Recent vulnerabilities
Recent vulnerabilities from
Select from 69 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-6129 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
zhayujie chatgpt-on-wechat CowAgent Agent Mode Service… |
zhayujie |
chatgpt-on-wechat CowAgent |
2026-04-12T19:45:12.190Z | 2026-04-12T19:45:12.190Z |
| CVE-2026-40396 |
4 (3.1)
|
Varnish Cache 9 before 9.0.1 allows a "workspace … |
varnish-software |
Varnish Cache |
2026-04-12T19:23:03.408Z | 2026-04-12T19:34:04.613Z |
| CVE-2026-40395 |
4 (3.1)
|
Varnish Enterprise before 6.0.16r12 allows a "wor… |
varnish-software |
Varnish Enterprise |
2026-04-12T19:21:09.265Z | 2026-04-12T19:33:44.790Z |
| CVE-2026-40394 |
4 (3.1)
|
Varnish Cache 9 before 9.0.1 and Varnish Enterpri… |
varnish-software |
Varnish Cache |
2026-04-12T19:17:34.334Z | 2026-04-12T19:32:07.658Z |
| CVE-2026-40393 |
8.1 (3.1)
|
In Mesa before 25.3.6 and 26 before 26.0.1, out-o… |
mesa3d |
Mesa |
2026-04-12T18:49:18.984Z | 2026-04-12T18:56:36.231Z |
| CVE-2026-40386 |
4 (3.1)
|
In libexif through 0.6.25, an integer underflow i… |
libexif project |
libexif |
2026-04-12T18:19:08.684Z | 2026-04-12T18:55:21.234Z |
| CVE-2026-40385 |
4 (3.1)
|
In libexif through 0.6.25, an unsigned 32bit inte… |
libexif project |
libexif |
2026-04-12T18:16:30.420Z | 2026-04-12T18:53:59.608Z |
| CVE-2019-25713 |
7.1 (4.0)
7.1 (3.1)
|
MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter |
MyT |
Project Management |
2026-04-12T12:28:57.031Z | 2026-04-12T12:28:57.031Z |
| CVE-2019-25712 |
6.9 (4.0)
6.2 (3.1)
|
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service … |
NSauditor |
BlueAuditor |
2026-04-12T12:28:56.276Z | 2026-04-12T12:28:56.276Z |
| CVE-2019-25711 |
6.9 (4.0)
6.2 (3.1)
|
SpotFTP Password Recover 2.4.2 Denial of Service via N… |
NSauditor |
SpotFTP Password Recover |
2026-04-12T12:28:55.601Z | 2026-04-12T12:28:55.601Z |
| CVE-2019-25710 |
8.8 (4.0)
8.2 (3.1)
|
Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter |
Dolibarr |
Dolibarr ERP-CRM |
2026-04-12T12:28:54.936Z | 2026-04-12T12:28:54.936Z |
| CVE-2019-25709 |
9.3 (4.0)
9.8 (3.1)
|
CF Image Hosting Script 1.6.5 Unauthorized Database Access |
Davidtavarez |
CF Image Hosting Script |
2026-04-12T12:28:54.207Z | 2026-04-12T12:28:54.207Z |
| CVE-2019-25708 |
5.3 (4.0)
4.3 (3.1)
|
Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery |
Heatmiser |
Heatmiser Wifi Thermostat |
2026-04-12T12:28:53.542Z | 2026-04-12T12:28:53.542Z |
| CVE-2019-25707 |
7.1 (4.0)
7.1 (3.1)
|
eBrigade ERP 4.5 SQL Injection via pdf.php |
Ebrigade |
eBrigade ERP |
2026-04-12T12:28:52.833Z | 2026-04-12T12:28:52.833Z |
| CVE-2019-25706 |
8.7 (4.0)
7.5 (3.1)
|
Across DR-810 ROM-0 Unauthenticated File Disclosure |
Across |
DR-810 |
2026-04-12T12:28:52.102Z | 2026-04-12T12:28:52.102Z |
| CVE-2019-25705 |
8.6 (4.0)
8.4 (3.1)
|
Echo Mirage 3.1 Stack Buffer Overflow via Rules Action Field |
Sourceforge |
Echo Mirage |
2026-04-12T12:28:51.242Z | 2026-04-12T12:28:51.242Z |
| CVE-2019-25703 |
7.1 (4.0)
7.1 (3.1)
|
ImpressCMS 1.3.11 SQL Injection via bid Parameter |
Impresscms |
ImpressCMS |
2026-04-12T12:28:50.523Z | 2026-04-12T12:28:50.523Z |
| CVE-2019-25701 |
8.6 (4.0)
8.4 (3.1)
|
Easy Video to iPod Converter 1.6.20 Local Buffer Overf… |
Divxtodvd |
Easy Video to iPod Converter |
2026-04-12T12:28:49.786Z | 2026-04-12T12:28:49.786Z |
| CVE-2019-25699 |
7.1 (4.0)
7.1 (3.1)
|
Newsbull Haber Script 1.0.0 Authenticated SQL Injectio… |
Newsbull |
Newsbull Haber Script |
2026-04-12T12:28:49.056Z | 2026-04-12T12:28:49.056Z |
| CVE-2019-25697 |
8.8 (4.0)
8.2 (3.1)
|
CMSsite 1.0 SQL Injection via category.php |
VictorAlagwu |
CMSsite |
2026-04-12T12:28:48.309Z | 2026-04-12T12:28:48.309Z |
| CVE-2019-25695 |
8.6 (4.0)
8.4 (3.1)
|
R 3.4.4 Local Buffer Overflow Windows XP SP3 |
r-project |
R |
2026-04-12T12:28:47.555Z | 2026-04-12T12:28:47.555Z |
| CVE-2019-25693 |
7.1 (4.0)
7.1 (3.1)
|
ResourceSpace 8.6 SQL Injection via collection_edit.php |
Resourcespace |
ResourceSpace |
2026-04-12T12:28:46.757Z | 2026-04-12T12:28:46.757Z |
| CVE-2019-25691 |
8.6 (4.0)
8.4 (3.1)
|
Faleemi Desktop Software 1.8 Local Buffer Overflow SEH… |
Faleemi |
Faleemi Desktop Software |
2026-04-12T12:28:45.957Z | 2026-04-12T12:28:45.957Z |
| CVE-2019-25689 |
8.6 (4.0)
8.4 (3.1)
|
HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH |
Html5Videoplayer |
HTML5 Video Player |
2026-04-12T12:28:45.236Z | 2026-04-12T12:28:45.236Z |
| CVE-2018-25258 |
8.6 (4.0)
8.4 (3.1)
|
RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass |
R-Project |
RGui |
2026-04-12T12:28:44.496Z | 2026-04-12T12:28:44.496Z |
| CVE-2018-25257 |
7.1 (4.0)
7.1 (3.1)
|
Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile |
adianti |
Adianti Framework |
2026-04-12T12:28:43.786Z | 2026-04-12T12:28:43.786Z |
| CVE-2017-20239 |
5.1 (4.0)
6.1 (3.1)
|
MDwiki Cross-Site Scripting via Location Hash Parameter |
Dynalon |
MDwiki |
2026-04-12T12:28:42.926Z | 2026-04-12T12:28:42.926Z |
| CVE-2026-6126 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
zhayujie chatgpt-on-wechat CowAgent Administrative HTT… |
zhayujie |
chatgpt-on-wechat CowAgent |
2026-04-12T10:30:12.107Z | 2026-04-12T10:30:12.107Z |
| CVE-2026-6125 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
Dromara warm-flow Workflow Definition save-json SpelHe… |
Dromara |
warm-flow |
2026-04-12T09:30:22.132Z | 2026-04-12T09:30:22.132Z |
| CVE-2026-6124 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda F451 httpd SafeMacFilter fromSafeMacFilter stack… |
Tenda |
F451 |
2026-04-12T09:00:18.190Z | 2026-04-12T09:00:18.190Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-6129 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
zhayujie chatgpt-on-wechat CowAgent Agent Mode Service… |
zhayujie |
chatgpt-on-wechat CowAgent |
2026-04-12T19:45:12.190Z | 2026-04-12T19:45:12.190Z |
| CVE-2026-40396 |
4 (3.1)
|
Varnish Cache 9 before 9.0.1 allows a "workspace … |
varnish-software |
Varnish Cache |
2026-04-12T19:23:03.408Z | 2026-04-12T19:34:04.613Z |
| CVE-2026-40395 |
4 (3.1)
|
Varnish Enterprise before 6.0.16r12 allows a "wor… |
varnish-software |
Varnish Enterprise |
2026-04-12T19:21:09.265Z | 2026-04-12T19:33:44.790Z |
| CVE-2026-40394 |
4 (3.1)
|
Varnish Cache 9 before 9.0.1 and Varnish Enterpri… |
varnish-software |
Varnish Cache |
2026-04-12T19:17:34.334Z | 2026-04-12T19:32:07.658Z |
| CVE-2026-40393 |
8.1 (3.1)
|
In Mesa before 25.3.6 and 26 before 26.0.1, out-o… |
mesa3d |
Mesa |
2026-04-12T18:49:18.984Z | 2026-04-12T18:56:36.231Z |
| CVE-2026-40386 |
4 (3.1)
|
In libexif through 0.6.25, an integer underflow i… |
libexif project |
libexif |
2026-04-12T18:19:08.684Z | 2026-04-12T18:55:21.234Z |
| CVE-2026-40385 |
4 (3.1)
|
In libexif through 0.6.25, an unsigned 32bit inte… |
libexif project |
libexif |
2026-04-12T18:16:30.420Z | 2026-04-12T18:53:59.608Z |
| CVE-2019-25713 |
7.1 (4.0)
7.1 (3.1)
|
MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter |
MyT |
Project Management |
2026-04-12T12:28:57.031Z | 2026-04-12T12:28:57.031Z |
| CVE-2019-25712 |
6.9 (4.0)
6.2 (3.1)
|
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service … |
NSauditor |
BlueAuditor |
2026-04-12T12:28:56.276Z | 2026-04-12T12:28:56.276Z |
| CVE-2019-25711 |
6.9 (4.0)
6.2 (3.1)
|
SpotFTP Password Recover 2.4.2 Denial of Service via N… |
NSauditor |
SpotFTP Password Recover |
2026-04-12T12:28:55.601Z | 2026-04-12T12:28:55.601Z |
| CVE-2019-25710 |
8.8 (4.0)
8.2 (3.1)
|
Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter |
Dolibarr |
Dolibarr ERP-CRM |
2026-04-12T12:28:54.936Z | 2026-04-12T12:28:54.936Z |
| CVE-2019-25709 |
9.3 (4.0)
9.8 (3.1)
|
CF Image Hosting Script 1.6.5 Unauthorized Database Access |
Davidtavarez |
CF Image Hosting Script |
2026-04-12T12:28:54.207Z | 2026-04-12T12:28:54.207Z |
| CVE-2019-25708 |
5.3 (4.0)
4.3 (3.1)
|
Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery |
Heatmiser |
Heatmiser Wifi Thermostat |
2026-04-12T12:28:53.542Z | 2026-04-12T12:28:53.542Z |
| CVE-2019-25707 |
7.1 (4.0)
7.1 (3.1)
|
eBrigade ERP 4.5 SQL Injection via pdf.php |
Ebrigade |
eBrigade ERP |
2026-04-12T12:28:52.833Z | 2026-04-12T12:28:52.833Z |
| CVE-2019-25706 |
8.7 (4.0)
7.5 (3.1)
|
Across DR-810 ROM-0 Unauthenticated File Disclosure |
Across |
DR-810 |
2026-04-12T12:28:52.102Z | 2026-04-12T12:28:52.102Z |
| CVE-2019-25705 |
8.6 (4.0)
8.4 (3.1)
|
Echo Mirage 3.1 Stack Buffer Overflow via Rules Action Field |
Sourceforge |
Echo Mirage |
2026-04-12T12:28:51.242Z | 2026-04-12T12:28:51.242Z |
| CVE-2019-25703 |
7.1 (4.0)
7.1 (3.1)
|
ImpressCMS 1.3.11 SQL Injection via bid Parameter |
Impresscms |
ImpressCMS |
2026-04-12T12:28:50.523Z | 2026-04-12T12:28:50.523Z |
| CVE-2019-25701 |
8.6 (4.0)
8.4 (3.1)
|
Easy Video to iPod Converter 1.6.20 Local Buffer Overf… |
Divxtodvd |
Easy Video to iPod Converter |
2026-04-12T12:28:49.786Z | 2026-04-12T12:28:49.786Z |
| CVE-2019-25699 |
7.1 (4.0)
7.1 (3.1)
|
Newsbull Haber Script 1.0.0 Authenticated SQL Injectio… |
Newsbull |
Newsbull Haber Script |
2026-04-12T12:28:49.056Z | 2026-04-12T12:28:49.056Z |
| CVE-2019-25697 |
8.8 (4.0)
8.2 (3.1)
|
CMSsite 1.0 SQL Injection via category.php |
VictorAlagwu |
CMSsite |
2026-04-12T12:28:48.309Z | 2026-04-12T12:28:48.309Z |
| CVE-2019-25695 |
8.6 (4.0)
8.4 (3.1)
|
R 3.4.4 Local Buffer Overflow Windows XP SP3 |
r-project |
R |
2026-04-12T12:28:47.555Z | 2026-04-12T12:28:47.555Z |
| CVE-2019-25693 |
7.1 (4.0)
7.1 (3.1)
|
ResourceSpace 8.6 SQL Injection via collection_edit.php |
Resourcespace |
ResourceSpace |
2026-04-12T12:28:46.757Z | 2026-04-12T12:28:46.757Z |
| CVE-2019-25691 |
8.6 (4.0)
8.4 (3.1)
|
Faleemi Desktop Software 1.8 Local Buffer Overflow SEH… |
Faleemi |
Faleemi Desktop Software |
2026-04-12T12:28:45.957Z | 2026-04-12T12:28:45.957Z |
| CVE-2019-25689 |
8.6 (4.0)
8.4 (3.1)
|
HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH |
Html5Videoplayer |
HTML5 Video Player |
2026-04-12T12:28:45.236Z | 2026-04-12T12:28:45.236Z |
| CVE-2018-25258 |
8.6 (4.0)
8.4 (3.1)
|
RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass |
R-Project |
RGui |
2026-04-12T12:28:44.496Z | 2026-04-12T12:28:44.496Z |
| CVE-2018-25257 |
7.1 (4.0)
7.1 (3.1)
|
Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile |
adianti |
Adianti Framework |
2026-04-12T12:28:43.786Z | 2026-04-12T12:28:43.786Z |
| CVE-2017-20239 |
5.1 (4.0)
6.1 (3.1)
|
MDwiki Cross-Site Scripting via Location Hash Parameter |
Dynalon |
MDwiki |
2026-04-12T12:28:42.926Z | 2026-04-12T12:28:42.926Z |
| CVE-2026-6126 |
6.9 (4.0)
7.3 (3.1)
7.3 (3.0)
|
zhayujie chatgpt-on-wechat CowAgent Administrative HTT… |
zhayujie |
chatgpt-on-wechat CowAgent |
2026-04-12T10:30:12.107Z | 2026-04-12T10:30:12.107Z |
| CVE-2026-6125 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
Dromara warm-flow Workflow Definition save-json SpelHe… |
Dromara |
warm-flow |
2026-04-12T09:30:22.132Z | 2026-04-12T09:30:22.132Z |
| CVE-2026-6124 |
8.7 (4.0)
8.8 (3.1)
8.8 (3.0)
|
Tenda F451 httpd SafeMacFilter fromSafeMacFilter stack… |
Tenda |
F451 |
2026-04-12T09:00:18.190Z | 2026-04-12T09:00:18.190Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2026-1657 | The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions… | 2026-02-17T06:16:18.173 | 2026-02-18T17:52:22.253 |
| fkie_cve-2026-2592 | The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control … | 2026-02-17T05:16:17.430 | 2026-02-18T17:52:22.253 |
| fkie_cve-2026-2002 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vul… | 2026-02-17T05:16:17.080 | 2026-02-18T17:52:22.253 |
| fkie_cve-2026-26220 | LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in … | 2026-02-17T03:16:01.893 | 2026-02-18T17:52:22.253 |
| fkie_cve-2025-12062 | The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for… | 2026-02-17T00:16:17.080 | 2026-02-18T17:52:22.253 |
| fkie_cve-2026-2439 | Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The ge… | 2026-02-16T22:22:41.470 | 2026-03-10T18:12:46.927 |
| fkie_cve-2025-15578 | Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id i… | 2026-02-16T22:22:40.557 | 2026-03-10T15:07:31.793 |
| fkie_cve-2026-2474 | Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in t… | 2026-02-16T21:22:18.107 | 2026-03-04T02:27:15.217 |
| fkie_cve-2026-2001 | The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a miss… | 2026-02-16T20:19:36.190 | 2026-02-18T17:52:22.253 |
| fkie_cve-2026-2567 | A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the functio… | 2026-02-16T18:19:45.217 | 2026-02-18T19:41:03.690 |
| fkie_cve-2026-2566 | A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the fu… | 2026-02-16T18:19:45.017 | 2026-02-18T17:52:22.253 |
| fkie_cve-2019-25395 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulne… | 2026-02-16T18:19:44.480 | 2026-02-20T16:31:49.890 |
| fkie_cve-2019-25394 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulne… | 2026-02-16T18:19:44.313 | 2026-02-20T16:31:34.660 |
| fkie_cve-2019-25393 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabi… | 2026-02-16T18:19:44.147 | 2026-02-20T16:31:23.993 |
| fkie_cve-2019-25392 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabi… | 2026-02-16T18:19:43.980 | 2026-02-20T16:31:18.553 |
| fkie_cve-2019-25390 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vu… | 2026-02-16T18:19:43.810 | 2026-02-20T16:31:10.263 |
| fkie_cve-2019-25389 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabi… | 2026-02-16T18:19:43.643 | 2026-02-20T16:30:56.780 |
| fkie_cve-2019-25388 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabi… | 2026-02-16T18:19:43.473 | 2026-02-20T16:27:01.120 |
| fkie_cve-2019-25387 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabi… | 2026-02-16T18:19:43.303 | 2026-02-20T16:26:53.380 |
| fkie_cve-2019-25386 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vu… | 2026-02-16T18:19:43.133 | 2026-02-20T16:26:47.313 |
| fkie_cve-2019-25385 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabi… | 2026-02-16T18:19:42.967 | 2026-02-20T16:26:41.493 |
| fkie_cve-2019-25384 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vu… | 2026-02-16T18:19:42.803 | 2026-02-20T16:26:36.247 |
| fkie_cve-2019-25383 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vu… | 2026-02-16T18:19:42.640 | 2026-02-20T16:26:19.230 |
| fkie_cve-2019-25382 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabi… | 2026-02-16T18:19:42.480 | 2026-02-20T19:12:29.937 |
| fkie_cve-2019-25381 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vu… | 2026-02-16T18:19:42.317 | 2026-02-20T16:26:07.903 |
| fkie_cve-2019-25380 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vu… | 2026-02-16T18:19:42.153 | 2026-02-20T16:25:48.847 |
| fkie_cve-2019-25379 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting … | 2026-02-16T18:19:41.987 | 2026-02-20T16:30:43.613 |
| fkie_cve-2019-25378 | Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilit… | 2026-02-16T18:19:41.430 | 2026-02-20T21:23:50.410 |
| fkie_cve-2026-2565 | A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the functi… | 2026-02-16T17:18:09.360 | 2026-02-18T19:42:27.167 |
| fkie_cve-2026-2564 | A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this … | 2026-02-16T17:18:09.150 | 2026-02-18T17:52:22.253 |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-8r42-22r7-vfg2 |
7.3 (3.1)
5.5 (4.0)
|
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an un… | 2026-04-12T21:30:19Z | 2026-04-12T21:30:19Z |
| ghsa-5pmq-jgg5-3j6q |
4.0 (3.1)
|
Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after t… | 2026-04-12T21:30:19Z | 2026-04-12T21:30:19Z |
| ghsa-59jh-85v4-gxrf |
4.0 (3.1)
|
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) … | 2026-04-12T21:30:19Z | 2026-04-12T21:30:19Z |
| ghsa-26pg-g54q-jv62 |
4.0 (3.1)
|
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" … | 2026-04-12T21:30:19Z | 2026-04-12T21:30:19Z |
| ghsa-w54f-pw7x-c532 |
8.1 (3.1)
|
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because… | 2026-04-12T21:30:18Z | 2026-04-12T21:30:19Z |
| ghsa-p6wp-hhx9-7jj5 |
4.0 (3.1)
|
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote dec… | 2026-04-12T21:30:18Z | 2026-04-12T21:30:18Z |
| ghsa-j9xr-5c85-xjhm |
4.0 (3.1)
|
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be … | 2026-04-12T21:30:18Z | 2026-04-12T21:30:18Z |
| ghsa-xxxg-x793-7fq3 |
8.2 (3.1)
8.8 (4.0)
|
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin … | 2026-04-12T15:30:27Z | 2026-04-12T15:30:27Z |
| ghsa-x275-mqpf-qfrc |
6.2 (3.1)
6.9 (4.0)
|
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that all… | 2026-04-12T15:30:27Z | 2026-04-12T15:30:27Z |
| ghsa-m5v5-2jv8-fp63 |
7.1 (3.1)
7.1 (4.0)
|
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute… | 2026-04-12T15:30:27Z | 2026-04-12T15:30:27Z |
| ghsa-g3cq-f9xx-gc5g |
9.8 (3.1)
9.3 (4.0)
|
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the applicati… | 2026-04-12T15:30:27Z | 2026-04-12T15:30:27Z |
| ghsa-7wj7-w87x-q3q3 |
6.2 (3.1)
6.9 (4.0)
|
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attacke… | 2026-04-12T15:30:27Z | 2026-04-12T15:30:27Z |
| ghsa-3g23-vj39-72pv |
4.3 (3.1)
5.3 (4.0)
|
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attac… | 2026-04-12T15:30:27Z | 2026-04-12T15:30:27Z |
| ghsa-vxf2-8cq4-x49q |
7.5 (3.1)
8.7 (4.0)
|
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attacker… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-vv3p-2379-7jx3 |
8.4 (3.1)
8.6 (4.0)
|
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-vm4j-2vcw-g6gc |
8.2 (3.1)
8.8 (4.0)
|
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-p592-jgc7-p79g |
8.4 (3.1)
8.6 (4.0)
|
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user regi… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-j4f8-4p6w-v5h6 |
8.4 (3.1)
8.6 (4.0)
|
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary c… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-84gx-938q-j68m |
7.1 (3.1)
7.1 (4.0)
|
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-5r24-mpgf-qr5g |
7.1 (3.1)
7.1 (4.0)
|
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to exe… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-27c4-766g-945p |
7.1 (3.1)
7.1 (4.0)
|
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated… | 2026-04-12T15:30:26Z | 2026-04-12T15:30:26Z |
| ghsa-w77h-76xc-792q |
8.4 (3.1)
8.6 (4.0)
|
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dia… | 2026-04-12T15:30:25Z | 2026-04-12T15:30:25Z |
| ghsa-p8hm-rwgf-6c7f |
8.4 (3.1)
8.6 (4.0)
|
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows… | 2026-04-12T15:30:25Z | 2026-04-12T15:30:25Z |
| ghsa-p77x-289r-9c4x |
7.1 (3.1)
7.1 (4.0)
|
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to ex… | 2026-04-12T15:30:25Z | 2026-04-12T15:30:25Z |
| ghsa-gp82-mmj7-m5w2 |
6.1 (3.1)
5.1 (4.0)
|
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitr… | 2026-04-12T15:30:25Z | 2026-04-12T15:30:25Z |
| ghsa-9f59-h5gf-pg3f |
7.1 (3.1)
7.1 (4.0)
|
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated… | 2026-04-12T15:30:25Z | 2026-04-12T15:30:25Z |
| ghsa-3x22-75pm-vfvc |
8.4 (3.1)
8.6 (4.0)
|
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to ex… | 2026-04-12T15:30:25Z | 2026-04-12T15:30:25Z |
| ghsa-8hj3-w5vf-j956 |
7.3 (3.1)
5.5 (4.0)
|
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element i… | 2026-04-12T12:30:26Z | 2026-04-12T12:30:26Z |
| ghsa-822v-8w6h-5jxp |
6.3 (3.1)
2.1 (4.0)
|
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function Spel… | 2026-04-12T12:30:26Z | 2026-04-12T12:30:26Z |
| ghsa-p23c-4mww-46qm |
8.8 (3.1)
7.4 (4.0)
|
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the fi… | 2026-04-12T09:31:38Z | 2026-04-12T09:31:38Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-3 |
|
After an API token exposure from an exploited Trivy dependency, two new releases of `teln… | telnyx | 2026-03-27T14:53:14Z | |
| pysec-2026-2 |
|
After an API Token exposure from an exploited Trivy dependency, two new releases of `lite… | litellm | 2026-03-24T15:35:32Z | |
| pysec-2026-1 |
|
A PyPI user account compromised by an attacker and was able to upload a malicious version… | dydx-v4-client | 2026-01-28T21:09:02+00:00 | |
| pysec-2025-71 |
|
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… | cadwyn | 2025-07-21T21:15:25+00:00 | 2025-07-23T15:24:03.825615+00:00 |
| pysec-2025-69 |
|
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… | roundup | 2025-07-13T20:15:25+00:00 | 2025-07-13T21:23:01.161315+00:00 |
| pysec-2025-65 |
|
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… | llama-index | 2025-07-07T13:15:28+00:00 | 2025-07-07T15:23:42.730681+00:00 |
| pysec-2025-61 |
|
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … | pillow | 2025-07-01T19:15:27Z | 2025-07-07T14:12:46.226030Z |
| pysec-2025-51 |
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) v… | apache-airflow-providers-snowflake | 2025-06-24T08:15:24+00:00 | 2025-06-26T21:23:03.132527+00:00 |
| pysec-2025-70 |
10.0 (3.1)
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… | langchain-community | 2025-06-23T21:15:25+00:00 | 2025-07-16T21:23:40.211079+00:00 |
| pysec-2025-52 |
|
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | mlflow | 2025-06-23T15:15:29Z | 2025-12-05T13:25:55.146081Z |
| pysec-2025-68 |
8.0 (3.1)
|
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.449399+00:00 |
| pysec-2025-67 |
9.8 (3.1)
|
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.385619+00:00 |
| pysec-2025-64 |
9.8 (3.1)
|
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… | python-a2a | 2025-06-17T07:15:18+00:00 | 2025-07-02T21:23:13.806273+00:00 |
| pysec-2025-47 |
|
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2… | django | 2025-06-05T03:15:25+00:00 | 2025-06-05T05:23:28.296596+00:00 |
| pysec-2025-44 |
|
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in mod… | django-helpdesk | 2025-05-31T01:15:19+00:00 | 2025-05-31T03:09:35.357757+00:00 |
| pysec-2025-55 |
|
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 u… | vllm | 2025-05-30T19:15:30+00:00 | 2025-06-26T21:23:06.407481+00:00 |
| pysec-2025-54 |
|
vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8… | vllm | 2025-05-30T19:15:30+00:00 | 2025-06-26T21:23:06.319321+00:00 |
| pysec-2025-50 |
|
vLLM, an inference and serving engine for large language models (LLMs), has a Regular Exp… | vllm | 2025-05-30T18:15:32+00:00 | 2025-06-19T03:02:28.572160+00:00 |
| pysec-2025-53 |
|
vLLM is an inference and serving engine for large language models (LLMs). Prior to versio… | vllm | 2025-05-29T17:15:21+00:00 | 2025-06-26T21:23:06.231251+00:00 |
| pysec-2025-43 |
|
vLLM is an inference and serving engine for large language models (LLMs). In versions sta… | vllm | 2025-05-29T17:15:21+00:00 | 2025-05-29T19:21:01.611587+00:00 |
| pysec-2025-46 |
5.5 (3.1)
|
A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as cri… | pypickle | 2025-05-26T08:15:19+00:00 | 2025-06-03T17:36:58.579358+00:00 |
| pysec-2025-45 |
7.8 (3.1)
|
A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic.… | pypickle | 2025-05-26T07:15:26+00:00 | 2025-06-03T17:36:58.528116+00:00 |
| pysec-2025-40 |
7.5 (3.1)
|
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils`… | transformers | 2025-05-19T12:15:19+00:00 | 2025-05-21T19:22:10.801823+00:00 |
| pysec-2025-49 |
8.8 (3.1)
|
setuptools is a package that allows users to download, build, install, upgrade, and unins… | setuptools | 2025-05-17T16:15:19+00:00 | 2025-06-12T22:23:11.115559+00:00 |
| pysec-2025-39 |
|
motionEye is an online interface for the software motion, a video surveillance program wi… | motioneye | 2025-05-14T16:15:29+00:00 | 2025-05-14T17:22:51.050788+00:00 |
| pysec-2025-60 |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… | apache-iotdb | 2025-05-14T11:16:28+00:00 | 2025-07-01T21:22:47.232036+00:00 |
| pysec-2025-59 |
|
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… | apache-iotdb | 2025-05-14T11:15:47+00:00 | 2025-07-01T21:22:47.177405+00:00 |
| pysec-2025-38 |
|
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during im… | ironic | 2025-05-08T17:16:01Z | 2025-05-13T04:24:03.083929Z |
| pysec-2025-37 |
|
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2… | django | 2025-05-08T04:17:18+00:00 | 2025-05-08T05:23:16.210893+00:00 |
| pysec-2025-42 |
9.8 (3.1)
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Ver… | vllm | 2025-04-30T01:15:51+00:00 | 2025-05-28T21:23:12.396609+00:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-2567 | Malicious code in pt-sc-demo-app (npm) | 2026-04-12T21:41:40Z | 2026-04-12T21:41:40Z |
| mal-2026-2569 | Malicious code in bloxy-api (PyPI) | 2026-04-12T21:39:57Z | 2026-04-12T21:39:57Z |
| mal-2026-2568 | Malicious code in pt-sc-logger (npm) | 2026-04-12T21:36:18Z | 2026-04-12T21:36:18Z |
| mal-2026-2570 | Malicious code in robase-app (PyPI) | 2026-04-12T21:27:44Z | 2026-04-12T21:28:19Z |
| mal-2026-2566 | Malicious code in wm-plugin-visions-recorder (npm) | 2026-04-12T06:09:38Z | 2026-04-12T06:09:38Z |
| mal-2026-2564 | Malicious code in gp-auth-lib (npm) | 2026-04-12T04:25:39Z | 2026-04-12T04:25:39Z |
| mal-2026-2565 | Malicious code in portal-common-ui (npm) | 2026-04-12T04:15:46Z | 2026-04-12T04:15:46Z |
| mal-2026-2562 | Malicious code in robase-fallback (PyPI) | 2026-04-11T20:26:50Z | 2026-04-12T21:48:24Z |
| mal-2026-2563 | Malicious code in robase-installer (PyPI) | 2026-04-11T20:04:56Z | 2026-04-12T21:48:24Z |
| mal-2026-2560 | Malicious code in @b2b-portal/uch (npm) | 2026-04-11T17:55:17Z | 2026-04-11T17:55:17Z |
| mal-2026-2561 | Malicious code in robase-help (PyPI) | 2026-04-11T17:14:47Z | 2026-04-12T21:48:24Z |
| mal-2026-2559 | Malicious code in databasesupalake (PyPI) | 2026-04-11T17:07:46Z | 2026-04-12T21:48:24Z |
| mal-2026-2556 | Malicious code in api-analysis (PyPI) | 2026-04-11T14:18:43Z | 2026-04-12T21:48:24Z |
| mal-2026-2558 | Malicious code in robase-utils (PyPI) | 2026-04-11T14:15:49Z | 2026-04-12T21:48:24Z |
| mal-2026-2557 | Malicious code in databasesupasafe (PyPI) | 2026-04-11T14:13:54Z | 2026-04-12T21:48:24Z |
| mal-2026-2555 | Malicious code in api-feature (PyPI) | 2026-04-11T14:04:25Z | 2026-04-12T21:48:24Z |
| mal-2026-2551 | Malicious code in paysafe-card-payments (npm) | 2026-04-11T09:40:44Z | 2026-04-11T09:40:44Z |
| mal-2026-2550 | Malicious code in paysafe-apple-pay (npm) | 2026-04-11T09:33:48Z | 2026-04-11T09:33:48Z |
| mal-2026-2552 | Malicious code in paysafe-google-pay (npm) | 2026-04-11T09:20:48Z | 2026-04-11T09:20:48Z |
| mal-2026-2554 | Malicious code in paysafe-venmo (npm) | 2026-04-11T09:20:42Z | 2026-04-11T09:20:42Z |
| mal-2026-2553 | Malicious code in paysafe-payments-sdk-common (npm) | 2026-04-11T09:20:41Z | 2026-04-11T09:20:41Z |
| mal-2026-2547 | Malicious code in ixosmonitoring (PyPI) | 2026-04-11T08:30:32Z | 2026-04-11T08:49:58Z |
| mal-2026-2548 | Malicious code in ks-hex2pcap (PyPI) | 2026-04-11T08:22:32Z | 2026-04-11T08:49:58Z |
| mal-2026-2549 | Malicious code in python-aickerso (PyPI) | 2026-04-11T08:20:30Z | 2026-04-11T08:49:58Z |
| mal-2026-2546 | Malicious code in hex2pcap (PyPI) | 2026-04-11T08:16:27Z | 2026-04-11T08:49:58Z |
| mal-2026-2545 | Malicious code in @sap-px/pxapi (npm) | 2026-04-11T04:45:40Z | 2026-04-11T04:45:40Z |
| mal-2026-2544 | Malicious code in roboat-utilities (PyPI) | 2026-04-10T21:23:20Z | 2026-04-12T21:48:24Z |
| mal-2026-2543 | Malicious code in robase (PyPI) | 2026-04-10T21:22:56Z | 2026-04-12T21:48:24Z |
| mal-2026-2542 | Malicious code in databasetrace (PyPI) | 2026-04-10T21:22:24Z | 2026-04-12T21:48:24Z |
| mal-2026-2538 | Malicious code in bogus-nydus-op (PyPI) | 2026-04-10T18:23:04Z | 2026-04-10T18:23:04Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| 7paa023732 | System 800xA affected by 3rd party component vulnerabilities | 2026-03-31T00:30:00.000Z | 2026-03-31T00:30:00.000Z |
| 4hzm000604 | ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (SQLite 3.2.4) | 2026-03-26T00:30:00.000Z | 2026-03-26T00:30:00.000Z |
| 4jno000329 | AWIN Gateways Vulnerabilities in Embedded Webserver | 2026-03-13T00:30:00.000Z | 2026-03-13T00:30:00.000Z |
| 3adr011536 | AC500 V3 Stack buffer overflow in Cryptographic Message Syntax | 2026-03-12T00:30:00.000Z | 2026-03-12T00:30:00.000Z |
| 3adr011525 | ABB Automation Builder Gateway for Windows with insecure defaults | 2026-02-24T00:30:00.000Z | 2026-02-24T00:30:00.000Z |
| 3adr011524 | AC500 V3 Multiple vulnerabilities | 2026-02-24T00:30:00.000Z | 2026-02-24T00:30:00.000Z |
| sa25p007 | B&R Automation Studio Update of SQLite version | 2026-02-18T00:30:00.000Z | 2026-02-18T00:30:00.000Z |
| sa26p001 | PVI Insertion of Sensitive Information into Logfile | 2026-01-29T00:30:00.000Z | 2026-01-29T00:30:00.000Z |
| sa24p003 | B&R PCs vulnerable to PixieFail attack | 2026-01-29T00:30:00.000Z | 2026-01-29T00:30:00.000Z |
| sa25p005 | B&R Automation Runtime Improper Handling of Flooding conditions on ANSL Server | 2026-01-19T00:30:00.000Z | 2026-01-19T00:30:00.000Z |
| sa25p004 | Automation Studio Insufficient Server Certificate Validation | 2026-01-19T00:30:00.000Z | 2026-01-19T00:30:00.000Z |
| 9akk108472a1331 | ABB Ability™ OPTIMAX® Authentication Bypass in Single-Sign On with Azure Active Directory | 2026-01-16T00:30:00.000Z | 2026-01-16T00:30:00.000Z |
| 2crt000009 | WebPro SNMP Card PowerValue Multiple Vulnerabilities | 2026-01-07T00:30:00.000Z | 2026-01-07T00:30:00.000Z |
| 4hzm000603 | ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (VLC) | 2025-11-27T00:30:00.000Z | 2025-11-28T00:30:00.000Z |
| 7paa022088 | Edgenius Management Portal Authentication Bypass | 2025-11-20T00:30:00.000Z | 2025-11-20T00:30:00.000Z |
| 2nga002813 | PCM600 SharpZip library vulnerability | 2025-11-03T00:30:00.000Z | 2025-11-03T00:30:00.000Z |
| 9akk108471a8948 | Terra AC wallbox Heap Memory Corruption Vulnerability | 2025-10-20T00:30:00.000Z | 2025-10-21T00:30:00.000Z |
| 4tz00000006007 | ALS-mini-S4/S8 IP Missing Authentication Vulnerability and its Mitigations | 2025-10-20T00:30:00.000Z | 2025-10-23T00:30:00.000Z |
| 4tz00000006008 | LVS MConfig Insecure memory handling | 2025-10-08T00:30:00.000Z | 2025-10-08T00:30:00.000Z |
| sa25p003 | B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) | 2025-10-07T00:30:00.000Z | 2025-10-14T00:30:00.000Z |
| sa25p002 | B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) | 2025-10-07T00:30:00.000Z | 2025-10-07T00:30:00.000Z |
| 9akk108471a7808 | EIBPORT Reflected XSS | 2025-10-07T00:30:00.000Z | 2025-10-07T00:30:00.000Z |
| 9akk108471a8107 | Terra AC wallbox Heap Memory Corruption Vulnerability | 2025-09-16T00:30:00.000Z | 2025-11-28T08:00:00.000Z |
| 9akk108471a7121 | FLXeon Controllers Multiple vulnerabilities | 2025-09-09T00:30:00.000Z | 2025-09-18T00:30:00.000Z |
| 2nga002743 | ABB AbilityTM zenon Remote Transport Vulnerability | 2025-08-12T00:30:00.000Z | 2025-08-12T00:30:00.000Z |
| 9akk108471a4462 | ELSB/BLBA ASPECT advisory several CVEs | 2025-08-11T00:30:00.000Z | 2025-09-04T00:30:00.000Z |
| 3adr011432 | AC500 V2 Buffer overread on Modbus protocol | 2025-07-23T00:30:00.000Z | 2025-07-23T00:30:00.000Z |
| 9akk108471a4556 | Busch-Welcome® 2 wire Door opener actuator by default in compatibility mode. | 2025-07-21T00:30:00.000Z | 2025-07-21T00:30:00.000Z |
| 9akk108471a3623 | RMC - 100 Vulnerabilities in web UI (REST Interface) | 2025-07-03T00:30:00.000Z | 2025-08-18T00:30:00.000Z |
| 2crt000008 | Lite Panel Pro Vulnerability in Session Management | 2025-06-26T00:30:00.000Z | 2025-06-26T00:30:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| wid-sec-w-2026-1036 | OpenCTI: Schwachstelle ermöglicht Codeausführung | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1027 | LangChain: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1023 | libpng: Schwachstelle ermöglicht Offenlegung von Informationen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1022 | Juniper Patchday April 2026: Mehrere Schwachstellen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1020 | Intel Prozessoren (Pentium Silver Series, Celeron J Series, und Celeron N series): Schwachstelle ermöglicht Privilegieneskalation | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1012 | SonicWall SMA1000 : Mehrere Schwachstellen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1006 | Golang Go: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1002 | Django: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0997 | Mozilla Firefox und Thunderbird: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0995 | OpenSSL: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0982 | OpenBSD: Schwachstelle ermöglicht nicht spezifizierten Angriff | 2026-04-06T22:00:00.000+00:00 | 2026-04-07T22:00:00.000+00:00 |
| wid-sec-w-2026-0967 | Red Hat Enterprise Linux (fontforge): Schwachstelle ermöglicht Codeausführung | 2026-04-06T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0966 | Red Hat Enterprise Linux (crun): Schwachstelle ermöglicht Privilegieneskalation | 2026-04-06T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0950 | Linux Kernel: Mehrere Schwachstellen | 2026-03-31T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0939 | cPanel cPanel/WHM (perl-YAML-Syck): Schwachstelle ermöglicht Codeausführung und DoS | 2026-03-31T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0937 | Google Chrome und Microsoft Edge: Mehrere Schwachstellen | 2026-03-31T22:00:00.000+00:00 | 2026-04-06T22:00:00.000+00:00 |
| wid-sec-w-2026-0909 | Tinyproxy: Schwachstelle ermöglicht Denial of Service | 2026-03-29T22:00:00.000+00:00 | 2026-03-30T22:00:00.000+00:00 |
| wid-sec-w-2026-0904 | vim: Schwachstelle ermöglicht Codeausführung | 2026-03-29T22:00:00.000+00:00 | 2026-03-30T22:00:00.000+00:00 |
| wid-sec-w-2026-0892 | WatchGuard Firebox: Mehrere Schwachstellen | 2026-03-26T23:00:00.000+00:00 | 2026-03-30T22:00:00.000+00:00 |
| wid-sec-w-2026-0891 | Dovecot: Mehrere Schwachstellen | 2026-03-26T23:00:00.000+00:00 | 2026-03-30T22:00:00.000+00:00 |
| wid-sec-w-2026-0888 | tigervnc: Schwachstelle ermöglicht Offenlegung von Informationen, Manipulation von Dateien, und Denial of Service | 2026-03-26T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0887 | Internet Systems Consortium Kea: Schwachstelle ermöglicht Denial of Service | 2026-03-26T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0884 | OpenClaw: Mehrere Schwachstellen | 2026-03-26T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0882 | GIMP: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen | 2026-03-25T23:00:00.000+00:00 | 2026-03-26T23:00:00.000+00:00 |
| wid-sec-w-2026-0881 | IBM License Metric Tool: Mehrere Schwachstellen | 2026-03-25T23:00:00.000+00:00 | 2026-03-26T23:00:00.000+00:00 |
| wid-sec-w-2026-0880 | FreeRDP: Mehrere Schwachstellen | 2026-03-25T23:00:00.000+00:00 | 2026-03-30T22:00:00.000+00:00 |
| wid-sec-w-2026-0879 | Linux Kernel: Mehrere Schwachstellen | 2026-03-25T23:00:00.000+00:00 | 2026-04-08T22:00:00.000+00:00 |
| wid-sec-w-2026-0878 | FreeBSD Project FreeBSD OS: Mehrere Schwachstellen | 2026-03-25T23:00:00.000+00:00 | 2026-03-26T23:00:00.000+00:00 |
| wid-sec-w-2026-0875 | Red Hat Enterprise Linux (ncurses): Schwachstelle ermöglicht Codeausführung | 2026-03-25T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0873 | docker: Mehrere Schwachstellen | 2026-03-25T23:00:00.000+00:00 | 2026-03-26T23:00:00.000+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| icsa-26-099-02 | GPL Odorizers GPL750 | 2026-04-09T06:00:00.000000Z | 2026-04-09T06:00:00.000000Z |
| icsa-26-099-01 | Contemporary Controls BASC 20T | 2026-04-09T06:00:00.000000Z | 2026-04-09T06:00:00.000000Z |
| va-26-097-02 | IBM Maximo Application Suite Sensitive Tokens without 'Secure' Attribute | 2026-04-07T20:51:13Z | 2026-04-07T20:51:13Z |
| va-26-097-01 | Thales Sentinel LDK Runtime Stored XSS | 2026-04-07T20:50:15Z | 2026-04-07T20:50:15Z |
| icsa-26-097-01 | Mitsubishi Electric GENESIS64 and ICONICS Suite products | 2026-04-07T00:00:00.000000Z | 2026-04-07T06:00:00.000000Z |
| va-26-092-01 | Bentley Systems iTwin Platform exposed access token | 2026-04-02T17:11:43Z | 2026-04-02T17:11:43Z |
| va-26-092-02 | Zscaler Client Connector hard-coded proxy configuration domain | 2026-04-02T13:54:30Z | 2026-04-02T13:54:30Z |
| icsa-26-092-02 | Yokogawa CENTUM VP | 2026-04-02T06:00:00.000000Z | 2026-04-02T06:00:00.000000Z |
| icsa-26-090-02 | PX4 Autopilot | 2026-03-31T06:00:00.000000Z | 2026-03-31T06:00:00.000000Z |
| icsa-26-090-01 | Anritsu Remote Spectrum Monitor | 2026-03-31T06:00:00.000000Z | 2026-03-31T06:00:00.000000Z |
| icsa-26-092-01 | Siemens SICAM 8 Products | 2026-03-26T00:00:00.000000Z | 2026-04-02T06:00:00.000000Z |
| va-26-084-01 | Nanoleaf Lines unauthenticated firmware file store | 2026-03-25T00:00:00Z | 2026-04-02T00:00:00Z |
| icsma-26-083-01 | Grassroots DICOM (GDCM) | 2026-03-24T06:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsa-26-083-01 | Pharos Controls Mosaic Show Controller | 2026-03-24T06:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsa-26-078-08 | Automated Logic WebCTRL Premium Server | 2026-03-19T06:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-078-07 | IGL-Technologies eParking.fi | 2026-03-19T05:00:00.000000Z | 2026-03-19T05:00:00.000000Z |
| icsa-26-078-06 | CTEK Chargeportal | 2026-03-19T05:00:00.000000Z | 2026-03-19T05:00:00.000000Z |
| icsa-26-071-06 | Inductive Automation Ignition Software | 2026-03-12T06:00:00.000000Z | 2026-03-13T06:00:00.000000Z |
| icsa-26-071-01 | Trane Tracer SC, Tracer SC+, and Tracer Concierge | 2026-03-12T06:00:00.000000Z | 2026-03-12T06:00:00.000000Z |
| icsa-26-083-02 | Schneider Electric EcoStruxure Foxboro DCS | 2026-03-10T07:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsa-26-078-04 | Schneider Electric EcoStruxure PME and EPO | 2026-03-10T07:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-078-03 | Schneider Electric EcoStruxure Automation Expert | 2026-03-10T07:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-078-02 | Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 | 2026-03-10T07:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-078-01 | Schneider Electric Modicon M241, M251, and M262 | 2026-03-10T07:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-076-03 | Schneider Electric EcoStruxure Data Center Expert | 2026-03-10T07:00:00.000000Z | 2026-03-17T06:00:00.000000Z |
| icsa-26-069-03 | Honeywell IQ4x BMS Controller | 2026-03-10T06:00:00.000000Z | 2026-03-10T06:00:00.000000Z |
| icsa-26-069-02 | Lantronix EDS3000PS and EDS5000 | 2026-03-10T06:00:00.000000Z | 2026-03-10T06:00:00.000000Z |
| icsa-26-069-01 | Apeman Cameras | 2026-03-10T06:00:00.000000Z | 2026-03-10T06:00:00.000000Z |
| icsa-26-069-04 | Ceragon Siklu MultiHaul and EtherHaul Series | 2026-03-10T05:00:00.000000Z | 2026-03-10T05:00:00.000000Z |
| icsa-26-078-05 | Mitsubishi Electric CNC Series | 2026-03-10T00:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cisco-sa-ssm-cli-execution-chucwunr | Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-ndi-afw-rjurc5dz | Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-nd-ssrf-naen4o7r | Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-nd-cbid-5yqkoshu | Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-epnm-improp-auth-muwfwuu3 | Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-cssm-priv-esc-xranouo8 | Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-cimc-cmd-inj-3hkn3bvt | Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-cimc-auth-bypass-agg2bxtn | Cisco Integrated Management Controller Authentication Bypass Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-xe-secureboot-bypass-b6uyxysz | Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-wlc-dos-hnx5kgom | Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-vmanage-xss-zqkhp9w9 | Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-scp-dos-duadxtcg | Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iox-xss-lpgkzwtj | Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iox-crlf-nvgktkjz | Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iosxe_infodis-6j847ueb | Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iosxe-tls-dos-tvgldezl | Cisco IOS XE Software TLS Memory Exhaustion Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iosxe-mntc-dos-lzweqcyq | Cisco IOS XE Software Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-04-02T19:43:54+00:00 |
| cisco-sa-iosxe-lobby-privesc-kwxbqjy | Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-ios-http-dos-sbv8xrpl | Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-bootp-wubhnbxa | Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-asa-ftd-ios-dos-kpepqggk | Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-xrncs-epni-int-dos-twmffusn | Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability | 2026-03-11T16:00:00+00:00 | 2026-03-11T16:00:00+00:00 |
| cisco-sa-isis-dos-kdmxpszk | Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability | 2026-03-11T16:00:00+00:00 | 2026-03-11T16:00:00+00:00 |
| cisco-sa-iosxr-privesc-bf8d5u4w | Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities | 2026-03-11T16:00:00+00:00 | 2026-03-11T16:00:00+00:00 |
| cisco-sa-cc-xss-mrnah5jh | Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities | 2026-03-11T16:00:00+00:00 | 2026-03-11T16:00:00+00:00 |
| cisco-sa-snort3-multi-dos-xfwkwswz | Multiple Cisco Products Snort 3 Denial of Service Vulnerabilities | 2026-03-04T16:00:00+00:00 | 2026-03-04T16:00:00+00:00 |
| cisco-sa-onprem-fmc-authbypass-5jpp45v2 | Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability | 2026-03-04T16:00:00+00:00 | 2026-03-04T16:00:00+00:00 |
| cisco-sa-ftdfmc-dir-trav-wergjhwq | Cisco Secure Firewall Management Center and Secure Firewall Threat Defense Software Path Traversal Vulnerability | 2026-03-04T16:00:00+00:00 | 2026-03-04T16:00:00+00:00 |
| cisco-sa-ftd-tcp-dos-rhfqnwrg | Cisco Secure Firewall Threat Defense Software TLS with Snort 3 Detection Engine Denial of Service Vulnerability | 2026-03-04T16:00:00+00:00 | 2026-03-04T16:00:00+00:00 |
| cisco-sa-ftd-snort-bypass-rlggkzvf | Cisco Secure Firewall Threat Defense Software Snort Deep Inspection Bypass Vulnerability | 2026-03-04T16:00:00+00:00 | 2026-03-04T16:00:00+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2026-33119 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-10T07:00:00.000Z |
| msrc_cve-2026-33118 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-10T07:00:00.000Z |
| msrc_cve-2026-33107 | Azure Databricks Elevation of Privilege Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-02T07:00:00.000Z |
| msrc_cve-2026-33105 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-02T07:00:00.000Z |
| msrc_cve-2026-32213 | Azure AI Foundry Elevation of Privilege Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-02T07:00:00.000Z |
| msrc_cve-2026-32211 | Azure MCP Server Information Disclosure Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-02T07:00:00.000Z |
| msrc_cve-2026-32186 | Microsoft Bing Elevation of Privilege Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-07T07:00:00.000Z |
| msrc_cve-2026-32173 | Azure SRE Agent Information Disclosure Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-02T07:00:00.000Z |
| msrc_cve-2026-26135 | Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability | 2026-04-02T07:00:00.000Z | 2026-04-02T07:00:00.000Z |
| msrc_cve-2026-4878 | Libcap: libcap: privilege escalation via toctou race condition in cap_set_file() | 2026-04-02T00:00:00.000Z | 2026-04-11T01:10:27.000Z |
| msrc_cve-2026-40226 | CVE-2026-40226 | 2026-04-02T00:00:00.000Z | 2026-04-12T01:01:57.000Z |
| msrc_cve-2026-40026 | Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read | 2026-04-02T00:00:00.000Z | 2026-04-11T01:40:37.000Z |
| msrc_cve-2026-40025 | Sleuth Kit APFS Keybag Parser Out-of-Bounds Read | 2026-04-02T00:00:00.000Z | 2026-04-11T01:40:44.000Z |
| msrc_cve-2026-40024 | Sleuth Kit tsk_recover Path Traversal | 2026-04-02T00:00:00.000Z | 2026-04-11T01:40:50.000Z |
| msrc_cve-2026-39882 | OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies | 2026-04-02T00:00:00.000Z | 2026-04-11T01:03:08.000Z |
| msrc_cve-2026-39881 | Vim Ex command injection in Vims NetBeans integration | 2026-04-02T00:00:00.000Z | 2026-04-11T01:40:57.000Z |
| msrc_cve-2026-39856 | osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation | 2026-04-02T00:00:00.000Z | 2026-04-12T01:02:25.000Z |
| msrc_cve-2026-39855 | osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds Read | 2026-04-02T00:00:00.000Z | 2026-04-12T01:02:19.000Z |
| msrc_cve-2026-39853 | osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verification | 2026-04-02T00:00:00.000Z | 2026-04-12T01:02:14.000Z |
| msrc_cve-2026-39316 | CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer | 2026-04-02T00:00:00.000Z | 2026-04-11T01:01:21.000Z |
| msrc_cve-2026-39314 | CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported` | 2026-04-02T00:00:00.000Z | 2026-04-11T01:01:16.000Z |
| msrc_cve-2026-35611 | Addressable has a Regular Expression Denial of Service in Addressable templates | 2026-04-02T00:00:00.000Z | 2026-04-11T01:01:39.000Z |
| msrc_cve-2026-35549 | CVE-2026-35549 | 2026-04-02T00:00:00.000Z | 2026-04-04T01:02:53.000Z |
| msrc_cve-2026-35535 | CVE-2026-35535 | 2026-04-02T00:00:00.000Z | 2026-04-11T01:40:10.000Z |
| msrc_cve-2026-35414 | CVE-2026-35414 | 2026-04-02T00:00:00.000Z | 2026-04-07T01:41:35.000Z |
| msrc_cve-2026-35388 | CVE-2026-35388 | 2026-04-02T00:00:00.000Z | 2026-04-11T01:39:45.000Z |
| msrc_cve-2026-35387 | CVE-2026-35387 | 2026-04-02T00:00:00.000Z | 2026-04-07T01:02:00.000Z |
| msrc_cve-2026-35386 | CVE-2026-35386 | 2026-04-02T00:00:00.000Z | 2026-04-11T01:39:56.000Z |
| msrc_cve-2026-35385 | CVE-2026-35385 | 2026-04-02T00:00:00.000Z | 2026-04-11T01:40:03.000Z |
| msrc_cve-2026-35206 | Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment | 2026-04-02T00:00:00.000Z | 2026-04-12T01:01:40.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ncsc-2026-0111 | Kwetsbaarheid verholpen in Adobe Acrobat | 2026-04-12T08:42:18.844193Z | 2026-04-12T08:42:18.844193Z |
| ncsc-2026-0110 | Kwetsbaarheid verholpen in Cisco Smart Software Manager On-Prem | 2026-04-10T14:28:58.703642Z | 2026-04-10T14:28:58.703642Z |
| ncsc-2026-0109 | Kwetsbaarheden verholpen in Synology SSL VPN Client | 2026-04-10T12:11:00.859799Z | 2026-04-10T12:11:00.859799Z |
| ncsc-2026-0108 | Kwetsbaarheid verholpen in Juniper Networks Junos OS Evolved | 2026-04-10T12:06:13.479822Z | 2026-04-10T12:06:13.479822Z |
| ncsc-2026-0107 | Kwetsbaarheid verholpen in FortiClient EMS van Fortinet | 2026-04-04T13:49:19.002116Z | 2026-04-04T13:49:19.002116Z |
| ncsc-2026-0106 | Kwetsbaarheden verholpen in Cisco Integrated Management Controller | 2026-04-03T10:34:46.145536Z | 2026-04-03T10:34:46.145536Z |
| ncsc-2026-0105 | Kwetsbaarheden verholpen in Cisco Nexus Dashboard en Nexus Dashboard Insights | 2026-04-03T08:20:48.187725Z | 2026-04-03T08:20:48.187725Z |
| ncsc-2026-0104 | Kwetsbaarheden verholpen in Cisco IOS XE Software | 2026-03-26T09:50:03.269095Z | 2026-03-26T09:50:03.269095Z |
| ncsc-2026-0103 | Kwetsbaarheden verholpen in GitLab | 2026-03-26T09:48:10.874427Z | 2026-03-26T09:48:10.874427Z |
| ncsc-2026-0102 | Kwetsbaarheden verholpen in Apple macOS | 2026-03-25T14:15:56.073353Z | 2026-03-25T14:15:56.073353Z |
| ncsc-2026-0101 | Kwetsbaarheden verholpen in Apple iOS en iPadOS | 2026-03-25T14:02:07.392994Z | 2026-03-25T14:02:07.392994Z |
| ncsc-2026-0100 | Kwetsbaarheden verholpen in Citrix Netscaler ADC en Netscaler Gateway | 2026-03-23T13:43:30.957806Z | 2026-03-23T13:43:30.957806Z |
| ncsc-2026-0099 | Kwetsbaarheid verholpen in Oracle Identity Manager en Oracle Web Services Manager | 2026-03-20T15:56:12.716324Z | 2026-03-20T15:56:12.716324Z |
| ncsc-2026-0098 | Kwetsbaarheden verholpen in Apple iOS en iPadOS | 2026-03-13T08:41:19.155490Z | 2026-03-13T08:41:19.155490Z |
| ncsc-2026-0097 | Kwetsbaarheden verholpen in Google Chrome | 2026-03-13T08:33:43.877125Z | 2026-03-13T08:33:43.877125Z |
| ncsc-2026-0096 | Kwetsbaarheden verholpen in Veeam Backup & Replication | 2026-03-12T14:54:08.200676Z | 2026-03-12T14:54:08.200676Z |
| ncsc-2026-0095 | Kwetsbaarheid verholpen in pac4j-jwt | 2026-03-12T14:45:51.156512Z | 2026-03-12T14:45:51.156512Z |
| ncsc-2026-0094 | Kwetsbaarheden verholpen in Cisco IOS XR | 2026-03-12T14:44:08.106602Z | 2026-03-12T14:44:08.106602Z |
| ncsc-2026-0093 | Kwetsbaarheden verholpen in GitLab | 2026-03-12T14:42:46.936248Z | 2026-03-12T14:42:46.936248Z |
| ncsc-2026-0092 | Kwetsbaarheden verholpen in Fortinet FortiWeb | 2026-03-12T07:46:15.529522Z | 2026-03-12T07:46:15.529522Z |
| ncsc-2026-0091 | Kwetsbaarheden verholpen in SAP-producten | 2026-03-12T07:24:16.575638Z | 2026-03-12T07:24:16.575638Z |
| ncsc-2026-0090 | Kwetsbaarheden verholpen in Adobe Experience Manager | 2026-03-12T07:12:51.952931Z | 2026-03-12T07:12:51.952931Z |
| ncsc-2026-0089 | Kwetsbaarheden verholpen in Adobe Acrobat Reader | 2026-03-12T07:03:24.148324Z | 2026-03-12T07:03:24.148324Z |
| ncsc-2026-0088 | Kwetsbaarheden verholpen in Adobe Illustrator | 2026-03-12T06:55:39.712240Z | 2026-03-12T06:55:39.712240Z |
| ncsc-2026-0087 | Kwetsbaarheden verholpen in Adobe Commerce | 2026-03-12T06:49:56.459199Z | 2026-03-12T06:49:56.459199Z |
| ncsc-2026-0086 | Kwetsbaarheden verholpen in Fortinet FortiManager en FortiAnalyzer | 2026-03-11T09:19:38.777277Z | 2026-03-11T09:19:38.777277Z |
| ncsc-2026-0085 | Kwetsbaarheden verholpen in Microsoft Developer tools | 2026-03-10T20:35:10.478398Z | 2026-03-10T20:35:10.478398Z |
| ncsc-2026-0084 | Kwetsbaarheden verholpen in Microsoft Office | 2026-03-10T20:20:08.157658Z | 2026-03-10T20:20:08.157658Z |
| ncsc-2026-0083 | Kwetsbaarheid verholpen in Microsoft Authenticator app | 2026-03-10T20:18:35.792755Z | 2026-03-10T20:18:35.792755Z |
| ncsc-2026-0082 | Kwetsbaarheden verholpen in Microsoft Azure | 2026-03-10T20:15:41.528951Z | 2026-03-10T20:15:41.528951Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| nn-2025:18-01 | Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:17-01 | HTML injection in Sensor Map in CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:16-01 | HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:15-01 | Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:14-01 | HTML injection in Asset List in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:13-01 | Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:12-01 | HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:11-01 | Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 | 2025-11-25T11:00:00.000Z | 2025-11-26T11:00:00.000Z |
| nn-2025:9-01 | Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:8-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:7-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:6-01 | Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:5-01 | Incorrect authorization for CLI in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:4-01 | Client-side path traversal in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:10-01 | Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:3-01 | Incorrect authorization for traces request/download in CMC before 25.1.0 | 2025-08-26T11:00:00.000Z | 2025-08-26T11:00:00.000Z |
| nn-2025:2-01 | Privilege escalation in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2025:1-01 | Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2024_1-01 | DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-10T11:00:00.000Z |
| nn-2024:1-01 | DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-10T11:00:00.000Z |
| nn-2023_17-01 | Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-11T11:00:00.000Z |
| nn-2023:17-01 | Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-11T11:00:00.000Z |
| nn-2023_12-01 | Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 | 2024-01-15T11:00:00.000Z | 2024-01-16T11:00:00.000Z |
| nn-2023:12-01 | Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 | 2024-01-15T11:00:00.000Z | 2024-01-16T11:00:00.000Z |
| nn-2023_9-01 | Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023_11-01 | SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023_10-01 | DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023:9-01 | Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023:11-01 | SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023:10-01 | DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| opensuse-su-2026:10522-1 | python315-3.15.0~a8-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10521-1 | python312-3.12.13-5.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10520-1 | python310-3.10.20-4.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10519-1 | glances-common-4.5.3-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10518-1 | python311-Flask-HTTPAuth-4.8.1-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10517-1 | python313-Django6-6.0.4-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10516-1 | python311-Django4-4.2.30-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10515-1 | libprotobuf-lite34_1_0-32bit-34.1-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10514-1 | go1.25-1.25.9-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10513-1 | fontforge-20251009-6.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10512-1 | aws-c-event-stream-devel-0.7.0-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10511-1 | MozillaFirefox-149.0.2-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:20477-1 | Security update for aws-c-event-stream | 2026-04-08T13:03:50Z | 2026-04-08T13:03:50Z |
| opensuse-su-2026:10510-1 | sudo-1.9.17p2-2.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10509-1 | steampipe-2.4.1-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10508-1 | ruby4.0-rubygem-rack-2.2-2.2.23-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10507-1 | python311-lupa-2.7-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10506-1 | jupyter-jupyterlab-templates-0.5.3-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10505-1 | libIex-3_4-33-3.4.9-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10504-1 | corepack24-24.14.1-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10503-1 | firefox-esr-140.9.1-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10502-1 | dcmtk-3.7.0-2.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10501-1 | MozillaThunderbird-140.9.1-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:10500-1 | 389-ds-3.1.4+e2562f589-1.1 on GA media | 2026-04-08T00:00:00Z | 2026-04-08T00:00:00Z |
| opensuse-su-2026:20476-1 | Security update for mapserver | 2026-04-07T15:33:59Z | 2026-04-07T15:33:59Z |
| opensuse-su-2026:20471-1 | Security update for systemd | 2026-04-07T15:17:05Z | 2026-04-07T15:17:05Z |
| opensuse-su-2026:20472-1 | Security update for tar | 2026-04-07T14:58:07Z | 2026-04-07T14:58:07Z |
| opensuse-su-2026:20470-1 | Security update for libtasn1 | 2026-04-07T14:33:05Z | 2026-04-07T14:33:05Z |
| opensuse-su-2026:20469-1 | Security update for cockpit-packages | 2026-04-07T13:03:46Z | 2026-04-07T13:03:46Z |
| opensuse-su-2026:20465-1 | Security update for tigervnc | 2026-04-07T12:21:55Z | 2026-04-07T12:21:55Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| oxdc-adv-2026-0001 | OX Dovecot Security Advisory OXDC-ADV-2026-0001 | 2026-03-27T00:00:00+00:00 | 2026-03-27T00:00:00+00:00 |
| oxdc-adv-2025-0001 | OX Dovecot Pro Security Advisory OXDC-ADV-2025-0001 | 2025-10-31T00:00:00+00:00 | 2025-11-27T00:00:00+00:00 |
| oxas-adv-2025-0003 | OX App Suite Security Advisory OXAS-ADV-2025-0003 | 2025-09-24T00:00:00+02:00 | 2025-11-27T00:00:00+00:00 |
| oxas-adv-2025-0002 | OX App Suite Security Advisory OXAS-ADV-2025-0002 | 2025-08-12T00:00:00+02:00 | 2025-10-31T00:00:00+00:00 |
| oxas-adv-2025-0001 | OX App Suite Security Advisory OXAS-ADV-2025-0001 | 2025-01-27T00:00:00+01:00 | 2025-04-07T00:00:00+00:00 |
| oxdc-adv-2024-0003 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 | 2024-09-10T00:00:00+02:00 | 2024-09-10T00:00:00+00:00 |
| oxdc-adv-2024-0002 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 | 2024-09-10T00:00:00+02:00 | 2024-09-10T00:00:00+00:00 |
| oxdc-adv-2024-0001 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 | 2024-09-02T00:00:00+02:00 | 2024-09-06T00:00:00+00:00 |
| oxas-adv-2024-0005 | OX App Suite Security Advisory OXAS-ADV-2024-0005 | 2024-07-08T00:00:00+02:00 | 2024-09-09T00:00:00+00:00 |
| oxas-adv-2024-0004 | OX App Suite Security Advisory OXAS-ADV-2024-0004 | 2024-06-13T00:00:00+02:00 | 2024-08-19T00:00:00+00:00 |
| oxas-adv-2024-0003 | OX App Suite Security Advisory OXAS-ADV-2024-0003 | 2024-04-24T00:00:00+02:00 | 2024-08-19T00:00:00+00:00 |
| oxas-adv-2024-0002 | OX App Suite Security Advisory OXAS-ADV-2024-0002 | 2024-03-06T00:00:00+01:00 | 2024-05-06T00:00:00+00:00 |
| oxas-adv-2024-0001 | OX App Suite Security Advisory OXAS-ADV-2024-0001 | 2024-02-08T00:00:00+01:00 | 2024-04-25T00:00:00+00:00 |
| oxas-adv-2023-0007 | OX App Suite Security Advisory OXAS-ADV-2023-0007 | 2023-12-11T00:00:00+01:00 | 2024-02-16T00:00:00+00:00 |
| oxas-adv-2023-0006 | OX App Suite Security Advisory OXAS-ADV-2023-0006 | 2023-09-25T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0005 | OX App Suite Security Advisory OXAS-ADV-2023-0005 | 2023-09-19T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0004 | OX App Suite Security Advisory OXAS-ADV-2023-0004 | 2023-08-01T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0003 | OX App Suite Security Advisory OXAS-ADV-2023-0003 | 2023-05-02T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0002 | OX App Suite Security Advisory OXAS-ADV-2023-0002 | 2023-03-20T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0001 | OX App Suite Security Advisory OXAS-ADV-2023-0001 | 2023-02-06T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2022-0002 | OX App Suite Security Advisory OXAS-ADV-2022-0002 | 2022-11-02T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2022-0001 | OX App Suite Security Advisory OXAS-ADV-2022-0001 | 2022-08-10T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2026:7404 | Red Hat Security Advisory: RHOAI 3.2 - Red Hat OpenShift AI | 2026-04-10T18:15:43+00:00 | 2026-04-10T21:19:47+00:00 |
| rhsa-2026:7403 | Red Hat Security Advisory: RHOAI 3.3.1 - Red Hat OpenShift AI | 2026-04-10T18:15:41+00:00 | 2026-04-10T21:19:47+00:00 |
| rhsa-2026:7398 | Red Hat Security Advisory: RHOAI 2.25.4 - Red Hat OpenShift AI | 2026-04-10T17:33:41+00:00 | 2026-04-10T21:19:46+00:00 |
| rhsa-2026:7397 | Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI | 2026-04-10T17:33:17+00:00 | 2026-04-10T21:19:47+00:00 |
| rhsa-2026:7382 | Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection | 2026-04-10T15:11:45+00:00 | 2026-04-10T21:19:45+00:00 |
| rhsa-2026:7384 | Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection | 2026-04-10T15:07:15+00:00 | 2026-04-10T21:19:45+00:00 |
| rhsa-2026:7383 | Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection | 2026-04-10T14:30:44+00:00 | 2026-04-10T21:19:45+00:00 |
| rhsa-2026:7381 | Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection | 2026-04-10T14:23:39+00:00 | 2026-04-10T21:19:45+00:00 |
| rhsa-2026:7350 | Red Hat Security Advisory: nodejs:24 security update | 2026-04-09T20:27:37+00:00 | 2026-04-10T19:12:53+00:00 |
| rhsa-2026:7343 | Red Hat Security Advisory: nginx:1.26 security update | 2026-04-09T19:00:58+00:00 | 2026-04-10T01:26:15+00:00 |
| rhsa-2026:7342 | Red Hat Security Advisory: kea security update | 2026-04-09T18:33:12+00:00 | 2026-04-09T20:37:08+00:00 |
| rhsa-2026:7335 | Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA) | 2026-04-09T17:18:44+00:00 | 2026-04-11T01:47:22+00:00 |
| rhsa-2026:7328 | Red Hat Security Advisory: rhc security update | 2026-04-09T15:29:16+00:00 | 2026-04-10T11:59:07+00:00 |
| rhsa-2026:7329 | Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage | 2026-04-09T15:14:31+00:00 | 2026-04-11T01:47:22+00:00 |
| rhsa-2026:7315 | Red Hat Security Advisory: rhc security update | 2026-04-09T14:48:57+00:00 | 2026-04-10T11:59:07+00:00 |
| rhsa-2026:7314 | Red Hat Security Advisory: Red Hat Quay 3.14.7 | 2026-04-09T13:39:27+00:00 | 2026-04-09T14:38:19+00:00 |
| rhsa-2026:7310 | Red Hat Security Advisory: nodejs22 security update | 2026-04-09T13:38:21+00:00 | 2026-04-10T14:25:26+00:00 |
| rhsa-2026:7304 | Red Hat Security Advisory: libtiff security update | 2026-04-09T13:21:12+00:00 | 2026-04-09T20:34:29+00:00 |
| rhsa-2026:6564 | Red Hat Security Advisory: OpenShift Container Platform 4.20.18 bug fix and security update | 2026-04-09T13:13:19+00:00 | 2026-04-12T20:01:08+00:00 |
| rhsa-2026:7302 | Red Hat Security Advisory: nodejs:22 security update | 2026-04-09T13:04:58+00:00 | 2026-04-10T08:08:42+00:00 |
| rhsa-2026:6565 | Red Hat Security Advisory: OpenShift Container Platform 4.20.18 security and extras update | 2026-04-09T12:37:01+00:00 | 2026-04-10T15:33:35+00:00 |
| rhsa-2026:7292 | Red Hat Security Advisory: freerdp security update | 2026-04-09T12:12:02+00:00 | 2026-04-09T14:38:14+00:00 |
| rhsa-2026:6492 | Red Hat Security Advisory: OpenShift Container Platform 4.12.87 bug fix and security update | 2026-04-09T11:24:01+00:00 | 2026-04-09T14:38:09+00:00 |
| rhsa-2026:6493 | Red Hat Security Advisory: OpenShift Container Platform 4.12.87 bug fix and security update | 2026-04-09T11:02:04+00:00 | 2026-04-12T20:01:06+00:00 |
| rhsa-2026:7259 | Red Hat Security Advisory: git-lfs security update | 2026-04-09T09:55:16+00:00 | 2026-04-10T11:59:07+00:00 |
| rhsa-2026:7244 | Red Hat Security Advisory: python3.12 security update | 2026-04-09T09:06:16+00:00 | 2026-04-11T01:47:21+00:00 |
| rhsa-2026:6552 | Red Hat Security Advisory: OpenShift Container Platform 4.18.37 packages and security update | 2026-04-09T08:35:05+00:00 | 2026-04-10T21:16:56+00:00 |
| rhsa-2026:6553 | Red Hat Security Advisory: OpenShift Container Platform 4.18.37 bug fix and security update | 2026-04-09T08:27:05+00:00 | 2026-04-09T14:38:11+00:00 |
| rhsa-2026:6554 | Red Hat Security Advisory: OpenShift Container Platform 4.18.37 bug fix and security update | 2026-04-09T07:52:48+00:00 | 2026-04-12T20:01:08+00:00 |
| rhsa-2026:6555 | Red Hat Security Advisory: OpenShift Container Platform 4.18.37 security and extras update | 2026-04-09T07:15:48+00:00 | 2026-04-10T15:33:34+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| sevd-2026-069-06 | Deserialization of Untrusted Data vulnerability on Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-069-05 | Use of Hard-coded Credentials vulnerability in EcoStruxure™ IT Data Center Expert | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-069-04 | Improper Control of Generation of Code ('Code Injection') vulnerability on EcoStruxure™ Automation Expert | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-069-03 | Deserialization of Untrusted Data vulnerability on EcoStruxure™ Foxboro DCS | 2026-03-10T07:00:00.000Z | 2026-03-13T07:00:00.000Z |
| sevd-2026-069-02 | Improper Neutralization vulnerability in Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-31T07:00:00.000Z |
| sevd-2026-069-01 | Improper Resource Shutdown or Release vulnerability in Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-31T07:00:00.000Z |
| sevd-2026-041-02 | Multiple Vulnerabilities on EcoStruxure™ Building Operation Workstation and EcoStruxure™ Building Operation Webstation | 2026-02-10T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2026-041-01 | Improper Check for Unusual or Exceptional Conditions on Multiple Products | 2026-02-10T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2026-013-04 | Multiple Vulnerabilities on EcoStruxure Power Build Rapsody | 2026-01-13T08:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-013-03 | Multiple Vulnerabilities on Zigbee Products | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2026-013-02 | Incorrect Default Permissions Vulnerability on EcoStruxure™ Process Expert | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2026-013-01 | Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx | 2026-01-13T08:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2025-343-02 | EcoStruxure™ Foxboro DCS Advisor | 2025-12-09T08:00:00.000Z | 2025-12-09T08:00:00.000Z |
| sevd-2025-343-01 | EcoStruxure™ Foxboro DCS | 2025-12-09T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-315-02 | EcoStruxure™ Machine SCADA Expert & Pro-face BLUE Open Studio | 2025-11-11T08:00:00.000Z | 2025-11-11T08:00:00.000Z |
| sevd-2025-315-01 | PowerChute™ Serial Shutdown | 2025-11-11T08:00:00.000Z | 2025-11-11T08:00:00.000Z |
| sevd-2025-287-01 | EcoStruxure™ OPC UA Server Expert and EcoStruxure™ Modicon Communication Server | 2025-10-14T07:00:00.000Z | 2025-10-14T07:00:00.000Z |
| sevd-2025-252-02 | Saitel DR & Saitel DP Remote Terminal Unit | 2025-09-09T04:00:00.000Z | 2025-09-09T04:00:00.000Z |
| sevd-2025-252-01 | Multiple Altivar Process Drives and Communication Modules | 2025-09-09T04:00:00.000Z | 2025-12-09T08:00:00.000Z |
| sevd-2025-224-05 | Modicon M340 Controller and Communication Modules | 2025-08-12T04:00:00.000Z | 2025-08-12T04:00:00.000Z |
| sevd-2025-224-04 | EcoStruxure™ Building Operation Enterprise Server, EcoStruxure™ Building Operation Enterprise Central, and EcoStruxure™ Workstation | 2025-08-12T04:00:00.000Z | 2025-09-09T04:00:00.000Z |
| sevd-2025-224-03 | Schneider Electric Software Update | 2025-08-12T04:00:00.000Z | 2025-09-09T04:00:00.000Z |
| sevd-2025-224-02 | EcoStruxure™ Power Monitoring Expert Software & EcoStruxure™ Power Operation (EPO) and EcoStruxure™ Power SCADA Operation (PSO) | 2025-08-12T04:00:00.000Z | 2025-11-11T08:00:00.000Z |
| sevd-2025-224-01 | Saitel DR & Saitel DP Remote Terminal Unit | 2025-08-12T04:00:00.000Z | 2025-11-11T08:00:00.000Z |
| sevd-2025-189-04 | EcoStruxure™ Power Monitoring Expert (PME) and EcoStruxure™ Power Operation (EPO) with Advanced Reporting and Dashboards | 2025-07-08T04:00:00.000Z | 2025-07-08T04:00:00.000Z |
| sevd-2025-189-03 | EcoStruxure™ Power Operation | 2025-07-08T04:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-189-02 | System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs | 2025-07-08T04:00:00.000Z | 2025-07-08T04:00:00.000Z |
| sevd-2025-189-01 | EcoStruxure™ IT Data Center Expert | 2025-07-08T04:00:00.000Z | 2025-07-08T04:00:00.000Z |
| sevd-2025-161-03 | EVLink WallBox | 2025-06-10T04:00:00.000Z | 2025-07-08T04:00:00.000Z |
| sevd-2025-161-02 | Modicon Controllers M241/M251/M258/LMC058/M262 | 2025-06-10T04:00:00.000Z | 2025-07-08T04:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| sca-2026-0006 | Vulnerabilities affecting SICK Lector85x and SICK Lector83x | 2026-03-06T14:00:00.000Z | 2026-03-06T14:00:00.000Z |
| sca-2026-0005 | Vulnerabilities affecting SICK LMS1000 and SICK MRS1000 | 2026-02-27T14:00:00.000Z | 2026-02-27T14:00:00.000Z |
| sca-2026-0004 | Eclipse Cyclone DDS Vulnerabilities have no impact on SICK picoScan150 & SICK picoScan120 products | 2026-02-13T14:00:00.000Z | 2026-02-13T14:00:00.000Z |
| sca-2026-0003 | Vulnerability affecting SICK nanoScan3 and microScan3 | 2026-01-26T14:00:00.000Z | 2026-01-26T14:00:00.000Z |
| sca-2026-0002 | Vulnerabilities affecting SICK Incoming Goods Suite | 2026-01-15T14:00:00.000Z | 2026-01-22T19:00:00.000Z |
| sca-2026-0001 | Vulnerabilities affecting SICK TDC-X401GL | 2026-01-15T14:00:00.000Z | 2026-01-15T14:00:00.000Z |
| sca-2025-0014 | CodeMeter vulnerablity affects SICK CODE-LOC and SICK LIDAR-LOC | 2025-11-03T11:00:00.000Z | 2025-11-03T14:00:00.000Z |
| sca-2025-0013 | Vulnerabilities affecting SICK TLOC100-100 | 2025-10-27T14:00:00.000Z | 2025-11-11T14:00:00.000Z |
| sca-2025-0012 | Sudo vulnerability affects SICK SID products | 2025-10-27T11:00:00.000Z | 2025-10-27T14:00:00.000Z |
| sca-2025-0011 | Vulnerabilities affecting Endress+Hauser SSG-E210GC | 2025-10-02T13:00:00.000Z | 2025-10-02T13:00:00.000Z |
| sca-2025-0010 | Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products | 2025-10-02T13:00:00.000Z | 2025-10-02T13:00:00.000Z |
| sca-2025-0009 | Vulnerabilities affecting SICK TDC-E210GC | 2025-08-01T13:00:00.000Z | 2025-08-01T13:00:00.000Z |
| sca-2025-0008 | Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 | 2025-07-03T13:00:00.000Z | 2025-07-03T13:00:00.000Z |
| sca-2025-0007 | Multiple vulnerabilities in SICK Field Analytics and SICK Media Server | 2025-06-12T13:00:00.000Z | 2025-06-12T13:00:00.000Z |
| sca-2025-0006 | Vulnerability affecting picoScan and multiScan | 2025-04-28T13:00:00.000Z | 2025-04-28T13:00:00.000Z |
| sca-2025-0005 | Vulnerabilities in SICK Flexi Compact | 2025-04-28T10:00:00.000Z | 2025-04-28T10:00:00.000Z |
| sca-2025-0004 | Critical vulnerabilities in SICK DL100-2xxxxxxx | 2025-03-14T11:00:00.000Z | 2025-03-14T11:00:00.000Z |
| sca-2025-0003 | FreeRTOS Vulnerabilities have no impact on SICK Products | 2025-02-28T00:00:00.000Z | 2025-05-20T11:00:00.000Z |
| sca-2025-0001 | Multiple vulnerabilities in SICK MEAC300 | 2025-02-14T14:00:00.000Z | 2025-02-21T14:00:00.000Z |
| sca-2025-0002 | Vulnerability in SICK Lector8xx and SICK InspectorP8xx | 2025-02-14T10:19:00.000Z | 2025-02-14T10:19:00.000Z |
| sca-2024-0007 | Vulnerability in SICK OLM | 2024-12-31T00:00:00.000Z | 2024-12-31T00:00:00.000Z |
| sca-2024-0006 | Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx | 2024-12-06T00:00:00.000Z | 2024-12-06T00:00:00.000Z |
| sca-2024-0005 | Vulnerability in SICK Incoming Goods Suite | 2024-11-19T00:00:00.000Z | 2024-11-19T00:00:00.000Z |
| sca-2024-0004 | Third party vulnerabilities in SICK CDE-100 | 2024-11-07T12:00:00.000Z | 2024-11-07T12:00:00.000Z |
| sca-2024-0003 | Critical vulnerability in multiple SICK products | 2024-10-17T13:00:00.000Z | 2024-10-17T13:00:00.000Z |
| sca-2024-0002 | Vulnerability in SICK MSC800 | 2024-09-11T23:00:00.000Z | 2024-09-11T23:00:00.000Z |
| sca-2024-0001 | Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics | 2024-01-29T00:00:00.000Z | 2024-01-29T00:00:00.000Z |
| sca-2023-0011 | Vulnerability in multiple SICK Flexi Soft Gateways | 2023-10-23T11:00:00.000Z | 2023-10-23T11:00:00.000Z |
| sca-2023-0010 | Vulnerabilities in SICK Application Processing Unit | 2023-10-09T11:00:00.000Z | 2023-10-09T11:00:00.000Z |
| sca-2023-0008 | Vulnerability in SICK SIM1012 | 2023-09-29T13:00:00.000Z | 2023-09-29T13:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ssa-246443 | SSA-246443: Multiple Vulnerabilities in SICAM 8 Products | 2026-03-26T00:00:00.000Z | 2026-03-26T00:00:00.000Z |
| ssa-975644 | SSA-975644: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-903736 | SSA-903736: Multiple vulnerabilities in SICAM SIAPP SDK before V2.1.7 | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-485750 | SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800 | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-452276 | SSA-452276: Eval Injection Vulnerability in SIMATIC S7-1500 | 2026-03-10T00:00:00.000Z | 2026-03-19T00:00:00.000Z |
| ssa-126399 | SSA-126399: Improper Access Control Vulnerability in Heliox EV Chargers | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-965753 | SSA-965753: Multiple File Parsing Vulnerabilities in Simcenter Femap and Nastran Before V2512 | 2026-02-10T00:00:00Z | 2026-02-10T00:00:00Z |
| ssa-625934 | SSA-625934: Improper Access Control Vulnerability in the Webhooks Implementation of Siveillance Video Management Servers | 2026-02-10T00:00:00Z | 2026-02-10T00:00:00Z |
| ssa-535115 | SSA-535115: Data Validation Vulnerability in NX Before V2512 | 2026-02-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-507364 | SSA-507364: Heap Based Buffer Overflow Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager | 2026-02-10T00:00:00Z | 2026-02-10T00:00:00Z |
| ssa-445819 | SSA-445819: Out of Bounds Read in PS/IGES Parasolid Translator Component in Solid Edge | 2026-02-10T00:00:00Z | 2026-02-10T00:00:00Z |
| ssa-311973 | SSA-311973: Multiple Local Privilege Escalation Vulnerabilities in SINEC NMS and User Management Component (UMC) | 2026-02-10T00:00:00Z | 2026-02-10T00:00:00Z |
| ssa-035571 | SSA-035571: Cross Site Scripting Vulnerability in Polarion Before V2506 | 2026-02-10T00:00:00Z | 2026-02-10T00:00:00Z |
| ssa-089022 | SSA-089022: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.3 | 2026-01-28T00:00:00Z | 2026-02-24T00:00:00Z |
| ssa-827968 | SSA-827968: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices | 2026-01-13T00:00:00Z | 2026-01-13T00:00:00Z |
| ssa-674753 | SSA-674753: Denial-of-Service Vulnerability in ET 200 Devices | 2026-01-13T00:00:00Z | 2026-02-10T00:00:00Z |
| ssa-192617 | SSA-192617: Local Privilege Escalation Vulnerability in TeleControl Server Basic Before V3.1.2.4 | 2026-01-13T00:00:00Z | 2026-01-13T00:00:00Z |
| ssa-014678 | SSA-014678: Authorization Bypass Vulnerability in Industrial Edge Device Kit | 2026-01-13T00:00:00Z | 2026-01-13T00:00:00Z |
| ssa-001536 | SSA-001536: Authorization Bypass Vulnerability in Siemens Industrial Edge Devices | 2026-01-13T00:00:00Z | 2026-01-13T00:00:00Z |
| ssa-512988 | SSA-512988: File Parsing Vulnerability in Simcenter Femap Before V2512 | 2025-12-12T00:00:00Z | 2025-12-12T00:00:00Z |
| ssa-915282 | SSA-915282: Denial of service Vulnerability in Interniche IP-Stack based Industrial Devices | 2025-12-09T00:00:00Z | 2025-12-09T00:00:00Z |
| ssa-912274 | SSA-912274: Multiple Vulnerabilities in RUGGEDCOM ROX Before V2.17 | 2025-12-09T00:00:00Z | 2026-01-13T00:00:00Z |
| ssa-882673 | SSA-882673: Multiple Vulnerabilities in SINEC Security Monitor before V4.10.0 | 2025-12-09T00:00:00Z | 2025-12-09T00:00:00Z |
| ssa-868571 | SSA-868571: Missing Server Certificate Validation in IAM Client | 2025-12-09T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-763474 | SSA-763474: Denial of Service Vulnerability in Ruggedcom ROS devices before V5.10.1 | 2025-12-09T00:00:00Z | 2025-12-09T00:00:00Z |
| ssa-734261 | SSA-734261: Authentication Bypass Vulnerability in Energy Services Using Elspec G5DFR | 2025-12-09T00:00:00Z | 2025-12-09T00:00:00Z |
| ssa-710408 | SSA-710408: Missing Server Certificate Validation in Siemens Advanced Licensing (SALT) Toolkit | 2025-12-09T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-626856 | SSA-626856: Multiple Vulnerabilities in SINEMA Remote Connect Sever Before V3.2 SP4 | 2025-12-09T00:00:00Z | 2025-12-09T00:00:00Z |
| ssa-471761 | SSA-471761: Multiple Vulnerabilities in SICAM T Before V3.0 | 2025-12-09T00:00:00Z | 2025-12-09T00:00:00Z |
| ssa-420375 | SSA-420375: Improper Integrity Check of Firmware Updates in Building X - Security Manager Edge Controller (ACC-AP) | 2025-12-09T00:00:00Z | 2025-12-09T00:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| suse-su-2026:1257-1 | Security update for openssl-1_1 | 2026-04-10T15:06:36Z | 2026-04-10T15:06:36Z |
| suse-su-2026:1256-1 | Security update for openssl-1_0_0 | 2026-04-10T14:57:18Z | 2026-04-10T14:57:18Z |
| suse-su-2026:1255-1 | Security update for openssl-1_1 | 2026-04-10T14:56:12Z | 2026-04-10T14:56:12Z |
| suse-su-2026:1254-1 | Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) | 2026-04-10T14:04:42Z | 2026-04-10T14:04:42Z |
| suse-su-2026:1252-1 | Security update for tigervnc | 2026-04-10T11:36:58Z | 2026-04-10T11:36:58Z |
| suse-su-2026:1251-1 | Security update for cockpit-podman | 2026-04-10T11:36:50Z | 2026-04-10T11:36:50Z |
| suse-su-2026:1250-1 | Security update for cockpit-tukit | 2026-04-10T11:36:40Z | 2026-04-10T11:36:40Z |
| suse-su-2026:1249-1 | Security update for cockpit-machines | 2026-04-10T11:36:32Z | 2026-04-10T11:36:32Z |
| suse-su-2026:1247-1 | Security update for nghttp2 | 2026-04-10T10:34:43Z | 2026-04-10T10:34:43Z |
| suse-su-2026:1248-1 | Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) | 2026-04-10T09:13:03Z | 2026-04-10T09:13:03Z |
| suse-su-2026:1244-1 | Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) | 2026-04-10T08:04:54Z | 2026-04-10T08:04:54Z |
| suse-su-2026:1242-1 | Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5) | 2026-04-10T07:04:48Z | 2026-04-10T07:04:48Z |
| suse-su-2026:1239-1 | Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) | 2026-04-09T19:04:33Z | 2026-04-09T19:04:33Z |
| suse-su-2026:1237-1 | Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) | 2026-04-09T17:04:59Z | 2026-04-09T17:04:59Z |
| suse-su-2026:1236-1 | Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) | 2026-04-09T14:22:32Z | 2026-04-09T14:22:32Z |
| suse-su-2026:1232-1 | Security update for cockpit | 2026-04-09T10:47:29Z | 2026-04-09T10:47:29Z |
| suse-su-2026:1231-1 | Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4) | 2026-04-09T09:04:39Z | 2026-04-09T09:04:39Z |
| suse-su-2026:1230-1 | Security update for bind | 2026-04-09T08:58:38Z | 2026-04-09T08:58:38Z |
| suse-su-2026:1229-1 | Security update for bind | 2026-04-09T08:58:06Z | 2026-04-09T08:58:06Z |
| suse-ru-2026:1228-1 | Recommended update for shadow | 2026-04-09T08:27:26Z | 2026-04-09T08:27:26Z |
| suse-su-2026:1225-1 | Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) | 2026-04-09T01:53:43Z | 2026-04-09T01:53:43Z |
| suse-su-2026:1222-1 | Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5) | 2026-04-08T20:04:54Z | 2026-04-08T20:04:54Z |
| suse-su-2026:1221-1 | Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5) | 2026-04-08T16:04:43Z | 2026-04-08T16:04:43Z |
| suse-su-2026:1218-1 | Security update for python-requests | 2026-04-08T14:39:49Z | 2026-04-08T14:39:49Z |
| suse-su-2026:1217-1 | Security update for freerdp | 2026-04-08T12:28:33Z | 2026-04-08T12:28:33Z |
| suse-su-2026:1216-1 | Security update for openssl-1_1 | 2026-04-08T12:28:22Z | 2026-04-08T12:28:22Z |
| suse-su-2026:1215-1 | Security update for openssl-3 | 2026-04-08T12:27:58Z | 2026-04-08T12:27:58Z |
| suse-su-2026:1214-1 | Security update for openssl-3 | 2026-04-08T12:27:45Z | 2026-04-08T12:27:45Z |
| suse-su-2026:1213-1 | Security update for openssl-3 | 2026-04-08T12:27:10Z | 2026-04-08T12:27:10Z |
| suse-su-2026:1051-1 | Security update for vim | 2026-04-08T11:40:57Z | 2026-04-08T11:40:57Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2026:6622 | Moderate: crun security update | 2026-04-06T00:00:00Z | 2026-04-06T08:36:15Z |
| alsa-2026:6621 | Moderate: crun security update | 2026-04-06T00:00:00Z | 2026-04-06T08:42:59Z |
| alsa-2026:6572 | Moderate: kernel-rt security update | 2026-04-06T00:00:00Z | 2026-04-06T09:38:16Z |
| alsa-2026:6571 | Moderate: kernel security update | 2026-04-06T00:00:00Z | 2026-04-06T09:27:57Z |
| alsa-2026:6473 | Important: python3 security update | 2026-04-02T00:00:00Z | 2026-04-03T12:02:03Z |
| alsa-2026:6470 | Important: perl-YAML-Syck security update | 2026-04-02T00:00:00Z | 2026-04-03T12:07:59Z |
| alsa-2026:6445 | Important: libpng12 security update | 2026-04-02T00:00:00Z | 2026-04-03T12:13:28Z |
| alsa-2026:6439 | Important: libpng15 security update | 2026-04-02T00:00:00Z | 2026-04-03T12:19:53Z |
| alsa-2026:6436 | Moderate: rsync security update | 2026-04-02T00:00:00Z | 2026-04-03T12:29:15Z |
| alsa-2026:6390 | Moderate: rsync security update | 2026-04-01T00:00:00Z | 2026-04-02T09:23:33Z |
| alsa-2026:6388 | Important: grafana-pcp security update | 2026-04-01T00:00:00Z | 2026-04-03T10:02:10Z |
| alsa-2026:6383 | Important: grafana-pcp security update | 2026-04-01T00:00:00Z | 2026-04-02T09:15:46Z |
| alsa-2026:6382 | Important: grafana security update | 2026-04-01T00:00:00Z | 2026-04-02T09:12:36Z |
| alsa-2026:6344 | Important: grafana security update | 2026-04-01T00:00:00Z | 2026-04-03T09:56:37Z |
| alsa-2026:6342 | Important: thunderbird security update | 2026-04-01T00:00:00Z | 2026-04-01T11:59:47Z |
| alsa-2026:6340 | Important: freerdp security update | 2026-04-01T00:00:00Z | 2026-04-02T09:09:13Z |
| alsa-2026:6301 | Important: squid security update | 2026-03-31T00:00:00Z | 2026-04-01T09:27:45Z |
| alsa-2026:6300 | Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update | 2026-03-31T00:00:00Z | 2026-04-03T17:13:38Z |
| alsa-2026:6286 | Important: python3.11 security update | 2026-03-31T00:00:00Z | 2026-04-01T09:15:24Z |
| alsa-2026:6285 | Important: python3.12 security update | 2026-03-31T00:00:00Z | 2026-04-01T09:07:09Z |
| alsa-2026:6283 | Important: python3.12 security update | 2026-03-31T00:00:00Z | 2026-04-01T08:56:58Z |
| alsa-2026:6281 | Important: python3.11 security update | 2026-03-31T00:00:00Z | 2026-04-01T08:52:26Z |
| alsa-2026:6266 | Moderate: libxslt security update | 2026-03-31T00:00:00Z | 2026-04-01T09:19:08Z |
| alsa-2026:6259 | Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update | 2026-03-31T00:00:00Z | 2026-04-03T09:45:31Z |
| alsa-2026:6256 | Important: python3.12 security update | 2026-03-31T00:00:00Z | 2026-04-01T09:23:35Z |
| alsa-2026:6188 | Important: thunderbird security update | 2026-03-30T00:00:00Z | 2026-04-02T08:18:50Z |
| alsa-2026:6153 | Moderate: kernel security update | 2026-03-30T00:00:00Z | 2026-04-02T08:46:53Z |
| alsa-2026:6053 | Moderate: kernel security update | 2026-03-30T00:00:00Z | 2026-04-03T09:23:17Z |
| alsa-2026:6037 | Moderate: kernel security update | 2026-03-30T00:00:00Z | 2026-03-30T10:55:07Z |
| alsa-2026:6036 | Moderate: kernel-rt security update | 2026-03-30T00:00:00Z | 2026-03-30T10:51:16Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| hsec-2026-0006 | Cabal deletes project source files during configure | 2026-04-08T14:23:27Z | 2026-04-08T14:23:27Z |
| hsec-2026-0004 | Hackage package metadata stored XSS vulnerability | 2026-03-28T16:05:12Z | 2026-03-28T16:05:12Z |
| hsec-2026-0002 | Hackage CSRF vulnerability | 2026-03-28T16:04:58Z | 2026-03-28T16:04:58Z |
| hsec-2024-0004 | Hackage package and doc upload stored XSS vulnerability | 2026-01-16T11:18:20Z | 2026-01-16T11:18:20Z |
| hsec-2025-0007 | cmark-gfm: resource exhaustion due to quadratic complexity in parser | 2025-12-27T08:58:56Z | 2025-12-27T08:58:56Z |
| hsec-2025-0006 | Private key leak via inherited file descriptor | 2025-11-17T02:22:38Z | 2025-11-17T02:22:38Z |
| hsec-2025-0005 | cabal-install dependency confusion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0004 | Broken Path Sanitization in spacecookie Library | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0003 | Use after free in multithreaded lzma (.xz) decoder | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0002 | Double Public Key Signing Function Oracle Attack on Ed25519 | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0001 | Subword division operations may produce incorrect results | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0009 | Public key confusion in third-party blocks | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0008 | Sign extension error in the PPC64le FFI | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0007 | Sign extension error in the AArch64 NCG | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0006 | fromIntegral: conversion error | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0003 | process: command injection via argument list on Windows | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0002 | out-of-bounds write when there are many bzip2 selectors | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0001 | Reflected XSS vulnerability in keter | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0015 | cabal-install uses expired key policies | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0014 | Arbitrary file write is possible when using PDF output or --extract-media with untrusted input | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0013 | git-annex plaintext storage of embedded credentials on encrypted remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0012 | git-annex checksum exposure to encrypted special remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0011 | git-annex GPG decryption attack via compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0010 | git-annex private data exfiltration to compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0009 | git-annex command injection via malicious SSH hostname | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0008 | Stored XSS in hledger-web | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0007 | readFloat: memory exhaustion with large exponent | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0006 | x509-validation does not enforce pathLenConstraint | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0005 | tls-extra: certificate validation does not check Basic Constraints | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0004 | xml-conduit unbounded entity expansion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osec-2026-02 | ARP unbounded memory usage | 2026-02-18T10:30:00Z | 2026-02-18T10:30:00Z |
| osec-2026-01 | Buffer Over-Read in OCaml Marshal Deserialization | 2026-02-17T13:30:00Z | 2026-02-27T09:30:00Z |
| osec-2025-01 | Albatross console out of memory | 2025-08-15T00:18:22Z | 2026-01-13T12:00:00Z |
| osec-2023-01 | Time of check time of use issue in opam's cache | 2023-05-25T12:00:00Z | 2026-01-09T12:00:00Z |
| osec-2022-01 | Infinite loop in console output on xen | 2022-12-07T00:00:00Z | 2026-02-18T09:30:00Z |
| osec-2019-02 | Grant unshare vulnerability in mirage-xen | 2019-04-26T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2019-01 | Memory disclosure in mirage-net-xen | 2019-03-21T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2018-01 | An integer overflow in the `bigarray` serialization module leads to arbitrary code execution | 2018-04-06T18:29:00Z | 2025-12-16T12:00:00Z |
| osec-2017-01 | Local privilege escalation issue with ocaml binaries | 2017-06-23T15:19:47Z | 2025-12-16T12:00:00Z |
| osec-2016-02 | Memory disclosure in mirage-net-xen | 2016-05-03T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2016-01 | Buffer overflow and information leak in OCaml < 4.03.0 | 2016-04-29T00:18:22Z | 2026-01-01T12:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2026-532 | Heap-buffer-overflow in regsub | 2026-04-05T00:06:36.291055Z | 2026-04-05T00:06:36.291504Z |
| osv-2026-518 | Use-of-uninitialized-value in ne_read_block | 2026-04-03T00:21:06.950773Z | 2026-04-03T00:21:06.951035Z |
| osv-2026-514 | Heap-buffer-overflow in format_expand1 | 2026-04-03T00:09:42.155641Z | 2026-04-03T00:09:42.155954Z |
| osv-2026-512 | Heap-buffer-overflow in g_utf8_get_char | 2026-04-03T00:07:59.707776Z | 2026-04-03T00:07:59.708039Z |
| osv-2026-504 | Heap-use-after-free in ObjectStream::getObject | 2026-04-02T00:16:28.228723Z | 2026-04-02T00:16:28.229037Z |
| osv-2026-461 | UNKNOWN READ in XRef::constructObjectEntry | 2026-03-26T00:17:47.551046Z | 2026-03-26T00:17:47.551361Z |
| osv-2026-455 | UNKNOWN READ in mkv::matroska_segment_c::TrackInit | 2026-03-25T00:20:51.448743Z | 2026-03-25T00:20:51.449185Z |
| osv-2026-437 | Heap-use-after-free in tf::Executor::_invoke | 2026-03-23T00:02:28.277984Z | 2026-03-23T14:25:41.819255Z |
| osv-2026-417 | Segv on unknown address in arrow::Array::IsNull | 2026-03-18T00:18:35.139866Z | 2026-03-18T00:18:35.140154Z |
| osv-2026-371 | Heap-buffer-overflow in tinyobj::tryParseDouble | 2026-03-09T00:09:41.689616Z | 2026-03-09T00:09:41.689926Z |
| osv-2026-359 | Segv on unknown address in gpsd_vlog | 2026-03-07T00:03:40.062221Z | 2026-03-07T00:03:40.062505Z |
| osv-2026-350 | UNKNOWN READ in bfd_getl32 | 2026-03-04T00:14:56.651284Z | 2026-03-14T18:43:19.427139Z |
| osv-2026-338 | Use-of-uninitialized-value in pjsip_auth_clt_init_req | 2026-03-03T00:09:55.520965Z | 2026-03-03T00:09:55.521245Z |
| osv-2026-311 | UNKNOWN READ in strncasecmp | 2026-02-26T00:16:50.091819Z | 2026-02-26T00:16:50.092121Z |
| osv-2026-308 | Heap-buffer-overflow in vcardstructured_new_from_string | 2026-02-25T00:19:49.963815Z | 2026-02-25T00:19:49.964188Z |
| osv-2026-307 | Global-buffer-overflow in navcom_parse | 2026-02-25T00:16:23.864362Z | 2026-02-25T00:16:23.864694Z |
| osv-2026-304 | Heap-use-after-free in tf::Executor::_invoke | 2026-02-25T00:09:10.290694Z | 2026-02-25T00:09:10.291030Z |
| osv-2026-300 | UNKNOWN WRITE in nmeaid_to_prn | 2026-02-25T00:06:00.225480Z | 2026-02-25T00:06:00.225972Z |
| osv-2026-297 | Security exception in org.apache.poi.util.IOUtils.safelyAllocate | 2026-02-24T00:02:29.789817Z | 2026-02-24T00:02:29.790144Z |
| osv-2026-292 | UNKNOWN WRITE in <wasmtime::runtime::func::Func>::call_unchecked_raw::< | 2026-02-23T00:19:15.717984Z | 2026-02-23T00:19:15.718280Z |
| osv-2026-272 | Heap-use-after-free in vcardproperty_get_value | 2026-02-21T00:20:10.455944Z | 2026-02-21T00:20:10.456357Z |
| osv-2026-261 | Segv on unknown address in ___interceptor_strtol | 2026-02-19T00:09:21.893775Z | 2026-02-19T00:09:21.894076Z |
| osv-2026-259 | Use-of-uninitialized-value in tsip_parse_input | 2026-02-18T00:14:29.378028Z | 2026-02-18T00:14:29.378341Z |
| osv-2026-255 | UNKNOWN WRITE in nmeaid_to_prn | 2026-02-17T00:17:19.574579Z | 2026-02-17T00:17:19.574905Z |
| osv-2026-244 | Use-of-uninitialized-value in ihevcd_fmt_conv | 2026-02-15T00:03:36.246033Z | 2026-02-15T00:03:36.246568Z |
| osv-2026-242 | Use-of-uninitialized-value in ntrip_parse_url | 2026-02-14T00:17:42.945923Z | 2026-02-14T00:17:42.946299Z |
| osv-2026-240 | Use-of-uninitialized-value in packet_get1 | 2026-02-14T00:09:50.559032Z | 2026-02-14T00:09:50.559326Z |
| osv-2026-229 | Segv on unknown address in aiAnimation::~aiAnimation | 2026-02-11T00:12:18.313233Z | 2026-02-11T00:12:18.313574Z |
| osv-2026-226 | UNKNOWN WRITE in decode_xa2_00 | 2026-02-11T00:10:08.757600Z | 2026-02-11T00:10:08.757920Z |
| osv-2026-216 | Heap-buffer-overflow in mg_mqtt_next_prop | 2026-02-10T00:08:51.349946Z | 2026-02-11T14:08:38.238200Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2026-0097 | Rand is unsound with a custom logger using `rand::rng()` | 2026-04-09T12:00:00Z | 2026-04-11T11:38:57Z |
| rustsec-2026-0096 | Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0095 | Wasmtime with Winch compiler backend may allow a sandbox-escaping memory access | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0094 | Improperly masked return value from `table.grow` with Winch compiler backend | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0093 | Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0092 | Panic when transcoding misaligned component model UTF-16 strings | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0091 | Out-of-bounds write or crash when transcoding component model strings | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0090 | Use-after-free bug after cloning `wasmtime::Linker` | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0089 | Host panic when Winch compiler executes `table.fill` | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0088 | Data leakage between pooling allocator instances | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0087 | Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64 | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0086 | Host data leakage with 64-bit tables and Winch | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0085 | Panic when lifting `flags` component value | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0084 | `logprinter` was removed from crates.io for malicious code | 2026-04-09T12:00:00Z | 2026-04-09T11:23:07Z |
| rustsec-2026-0083 | zantetsu-trainer is unmaintained | 2026-04-07T12:00:00Z | 2026-04-08T08:55:27Z |
| rustsec-2026-0082 | zantetsu-ffi is unmaintained | 2026-04-07T12:00:00Z | 2026-04-08T08:55:27Z |
| rustsec-2026-0081 | `logtrace` was removed from crates.io for malicious code | 2026-04-05T12:00:00Z | 2026-04-05T23:52:05Z |
| rustsec-2026-0078 | Symbol confusion after hasher panic in `intaglio` interners | 2026-03-30T12:00:00Z | 2026-03-30T21:40:18Z |
| rustsec-2026-0065 | `tokio-signal` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0064 | `tokio-udp` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0063 | `tokio-executor` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0062 | `tokio-compat` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0061 | `tokio-fs` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0060 | `tokio-timer` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0059 | `tokio-tcp` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0058 | `tokio-io` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0057 | `tokio-reactor` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0056 | `tokio-codec` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0055 | `tokio-process` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| rustsec-2026-0054 | `tokio-current-thread` is unmaintained | 2026-03-20T12:00:00Z | 2026-03-20T22:26:59Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-joomla-2026-23899 | Joomla! Core - [20260306] - Improper access check in webservice endpoints | 2026-04-10T08:49:24.143Z | 2026-04-10T09:26:18.172Z |
| bit-joomla-2026-23898 | Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate | 2026-04-10T08:49:22.196Z | 2026-04-10T09:26:18.172Z |
| bit-joomla-2026-21632 | Joomla! Core - [20260304] - XSS vectors in various article title outputs | 2026-04-10T08:49:20.111Z | 2026-04-10T09:26:18.172Z |
| bit-joomla-2026-21631 | Joomla! Core - [20260303] - XSS vector in com_associations comparison view | 2026-04-10T08:49:17.625Z | 2026-04-10T09:26:18.172Z |
| bit-joomla-2026-21630 | Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint | 2026-04-10T08:49:15.352Z | 2026-04-10T09:26:18.172Z |
| bit-joomla-2026-21629 | Joomla! Core - [20260301] - ACL hardening in com_ajax | 2026-04-10T08:49:13.196Z | 2026-04-10T09:26:18.172Z |
| bit-parse-2026-39381 | Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields` | 2026-04-09T14:37:43.255Z | 2026-04-09T15:05:10.890Z |
| bit-parse-2026-39321 | Parse Server has a login timing side-channel reveals user existence | 2026-04-09T14:37:40.125Z | 2026-04-09T15:05:10.890Z |
| bit-cosign-2026-39395 | Cosign's verify-blob-attestation reports false positive when payload parsing fails | 2026-04-09T08:37:13.235Z | 2026-04-09T09:13:50.652Z |
| bit-activemq-2026-34197 | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans | 2026-04-09T08:36:52.749Z | 2026-04-09T09:13:50.652Z |
| bit-activemq-2026-33227 | Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory | 2026-04-09T08:36:51.132Z | 2026-04-09T09:13:50.652Z |
| bit-cassandra-2026-27315 | Apache Cassandra: cqlsh history sensitive information leak | 2026-04-09T08:36:45.141Z | 2026-04-10T09:26:18.172Z |
| bit-parse-2026-35200 | Parse Server has a file upload Content-Type override via extension mismatch | 2026-04-08T14:51:33.993Z | 2026-04-08T15:15:28.618Z |
| bit-discourse-2026-34947 | Discourse: Staged user custom fields are exposed on public invite pages | 2026-04-08T14:45:19.092Z | 2026-04-08T15:15:28.618Z |
| bit-discourse-2026-27481 | Discourse: Hidden tag visibility bypass on tag routes | 2026-04-08T14:43:31.143Z | 2026-04-08T15:15:28.618Z |
| bit-jupyterhub-2026-33709 | JupyterHub has an Open Redirect Vulnerability | 2026-04-08T08:40:42.508Z | 2026-04-08T09:14:18.943Z |
| bit-discourse-2026-33415 | Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure | 2026-04-07T08:44:29.473Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-33300 | Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint | 2026-04-07T08:44:13.358Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-33185 | Discourse: Group SMTP test endpoint susceptible to SSRF | 2026-04-07T08:44:07.641Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-33074 | Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions | 2026-04-07T08:44:05.677Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-33073 | discourse-subscriptions plugin leaking stripe API key in multisite environment | 2026-04-07T08:44:03.688Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32951 | Discourse: Authorization bypass in oneboxer via user-controlled category id | 2026-04-07T08:44:01.614Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32620 | Discourse: Missing post-level authorization allows whisper metadata disclosure | 2026-04-07T08:43:59.465Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32619 | Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories | 2026-04-07T08:43:57.232Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32618 | Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id | 2026-04-07T08:43:55.159Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32615 | Discourse: Category group moderators can perform actions on topics in restricted categories without read access | 2026-04-07T08:43:53.093Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32607 | Discourse: Stored XSS via unescaped assignee name | 2026-04-07T08:43:50.897Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32273 | Discourse: XSS on category description update via API | 2026-04-07T08:43:48.997Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32243 | Discourse: Stored XSS in discourse-ai shared conversations onebox | 2026-04-07T08:43:46.857Z | 2026-04-07T09:14:25.218Z |
| bit-discourse-2026-32143 | Discourse: Admin-only report can be exported by moderators | 2026-04-07T08:43:44.810Z | 2026-04-07T09:14:25.218Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-ij23041 | In libexpat before 2 | 2026-04-09T01:01:38.269615Z | 2026-04-08T06:46:14Z |
| cleanstart-2026-ge08280 | Ruby JSON is a JSON implementation for Ruby | 2026-04-09T01:01:38.909372Z | 2026-04-08T08:04:46Z |
| cleanstart-2026-mw52739 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-04-09T00:59:39.080550Z | 2026-04-08T06:46:14Z |
| cleanstart-2026-ki25096 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-09T00:59:38.592849Z | 2026-04-08T06:46:14Z |
| cleanstart-2026-gy86690 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-09T00:57:57.606656Z | 2026-04-08T06:46:14Z |
| cleanstart-2026-ba09462 | OpenTelemetry-Go is the Go implementation of OpenTelemetry | 2026-04-09T00:57:38.077873Z | 2026-04-08T07:00:07Z |
| cleanstart-2026-ot38160 | url | 2026-04-09T00:55:38.018075Z | 2026-04-08T07:36:24Z |
| cleanstart-2026-cq39708 | Netty is an asynchronous, event-driven network application framework | 2026-04-09T00:53:38.262441Z | 2026-04-08T08:11:56Z |
| cleanstart-2026-iw08736 | Uncontrolled Recursion vulnerability in Apache Commons Lang | 2026-04-09T00:53:08.467045Z | 2026-04-08T09:19:34Z |
| cleanstart-2026-oq84658 | Netty is an asynchronous, event-driven network application framework | 2026-04-09T00:52:07.697782Z | 2026-04-08T08:14:27Z |
| cleanstart-2026-bg72514 | Uncontrolled Recursion vulnerability in Apache Commons Lang | 2026-04-09T00:49:38.775284Z | 2026-04-08T09:13:42Z |
| cleanstart-2026-mo53190 | gRPC-Go is the Go language implementation of gRPC | 2026-04-09T00:49:37.904336Z | 2026-04-08T09:47:14Z |
| cleanstart-2026-mi26424 | net/url package does not set a limit on the number of query parameters in a query | 2026-04-09T00:48:07.244191Z | 2026-04-08T09:30:12Z |
| cleanstart-2026-co68219 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-09T00:47:37.444297Z | 2026-04-08T09:44:10Z |
| cleanstart-2026-by59711 | gRPC-Go is the Go language implementation of gRPC | 2026-04-09T00:47:37.687304Z | 2026-04-08T09:36:51Z |
| cleanstart-2026-hz73294 | Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service | 2026-04-09T00:45:08.400884Z | 2026-04-08T10:12:22Z |
| cleanstart-2026-bd18029 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-09T00:45:07.480117Z | 2026-04-08T09:49:10Z |
| cleanstart-2026-nv37937 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-09T00:44:07.747698Z | 2026-04-08T09:58:55Z |
| cleanstart-2026-ly88807 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-09T00:43:37.430373Z | 2026-04-08T10:02:31Z |
| cleanstart-2026-ku98579 | gRPC-Go is the Go language implementation of gRPC | 2026-04-09T00:42:07.643397Z | 2026-04-08T10:07:21Z |
| cleanstart-2026-iw23933 | gRPC-Go is the Go language implementation of gRPC | 2026-04-09T00:42:07.594705Z | 2026-04-08T10:12:34Z |
| cleanstart-2026-fz55932 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process | 2026-04-09T00:41:07.286953Z | 2026-04-08T10:10:33Z |
| cleanstart-2026-af52025 | In libexpat before 2 | 2026-04-08T00:39:48.013620Z | 2026-04-07T05:54:38Z |
| cleanstart-2026-pd43534 | In libexpat before 2 | 2026-04-08T00:39:47.879615Z | 2026-04-07T05:54:38Z |
| cleanstart-2026-mp09743 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-08T00:37:59.326932Z | 2026-04-07T05:54:38Z |
| cleanstart-2026-bb02574 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-08T00:37:58.971684Z | 2026-04-07T05:54:38Z |
| cleanstart-2026-fu47971 | protojson | 2026-04-07T00:47:07.546790Z | 2026-04-06T13:01:42Z |
| cleanstart-2026-hx94762 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-04-07T00:45:34.962189Z | 2026-04-06T13:01:42Z |
| cleanstart-2026-ej93145 | attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames | 2026-04-07T00:44:04.086276Z | 2026-04-06T13:01:42Z |
| cleanstart-2026-dp59378 | In libexpat before 2 | 2026-04-07T00:42:33.537935Z | 2026-04-06T06:37:58Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2026-032 | 2026-04-08T16:09:54.000Z | 2026-04-08T16:09:54.000Z | |
| drupal-contrib-2026-031 | 2026-04-01T16:38:14.000Z | 2026-04-02T14:13:13.000Z | |
| drupal-contrib-2026-030 | 2026-03-18T16:10:00.000Z | 2026-03-18T16:10:00.000Z | |
| drupal-contrib-2026-029 | 2026-03-11T16:35:02.000Z | 2026-03-26T19:50:52.000Z | |
| drupal-contrib-2026-028 | 2026-03-11T16:33:14.000Z | 2026-03-26T19:43:59.000Z | |
| drupal-contrib-2026-027 | 2026-03-04T18:02:59.000Z | 2026-03-04T18:02:59.000Z | |
| drupal-contrib-2026-026 | 2026-03-04T18:02:14.000Z | 2026-03-04T18:02:14.000Z | |
| drupal-contrib-2026-025 | 2026-03-04T18:00:41.000Z | 2026-03-04T18:00:41.000Z | |
| drupal-contrib-2026-024 | 2026-03-04T17:59:51.000Z | 2026-03-05T14:03:05.000Z | |
| drupal-contrib-2026-023 | 2026-03-04T17:58:55.000Z | 2026-03-04T17:58:55.000Z | |
| drupal-contrib-2026-022 | 2026-03-04T17:57:58.000Z | 2026-03-04T17:57:58.000Z | |
| drupal-contrib-2026-021 | 2026-03-04T17:56:18.000Z | 2026-03-04T17:56:18.000Z | |
| drupal-contrib-2026-020 | 2026-03-04T17:54:27.000Z | 2026-03-04T17:54:27.000Z | |
| drupal-contrib-2026-019 | 2026-02-25T18:51:43.000Z | 2026-02-25T18:51:43.000Z | |
| drupal-contrib-2026-018 | 2026-02-25T18:51:26.000Z | 2026-02-25T18:51:26.000Z | |
| drupal-contrib-2026-017 | 2026-02-25T18:51:01.000Z | 2026-02-25T18:51:01.000Z | |
| drupal-contrib-2026-016 | 2026-02-25T18:49:59.000Z | 2026-02-25T19:30:03.000Z | |
| drupal-contrib-2026-015 | 2026-02-25T18:47:57.000Z | 2026-03-17T13:20:54.000Z | |
| drupal-contrib-2026-014 | 2026-02-25T18:46:10.000Z | 2026-02-25T18:46:10.000Z | |
| drupal-contrib-2026-013 | 2026-02-25T18:45:13.000Z | 2026-02-25T18:45:13.000Z | |
| drupal-contrib-2026-012 | 2026-02-25T18:44:38.000Z | 2026-02-25T18:44:38.000Z | |
| drupal-contrib-2026-011 | 2026-02-25T18:43:32.000Z | 2026-02-25T18:43:32.000Z | |
| drupal-contrib-2026-010 | 2026-02-11T16:54:18.000Z | 2026-02-25T17:17:46.000Z | |
| drupal-contrib-2026-009 | 2026-02-11T16:53:32.000Z | 2026-02-12T15:37:20.000Z | |
| drupal-contrib-2026-008 | 2026-02-04T17:23:40.000Z | 2026-02-04T17:23:40.000Z | |
| drupal-contrib-2025-110 | 2025-09-24T17:27:41.000Z | 2025-09-24T17:27:41.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-ale-004 | Vulnérabilité dans F5 BIG-IP Access Policy Manager | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-ale-003 | Note d’alerte – Ciblage des messageries instantanées | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2026-ale-002 | [MàJ] Vulnérabilité dans Cisco Catalyst SD-WAN | 2026-02-25T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| CERTFR-2026-ALE-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| CERTFR-2025-ALE-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| CERTFR-2025-ALE-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| CERTFR-2025-ALE-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| CERTFR-2025-ALE-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| CERTFR-2025-ALE-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| CERTFR-2025-ALE-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| CERTFR-2025-ALE-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| CERTFR-2025-ALE-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| CERTFR-2025-ALE-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-05-07T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| CERTFR-2025-ALE-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-05-07T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| CERTFR-2025-ALE-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| CERTFR-2025-ALE-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-04T00:00:00.000000 | 2025-04-11T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0424 | Multiples vulnérabilités dans les produits IBM | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0423 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0422 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0421 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0420 | Multiples vulnérabilités dans les produits Microsoft | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0419 | Multiples vulnérabilités dans Mattermost Desktop App | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0418 | Multiples vulnérabilités dans Apache Tomcat | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0417 | Vulnérabilité dans Spring Cloud Gateway | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0416 | Vulnérabilité dans les produits Juniper Networks | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0415 | Multiples vulnérabilités dans Tenable Security Center | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0414 | Multiples vulnérabilités dans les produits Microsoft | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0413 | Multiples vulnérabilités dans les produits Elastic | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0412 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0411 | Multiples vulnérabilités dans Mitel MiCollab | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0410 | Multiples vulnérabilités dans GitLab | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0409 | Multiples vulnérabilités dans Sonicwall Secure Mobile Access | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0408 | Multiples vulnérabilités dans les produits Juniper Networks | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0407 | Multiples vulnérabilités dans Google Chrome | 2026-04-09T00:00:00.000000 | 2026-04-09T00:00:00.000000 |
| certfr-2026-avi-0406 | Multiples vulnérabilités dans les produits Microsoft | 2026-04-08T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0405 | Vulnérabilité dans les produits Moxa | 2026-04-08T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0404 | Multiples vulnérabilités dans les produits Mozilla | 2026-04-08T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0403 | Multiples vulnérabilités dans OpenSSL | 2026-04-08T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0402 | Vulnérabilité dans HPE Aruba Networking Private 5G Core | 2026-04-08T00:00:00.000000 | 2026-04-08T00:00:00.000000 |
| certfr-2026-avi-0401 | Multiples vulnérabilités dans GLPI | 2026-04-07T00:00:00.000000 | 2026-04-07T00:00:00.000000 |
| certfr-2026-avi-0400 | Vulnérabilité dans Fortinet FortiClientEMS | 2026-04-07T00:00:00.000000 | 2026-04-07T00:00:00.000000 |
| certfr-2026-avi-0399 | Multiples vulnérabilités dans Google Android | 2026-04-07T00:00:00.000000 | 2026-04-07T00:00:00.000000 |
| certfr-2026-avi-0398 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0397 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0396 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| certfr-2026-avi-0395 | Multiples vulnérabilités dans les produits IBM | 2026-04-03T00:00:00.000000 | 2026-04-03T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-000053 | EmoCheck loads Dynamic Link Libraries insecurely | 2026-04-10T13:38+09:00 | 2026-04-10T13:38+09:00 |
| jvndb-2026-000052 | Multiple vulnerabilities in MATCHA series | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-000050 | Multiple vulnerabilities in Movable Type | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-010301 | Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-010300 | Multiple Vulnerabilities in Hitachi Ops Center Viewpoint | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-010299 | Multiple Vulnerabilities in Hitachi Ops Center Common Services | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-000049 | Multiple vulnerabilities in NEC Aterm series (NV26-001) | 2026-04-03T15:09+09:00 | 2026-04-03T15:09+09:00 |
| jvndb-2026-009720 | Multiple vulnerabilities in FUJI Electric V-SFT (April 2026) | 2026-04-02T14:58+09:00 | 2026-04-03T15:50+09:00 |
| jvndb-2026-009412 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009411 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009410 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009409 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009408 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009406 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009147 | Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2026-03-27T18:18+09:00 | 2026-03-27T18:18+09:00 |
| jvndb-2026-009148 | Open Redirect Vulnerability in Hitachi Ops Center Administrator | 2026-03-27T18:17+09:00 | 2026-03-27T18:17+09:00 |
| jvndb-2026-000047 | Multiple vulnerabilities in baserCMS | 2026-03-27T18:00+09:00 | 2026-03-27T18:00+09:00 |
| jvndb-2026-000045 | WordPress Plugin "OpenStreetMap" vulnerable to cross-site scripting | 2026-03-27T17:34+09:00 | 2026-03-27T17:34+09:00 |
| jvndb-2026-000046 | Multiple vulnerabilities in BUFFALO Wi-Fi routers | 2026-03-27T17:18+09:00 | 2026-03-27T17:18+09:00 |
| jvndb-2026-000044 | Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows | 2026-03-26T17:41+09:00 | 2026-03-26T17:41+09:00 |
| jvndb-2026-000042 | Digital Photo Frame GH-WDF10A vulnerable to improper access restriction | 2026-03-26T17:41+09:00 | 2026-03-26T17:41+09:00 |
| jvndb-2026-000043 | SHARP routers missing authentication for some web APIs | 2026-03-25T18:41+09:00 | 2026-03-25T18:41+09:00 |
| jvndb-2026-000040 | Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries | 2026-03-25T18:13+09:00 | 2026-03-25T18:13+09:00 |
| jvndb-2026-000041 | SANYO DENKI SANUPS SOFTWARE registers Windows services with unquoted file paths | 2026-03-25T17:58+09:00 | 2026-03-25T17:58+09:00 |
| jvndb-2026-007973 | Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005) | 2026-03-23T14:54+09:00 | 2026-04-09T13:55+09:00 |
| jvndb-2026-007524 | Vulnerability in Hitachi Command Suite | 2026-03-17T16:42+09:00 | 2026-03-17T16:42+09:00 |
| jvndb-2026-000038 | Installer for IBM Trusteer Rapport may insecurely load Dynamic Link Libraries | 2026-03-17T14:57+09:00 | 2026-03-17T14:57+09:00 |
| jvndb-2026-000039 | Missing authorization in the OpenAI thread/message API endpoints of GROWI | 2026-03-16T17:18+09:00 | 2026-03-16T17:18+09:00 |
| jvndb-2026-000037 | OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection | 2026-03-16T17:18+09:00 | 2026-03-16T17:18+09:00 |
| jvndb-2026-006887 | Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1 | 2026-03-12T17:22+09:00 | 2026-03-12T17:22+09:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-16036 | Linux kernel双重释放漏洞(CNVD-2026-16036) | 2026-04-02 | 2026-04-03 |
| cnvd-2026-16035 | FreeRDP拒绝服务漏洞(CNVD-2026-16035) | 2026-04-02 | 2026-04-03 |
| cnvd-2026-16034 | FreeRDP越界读取漏洞(CNVD-2026-16034) | 2026-04-02 | 2026-04-03 |
| cnvd-2026-16033 | FreeRDP堆缓冲区溢出漏洞(CNVD-2026-16033) | 2026-04-02 | 2026-04-03 |
| cnvd-2026-16032 | FreeRDP双重释放漏洞(CNVD-2026-16032) | 2026-04-02 | 2026-04-03 |
| cnvd-2026-16031 | OpenBao授权问题漏洞 | 2026-04-02 | 2026-04-03 |
| cnvd-2026-16137 | IBM InfoSphere Information Server代码问题漏洞(CNVD-2026-16137) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16136 | IBM Concert代码问题漏洞(CNVD-2026-16136) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16135 | IBM Concert加密问题漏洞(CNVD-2026-16135) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16134 | IBM Concert加密问题漏洞(CNVD-2026-16134) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16133 | IBM InfoSphere Information Server加密问题漏洞 | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16132 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16132) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16131 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16131) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16130 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16130) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16129 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16129) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16128 | IBM Concert访问控制错误漏洞(CNVD-2026-16128) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16064 | WordPress插件SMTP Mailer信息泄露漏洞 | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16058 | Apple macOS存在未明漏洞(CNVD-2026-16058) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16040 | OpenClaw路径遍历漏洞(CNVD-2026-16040) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16039 | WordPress插件Addon Jobsearch Chat跨站脚本漏洞 | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16038 | Linux kernel内存错误引用漏洞(CNVD-2026-16038) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16037 | FreeBSD缓冲区溢出漏洞(CNVD-2026-16037) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-15843 | WordPress插件Abandoned Cart Recovery for WooCommerce跨站脚本漏洞 | 2026-03-31 | 2026-04-01 |
| cnvd-2026-15842 | HCL Traveler存在未明漏洞 | 2026-03-31 | 2026-04-01 |
| cnvd-2026-15841 | HCL Aftermarket DPC硬编码漏洞 | 2026-03-31 | 2026-04-01 |
| cnvd-2026-15840 | HCL Aftermarket DPC文件上传漏洞 | 2026-03-31 | 2026-04-01 |
| cnvd-2026-15839 | HCL Aftermarket DPC跨站脚本漏洞 | 2026-03-31 | 2026-04-01 |
| cnvd-2026-15838 | HCL Aftermarket DPC访问控制错误漏洞 | 2026-03-31 | 2026-04-01 |
| cnvd-2026-15837 | HCL Aftermarket DPC存在未明漏洞(CNVD-2026-15837) | 2026-03-31 | 2026-04-01 |
| cnvd-2026-15836 | HCL Aftermarket DPC输入验证错误漏洞 | 2026-03-31 | 2026-04-01 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01844 | Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01843 | Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01842 | Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01841 | Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01840 | Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01839 | Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01838 | Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01837 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01836 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01835 | Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01834 | Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01833 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01832 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01831 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01830 | Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01829 | Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01827 | Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01826 | Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01825 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01824 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01823 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01822 | Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01821 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01820 | Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01819 | Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01818 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01817 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01816 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01815 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… | 16.02.2026 | 16.02.2026 |
| ID | Description | Updated |
|---|---|---|
| var-202407-2188 | Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digita… | 2024-07-23T22:46:32.699000Z |
| var-202406-3119 | Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 is a new generation of multi-s… | 2024-07-23T22:46:22.685000Z |
| var-202407-1740 | NBR6135-E is a router. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6135-E ha… | 2024-07-23T22:46:18.378000Z |
| var-202407-1417 | Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digita… | 2024-07-23T22:46:07.784000Z |
| var-202407-1103 | Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digita… | 2024-07-23T22:46:01.992000Z |
| var-202407-0957 | WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile… | 2024-07-23T22:45:59.391000Z |
| var-202407-0819 | SIMATIC S7-1500 is a modular control system suitable for various automation applications … | 2024-07-23T22:45:56.958000Z |
| var-202407-0818 | NBR6210-E is a router product. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6… | 2024-07-23T22:45:56.946000Z |
| var-202407-0779 | Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Tenda of … | 2024-07-23T22:45:56.150000Z |
| var-202407-0778 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnera… | 2024-07-23T22:45:56.131000Z |
| var-202407-0745 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnera… | 2024-07-23T22:45:55.498000Z |
| var-202305-1479 | D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution … | 2024-07-23T22:45:09.335000Z |
| var-202108-1158 | A race condition was addressed with improved locking. This issue is fixed in macOS Monter… | 2024-07-23T22:44:06.976000Z |
| var-201109-0089 | Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used… | 2024-07-23T22:43:49.590000Z |
| var-200702-0378 | Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 … | 2024-07-23T22:43:25.614000Z |
| var-201011-0225 | Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent … | 2024-07-23T22:41:43.584000Z |
| var-201112-0297 | Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Ne… | 2024-07-23T22:41:20.004000Z |
| var-201507-0645 | D-Link is an internationally renowned provider of network equipment and solutions, includ… | 2024-07-23T22:41:18.832000Z |
| var-201803-1810 | A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial … | 2024-07-23T22:41:17.171000Z |
| var-201809-0087 | WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vul… | 2024-07-23T22:41:16.554000Z |
| var-200607-0396 | Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) b… | 2024-07-23T22:41:04.279000Z |
| var-201702-0423 | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft… | 2024-07-23T22:40:53.160000Z |
| var-202305-1588 | D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerabilit… | 2024-07-23T22:40:05.297000Z |
| var-201112-0173 | The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, … | 2024-07-23T22:39:32.535000Z |
| var-201103-0371 | SAP Crystal Reports Server is a complete reporting solution for creating, managing, and d… | 2024-07-23T22:39:32.874000Z |
| var-201706-0017 | In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClie… | 2024-07-23T22:38:34.494000Z |
| var-202305-1520 | D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vul… | 2024-07-23T22:38:26.576000Z |
| var-202407-0490 | A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP … | 2024-07-23T22:38:24.768000Z |
| var-201810-0396 | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabili… | 2024-07-23T22:37:44.850000Z |
| var-202001-0833 | A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe mo… | 2024-07-23T22:37:43.471000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-028 | Draeger: ICMHelper is vulnerable to a privilege escalation | 2025-08-05T10:00:00.000Z | 2026-01-06T11:00:00.000Z |
| vde-2019-012 | TECSON/GOK: Improper Authentication and Access Control on multiple devices | 2019-06-04T13:21:00.000Z | 2025-05-14T13:00:14.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-104 | Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware | 2026-03-18T08:00:00.000Z | 2026-03-18T08:00:00.000Z |
| vde-2025-109 | Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware | 2026-02-10T08:00:00.000Z | 2026-02-23T14:00:00.000Z |
| vde-2025-073 | Phoenix Contact: Security Advisory for TC ROUTER and CLOUD CLIENT Industrial mobile network routers | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| vde-2025-071 | Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx Firmware | 2025-12-09T08:00:00.000Z | 2026-01-12T08:00:00.000Z |
| vde-2025-074 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-10-14T10:00:00.000Z | 2025-10-15T10:00:00.000Z |
| vde-2025-072 | Phoenix Contact: Security Advisory for QUINT4-UPS EIP | 2025-10-14T06:00:00.000Z | 2025-10-14T06:00:00.000Z |
| vde-2025-077 | Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2025-064 | Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation | 2025-09-09T07:00:00.000Z | 2025-09-09T07:00:00.000Z |
| vde-2025-063 | Phoenix Contact: Device and Update Management Windows Installer Privilege Escalation | 2025-08-12T10:00:00.000Z | 2025-08-12T10:00:00.000Z |
| vde-2025-054 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2025-053 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2025-019 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-07-08T10:00:00.000Z | 2025-07-22T08:00:00.000Z |
| vde-2025-014 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2025-029 | Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers | 2025-05-13T09:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2025-005 | Phoenix Contact: Security Advisory for ESL Stick USB-A | 2025-01-14T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-070 | Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers | 2025-01-14T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-073 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2024-12-09T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-071 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2024-12-09T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-067 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Engineer | 2024-10-08T12:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-052 | Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors. | 2024-09-10T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-051 | Phoenix Contact: Multiple mGuard devices are vulnerable to a remote code injection due to SSH | 2024-09-10T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-039 | Phoenix Contact: Multiple Vulnerabilities in mGuard devices | 2024-09-10T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-022 | Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers | 2024-08-13T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-029 | Phoenix Contact: Unbounded growth of OpenSSL session cache in multiple FL MGUARD devices | 2024-06-11T06:00:00.000Z | 2024-06-11T06:00:00.000Z |
| vde-2024-019 | Phoenix Contact: Multiple vulnerabilities in the Firmware of CHARX SEC charge controllers | 2024-05-14T06:00:00.000Z | 2024-05-14T06:00:00.000Z |
| vde-2024-011 | PHOENIX CONTACT: Multiple vulnerabilities in CHARX SEC charge controllers | 2024-03-12T07:00:00.000Z | 2024-03-12T07:00:00.000Z |
| vde-2023-058 | Phoenix Contact: PLCnext Control prone to download of code without integrity check | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-057 | Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC | 2023-12-12T07:00:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2023-056 | Phoenix Contact: PLCnext prone to Incorrect Permission Assignment for Critical Resource | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-055 | Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource | 2023-12-12T07:00:00.000Z | 2023-12-12T07:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-085 | Welotec: Path Traversal in SmartEMS Upload Handling | 2025-09-10T07:00:00.000Z | 2025-09-22T08:00:00.000Z |
| vde-2025-076 | Welotec: Hard-coded JWT secret in egOS WebGUI | 2025-08-26T07:00:00.000Z | 2025-08-26T07:00:00.000Z |
| vde-2024-043 | Welotec: Multiple products are vulnerable to regreSSHion | 2024-08-22T06:00:00.000Z | 2024-08-22T06:00:00.000Z |
| vde-2024-023 | Welotec: Clickjacking Vulnerability in WebUI | 2024-04-23T08:00:00.000Z | 2024-04-23T08:00:00.000Z |
| vde-2024-009 | Welotec: Two vulnerabilities in TK500v1 router series | 2024-04-09T08:00:00.000Z | 2025-05-14T12:28:19.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| advisory2026-03_vde-2026-018 | CODESYS Control V3 - Externally-controlled format string in Auditlog | 2026-03-24T08:00:00.000Z | 2026-03-24T08:00:00.000Z |
| advisory2026-02_vde-2026-011 | CODESYS Control V3 - Untrusted boot application | 2026-03-24T08:00:00.000Z | 2026-03-24T08:00:00.000Z |
| advisory2026-01_vde-2026-012 | CODESYS Installer - Possible Privilege Escalation | 2026-03-10T10:00:00.000Z | 2026-03-10T10:00:00.000Z |
| advisory2025-09_vde-2025-099 | CODESYS Control - Linux/QNX SysSocket flaw | 2025-12-01T11:00:00.000Z | 2026-02-12T11:00:00.000Z |
| advisory2025-11_vde-2025-101 | CODESYS Development System - Deserialization of Untrusted Data | 2025-12-01T10:00:00.000Z | 2025-12-01T10:00:00.000Z |
| advisory2025-10_vde-2025-100 | CODESYS Control - Invalid type usage in visualization | 2025-12-01T10:00:00.000Z | 2026-02-12T11:00:00.000Z |
| advisory2025-07_vde-2025-051 | CODESYS Control V3 - Exposed PKI folder | 2025-08-04T10:00:00.000Z | 2025-09-01T10:00:00.000Z |
| advisory2025-06_vde-2025-049 | CODESYS Control V3 - Insecure default permissions | 2025-08-04T10:00:00.000Z | 2025-08-04T10:00:00.000Z |
| advisory2025-08_vde-2025-070 | CODESYS Control V3 - NULL pointer dereference | 2025-08-04T08:00:00.000Z | 2025-10-14T08:00:00.000Z |
| advisory2025-05_vde-2025-027 | CODESYS Visualization user management bypass in WebVisu | 2025-04-23T10:00:00.000Z | 2025-04-23T10:00:00.000Z |
| advisory2025-04_vde-2025-022 | CODESYS Control V3 - OPC UA Server Authentication bypass | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-03_vde-2025-015 | CODESYS Control V3 removable media path traversal | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-02_vde-2025-013 | CODESYS (Edge) Gateway for Windows insecure default | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-01_vde-2025-001 | CODESYS Key physical side-channel vulnerability | 2025-01-21T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2024-05_vde-2024-057 | CODESYS: CODESYS web server vulnerable to DoS | 2024-09-25T21:59:00.000Z | 2025-04-03T10:00:00.000Z |
| vde-2024-046 | OSCAT: Out-of-bounds read in OSCAT Basic library | 2024-09-10T14:00:00.000Z | 2024-09-10T14:00:00.000Z |
| vde-2024-026 | CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products | 2024-06-04T08:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-027 | CODESYS: Vulnerability in multiple products through exposure of resource to wrong sphere | 2024-06-04T06:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-024 | CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files | 2024-05-06T08:00:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2023-066 | CODESYS: OS Command Injection Vulnerability in multiple CODESYS Control products | 2023-12-05T14:25:00.000Z | 2023-12-05T14:25:00.000Z |
| vde-2023-035 | CODESYS: Multiple products affected by WIBU Codemeter vulnerability | 2023-12-05T07:00:00.000Z | 2023-12-05T07:00:00.000Z |
| vde-2023-025 | CODESYS: Control runtime system memory and integrity check vulnerabilities | 2023-08-03T11:18:00.000Z | 2023-08-03T11:18:00.000Z |
| vde-2023-023 | CODESYS: Missing Brute-Force protection in CODESYS Development System | 2023-08-03T11:08:00.000Z | 2023-08-03T11:08:00.000Z |
| vde-2023-022 | CODESYS: Missing integrity check in CODESYS Development System | 2023-08-03T10:52:00.000Z | 2023-08-03T10:52:00.000Z |
| vde-2023-021 | CODESYS: Vulnerability in CODESYS Development System allows execution of binaries | 2023-08-03T10:48:00.000Z | 2023-08-03T10:48:00.000Z |
| vde-2023-019 | CODESYS: Multiple Vulnerabilities in CmpApp CmpAppBP and CmpAppForce | 2023-08-03T10:42:00.000Z | 2023-08-03T10:42:00.000Z |
| vde-2023-024 | CODESYS: Vulnerability in CODESYS Development System and CODESYS Scripting | 2023-07-28T07:45:00.000Z | 2023-07-28T07:45:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-067 | Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access | 2025-08-10T10:00:00.000Z | 2025-08-25T10:00:00.000Z |
| vde-2025-024 | Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated jQuery version | 2025-05-13T10:00:00.000Z | 2025-05-13T10:00:00.000Z |
| vde-2025-032 | Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting | 2025-05-06T10:00:00.000Z | 2025-05-06T10:00:00.000Z |
| vde-2025-031 | Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions | 2025-04-28T10:00:00.000Z | 2025-04-28T10:00:00.000Z |
| vde-2024-018 | Wiesemann & Theis: Multiple products prone to unquoted search path | 2024-02-28T07:00:00.000Z | 2025-05-14T12:36:39.000Z |
| vde-2022-057 | Wiesemann & Theis multiple products prone to web interface vulnerability | 2022-12-13T07:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2022-043 | Wiesemann & Theis: Multiple Vulnerabilities in the Com-Server Family | 2022-11-07T11:43:00.000Z | 2022-11-07T12:14:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-030 | MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2026-04-02T11:00:00.000Z | 2026-04-02T11:00:00.000Z |
| vde-2026-024 | MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2026-03-23T12:00:00.000Z | 2026-03-23T12:00:00.000Z |
| vde-2025-065 | MB connect line: Sandbox escape in mbNET's LUA interpreter | 2025-07-31T10:00:00.000Z | 2025-07-31T10:00:00.000Z |
| vde-2025-058 | MB connect line: Multiple vulnerabilities in mbNET.mini | 2025-07-21T10:00:00.000Z | 2025-07-21T10:00:00.000Z |
| vde-2025-035 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2025-034 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2024-010 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-03-18T11:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-068 | MB connect line: Multiple Vulnerabilities in MB connect line Products | 2024-10-15T08:00:00.000Z | 2026-03-06T08:00:00.000Z |
| vde-2024-056 | MB connect line: Multiple Vulnerabilities in mbNET.mini Product | 2024-10-15T08:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-030 | MB connect line: mbNET.mini vulnerable to OS command injection | 2024-07-03T09:00:00.000Z | 2024-07-03T09:00:00.000Z |
| vde-2023-041 | MB connect line: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24 | 2023-10-16T08:38:00.000Z | 2023-10-16T08:38:00.000Z |
| vde-2024-042 | MB connect line: Multiple products are vulnerable to regreSSHion | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2023-012 | MB connect line: Cross-site Scripting vulnerability in mbNET/mbNET.rokey | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2023-002 | MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24 | 2023-05-15T14:06:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2022-011 | MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24 | 2022-09-07T12:50:00.000Z | 2022-09-07T12:50:00.000Z |
| vde-2021-030 | MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 (Update A) | 2022-09-07T10:48:00.000Z | 2025-06-06T07:00:00.000Z |
| vde-2021-003 | MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A) | 2022-09-07T10:46:00.000Z | 2022-09-07T10:46:00.000Z |
| vde-2021-037 | MB connect line: Remote user enumeration in mbCONNECT24/mymbCONNECT24 | 2021-10-27T10:15:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-017 | MB connect line: Privilege escalation in mbDIALUP | 2021-07-22T11:35:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-031 | MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24 | 2021-07-22T11:33:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-012 | MB connect line: multiple products partially affected by DNSpooq | 2021-04-26T08:04:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-035 | MB connect line: Multiple Vulnerabilities in mymbCONNECT24 and mbCONNECT24 <= v2.6.1 | 2020-09-18T12:30:00.000Z | 2025-05-14T12:28:19.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-013 | Helmholz: Use of a Broken or Risky Cryptographic Algorithm | 2026-04-07T08:00:00.000Z | 2026-04-07T08:00:00.000Z |
| vde-2026-025 | Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual | 2026-03-23T12:00:00.000Z | 2026-03-23T12:00:00.000Z |
| vde-2025-069 | Helmholz: Sandbox escape in REX200/250 LUA interpreter | 2025-07-31T10:00:00.000Z | 2025-07-31T10:00:00.000Z |
| vde-2025-059 | Helmholz: Multiple vulnerabilities in REX 100 | 2025-07-21T10:00:00.000Z | 2025-07-21T10:00:00.000Z |
| vde-2025-038 | Vulnerabilities in myREX24/myREX24.virtual | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2025-037 | Vulnerabilities in myREX24/myREX24.virtual | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2024-031 | Helmholz: Vulnerabilities in myREX24 V2/myREX24.virtual | 2025-03-18T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-069 | Helmholz: Multiple Vulnerabilities in Helmholz products | 2024-10-15T08:00:00.000Z | 2026-03-06T08:00:00.000Z |
| vde-2024-066 | Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product | 2024-10-15T08:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-044 | Helmholz: Multiple products are vulnerable to regreSSHion | 2024-07-31T08:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-032 | Helmholz: REX 100 vulnerable to OS command injection | 2024-07-03T09:00:00.000Z | 2024-07-03T13:33:00.000Z |
| vde-2023-043 | Helmholz: Vulnerability allows access to non-critical information in myREX24 and myREX24.virtual | 2023-10-16T08:38:00.000Z | 2023-10-16T08:38:00.000Z |
| vde-2023-029 | Helmholz: Cross-site Scripting vulnerability in REX 200/REX 250 | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2023-008 | Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual | 2023-05-15T12:06:00.000Z | 2023-05-15T12:06:00.000Z |
| vde-2022-017 | Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual | 2022-09-07T12:54:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2022-039 | Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual | 2022-09-07T10:56:00.000Z | 2022-09-07T10:56:00.000Z |
| vde-2021-058 | Helmholz: Remote user enumeration in myREX24/myREX24-virtual | 2021-12-08T13:04:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-057 | Helmholz: Privilege Escalation in shDialup (Update A) | 2021-03-28T13:03:00.000Z | 2025-05-14T13:00:15.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fsa-202601 | Several CODESYS vulnerabilities in Festo Automation Suite | 2026-02-26T08:00:00.000Z | 2026-02-26T08:00:00.000Z |
| fsa-202406 | Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo | 2024-12-03T11:00:00.000Z | 2024-12-03T14:00:00.000Z |
| fsa-202405 | Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability | 2024-09-09T07:00:00.000Z | 2025-11-05T08:00:00.000Z |
| fsa-202402 | Several Vulnerabilities in MES PC (Windows 10) | 2024-02-27T12:00:00.000Z | 2025-12-08T07:00:00.000Z |
| fsa-202401 | Festo: Multiple products contain CoDe16 vulnerability | 2024-01-30T07:00:00.000Z | 2025-11-04T11:00:00.000Z |
| fsa-202305 | Festo: Vulnerable WIBU-SYSTEMS CodeMeter Runtime in several products | 2023-11-28T07:00:00.000Z | 2025-05-13T10:00:00.000Z |
| fsa-202303 | Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products | 2023-10-17T06:00:00.000Z | 2025-10-01T06:00:00.000Z |
| fsa-202304 | Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions | 2023-09-05T10:00:00.000Z | 2025-10-01T10:00:00.000Z |
| fsa-202301 | Festo: Cross-Site-Scripting (XSS) vulnerability in LX-Appliance | 2023-08-29T10:00:00.000Z | 2025-10-01T10:00:00.000Z |
| fsa-202302 | Festo: Several vulnerabilities in FactoryViews | 2023-07-10T10:00:00.000Z | 2026-02-02T08:00:00.000Z |
| fsa-202206 | Festo: Vulnerable WIBU-SYSTEMS CodeMeter Runtime in multiple products | 2022-12-13T11:50:00.000Z | 2025-10-01T10:50:00.000Z |
| fsa-202209 | Festo: Incomplete documentation of remote accessible functions and protocols in Festo products | 2022-11-29T11:49:00.000Z | 2025-11-03T10:00:00.000Z |
| fsa-202208 | Festo: Multiple Festo products contain an unsafe default Codesys configuration | 2022-11-29T11:41:00.000Z | 2025-10-28T11:00:00.000Z |
| fsa-202207 | Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function | 2022-09-20T10:00:00.000Z | 2025-07-28T10:00:00.000Z |
| fsa-202203 | Festo: Controller CECC-S,LK,D family firmware 2.4.2.0 - multiple vulnerabilities in CODESYS V3 runtime system | 2022-07-18T10:00:00.000Z | 2025-07-10T10:00:00.000Z |
| fsa-202202 | Festo: Controller CECC-S,LK,D family <= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system | 2022-07-18T10:00:00.000Z | 2025-11-03T11:00:00.000Z |
| fsa-202201 | Festo: CECC-X-M1 - command injection vulnerabilities | 2022-07-06T07:00:00.000Z | 2025-06-23T08:00:00.000Z |
| fsa-202101 | Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q | 2021-09-22T11:13:00.000Z | 2025-08-26T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-011 | PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability and information disclosure | 2025-05-26T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-002 | PEPPERL+FUCHS: HMI – devices are affected by Windows RCE | 2025-02-25T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-065 | PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key | 2024-11-26T11:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-063 | PEPPERL+FUCHS: Multiple products are affected by regreSSHion | 2024-10-08T12:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-033 | PEPPERL+FUCHS: Device Master ICDM-RX/* – Vulnerability may allow unauthenticated remote attacker information disclosure and denial of service | 2024-08-13T12:00:00.000Z | 2025-05-14T14:34:17.000Z |
| vde-2024-038 | Pepperl+Fuchs: Anonymous FTP server and Telnet access allows information disclosure and manipulation | 2024-07-10T06:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-037 | Pepperl+Fuchs: Use after free vulnerability in Smart-Ex 02 and Smart-Ex 03 | 2024-07-10T06:00:00.000Z | 2024-07-10T06:00:00.000Z |
| vde-2024-017 | Pepperl+Fuchs: ICE2- * and ICE3- * are affected by multiple vulnerabilities | 2024-04-10T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-021 | Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities | 2022-05-16T14:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-012 | Pepperl+Fuchs: Vulnerability in multiple VisuNet devices | 2022-04-26T12:00:00.000Z | 2022-05-16T14:15:00.000Z |
| vde-2021-006 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-11-16T14:53:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2021-041 | Pepperl+Fuchs: Multiple DTM and VisuNet Software affected by log4net vulnerability | 2021-10-26T13:35:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-027 | Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-10-16T12:00:00.001Z | 2025-05-14T13:00:14.000Z |
| vde-2021-028 | Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities | 2021-08-16T12:01:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-034 | Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices | 2021-07-30T07:55:00.000Z | 2021-07-30T07:55:00.000Z |
| vde-2021-018 | Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules | 2021-05-12T08:57:00.000Z | 2021-05-12T08:57:00.000Z |
| vde-2020-053 | Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities | 2021-03-08T13:44:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-007 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-02-16T14:53:00.000Z | 2025-05-14T12:53:43.000Z |
| vde-2020-050 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-02-15T13:33:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2021-001 | Pepperl+Fuchs: Vulnerability allowing code-excution in PACTware <=5.0.5.31 | 2021-01-15T12:41:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-038 | Pepperl+Fuchs: Multiple vulnerabilites in Comtrol IO-Link Master | 2021-01-04T13:01:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-040 | Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux | 2020-10-05T12:00:00.000Z | 2020-10-05T12:00:00.000Z |
| vde-2020-034 | Pepperl+Fuchs: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components | 2020-09-10T13:22:00.000Z | 2020-09-10T13:22:00.000Z |
| vde-2020-017 | Pepperl+Fuchs, PACTware: Two password vulnerabilities found | 2020-05-29T10:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-014 | Pepperl+Fuchs: Kr00k vulnerabilities in Broadcom Wi-Fi chipsets | 2020-03-31T13:30:00.000Z | 2025-05-14T14:34:17.000Z |
| vde-2019-011 | Pepperl+Fuchs: Remote code execution vulnerability in HMI devices | 2019-05-29T07:35:00.000Z | 2019-10-07T10:00:00.000Z |
| vde-2019-004 | Pepperl+Fuchs: ecom Mobile Devices prone to BlueBorne Attack | 2019-03-14T07:52:00.000Z | 2019-03-14T07:52:00.000Z |
| vde-2019-002 | Pepperl+Fuchs: Path traversal in WirelessHART Gateway | 2019-03-06T10:35:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2018-016 | Pepperl+Fuchs: ecom Mobile devices prone to Android privilege elevation vulnerability | 2018-10-19T10:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2018-009 | Pepperl+Fuchs: Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices | 2018-07-06T14:47:00.000Z | 2018-10-23T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ppsa-2026-001 | Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service | 2026-02-02T08:00:00.000Z | 2026-02-02T10:00:00.000Z |
| ppsa-2025-004 | Pilz: Vulnerability affecting PASvisu Runtime | 2025-10-20T10:00:00.000Z | 2025-10-20T10:00:00.000Z |
| ppsa-2025-003 | Pilz: Authentication Bypass in IndustrialPI Webstatus | 2025-07-01T10:00:00.000Z | 2025-07-01T10:00:00.000Z |
| ppsa-2025-002 | Pilz: Missing Authentication in Node-RED integration | 2025-07-01T10:00:00.000Z | 2025-07-01T10:00:00.000Z |
| ppsa-2025-001 | Pilz: Authentication Bypass and Cross-Site-Scripting in PiCtory | 2025-06-30T10:00:00.000Z | 2025-06-30T10:00:00.000Z |
| vde-2024-002 | Pilz: Multiple products affected by uC/HTTP vulnerability | 2024-02-06T07:00:00.000Z | 2024-02-06T07:00:00.000Z |
| vde-2023-050 | Pilz: Vulnerability in PASvisu and PMI v8xx | 2024-01-30T07:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2023-059 | Pilz: Electron Vulnerabilities in PASvisu and PMI v8xx | 2023-12-05T07:06:00.000Z | 2023-12-05T07:06:00.000Z |
| vde-2023-048 | Pilz: Multiple products prone to libwebp vulnerability | 2023-12-05T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-033 | Pilz: WIBU Vulnerabilitiy in multiple Products | 2023-10-12T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-045 | Pilz: PAS 4000 prone to ZipSlip | 2022-11-24T09:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-044 | Pilz: Multiple products affected by ZipSlip | 2022-11-24T09:00:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2022-033 | Pilz: PASvisu and PMI affected by multiple vulnerabilities | 2022-11-24T09:00:00.000Z | 2022-11-24T09:00:00.000Z |
| vde-2021-061 | Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2021-055 | Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2021-054 | Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2021-009 | Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities | 2021-09-20T11:56:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-033 | Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities | 2020-09-10T13:18:00.000Z | 2025-05-14T12:28:19.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-008 | Wago: Vulnerability in WBM through Open VPN | 2026-04-08T07:00:00.000Z | 2026-04-08T07:00:00.000Z |
| vde-2026-021 | WAGO: Multiple Vulnerabilities in WAGO VC Hub | 2026-03-30T07:00:00.000Z | 2026-03-30T07:00:00.000Z |
| vde-2026-010 | WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere | 2026-03-30T07:00:00.000Z | 2026-03-30T07:00:00.000Z |
| vde-2026-020 | WAGO: Vulnerability in managed switches | 2026-03-23T08:00:00.000Z | 2026-03-23T08:00:00.000Z |
| vde-2026-004 | WAGO: Vulnerabilities in Managed Switch | 2026-02-09T08:00:00.000Z | 2026-02-09T08:00:00.000Z |
| vde-2025-095 | WAGO: Vulnerabilities in WAGO Industrial-Managed Switches | 2025-12-10T10:00:00.000Z | 2026-01-19T08:00:00.000Z |
| vde-2025-062 | WAGO: Multiple Vulnerabilities in CODESYS components | 2025-11-03T11:00:00.000Z | 2025-11-03T11:00:00.000Z |
| vde-2025-087 | WAGO: Vulnerabilities in Device Sphere and Solution Builder | 2025-09-24T09:00:00.000Z | 2025-09-24T09:00:00.000Z |
| vde-2025-083 | WAGO: Vulnerability in hardware switch circuit | 2025-09-15T08:00:00.000Z | 2025-09-15T08:00:00.000Z |
| vde-2025-080 | WAGO: Multiple Vulnerabilities in I/O-Check Service | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2025-082 | WAGO: Critical sudo Vulnerability in Multiple Products | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-048 | WAGO: Escalation of Privileges in Coupler Firmware | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-057 | WAGO: Vulnerability in WAGO Device Sphere | 2025-06-23T10:00:00.000Z | 2025-07-07T06:15:00.000Z |
| vde-2025-040 | WAGO: Vulnerabilities in ctrlX OS app | 2025-06-16T10:00:00.000Z | 2025-06-16T10:00:00.000Z |
| vde-2025-018 | WAGO: Vulnerabilities in WAGO Device Manager | 2025-06-16T10:00:00.000Z | 2025-11-21T12:00:00.000Z |
| vde-2025-020 | WAGO: Switches affected by year 2k38 problem | 2025-06-02T06:00:00.000Z | 2025-06-02T06:00:00.000Z |
| vde-2025-007 | WAGO: Year 2038 problem | 2025-04-15T10:00:00.000Z | 2025-04-15T10:00:00.000Z |
| vde-2025-004 | Wago: Vulnerability in libwagosnmp | 2025-03-05T11:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2025-009 | WAGO: Vulnerabilities in CODESYS Control V3 - OPC UA Stack | 2025-02-04T11:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2025-008 | WAGO: Vulnerabilities in CODESYS Control | 2025-02-04T11:00:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2024-072 | WAGO: Vulnerabilities in CODESYS Control | 2024-12-03T11:00:00.000Z | 2024-12-03T11:00:00.000Z |
| vde-2024-047 | WAGO: Multiple vulnerabilities in docker configuration | 2024-11-18T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-021 | WAGO: Vulnerability in WAGO Navigator | 2024-05-21T06:00:00.000Z | 2024-05-21T06:00:00.000Z |
| vde-2023-068 | WAGO: Multiple Vulnerabilities in e!Cockpit and e!Runtime / CODESYS Runtime | 2024-05-21T06:00:00.000Z | 2024-05-21T06:00:00.000Z |
| vde-2023-039 | Wago: Multiple vulnerabilities in web-based management of multiple products | 2024-03-13T08:30:00.000Z | 2024-03-13T08:30:00.000Z |
| vde-2024-014 | WAGO: Multiple products affected by Terrapin | 2024-02-22T07:00:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2024-007 | WAGO: WIBU-SYSTEMS CodeMeter Runtime vulnerabilities in multiple products | 2024-01-22T07:00:00.000Z | 2024-01-22T07:00:00.000Z |
| vde-2023-045 | Wago: Vulnerability in Smart Designer Web-Application | 2023-12-05T07:00:00.000Z | 2023-12-05T07:00:00.000Z |
| vde-2023-044 | Wago: Vulnerabilities in IEC61850 Server / Telecontrol | 2023-12-05T07:00:00.000Z | 2023-12-05T07:00:00.000Z |
| vde-2023-037 | WAGO: Remote Code execution vulnerability in managed Switches | 2023-11-21T07:00:00.000Z | 2023-11-21T07:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-061 | ifm: Improper Access Control vulnerability | 2025-06-30T10:00:00.000Z | 2026-02-18T08:00:00.000Z |
| vde-2024-012 | ifm: Vulnerabilities in ifm AC14 firmware | 2024-07-09T07:00:00.000Z | 2026-01-15T11:00:00.000Z |
| vde-2024-028 | ifm moneo password reset can be exploited | 2024-05-06T10:00:00.000Z | 2026-01-15T11:00:00.000Z |
| vde-2022-050 | IFM: weak password recovery vulnerability in moneo appliance | 2022-12-12T11:00:00.000Z | 2026-01-06T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-092 | Beckhoff: Privilege escalation and information leak via Beckhoff Device Manager | 2026-01-27T11:00:00.000Z | 2026-01-27T11:00:00.000Z |
| vde-2025-106 | Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server | 2026-01-26T10:00:00.000Z | 2026-02-12T09:00:00.000Z |
| vde-2025-075 | Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2024-064 | Beckhoff: Local command injection via TwinCAT Package Manager | 2024-10-31T11:00:00.000Z | 2025-04-11T07:00:00.000Z |
| vde-2021-008 | Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products | 2024-10-21T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-050 | Beckhoff: Denial-of-Service vulnerability in the MDP package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-049 | Beckhoff: Denial-of-Service vulnerability in the IPC-Diagnostics package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-048 | Beckhoff: Improper neutralization of input in IPC-Diagnostics-www package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-045 | Beckhoff: Local authentication bypass in IPC-Diagnostics package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-067 | Beckhoff: Open redirect in TwinCAT/BSD package authelia-bhf | 2023-12-13T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-003 | BECKHOFF: Null Pointer Dereference vulnerability in products with OPC UA technology | 2022-03-01T12:34:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2021-051 | Beckhoff: Relative path traversal vulnerability through TwinCAT OPC UA Server | 2021-11-04T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-051 | Beckhoff: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server | 2021-04-27T08:08:00.000Z | 2021-05-11T10:00:00.000Z |
| vde-2020-037 | Beckhoff: Privilege Escalation through TwinCat System Tray (TcSysUI.exe) | 2020-11-19T13:41:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-019 | Beckhoff: EtherLeak in TwinCAT RT network driver | 2020-06-16T08:31:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-005 | Beckhoff: BK9000 couplers - Denial of service inhibits function | 2020-03-10T13:17:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2019-019 | Beckhoff: TwinCAT Denial-of-Service in Profinet driver | 2019-10-09T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-007 | TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability | 2026-02-23T08:00:00.000Z | 2026-02-23T08:00:00.000Z |
| vde-2025-078 | TRUMPF: Remote support uses an outdated encryption algorithm | 2025-08-25T06:00:00.000Z | 2025-08-29T10:00:00.000Z |
| vde-2024-004 | TRUMPF: Multiple products affected by log4net vulnerability | 2025-04-22T10:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-040 | Multiple TRUMPF products prone to regreSSHion OpenSSH server vulnerabilities | 2024-06-25T10:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-034 | Multiple TRUMPF products prone to nftables server vulnerabilities | 2024-06-25T10:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-001 | TRUMPF: Multiple products contain WIBU CodeMeter vulnerabilities | 2024-01-29T07:00:00.000Z | 2024-01-29T07:00:00.000Z |
| vde-2024-006 | TRUMPF: Oseon contains vulnerable version of OpenSSL 1.1.x | 2024-01-23T07:00:00.000Z | 2024-01-23T07:00:00.000Z |
| vde-2024-005 | TRUMPF: Multiple products contain vulnerable version of 7-zip | 2024-01-23T07:00:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2024-003 | TRUMPF: Multiple products include a vulnerable version of Notepad++ | 2024-01-23T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-031 | Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability | 2023-09-13T10:00:00.000Z | 2023-11-13T11:00:00.000Z |
| vde-2022-049 | TRUMPF: Multiple products prone to X.Org server vulnerabilities | 2022-11-07T11:43:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-023 | TRUMPF TruTops prone to improper access control | 2022-10-17T10:00:00.000Z | 2022-10-17T10:00:00.000Z |
| vde-2022-034 | TRUMPF: Products prone to Unified Automation vulnerabilities | 2022-08-15T10:00:00.000Z | 2022-08-15T10:00:00.000Z |
| vde-2022-016 | TRUMPF: TruTops Fab, TruTops Boost prone to vulnerability | 2022-05-02T10:00:00.000Z | 2022-05-02T10:00:00.000Z |
| vde-2021-033 | TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities | 2021-08-12T13:02:00.001Z | 2021-08-12T13:02:00.001Z |
| vde-2021-011 | TRUMPF Laser GmbH: TruControl 2.14.0 to 3.14.0 affected by recent sudo vulnerability | 2021-03-22T08:59:00.000Z | 2026-02-02T14:25:00.000Z |
| vde-2020-039 | TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities | 2020-10-27T10:28:00.000Z | 2025-05-14T12:36:39.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-043 | Lenze: PLC Designer V4 with insecure storage of sensitive information | 2025-06-25T10:00:00.000Z | 2025-06-25T10:00:00.000Z |
| vde-2025-042 | Lenze: VPN Client Privilege Escalation in combination with Lenze x500 IoT Gateway | 2025-05-27T09:00:00.000Z | 2025-05-27T09:00:00.000Z |
| vde-2024-053 | Lenze: Install Directory with insufficient permissions | 2024-09-03T08:00:00.000Z | 2025-03-13T11:30:00.000Z |
| vde-2022-030 | Lenze: Vulnerability in the OPC-UA authentification connection in the firmware | 2022-07-11T10:00:00.000Z | 2022-07-11T10:00:00.000Z |
| vde-2021-048 | Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication | 2021-10-04T12:33:00.000Z | 2021-10-04T12:33:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2022-029 | Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0 | 2022-09-26T08:00:00.000Z | 2026-03-02T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-047 | AUMA: Incorrect delivery status of the Bluetooth configuration | 2025-06-10T10:00:00.000Z | 2025-06-10T10:00:00.000Z |
| vde-2025-026 | AUMA Riester: Buffer overflow in service telegram | 2025-05-12T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2023-028 | AUMA: SIMA Master Station affected by WRECK vulnerability | 2023-08-07T11:35:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2023-027 | AUMA: Reflected Cross-Site Scripting Vulnerability in SIMA Master Stations | 2023-08-07T09:35:00.000Z | 2023-08-07T09:35:00.000Z |
| vde-2022-032 | AUMA: Multiple Vulnerabilities in Automation Runtime NTP Service | 2022-08-09T08:00:00.000Z | 2022-08-09T08:00:00.000Z |
| vde-2022-024 | Auma: SIMA² Master Station Denial of Service Vulnerability on Automation Runtime Webserver | 2022-06-15T10:00:00.000Z | 2025-05-14T13:00:15.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-084 | Bender Charge Controller Vulnerability - Unsecure Communication | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-061 | Bender Charge Controller Vulnerability - Disclosure Of Stored Credentials When Authenticated | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2021-047 | Bender/ebee: Multiple Charge Controller Vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2020-043 | Bender: COMTRAXX < 4.2.0 affected by inadquate credentials check vulnerability | 2020-10-16T06:54:00.000Z | 2020-10-16T06:54:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-003 | Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime | 2026-03-31T08:00:00.000Z | 2026-04-01T11:00:00.000Z |
| vde-2026-002 | Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation | 2026-03-02T07:00:00.000Z | 2026-03-02T07:00:00.000Z |
| vde-2025-105 | Endress+Hauser: Multiple products affected by Wibu-Systems CodeMeter Vulnerability | 2025-12-08T09:00:00.000Z | 2025-12-08T09:00:00.000Z |
| vde-2025-107 | Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities | 2025-12-05T11:00:00.000Z | 2026-04-02T10:00:00.000Z |
| vde-2025-068 | Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions | 2025-09-02T10:00:00.000Z | 2026-02-20T09:00:00.000Z |
| vde-2025-036 | Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 | 2025-03-06T14:00:00.000Z | 2025-03-06T14:00:00.000Z |
| vde-2024-054 | Endress+Hauser: Netilion Network Insights is affected by multiple vulnerabilities | 2024-10-21T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-041 | Endress+Hauser: Multiple products are vulnerable to code injection | 2024-09-10T08:00:00.000Z | 2024-09-10T08:00:00.000Z |
| vde-2022-019 | Endress+Hauser: Multiple products utilizing vulnerable WIBU-SYSTEMS CodeMeter components | 2022-06-02T15:11:00.000Z | 2022-06-02T15:11:00.000Z |
| vde-2022-006 | Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware | 2022-03-24T10:48:00.000Z | 2022-03-24T10:48:00.000Z |
| vde-2021-044 | Endress+Hauser: Multiple products affected by log4net vulnerability | 2022-01-20T08:06:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-040 | Endress+Hauser: Promass 83 with EtherNet/IP affected by a stack-based buffer overflow | 2021-10-04T12:30:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-010 | Endress+Hauser: products utilizing WPA2 vulnerable to KRACK attacks | 2021-05-18T09:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-005 | Endress+Hauser: Multiple Devices affected by fdtContainer vulnerability | 2021-03-01T06:39:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-022 | Endress+Hauser: Ecograph T utilizing Webserver firmware version 2.x exposes sensitive information | 2020-11-19T14:48:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-021 | Endress+Hauser: Ecograph T utilizing Webserver firmware version 1.x suffers from improper privilege management | 2020-11-19T14:48:00.000Z | 2025-04-11T07:00:00.000Z |
| vde-2020-031 | Endress+Hauser: Multiple products prone to WIBU CodeMeter vulnerabilities | 2020-10-27T13:10:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2019-005 | Endress+Hauser: WIFI enabled products utilising WPA2 | 2019-03-19T15:34:00.000Z | 2019-03-19T15:34:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-030 | Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability | 2025-07-07T10:00:00.000Z | 2025-07-29T10:00:00.000Z |
| vde-2023-049 | Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability | 2023-12-11T07:00:00.000Z | 2023-12-11T07:00:00.000Z |
| vde-2023-038 | Frauscher: Multiple Vulnerabilities in FDS101 | 2023-09-21T06:00:00.000Z | 2023-09-21T06:00:00.000Z |
| vde-2023-011 | Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability | 2023-07-05T08:00:00.000Z | 2023-07-05T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2022-052 | Miele: Vulnerability in ease2pay cloud service used by appWash | 2022-11-21T09:00:00.000Z | 2022-11-21T09:00:00.000Z |
| vde-2022-015 | Miele: Security vulnerability in Benchmark Programming Tool | 2022-04-27T12:00:00.000Z | 2022-04-27T12:00:00.000Z |
| vde-2020-024 | Miele: Treck TCP/IP Vulnerabilities (Ripple20) affecting Communication Module XKM3000 L MED | 2020-07-08T07:29:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2019-010 | Miele: Multiple Vulnerabilities in XGW 3000 ZigBee Gateway | 2019-05-20T06:58:00.000Z | 2025-05-14T13:00:15.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-096 | Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230 | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| vde-2025-052 | Weidmueller: Security routers IE-SR-2TX are affected by multiple vulnerabilities | 2025-06-11T10:00:00.000Z | 2025-07-23T10:00:00.000Z |
| vde-2025-044 | Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities | 2025-05-27T09:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-041 | Weidmueller: ResMa is affected by a Vulnerability for ASP.NET AJAX | 2025-05-19T09:00:00.000Z | 2025-05-19T09:00:00.000Z |
| vde-2025-021 | Weidmueller: Authentication Vulnerability in PROCON-WIN 5 | 2025-03-05T09:00:00.000Z | 2025-05-14T13:26:53.000Z |
| vde-2025-023 | Weidmueller: OpenSSL vulnerability in industrial ethernet switches | 2025-03-05T08:00:00.000Z | 2025-03-05T11:00:00.000Z |
| vde-2023-032 | Weidmueller: WIBU Vulnerability in multiple Products | 2023-11-09T07:42:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-056 | Weidmueller: Multiple IoT and control products affected by JavaScript injection vulnerability | 2022-12-14T07:00:00.000Z | 2022-12-14T07:00:00.000Z |
| vde-2021-004 | Weidmueller: EtherNet/IP Fieldbus Coupler out-of-bounds write | 2022-06-21T08:00:00.000Z | 2022-06-21T08:00:00.000Z |
| vde-2022-008 | WEIDMUELLER: Multiple vulnerabilities in Modbus TCP/RTU Gateways | 2022-04-07T06:00:00.000Z | 2022-04-07T06:00:00.000Z |
| vde-2021-042 | Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities | 2021-10-18T08:24:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-026 | Weidmueller: Multiple vulnerabilities in Industrial WLAN devices | 2021-06-23T11:04:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2021-016 | Weidmueller: Accidentally open network port in u-controls and IoT-Gateways | 2021-05-04T08:17:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-002 | Weidmueller: WI Manager affected by fdtContainer vulnerability | 2021-01-20T13:32:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-041 | Weidmueller: u-create studio < 1.20.2 affected by WIBU-SYSTEMS CodeMeter vulnerabilities | 2020-10-12T09:14:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2019-018 | Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches | 2019-12-05T12:03:00.000Z | 2025-05-22T13:03:10.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-066 | SMA: Directory Traversal in Sunny Boy | 2025-08-27T08:00:00.000Z | 2025-08-27T08:00:00.000Z |
| vde-2025-050 | SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user | 2025-08-19T10:00:00.000Z | 2025-08-19T10:00:00.000Z |
| vde-2025-010 | SMA: Sunny Portal demo system privilege escalation | 2025-05-13T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2025-012 | SMA: Sunny Portal Remote Code Execution | 2025-02-26T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-075 | SMA: Sunny Webbox clickjacking vulnerability | 2025-01-27T13:00:00.000Z | 2025-06-17T06:00:00.000Z |
| vde-2024-020 | SMA: Cluster Controller CSRF vulnerability | 2025-01-27T13:00:00.000Z | 2025-02-12T16:48:47.000Z |
| vde-2024-074 | SMA: SQL injection in Sunny Central UP | 2024-11-27T09:00:00.000Z | 2025-05-14T12:28:19.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-013 | HIMA: Multiple products affected by DoS and Port-Based-VLAN Crossing | 2024-02-13T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-059 | HIMA: unquoted path vulnerabilities in X-OPC and X-OTS | 2023-01-16T09:00:00.000Z | 2025-05-22T13:03:10.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-091 | Murrelektronik: Cleartext Transmission of Sensitive Information in IMPACT67 Pro | 2025-10-14T10:00:00.000Z | 2025-10-14T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2020-016 | SWARCO: Critical Vulnerability in CPU LS4000 | 2020-05-28T13:00:00.000Z | 2020-05-28T13:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-033 | ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products | 2025-04-14T10:00:00.000Z | 2025-04-14T10:00:00.000Z |
| vde-2024-016 | ADS-TEC Industrial IT: Docker vulnerability affects multiple products | 2024-02-19T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-009 | ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000 | 2023-05-08T13:37:00.000Z | 2023-05-08T13:37:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2022-061 | VARTA: Multiple devices prone to hard-coded credentials | 2023-03-15T09:00:00.000Z | 2023-03-15T09:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-060 | Sauter: Multiple vulnerabilities in SAUTER modulo 6 | 2025-10-21T10:00:00.000Z | 2025-10-27T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-079 | Janitza: Multiple vulnerabilities in UMG 96RM-E | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| vde-2025-094 | Janitza: Vulnerability in Modbus interface of UMG 96-PA and UMG 96-PA-MID+ | 2025-11-24T12:00:00.000Z | 2025-11-24T12:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-001 | METTLER TOLEDO: ASP.NET core vulnerability in LabX | 2026-03-04T07:00:00.000Z | 2026-03-04T07:00:00.000Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| GCVE-1-2026-0015 |
7.2 (4.0)
|
Threat actors use FortiCloud SSO bypass to collect LDA… |
fortinet |
fortios |
2026-02-09T09:09:00.000Z | 2026-02-09T09:14:59.004089Z |
| GCVE-1-2026-0014 |
7.4 (4.0)
|
Missing Authorization Check Allows Unauthorized Modifi… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:32:14.341383Z | 2026-02-04T19:32:14.341383Z |
| GCVE-1-2026-0013 |
2.1 (4.0)
|
Flask Application Username Route Collision Allows Rese… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:27:00.000Z | 2026-02-04T19:32:49.787763Z |
| GCVE-1-2026-0012 |
2.1 (4.0)
|
Authentication Error Message Allows Email Address Enum… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:21:34.411344Z | 2026-02-04T19:21:34.411344Z |
| GCVE-1-2026-0011 |
8.7 (4.0)
|
Out-of-bounds memory write in the network packet … |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:37:00.000Z | 2026-01-29T14:39:17.728822Z |
| GCVE-1-2026-0010 |
9.3 (4.0)
|
Improper input validation in the file transfer ha… |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:33:18.822829Z | 2026-01-29T14:33:18.822829Z |
| GCVE-1-2026-0009 |
9.3 (4.0)
|
Stack-based buffer overflow in the multiplayer ne… |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:30:38.596928Z | 2026-01-29T14:30:38.596928Z |
| GCVE-1-2026-0008 |
10 (4.0)
|
gpg-agent stack buffer overflow in pkdecrypt using KEM |
gnupg |
gpg-agent |
2026-01-28T13:48:12.350509Z | 2026-01-28T13:48:12.350509Z |
| GCVE-1-2026-0007 |
10 (4.0)
|
GNU InetUtils Security Advisory: remote authentication… |
gnu |
InetUtils |
2026-01-20T20:57:00.000Z | 2026-01-26T16:32:40.831364Z |
| GCVE-1-2026-0006 |
8.5 (4.0)
|
Improper Access Control in Cerebrate AuthKey and Encry… |
cerebrate |
cerebrate |
2026-01-13T15:37:17.337254Z | 2026-01-13T15:37:17.337254Z |
| GCVE-1-2026-0005 |
8.5 (4.0)
|
Improper Access Control in Cerebrate Alignment Model A… |
cerebrate |
cerebrate |
2026-01-13T15:31:00.000Z | 2026-01-13T15:38:02.888546Z |
| GCVE-1-2026-0004 |
8.5 (4.0)
|
Authorization Bypass in Cerebrate IndividualsControlle… |
cerebrate |
cerebrate |
2026-01-13T15:28:00.000Z | 2026-01-13T15:38:37.744618Z |
| GCVE-1-2026-0003 |
6.3 (4.0)
|
Stored/Reflected XSS via Unsanitized Parameters in URL… |
misp |
misp |
2026-01-13T10:50:00.000Z | 2026-01-13T10:54:13.659223Z |
| GCVE-1-2026-0002 |
10 (4.0)
|
Heap-buffer-overflow in EXIF writer for extra IFD tags |
ffmpeg |
ffmpeg |
2026-01-02T19:50:00.000Z | 2026-01-02T20:05:27.269877Z |
| GCVE-1-2026-0001 |
N/A
|
Bundle reference to gpg.fail |
gnupg |
gnupg |
2026-01-02T10:20:00.000Z | 2026-01-02T13:31:14.359346Z |
| GCVE-1-2025-0041 |
6.4 (4.0)
|
[online services] Reflected Cross-Site Scripting (XSS)… |
typo3 |
typo3 |
2025-12-19T14:25:00.000Z | 2025-12-19T14:54:51.594645Z |
| GCVE-1-2025-0040 |
7.2 (4.0)
|
A cross-site scripting (XSS) vulnerability was id… |
misp |
misp |
2025-12-13T08:44:32.378924Z | 2025-12-13T08:44:32.378924Z |
| GCVE-1-2025-0039 |
8.5 (4.0)
|
XSS Reintroduced in MISP Dashboard World Map Widget Du… |
misp |
misp |
2025-12-10T14:33:52.856734Z | 2025-12-10T14:33:52.856734Z |
| GCVE-1-2025-0038 |
5 (4.0)
|
Reflected XSS in MISP Template Tag Removal and MISP Ad… |
misp |
misp |
2025-12-10T14:10:00.000Z | 2025-12-10T14:16:55.918270Z |
| GCVE-1-2025-0037 |
7 (4.0)
|
Reflected XSS in MISP Dashboard Widgets via Unescaped … |
misp |
misp |
2025-12-10T14:01:03.200804Z | 2025-12-10T14:01:03.200804Z |
| GCVE-1-2025-0036 |
8.3 (4.0)
|
A reflected cross-site scripting (XSS) vulnerability w… |
misp |
misp |
2025-12-10T13:46:07.170083Z | 2025-12-10T13:46:07.170083Z |
| GCVE-1-2025-0035 |
8.3 (4.0)
|
Insufficient sanitization of bundle metadata (availabl… |
CIRCL |
vulnerability-lookup |
2025-12-08T10:25:00.000Z | 2025-12-08T12:14:06.307298Z |
| GCVE-1-2025-0034 |
7 (4.0)
|
Missing CSRF protection on state-changing endpoints in… |
CIRCL |
vulnerability-lookup |
2025-12-08T10:19:00.000Z | 2025-12-08T12:13:24.197294Z |
| GCVE-1-2025-0033 |
8.1 (4.0)
|
Vulnerability-lookup did not track or limit failed One… |
CIRCL |
vulnerability-lookup |
2025-12-08T10:11:00.000Z | 2025-12-08T12:12:53.235996Z |
| GCVE-1-2025-0032 |
10 (4.0)
|
The default configuration of WatchGuard Firebox device… |
watchguard |
firebox |
2025-12-03T16:25:00.000Z | 2025-12-19T13:48:34.570799Z |
| GCVE-1-2025-0031 |
7.1 (4.0)
|
A cross-site scripting (XSS) vulnerability was identif… |
misp |
misp |
2025-12-03T10:58:00.000Z | 2025-12-16T09:36:09.594750Z |
| GCVE-1-2025-0030 |
6.2 (4.0)
|
A cross-site scripting (XSS) vulnerability in the MISP… |
misp |
misp |
2025-12-03T10:53:00.000Z | 2025-12-03T10:58:55.845341Z |
| GCVE-1-2025-0029 |
6.3 (4.0)
|
Reflected cross-site scripting (XSS) vulnerabilities i… |
misp |
misp |
2025-11-27T12:41:00.000Z | 2025-11-27T12:48:51.085860Z |
| GCVE-1-2025-0028 |
8.5 (4.0)
|
Information leakage vulnerability in the MISP Feed con… |
misp |
misp |
2025-11-27T07:23:00.000Z | 2025-12-02T08:51:35.429494Z |
| GCVE-1-2025-0027 |
9.4 (4.0)
|
Reflected cross-site scripting (XSS) vulnerability in … |
misp |
misp |
2025-11-27T07:17:00.000Z | 2025-12-02T08:51:04.323899Z |