA decomposition | 2025-12-12T12:00:00Z | 2026-01-27T22:28:37Z |
| rustsec-2025-0152 | `finch_cli_rust` was removed from crates.io for malicious code | 2025-12-09T12:00:00Z | 2026-02-13T04:43:42Z |
| rustsec-2025-0151 | `sha-rst` was removed from crates.io for malicious code | 2025-12-09T12:00:00Z | 2026-02-13T04:43:42Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2026:3188 | Important: grafana security update | 2026-02-24T00:00:00Z | 2026-02-24T17:11:47Z |
| alsa-2026:3187 | Important: grafana-pcp security update | 2026-02-24T00:00:00Z | 2026-02-24T17:14:01Z |
| alsa-2026:3110 | Important: kernel-rt security update | 2026-02-23T00:00:00Z | 2026-02-24T13:03:08Z |
| alsa-2026:3083 | Important: kernel security update | 2026-02-23T00:00:00Z | 2026-02-24T12:59:25Z |
| alsa-2026:3042 | Moderate: openssl security update | 2026-02-23T00:00:00Z | 2026-02-23T09:07:14Z |
| alsa-2026:3032 | Important: munge security update | 2026-02-23T00:00:00Z | 2026-02-23T14:44:19Z |
| alsa-2026:2920 | Important: grafana security update | 2026-02-18T00:00:00Z | 2026-02-19T10:58:19Z |
| alsa-2026:2914 | Important: grafana security update | 2026-02-18T00:00:00Z | 2026-02-19T18:04:08Z |
| alsa-2026:2821 | Moderate: kernel-rt security update | 2026-02-17T00:00:00Z | 2026-02-18T13:25:58Z |
| alsa-2026:2799 | Moderate: php security update | 2026-02-17T00:00:00Z | 2026-02-18T13:30:42Z |
| alsa-2026:2786 | Moderate: glibc security update | 2026-02-17T00:00:00Z | 2026-02-18T13:44:36Z |
| alsa-2026:2781 | Important: nodejs:24 security update | 2026-02-17T00:00:00Z | 2026-02-18T13:51:36Z |
| alsa-2026:2776 | Moderate: edk2 security update | 2026-02-17T00:00:00Z | 2026-02-18T13:48:45Z |
| alsa-2026:2720 | Moderate: kernel security update | 2026-02-16T00:00:00Z | 2026-02-23T13:27:24Z |
| alsa-2026:2719 | Important: gnupg2 security update | 2026-02-16T00:00:00Z | 2026-02-18T13:46:37Z |
| alsa-2026:2709 | Important: golang security update | 2026-02-16T00:00:00Z | 2026-02-17T10:27:57Z |
| alsa-2026:2708 | Important: go-toolset:rhel8 security update | 2026-02-16T00:00:00Z | 2026-02-16T14:22:53Z |
| alsa-2026:2707 | Important: gimp security update | 2026-02-16T00:00:00Z | 2026-02-17T10:29:58Z |
| alsa-2026:2706 | Important: golang security update | 2026-02-16T00:00:00Z | 2026-02-18T13:54:31Z |
| alsa-2026:2627 | Moderate: gcc-toolset-14-binutils security update | 2026-02-12T00:00:00Z | 2026-02-13T08:03:55Z |
| alsa-2026:2470 | Moderate: php:7.4 security update | 2026-02-10T00:00:00Z | 2026-02-12T10:10:23Z |
| alsa-2026:2452 | Important: pcs security update | 2026-02-10T00:00:00Z | 2026-02-12T10:12:36Z |
| alsa-2026:2438 | Important: pcs security update | 2026-02-10T00:00:00Z | 2026-02-12T10:14:13Z |
| alsa-2026:2422 | Important: nodejs:20 security update | 2026-02-10T00:00:00Z | 2026-02-12T10:15:50Z |
| alsa-2026:2421 | Important: nodejs:22 security update | 2026-02-10T00:00:00Z | 2026-02-13T10:53:31Z |
| alsa-2026:2420 | Important: nodejs:24 security update | 2026-02-10T00:00:00Z | 2026-02-12T10:19:24Z |
| alsa-2026:2419 | Moderate: python3.12 security update | 2026-02-10T00:00:00Z | 2026-02-11T15:30:15Z |
| alsa-2026:2410 | Important: libsoup3 security update | 2026-02-10T00:00:00Z | 2026-02-11T15:26:55Z |
| alsa-2026:2389 | Important: brotli security update | 2026-02-10T00:00:00Z | 2026-02-11T11:06:48Z |
| alsa-2026:2378 | Moderate: kernel-rt security update | 2026-02-10T00:00:00Z | 2026-02-10T09:34:16Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osec-2026-02 | ARP unbounded memory usage | 2026-02-18T10:30:00Z | 2026-02-18T10:30:00Z |
| osec-2026-01 | Buffer Over-Read in OCaml Marshal Deserialization | 2026-02-17T13:30:00Z | 2026-02-17T15:00:00Z |
| osec-2025-01 | Albatross console out of memory | 2025-08-15T00:18:22Z | 2026-01-13T12:00:00Z |
| osec-2023-01 | Time of check time of use issue in opam's cache | 2023-05-25T12:00:00Z | 2026-01-09T12:00:00Z |
| osec-2022-01 | Infinite loop in console output on xen | 2022-12-07T00:00:00Z | 2026-02-18T09:30:00Z |
| osec-2019-02 | Grant unshare vulnerability in mirage-xen | 2019-04-26T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2019-01 | Memory disclosure in mirage-net-xen | 2019-03-21T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2018-01 | An integer overflow in the `bigarray` serialization module leads to arbitrary code execution | 2018-04-06T18:29:00Z | 2025-12-16T12:00:00Z |
| osec-2017-01 | Local privilege escalation issue with ocaml binaries | 2017-06-23T15:19:47Z | 2025-12-16T12:00:00Z |
| osec-2016-02 | Memory disclosure in mirage-net-xen | 2016-05-03T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2016-01 | Buffer overflow and information leak in OCaml < 4.03.0 | 2016-04-29T00:18:22Z | 2026-01-01T12:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| hsec-2024-0004 | Hackage package and doc upload stored XSS vulnerability | 2026-01-16T11:18:20Z | 2026-01-16T11:18:20Z |
| hsec-2025-0007 | cmark-gfm: resource exhaustion due to quadratic complexity in parser | 2025-12-27T08:58:56Z | 2025-12-27T08:58:56Z |
| hsec-2025-0006 | Private key leak via inherited file descriptor | 2025-11-17T02:22:38Z | 2025-11-17T02:22:38Z |
| hsec-2025-0005 | cabal-install dependency confusion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0004 | Broken Path Sanitization in spacecookie Library | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0003 | Use after free in multithreaded lzma (.xz) decoder | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0002 | Double Public Key Signing Function Oracle Attack on Ed25519 | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0001 | Subword division operations may produce incorrect results | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0009 | Public key confusion in third-party blocks | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0008 | Sign extension error in the PPC64le FFI | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0007 | Sign extension error in the AArch64 NCG | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0006 | fromIntegral: conversion error | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0003 | process: command injection via argument list on Windows | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0002 | out-of-bounds write when there are many bzip2 selectors | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0001 | Reflected XSS vulnerability in keter | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0015 | cabal-install uses expired key policies | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0014 | Arbitrary file write is possible when using PDF output or --extract-media with untrusted input | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0013 | git-annex plaintext storage of embedded credentials on encrypted remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0012 | git-annex checksum exposure to encrypted special remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0011 | git-annex GPG decryption attack via compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0010 | git-annex private data exfiltration to compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0009 | git-annex command injection via malicious SSH hostname | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0008 | Stored XSS in hledger-web | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0007 | readFloat: memory exhaustion with large exponent | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0006 | x509-validation does not enforce pathLenConstraint | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0005 | tls-extra: certificate validation does not check Basic Constraints | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0004 | xml-conduit unbounded entity expansion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0003 | code injection in xmonad-contrib | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0002 | Improper Verification of Cryptographic Signature | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0001 | Hash flooding vulnerability in aeson | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |