Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-8116 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
huangjunsen0406 xiaozhi-mcphub dxtController.ts path t… |
huangjunsen0406 |
xiaozhi-mcphub |
2026-05-07T23:30:11.843Z | 2026-05-07T23:30:11.843Z |
| CVE-2026-8115 |
6.9 (4.0)
5.3 (3.1)
5.3 (3.0)
|
gyoridavid short-video-maker REST API rest.ts path traversal |
gyoridavid |
short-video-maker |
2026-05-07T22:45:11.302Z | 2026-05-07T22:45:11.302Z |
| CVE-2026-6411 |
7.3 (3.1)
|
MAXHUB Pivot Client Application Use of a Broken or Ris… |
MAXHUB |
MAXHUB Pivot client application |
2026-05-07T22:25:54.959Z | 2026-05-07T22:25:54.959Z |
| CVE-2026-42880 |
9.6 (3.1)
|
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secr… |
argoproj |
argo-cd |
2026-05-07T22:20:39.506Z | 2026-05-07T22:20:39.506Z |
| CVE-2026-2710 |
N/A
|
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2026-05-07T22:20:00.454Z | |
| CVE-2026-8114 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
JeecgBoot JSON Object loadTreeData sql injection |
n/a |
JeecgBoot |
2026-05-07T22:00:11.288Z | 2026-05-07T22:00:11.288Z |
| CVE-2026-40213 |
7.4 (3.1)
|
OpenStack Cyborg before 16.0.1 uses rule:allow (c… |
OpenStack |
Cyborg |
2026-05-07T00:00:00.000Z | 2026-05-07T21:57:41.910Z |
| CVE-2026-40214 |
6.3 (3.1)
|
In OpenStack Cyborg before 16.0.1, the Accelerato… |
OpenStack |
Cyborg |
2026-05-07T00:00:00.000Z | 2026-05-07T21:54:10.614Z |
| CVE-2026-5121 |
7.5 (3.1)
|
Libarchive: libarchive: arbitrary code execution via i… |
Red Hat |
Red Hat Enterprise Linux 7 Extended Lifecycle Support |
2026-03-30T07:47:28.562Z | 2026-05-07T21:44:13.275Z |
| CVE-2026-4878 |
6.7 (3.1)
|
Libcap: libcap: privilege escalation via toctou race c… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-04-09T14:49:02.942Z | 2026-05-07T21:33:20.039Z |
| CVE-2026-4424 |
7.5 (3.1)
|
Libarchive: libarchive: information disclosure via hea… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-19T13:50:27.294Z | 2026-05-07T21:33:08.308Z |
| CVE-2026-6736 |
6.3 (4.0)
|
Authentication bypass vulnerability in GitHub Enterpri… |
GitHub |
Enterprise Server |
2026-05-07T21:14:33.490Z | 2026-05-07T21:27:45.553Z |
| CVE-2026-4775 |
7.8 (3.1)
|
Libtiff: libtiff: arbitrary code execution or denial o… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-24T14:42:47.529Z | 2026-05-07T21:24:46.165Z |
| CVE-2026-8106 |
5.9 (4.0)
|
Reflected HTML injection vulnerability in GitHub Enter… |
GitHub |
Enterprise Server |
2026-05-07T21:18:59.259Z | 2026-05-07T21:18:59.259Z |
| CVE-2026-8034 |
7.9 (4.0)
|
Server-side request forgery vulnerability in GitHub En… |
GitHub |
Enterprise Server |
2026-05-07T21:18:49.812Z | 2026-05-07T21:18:49.812Z |
| CVE-2026-7541 |
6.3 (4.0)
|
Denial of service vulnerability in GitHub Enterprise S… |
GitHub |
Enterprise Server |
2026-05-07T21:18:35.655Z | 2026-05-07T21:18:35.655Z |
| CVE-2026-8113 |
5.3 (4.0)
4.3 (3.1)
4.3 (3.0)
|
8421bit MiniClaw executeSkillScript kernel.ts isPathIn… |
8421bit |
MiniClaw |
2026-05-07T21:15:11.899Z | 2026-05-07T21:15:11.899Z |
| CVE-2026-41928 |
6.9 (4.0)
5.3 (3.1)
|
Vvveb < 1.0.8.2 Information Disclosure via Cron Controller |
givanz |
Vvveb |
2026-05-07T21:13:13.870Z | 2026-05-07T21:13:13.870Z |
| CVE-2026-41929 |
5.1 (4.0)
6.1 (3.1)
|
Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visu… |
givanz |
Vvveb |
2026-05-07T21:08:50.762Z | 2026-05-07T21:08:50.762Z |
| CVE-2026-7891 |
9.3 (4.0)
|
The VerySecureApp made by DIVD using Mendix Studi… |
DIVD |
VerySecureApp |
2026-05-07T21:07:22.206Z | 2026-05-07T21:07:22.206Z |
| CVE-2026-8112 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
8421bit MiniClaw kernel.ts executeCognitivePulse os co… |
8421bit |
MiniClaw |
2026-05-07T21:00:13.825Z | 2026-05-07T21:00:13.825Z |
| CVE-2026-42826 |
10 (3.1)
|
Azure DevOps Information Disclosure Vulnerability |
Microsoft |
Azure DevOps |
2026-05-07T20:59:06.979Z | 2026-05-07T20:59:06.979Z |
| CVE-2026-35428 |
9.6 (3.1)
|
Azure Cloud Shell Spoofing Vulnerability |
Microsoft |
Azure Cloud Shell |
2026-05-07T20:58:58.256Z | 2026-05-07T20:58:58.256Z |
| CVE-2026-35435 |
8.6 (3.1)
|
Azure AI Foundry Elevation of Privilege Vulnerability |
Microsoft |
Azure AI Foundry |
2026-05-07T20:58:55.593Z | 2026-05-07T20:58:55.593Z |
| CVE-2026-34327 |
8.2 (3.1)
|
Microsoft Partner Center Spoofing Vulnerability |
Microsoft |
Microsoft Partner Center |
2026-05-07T20:58:54.185Z | 2026-05-07T20:58:54.185Z |
| CVE-2026-33844 |
9 (3.1)
|
Azure Managed Instance for Apache Cassandra Remote Cod… |
Microsoft |
Azure Managed Instance for Apache Cassandra |
2026-05-07T20:58:52.985Z | 2026-05-07T20:58:52.985Z |
| CVE-2026-33823 |
9.6 (3.1)
|
Microsoft Team Events Portal Information Disclosure Vu… |
Microsoft |
Microsoft Teams |
2026-05-07T20:58:52.175Z | 2026-05-07T20:58:52.175Z |
| CVE-2026-32207 |
8.8 (3.1)
|
Azure Machine Learning Notebook Spoofing Vulnerability |
Microsoft |
Azure Machine Learning |
2026-05-07T20:58:51.273Z | 2026-05-07T20:58:51.273Z |
| CVE-2026-33109 |
9.9 (3.1)
|
Azure Managed Instance for Apache Cassandra Remote Cod… |
Microsoft |
Azure Managed Instance for Apache Cassandra |
2026-05-07T20:58:49.441Z | 2026-05-07T20:58:49.441Z |
| CVE-2026-33111 |
7.5 (3.1)
|
Copilot Chat (Microsoft Edge) Information Disclosure V… |
Microsoft |
Copilot Chat (Microsoft Edge) |
2026-05-07T20:58:48.491Z | 2026-05-07T20:58:48.491Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-8115 |
6.9 (4.0)
5.3 (3.1)
5.3 (3.0)
|
gyoridavid short-video-maker REST API rest.ts path traversal |
gyoridavid |
short-video-maker |
2026-05-07T22:45:11.302Z | 2026-05-07T22:45:11.302Z |
| CVE-2026-6411 |
7.3 (3.1)
|
MAXHUB Pivot Client Application Use of a Broken or Ris… |
MAXHUB |
MAXHUB Pivot client application |
2026-05-07T22:25:54.959Z | 2026-05-07T22:25:54.959Z |
| CVE-2026-42880 |
9.6 (3.1)
|
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secr… |
argoproj |
argo-cd |
2026-05-07T22:20:39.506Z | 2026-05-07T22:20:39.506Z |
| CVE-2026-2710 |
N/A
|
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2026-05-07T22:20:00.454Z | |
| CVE-2026-8114 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
JeecgBoot JSON Object loadTreeData sql injection |
n/a |
JeecgBoot |
2026-05-07T22:00:11.288Z | 2026-05-07T22:00:11.288Z |
| CVE-2026-8113 |
5.3 (4.0)
4.3 (3.1)
4.3 (3.0)
|
8421bit MiniClaw executeSkillScript kernel.ts isPathIn… |
8421bit |
MiniClaw |
2026-05-07T21:15:11.899Z | 2026-05-07T21:15:11.899Z |
| CVE-2026-8112 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
8421bit MiniClaw kernel.ts executeCognitivePulse os co… |
8421bit |
MiniClaw |
2026-05-07T21:00:13.825Z | 2026-05-07T21:00:13.825Z |
| CVE-2026-8106 |
5.9 (4.0)
|
Reflected HTML injection vulnerability in GitHub Enter… |
GitHub |
Enterprise Server |
2026-05-07T21:18:59.259Z | 2026-05-07T21:18:59.259Z |
| CVE-2026-8034 |
7.9 (4.0)
|
Server-side request forgery vulnerability in GitHub En… |
GitHub |
Enterprise Server |
2026-05-07T21:18:49.812Z | 2026-05-07T21:18:49.812Z |
| CVE-2026-7891 |
9.3 (4.0)
|
The VerySecureApp made by DIVD using Mendix Studi… |
DIVD |
VerySecureApp |
2026-05-07T21:07:22.206Z | 2026-05-07T21:07:22.206Z |
| CVE-2026-7541 |
6.3 (4.0)
|
Denial of service vulnerability in GitHub Enterprise S… |
GitHub |
Enterprise Server |
2026-05-07T21:18:35.655Z | 2026-05-07T21:18:35.655Z |
| CVE-2026-6736 |
6.3 (4.0)
|
Authentication bypass vulnerability in GitHub Enterpri… |
GitHub |
Enterprise Server |
2026-05-07T21:14:33.490Z | 2026-05-07T21:27:45.553Z |
| CVE-2026-5121 |
7.5 (3.1)
|
Libarchive: libarchive: arbitrary code execution via i… |
Red Hat |
Red Hat Enterprise Linux 7 Extended Lifecycle Support |
2026-03-30T07:47:28.562Z | 2026-05-07T21:44:13.275Z |
| CVE-2026-4878 |
6.7 (3.1)
|
Libcap: libcap: privilege escalation via toctou race c… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-04-09T14:49:02.942Z | 2026-05-07T21:33:20.039Z |
| CVE-2026-4775 |
7.8 (3.1)
|
Libtiff: libtiff: arbitrary code execution or denial o… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-24T14:42:47.529Z | 2026-05-07T21:24:46.165Z |
| CVE-2026-4424 |
7.5 (3.1)
|
Libarchive: libarchive: information disclosure via hea… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-19T13:50:27.294Z | 2026-05-07T21:33:08.308Z |
| CVE-2026-42826 |
10 (3.1)
|
Azure DevOps Information Disclosure Vulnerability |
Microsoft |
Azure DevOps |
2026-05-07T20:59:06.979Z | 2026-05-07T20:59:06.979Z |
| CVE-2026-41929 |
5.1 (4.0)
6.1 (3.1)
|
Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visu… |
givanz |
Vvveb |
2026-05-07T21:08:50.762Z | 2026-05-07T21:08:50.762Z |
| CVE-2026-41928 |
6.9 (4.0)
5.3 (3.1)
|
Vvveb < 1.0.8.2 Information Disclosure via Cron Controller |
givanz |
Vvveb |
2026-05-07T21:13:13.870Z | 2026-05-07T21:13:13.870Z |
| CVE-2026-41105 |
8.1 (3.1)
|
Azure Monitor Action Group Notification System Elevati… |
Microsoft |
Azure Monitor Action Group notification system |
2026-05-07T20:58:47.705Z | 2026-05-07T20:58:47.705Z |
| CVE-2026-40214 |
6.3 (3.1)
|
In OpenStack Cyborg before 16.0.1, the Accelerato… |
OpenStack |
Cyborg |
2026-05-07T00:00:00.000Z | 2026-05-07T21:54:10.614Z |
| CVE-2026-40213 |
7.4 (3.1)
|
OpenStack Cyborg before 16.0.1 uses rule:allow (c… |
OpenStack |
Cyborg |
2026-05-07T00:00:00.000Z | 2026-05-07T21:57:41.910Z |
| CVE-2026-35435 |
8.6 (3.1)
|
Azure AI Foundry Elevation of Privilege Vulnerability |
Microsoft |
Azure AI Foundry |
2026-05-07T20:58:55.593Z | 2026-05-07T20:58:55.593Z |
| CVE-2026-35428 |
9.6 (3.1)
|
Azure Cloud Shell Spoofing Vulnerability |
Microsoft |
Azure Cloud Shell |
2026-05-07T20:58:58.256Z | 2026-05-07T20:58:58.256Z |
| CVE-2026-34327 |
8.2 (3.1)
|
Microsoft Partner Center Spoofing Vulnerability |
Microsoft |
Microsoft Partner Center |
2026-05-07T20:58:54.185Z | 2026-05-07T20:58:54.185Z |
| CVE-2026-33844 |
9 (3.1)
|
Azure Managed Instance for Apache Cassandra Remote Cod… |
Microsoft |
Azure Managed Instance for Apache Cassandra |
2026-05-07T20:58:52.985Z | 2026-05-07T20:58:52.985Z |
| CVE-2026-33823 |
9.6 (3.1)
|
Microsoft Team Events Portal Information Disclosure Vu… |
Microsoft |
Microsoft Teams |
2026-05-07T20:58:52.175Z | 2026-05-07T20:58:52.175Z |
| CVE-2026-33111 |
7.5 (3.1)
|
Copilot Chat (Microsoft Edge) Information Disclosure V… |
Microsoft |
Copilot Chat (Microsoft Edge) |
2026-05-07T20:58:48.491Z | 2026-05-07T20:58:48.491Z |
| CVE-2026-33109 |
9.9 (3.1)
|
Azure Managed Instance for Apache Cassandra Remote Cod… |
Microsoft |
Azure Managed Instance for Apache Cassandra |
2026-05-07T20:58:49.441Z | 2026-05-07T20:58:49.441Z |
| CVE-2026-32207 |
8.8 (3.1)
|
Azure Machine Learning Notebook Spoofing Vulnerability |
Microsoft |
Azure Machine Learning |
2026-05-07T20:58:51.273Z | 2026-05-07T20:58:51.273Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2026-8098 | A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unk… | 2026-05-07T21:16:30.900 | 2026-05-07T21:16:30.900 |
| fkie_cve-2026-8097 | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects u… | 2026-05-07T21:16:30.727 | 2026-05-07T21:16:30.727 |
| fkie_cve-2026-44365 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason:… | 2026-05-07T21:16:30.433 | 2026-05-07T21:16:30.433 |
| fkie_cve-2026-44244 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitC… | 2026-05-07T19:16:02.357 | 2026-05-07T21:16:30.283 |
| fkie_cve-2026-42449 | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, … | 2026-05-07T21:16:30.133 | 2026-05-07T21:16:30.133 |
| fkie_cve-2026-42047 | Inngest is a platform for running event-driven and scheduled background functions with queueing, re… | 2026-05-07T21:16:29.980 | 2026-05-07T21:16:29.980 |
| fkie_cve-2026-41905 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version… | 2026-05-07T19:16:01.220 | 2026-05-07T21:16:29.870 |
| fkie_cve-2026-41692 | i18nextify is a JavaScript library that adds website internationalization via a script tag, without… | 2026-05-07T21:16:29.717 | 2026-05-07T21:16:29.717 |
| fkie_cve-2026-41691 | Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that … | 2026-05-07T21:16:29.560 | 2026-05-07T21:16:29.560 |
| fkie_cve-2026-34429 | Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticat… | 2026-04-20T16:16:44.650 | 2026-05-07T21:16:29.427 |
| fkie_cve-2025-52479 | HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with … | 2025-06-25T16:15:27.017 | 2026-05-07T21:16:28.847 |
| fkie_cve-2026-42284 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clo… | 2026-05-07T19:16:01.783 | 2026-05-07T21:13:46.713 |
| fkie_cve-2026-44243 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vu… | 2026-05-07T19:16:02.227 | 2026-05-07T21:12:00.777 |
| fkie_cve-2025-12690 | Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.T… | 2026-03-11T16:16:18.233 | 2026-05-07T20:55:29.093 |
| fkie_cve-2025-69614 | Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unautho… | 2026-03-10T18:18:01.610 | 2026-05-07T20:50:21.410 |
| fkie_cve-2025-69615 | Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and f… | 2026-03-10T18:18:01.740 | 2026-05-07T20:48:35.097 |
| fkie_cve-2026-30973 | Appium is an automation framework that provides WebDriver-based automation possibilities for a wide… | 2026-03-10T18:18:56.063 | 2026-05-07T20:46:26.913 |
| fkie_cve-2026-3315 | Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assi… | 2026-03-10T18:19:01.367 | 2026-05-07T20:41:03.490 |
| fkie_cve-2026-39836 | The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). | 2026-05-07T20:16:43.593 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-39826 | If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a… | 2026-05-07T20:16:43.490 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-39825 | ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used … | 2026-05-07T20:16:43.390 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-39823 | CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> ta… | 2026-05-07T20:16:43.290 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-39820 | Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger exc… | 2026-05-07T20:16:43.187 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-39819 | The "go bug" command writes to two files with predictable names in the system temporary directory (… | 2026-05-07T20:16:43.083 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-39817 | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-goo… | 2026-05-07T20:16:42.983 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-33814 | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATI… | 2026-05-07T20:16:42.880 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-33811 | When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-f… | 2026-05-07T20:16:42.770 | 2026-05-07T20:38:04.860 |
| fkie_cve-2026-42259 | Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4… | 2026-05-07T20:16:44.400 | 2026-05-07T20:37:54.060 |
| fkie_cve-2026-42241 | ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to… | 2026-05-07T20:16:44.247 | 2026-05-07T20:37:54.060 |
| fkie_cve-2026-42225 | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.1… | 2026-05-07T20:16:43.960 | 2026-05-07T20:36:31.717 |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-xv59-967r-8726 |
5.1 (4.0)
|
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding | 2026-05-07T22:33:51Z | 2026-05-07T22:33:51Z |
| ghsa-39j6-4867-gg4w |
4.7 (3.1)
|
utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication p… | 2026-05-07T22:32:54Z | 2026-05-07T22:32:54Z |
| ghsa-v7qw-hx66-4w9x |
8.7 (3.1)
|
netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow tables | 2026-05-07T22:31:32Z | 2026-05-07T22:31:32Z |
| ghsa-jggh-5rmh-r6h5 |
3.7 (3.1)
2.9 (4.0)
|
Dolibarr has Insufficient Verification of Data Authenticity | 2026-05-03T12:30:26Z | 2026-05-07T22:30:07Z |
| ghsa-j7h9-2jh7-g967 |
8.7 (4.0)
|
mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening | 2026-05-07T21:45:16Z | 2026-05-07T21:45:17Z |
| ghsa-xhrw-5qxx-jpwr |
7.1 (3.1)
|
Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files du… | 2026-05-07T21:41:08Z | 2026-05-07T21:41:08Z |
| ghsa-fpw6-hrg5-q5x5 |
7.4 (3.1)
|
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI | 2026-05-07T21:34:01Z | 2026-05-07T21:34:01Z |
| ghsa-p64j-f4x9-wq66 |
8.0 (3.1)
|
Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft | 2026-05-07T21:30:45Z | 2026-05-07T21:30:45Z |
| ghsa-xq5j-9r39-c3vf |
|
Pathological inputs could cause DoS through consumePhrase when parsing an email address according t… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-v8g3-5j4v-2ghv |
|
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encod… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-qf3q-3h68-mmh2 |
|
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to b… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-p9h5-jm8x-mjm5 |
|
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger exc… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-j3f5-rw74-g4rv |
3.3 (3.1)
1.9 (4.0)
|
A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the functio… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-h9rh-5ffh-h669 |
5.3 (3.1)
1.9 (4.0)
|
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnen… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-h74g-238j-357m |
|
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used … | 2026-05-07T21:30:29Z | 2026-05-07T21:30:30Z |
| ghsa-g323-63gp-7v74 |
7.3 (3.1)
5.5 (4.0)
|
A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unk… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-8g2r-hhvj-mv99 |
|
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-5m4p-2gjx-p2g8 |
|
The "go bug" command writes to two files with predictable names in the system temporary directory (… | 2026-05-07T21:30:29Z | 2026-05-07T21:30:30Z |
| ghsa-3v2c-x6q9-f697 |
|
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a… | 2026-05-07T21:30:29Z | 2026-05-07T21:30:30Z |
| ghsa-34v6-h57v-gx5f |
6.3 (3.1)
2.1 (4.0)
|
A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects u… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-2283-wf8c-rw8r |
|
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> ta… | 2026-05-07T21:30:30Z | 2026-05-07T21:30:30Z |
| ghsa-r7c9-7pjq-hmm8 |
7.2 (3.1)
|
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held … | 2026-05-07T21:30:29Z | 2026-05-07T21:30:29Z |
| ghsa-qc64-m6c2-v4x7 |
|
The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-goo… | 2026-05-07T21:30:29Z | 2026-05-07T21:30:29Z |
| ghsa-mv88-fcpc-wrmw |
7.3 (3.1)
5.5 (4.0)
|
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects a… | 2026-05-07T21:30:29Z | 2026-05-07T21:30:29Z |
| ghsa-jmvp-7877-wr2f |
3.3 (3.1)
1.9 (4.0)
|
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the func… | 2026-05-07T21:30:29Z | 2026-05-07T21:30:29Z |
| ghsa-72pg-5w29-wjx6 |
5.3 (3.1)
1.9 (4.0)
|
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWn… | 2026-05-07T21:30:29Z | 2026-05-07T21:30:29Z |
| ghsa-497x-jcxf-m478 |
|
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-f… | 2026-05-07T21:30:29Z | 2026-05-07T21:30:29Z |
| ghsa-pr5j-p9p7-3c46 |
7.4 (3.1)
|
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 all… | 2026-05-07T18:30:40Z | 2026-05-07T21:30:28Z |
| ghsa-xfv3-v32f-xwfc |
6.5 (3.1)
8.2 (4.0)
|
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the a… | 2026-05-07T12:31:23Z | 2026-05-07T21:30:27Z |
| ghsa-wwfp-6c8c-qg35 |
7.0 (3.1)
|
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a… | 2026-05-07T18:30:40Z | 2026-05-07T21:30:27Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2024-85 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.598639Z |
| pysec-2024-84 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.526718Z |
| pysec-2024-83 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.456202Z |
| pysec-2024-82 |
8.8 (3.1)
|
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.386659Z |
| pysec-2023-278 |
5.3 (3.1)
|
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… | mindsdb | 2023-12-11T21:15:00Z | 2026-04-23T07:43:20.300009Z |
| pysec-2026-3 |
|
After an API token exposure from an exploited Trivy dependency, two new releases of `teln… | telnyx | 2026-03-27T14:53:14Z | |
| pysec-2026-2 |
|
After an API Token exposure from an exploited Trivy dependency, two new releases of `lite… | litellm | 2026-03-24T15:35:32Z | |
| pysec-2023-121 |
|
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as a… | zstd | 2023-03-31T20:15:00+00:00 | 2026-02-25T19:20:58+00:00 |
| pysec-2026-1 |
|
A PyPI user account compromised by an attacker and was able to upload a malicious version… | dydx-v4-client | 2026-01-28T21:09:02+00:00 | |
| pysec-2025-52 |
|
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | mlflow | 2025-06-23T15:15:29Z | 2025-12-05T13:25:55.146081Z |
| pysec-2020-220 |
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage coll… | ansible | 2020-10-05T14:15:00Z | 2025-10-31T04:43:53.616247Z |
| pysec-2025-72 |
|
The `num2words` project was compromised via a phishing attack and two new versions were u… | num2words | 2025-07-31T14:34:47+00:00 | |
| pysec-2025-71 |
|
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… | cadwyn | 2025-07-21T21:15:25+00:00 | 2025-07-23T15:24:03.825615+00:00 |
| pysec-2025-70 |
10.0 (3.1)
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… | langchain-community | 2025-06-23T21:15:25+00:00 | 2025-07-16T21:23:40.211079+00:00 |
| pysec-2024-259 |
9.8 (3.1)
|
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by m… | torch | 2024-10-29T21:15:04+00:00 | 2025-07-16T03:09:57.748865+00:00 |
| pysec-2024-258 |
|
In scrapy/scrapy, an issue was identified where the Authorization header is not removed d… | scrapy | 2024-05-20T08:15:08+00:00 | 2025-07-15T17:37:50.051730+00:00 |
| pysec-2025-69 |
|
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… | roundup | 2025-07-13T20:15:25+00:00 | 2025-07-13T21:23:01.161315+00:00 |
| pysec-2025-68 |
8.0 (3.1)
|
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.449399+00:00 |
| pysec-2025-67 |
9.8 (3.1)
|
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.385619+00:00 |
| pysec-2025-66 |
|
Improper privilege management in a REST interface allowed registered users to access unau… | streampipes | 2025-03-03T11:15:11+00:00 | 2025-07-08T15:23:46.628375+00:00 |
| pysec-2025-65 |
|
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… | llama-index | 2025-07-07T13:15:28+00:00 | 2025-07-07T15:23:42.730681+00:00 |
| pysec-2025-61 |
|
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … | pillow | 2025-07-01T19:15:27Z | 2025-07-07T14:12:46.226030Z |
| pysec-2025-64 |
9.8 (3.1)
|
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… | python-a2a | 2025-06-17T07:15:18+00:00 | 2025-07-02T21:23:13.806273+00:00 |
| pysec-2025-63 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… | vllm | 2025-03-19T16:15:32+00:00 | 2025-07-01T23:22:49.176005+00:00 |
| pysec-2025-62 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal… | vllm | 2025-02-07T20:15:34+00:00 | 2025-07-01T23:22:49.083695+00:00 |
| pysec-2025-60 |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… | apache-iotdb | 2025-05-14T11:16:28+00:00 | 2025-07-01T21:22:47.232036+00:00 |
| pysec-2025-59 |
|
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… | apache-iotdb | 2025-05-14T11:15:47+00:00 | 2025-07-01T21:22:47.177405+00:00 |
| pysec-2024-257 |
7.5 (3.1)
|
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… | mobsf | 2024-03-22T23:15:07+00:00 | 2025-06-30T15:23:50.085549+00:00 |
| pysec-2025-58 |
8.8 (3.1)
|
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl… | vllm | 2025-01-27T18:15:41+00:00 | 2025-06-27T21:22:36.583615+00:00 |
| pysec-2025-57 |
|
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… | zenml | 2025-03-20T10:15:48+00:00 | 2025-06-27T17:22:55.175431+00:00 |
| ID | Description | Updated |
|---|---|---|
| gsd-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pede… | 2024-04-29T05:02:07.295775Z |
| gsd-2024-33902 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.486429Z |
| gsd-2024-33901 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.525896Z |
| gsd-2024-33900 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.290639Z |
| gsd-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the scr… | 2024-04-29T05:02:07.400574Z |
| gsd-2024-33898 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.287632Z |
| gsd-2024-33897 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.283756Z |
| gsd-2024-33896 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.313250Z |
| gsd-2024-33895 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.493081Z |
| gsd-2024-33894 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.488420Z |
| gsd-2024-33893 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.381761Z |
| gsd-2024-33892 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.378170Z |
| gsd-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via th… | 2024-04-29T05:02:07.412035Z |
| gsd-2024-33890 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.344384Z |
| gsd-2024-33889 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.392587Z |
| gsd-2024-33888 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.468423Z |
| gsd-2024-33887 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.503613Z |
| gsd-2024-33886 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.287167Z |
| gsd-2024-33885 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.441746Z |
| gsd-2024-33884 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.534455Z |
| gsd-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certa… | 2024-04-29T05:02:07.271727Z |
| gsd-2024-4303 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.716348Z |
| gsd-2024-4302 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.603637Z |
| gsd-2024-4301 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.678292Z |
| gsd-2024-4300 | E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remo… | 2024-04-29T05:02:05.715239Z |
| gsd-2024-4299 | The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSheroc… | 2024-04-29T05:02:05.606402Z |
| gsd-2024-4298 | The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, Audit… | 2024-04-29T05:02:05.598531Z |
| gsd-2024-4297 | The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlo… | 2024-04-29T05:02:05.700888Z |
| gsd-2024-4296 | The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock… | 2024-04-29T05:02:05.621428Z |
| gsd-2024-33882 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.803998Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-3372 | Malicious code in ninja-core-utils (PyPI) | 2026-05-07T21:25:50Z | 2026-05-07T21:25:50Z |
| mal-2026-3371 | Malicious code in pycacheopt (PyPI) | 2026-05-07T20:07:37Z | 2026-05-07T20:07:37Z |
| mal-2026-3247 | Malicious code in metoopro (PyPI) | 2026-05-03T13:42:23Z | 2026-05-07T20:04:36Z |
| mal-2026-3370 | Malicious code in sufiagent (PyPI) | 2026-05-07T19:18:44Z | 2026-05-07T19:18:44Z |
| mal-2026-3369 | Malicious code in dabrius (PyPI) | 2026-05-07T19:12:49Z | 2026-05-07T19:12:49Z |
| mal-2026-3367 | Malicious code in crayrandomiz (PyPI) | 2026-05-07T18:43:03Z | 2026-05-07T18:43:03Z |
| mal-2026-3368 | Malicious code in yc-depconf-test-807dff (PyPI) | 2026-05-07T17:55:20Z | 2026-05-07T17:55:20Z |
| mal-2026-3366 | Malicious code in runtime-vitals (PyPI) | 2026-05-07T10:46:12Z | 2026-05-07T10:46:12Z |
| mal-2026-3365 | Malicious code in @b2bneo-rest/api-csf (npm) | 2026-05-07T08:01:25Z | 2026-05-07T08:01:25Z |
| mal-2026-3364 | Malicious code in quicklytookerv (PyPI) | 2026-05-07T05:42:48Z | 2026-05-07T05:42:48Z |
| mal-2026-3363 | Malicious code in mrdaa-frontend (npm) | 2026-05-07T03:55:55Z | 2026-05-07T03:55:55Z |
| mal-2026-3362 | Malicious code in 24712-pl5006 (npm) | 2026-05-07T00:05:57Z | 2026-05-07T00:50:41Z |
| mal-2026-3361 | Malicious code in 24712-pl5004 (npm) | 2026-05-06T22:30:34Z | 2026-05-06T22:30:34Z |
| mal-2026-3360 | Malicious code in @paysafe-tracking/error-monitoring (npm) | 2026-05-06T22:00:17Z | 2026-05-06T22:00:17Z |
| mal-2026-3358 | Malicious code in 24712-pl4712 (npm) | 2026-05-06T21:51:01Z | 2026-05-06T21:51:01Z |
| mal-2026-3359 | Malicious code in b2bneo-rest (npm) | 2026-05-06T21:31:41Z | 2026-05-06T21:31:41Z |
| mal-2026-3357 | Malicious code in 24712-plv2 (npm) | 2026-05-06T21:01:03Z | 2026-05-06T21:31:25Z |
| mal-2026-3354 | Malicious code in playwright-acustomed (PyPI) | 2026-05-06T13:46:28Z | 2026-05-06T20:59:10Z |
| mal-2026-3356 | Malicious code in test-py-conn (PyPI) | 2026-05-06T20:28:38Z | 2026-05-06T20:28:38Z |
| mal-2026-3355 | Malicious code in playwright-atoned (PyPI) | 2026-05-06T20:07:00Z | 2026-05-06T20:07:00Z |
| mal-2026-3353 | Malicious code in money-badger-open-rpc (npm) | 2026-05-06T09:15:52Z | 2026-05-06T10:20:15Z |
| mal-2026-3352 | Malicious code in carbonite-internal (npm) | 2026-05-06T06:20:35Z | 2026-05-06T06:20:35Z |
| mal-2026-3347 | Malicious code in gemini-analyzer (PyPI) | 2026-05-05T18:30:44Z | 2026-05-05T19:38:21Z |
| mal-2026-3348 | Malicious code in @rivianlabs/bedrock (npm) | 2026-05-05T19:10:36Z | 2026-05-05T19:10:36Z |
| mal-2026-3349 | Malicious code in @rivianlabs/dc-fe-app-web-rivian-com (npm) | 2026-05-05T19:03:30Z | 2026-05-05T19:03:30Z |
| mal-2026-3351 | Malicious code in @rivianlabs/dt-shop-bag-v0 (npm) | 2026-05-05T19:00:46Z | 2026-05-05T19:00:46Z |
| mal-2026-3350 | Malicious code in @rivianlabs/dt-lib-lumberjack (npm) | 2026-05-05T18:50:28Z | 2026-05-05T18:50:28Z |
| mal-2026-3313 | Malicious code in service-gateway (npm) | 2026-04-30T21:30:37Z | 2026-05-05T15:56:15Z |
| mal-2026-3262 | Malicious code in react-native-parallax-scroll-view-updated (npm) | 2026-04-29T14:00:00Z | 2026-05-05T15:56:15Z |
| mal-2026-3195 | Malicious code in secrets-manager-wrapper (npm) | 2026-04-29T14:00:00Z | 2026-05-05T15:56:15Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| 7paa020125 | Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850 communication stack | 2026-04-13T00:30:00.000Z | 2026-04-13T00:30:00.000Z |
| 7paa017341 | PostgreSQL vulnerabilities in ABB Ability™ Symphony® Plus Engineering | 2026-04-13T00:30:00.000Z | 2026-04-13T00:30:00.000Z |
| 7paa023732 | System 800xA affected by 3rd party component vulnerabilities | 2026-03-31T00:30:00.000Z | 2026-03-31T00:30:00.000Z |
| 4hzm000604 | ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (SQLite 3.2.4) | 2026-03-26T00:30:00.000Z | 2026-03-26T00:30:00.000Z |
| 4jno000329 | AWIN Gateways Vulnerabilities in Embedded Webserver | 2026-03-13T00:30:00.000Z | 2026-03-13T00:30:00.000Z |
| 3adr011536 | AC500 V3 Stack buffer overflow in Cryptographic Message Syntax | 2026-03-12T00:30:00.000Z | 2026-03-12T00:30:00.000Z |
| 3adr011525 | ABB Automation Builder Gateway for Windows with insecure defaults | 2026-02-24T00:30:00.000Z | 2026-02-24T00:30:00.000Z |
| 3adr011524 | AC500 V3 Multiple vulnerabilities | 2026-02-24T00:30:00.000Z | 2026-02-24T00:30:00.000Z |
| sa25p007 | B&R Automation Studio Update of SQLite version | 2026-02-18T00:30:00.000Z | 2026-02-18T00:30:00.000Z |
| sa26p001 | PVI Insertion of Sensitive Information into Logfile | 2026-01-29T00:30:00.000Z | 2026-01-29T00:30:00.000Z |
| sa24p003 | B&R PCs vulnerable to PixieFail attack | 2026-01-29T00:30:00.000Z | 2026-01-29T00:30:00.000Z |
| 7paa013309 | System 800xA SECURITY Advisory - ABB 800xA Base 6.0.x, 6.1.x CSLib communication DoS vulnerability | 2024-06-05T00:30:00.000Z | 2026-01-23T00:30:00.000Z |
| sa25p005 | B&R Automation Runtime Improper Handling of Flooding conditions on ANSL Server | 2026-01-19T00:30:00.000Z | 2026-01-19T00:30:00.000Z |
| sa25p004 | Automation Studio Insufficient Server Certificate Validation | 2026-01-19T00:30:00.000Z | 2026-01-19T00:30:00.000Z |
| 9akk108472a1331 | ABB Ability™ OPTIMAX® Authentication Bypass in Single-Sign On with Azure Active Directory | 2026-01-16T00:30:00.000Z | 2026-01-16T00:30:00.000Z |
| 2crt000009 | WebPro SNMP Card PowerValue Multiple Vulnerabilities | 2026-01-07T00:30:00.000Z | 2026-01-07T00:30:00.000Z |
| 9akk108471a8107 | Terra AC wallbox Heap Memory Corruption Vulnerability | 2025-09-16T00:30:00.000Z | 2025-11-28T08:00:00.000Z |
| 4hzm000603 | ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (VLC) | 2025-11-27T00:30:00.000Z | 2025-11-28T00:30:00.000Z |
| 7paa022088 | Edgenius Management Portal Authentication Bypass | 2025-11-20T00:30:00.000Z | 2025-11-20T00:30:00.000Z |
| 2nga002813 | PCM600 SharpZip library vulnerability | 2025-11-03T00:30:00.000Z | 2025-11-03T00:30:00.000Z |
| 4tz00000006007 | ALS-mini-S4/S8 IP Missing Authentication Vulnerability and its Mitigations | 2025-10-20T00:30:00.000Z | 2025-10-23T00:30:00.000Z |
| 9akk108471a8948 | Terra AC wallbox Heap Memory Corruption Vulnerability | 2025-10-20T00:30:00.000Z | 2025-10-21T00:30:00.000Z |
| 3kxg200000r4801 | CoreSense™ HM and CoreSense™ M10 File Path Traversal Vulnerability | 2025-04-16T00:30:00.000Z | 2025-10-20T00:30:00.000Z |
| sa25p003 | B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) | 2025-10-07T00:30:00.000Z | 2025-10-14T00:30:00.000Z |
| 4tz00000006008 | LVS MConfig Insecure memory handling | 2025-10-08T00:30:00.000Z | 2025-10-08T00:30:00.000Z |
| sa25p002 | B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) | 2025-10-07T00:30:00.000Z | 2025-10-07T00:30:00.000Z |
| 9akk108471a7808 | EIBPORT Reflected XSS | 2025-10-07T00:30:00.000Z | 2025-10-07T00:30:00.000Z |
| 9akk108471a7121 | FLXeon Controllers Multiple vulnerabilities | 2025-09-09T00:30:00.000Z | 2025-09-18T00:30:00.000Z |
| 9akk108471a4462 | ELSB/BLBA ASPECT advisory several CVEs | 2025-08-11T00:30:00.000Z | 2025-09-04T00:30:00.000Z |
| 9akk108471a3623 | RMC - 100 Vulnerabilities in web UI (REST Interface) | 2025-07-03T00:30:00.000Z | 2025-08-18T00:30:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| wid-sec-w-2026-1253 | OpenClaw: Mehrere Schwachstellen | 2026-04-23T22:00:00.000+00:00 | 2026-05-06T22:00:00.000+00:00 |
| wid-sec-w-2026-1227 | OpenClaw: Mehrere Schwachstellen | 2026-04-21T22:00:00.000+00:00 | 2026-05-06T22:00:00.000+00:00 |
| wid-sec-w-2026-1161 | OpenClaw: Mehrere Schwachstellen | 2026-04-16T22:00:00.000+00:00 | 2026-05-06T22:00:00.000+00:00 |
| wid-sec-w-2026-1174 | OpenClaw: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2026-04-19T22:00:00.000+00:00 | 2026-05-05T22:00:00.000+00:00 |
| wid-sec-w-2026-1349 | vm2: Mehrere Schwachstellen | 2026-05-03T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1334 | Exim und cPanel/WHM: Mehrere Schwachstellen | 2026-05-03T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1319 | LiteLLM: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2026-04-29T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1312 | GnuTLS: Mehrere Schwachstellen | 2026-04-29T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1307 | cURL: Mehrere Schwachstellen | 2026-04-28T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1306 | Xen und Citrix Systems XenServer: Mehrere Schwachstellen | 2026-04-28T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1304 | Google Chrome/Microsoft Edge: Mehrere Schwachstellen | 2026-04-28T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1296 | Mozilla Firefox und Firefox ESR: Mehrere Schwachstellen | 2026-04-28T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1292 | Prometheus: Mehrere Schwachstellen | 2026-04-27T22:00:00.000+00:00 | 2026-05-04T22:00:00.000+00:00 |
| wid-sec-w-2026-1232 | Linux Kernel: Mehrere Schwachstellen | 2026-04-21T22:00:00.000+00:00 | 2026-05-03T22:00:00.000+00:00 |
| wid-sec-w-2026-1260 | Google Chrome und Microsoft Edge: Mehrere Schwachstellen | 2026-04-23T22:00:00.000+00:00 | 2026-04-29T22:00:00.000+00:00 |
| wid-sec-w-2026-1035 | OpenClaw: Mehrere Schwachstellen | 2026-04-08T22:00:00.000+00:00 | 2026-04-28T22:00:00.000+00:00 |
| wid-sec-w-2026-1005 | OpenClaw: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-28T22:00:00.000+00:00 |
| wid-sec-w-2026-0980 | OpenClaw: Mehrere Schwachstellen | 2026-04-06T22:00:00.000+00:00 | 2026-04-28T22:00:00.000+00:00 |
| wid-sec-w-2026-0948 | OpenClaw: Mehrere Schwachstellen | 2026-03-31T22:00:00.000+00:00 | 2026-04-28T22:00:00.000+00:00 |
| wid-sec-w-2026-0930 | OpenClaw: Mehrere Schwachstellen | 2026-03-30T22:00:00.000+00:00 | 2026-04-28T22:00:00.000+00:00 |
| wid-sec-w-2026-1278 | SmarterTools SmarterMail: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff | 2026-04-26T22:00:00.000+00:00 | 2026-04-27T22:00:00.000+00:00 |
| wid-sec-w-2026-1258 | Apache ActiveMQ: Mehrere Schwachstellen | 2026-04-23T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1256 | Microsoft Cloud-Produkte: Mehrere Schwachstellen | 2026-04-23T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1233 | PackageKit: Schwachstelle ermöglicht Privilegieneskalation | 2026-04-21T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1228 | Mozilla Thunderbird, Firefox ESR und Firefox: Mehrere Schwachstellen | 2026-04-21T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1223 | OpenBSD: Schwachstelle ermöglicht nicht spezifizierten Angriff | 2026-04-21T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1219 | lxml: Schwachstelle ermöglicht Offenlegung von Informationen | 2026-04-21T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1201 | Oracle Java SE: Mehrere Schwachstellen | 2026-04-21T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1160 | Red Hat Enterprise Linux und Satellite (satellite/iop-remediations-rhel9 container image): Mehrere Schwachstellen | 2026-04-16T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| wid-sec-w-2026-1147 | vim: Schwachstelle ermöglicht Codeausführung | 2026-04-15T22:00:00.000+00:00 | 2026-04-26T22:00:00.000+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| icsa-26-062-01 | Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet Module (Update A) | 2026-03-03T00:00:00.000000Z | 2026-05-07T06:00:00.000000Z |
| icsa-26-125-05 | Johnson Controls CEM AC2000 | 2026-05-05T06:00:00.000000Z | 2026-05-05T06:00:00.000000Z |
| icsa-26-125-04 | ABB B&R Automation Studio | 2026-01-19T00:30:00.000000Z | 2026-05-05T06:00:00.000000Z |
| icsa-26-125-03 | ABB B&R Automation Runtime | 2026-01-19T00:30:00.000000Z | 2026-05-05T06:00:00.000000Z |
| icsa-26-125-02 | ABB B&R PVI | 2026-01-29T00:30:00.000000Z | 2026-05-05T06:00:00.000000Z |
| icsa-26-125-01 | Hitachi Energy PCM600 | 2026-04-28T00:00:00.000000Z | 2026-05-05T06:00:00.000000Z |
| icsa-24-319-16 | Hitachi Energy MSM (Update A) | 2024-10-29T00:00:00.000000Z | 2026-05-05T06:00:00.000000Z |
| icsa-23-227-01 | Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A) | 2023-01-10T00:00:00.000000Z | 2026-05-05T06:00:00.000000Z |
| icsa-26-120-06 | ABB Ability Symphony Plus Engineering | 2026-04-13T00:30:00.000000Z | 2026-04-30T06:00:00.000000Z |
| icsa-26-120-05 | ABB AWIN Gateways | 2026-03-13T00:30:00.000000Z | 2026-04-30T06:00:00.000000Z |
| icsa-26-120-04 | ABB Ability OPTIMAX | 2026-01-16T00:30:00.000000Z | 2026-04-30T06:00:00.000000Z |
| icsa-26-120-03 | ABB Edgenius Management Portal | 2025-11-20T00:30:00.000000Z | 2026-04-30T06:00:00.000000Z |
| icsa-26-120-02 | AABB PCM600 | 2025-11-03T00:30:00.000000Z | 2026-04-30T06:00:00.000000Z |
| icsa-26-120-01 | ABB System 800xA, Symphony Plus IEC 61850 | 2026-04-13T00:30:00.000000Z | 2026-04-30T06:00:00.000000Z |
| icsa-25-128-03 | Mitsubishi Electric Multiple FA Products (Update C) | 2025-04-25T03:00:00.000000Z | 2026-04-30T06:00:00.000000Z |
| va-26-119-02 | TP-Link WR841N Router multiple vulnerabilities | 2026-04-29T14:27:50Z | 2026-04-29T14:27:50Z |
| va-26-119-01 | CryptPad unbounded WebSocket frame flood | 2026-04-29T00:00:00Z | 2026-04-29T00:00:00Z |
| icsa-26-118-01 | NSA GRASSMARLIN | 2026-04-28T06:00:00.000000Z | 2026-04-28T06:00:00.000000Z |
| icsa-26-113-06 | Intrado 911 Emergency Gateway (EGW) | 2026-04-23T06:00:00.000000Z | 2026-04-23T06:00:00.000000Z |
| icsa-26-113-05 | Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera | 2026-04-23T06:00:00.000000Z | 2026-04-23T06:00:00.000000Z |
| icsa-26-113-04 | SpiceJet Online Booking System | 2026-04-23T06:00:00.000000Z | 2026-04-23T06:00:00.000000Z |
| icsa-26-113-03 | Milesight Cameras | 2026-04-23T06:00:00.000000Z | 2026-04-23T06:00:00.000000Z |
| icsa-26-113-02 | Carlson Software VASCO-B GNSS Receiver | 2026-04-23T06:00:00.000000Z | 2026-04-23T06:00:00.000000Z |
| icsa-26-113-01 | Yadea T5 Electric Bicycle | 2026-04-23T06:00:00.000000Z | 2026-04-23T06:00:00.000000Z |
| icsa-25-114-01 | Schneider Electric Modicon Controllers (Update A) | 2019-05-14T16:48:40.000000Z | 2026-04-23T06:00:00.000000Z |
| icsa-26-111-12 | SenseLive X3050 | 2026-04-21T06:00:00.000000Z | 2026-04-21T06:00:00.000000Z |
| icsa-26-111-11 | Siemens Industrial Edge Management | 2026-04-14T00:00:00.000000Z | 2026-04-21T06:00:00.000000Z |
| icsa-26-111-10 | Silex Technology SD-330AC and AMC Manager | 2026-04-21T06:00:00.000000Z | 2026-04-21T06:00:00.000000Z |
| icsa-26-111-09 | Siemens SINEC NMS | 2026-04-14T00:00:00.000000Z | 2026-04-21T06:00:00.000000Z |
| icsa-26-111-08 | Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) | 2026-04-14T00:00:00.000000Z | 2026-04-21T06:00:00.000000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cisco-sa-unity-rce-ssrf-henhuasy | Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-slido-idor-cpsfmkxn | Cisco Slido Insecure Direct Object Reference Vulnerability | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-sg350-snmp-dos-gefzr2tj | Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-pi-unauth-infodiscl-lfnlgmey | Cisco Prime Infrastructure Information Disclosure Vulnerability | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-nso-dos-7egqyc | Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-ise-unauth-bypass-uxjrxgpb | Cisco Identity Services Engine Authentication Bypass Vulnerabilities | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-iot-fnd-dos-n8n26q4u | Cisco IoT Field Network Director Vulnerabilities | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-ece-lite-agent-bcgsn8eb | Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability | 2026-05-06T16:00:00+00:00 | 2026-05-06T16:00:00+00:00 |
| cisco-sa-ise-xss-42tgsdmg | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities | 2025-02-05T16:00:00+00:00 | 2026-05-05T18:21:38+00:00 |
| cisco-sa-asaftd-persist-cisaed25-03 | Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | 2026-04-23T15:00:00+00:00 | 2026-04-30T18:57:23+00:00 |
| cisco-sa-ise-rce-traversal-8byndvrz | Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-28T14:33:18+00:00 |
| cisco-sa-aci-cloudsec-enc-vs5wn2sx | Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability | 2023-07-05T16:00:00+00:00 | 2026-04-24T13:05:36+00:00 |
| cisco-sa-cimc-xss-a2tkgvab | Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities | 2026-04-01T16:00:00+00:00 | 2026-04-22T18:05:52+00:00 |
| cisco-sa-cimc-cmd-inj-3hkn3bvt | Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities | 2026-04-01T16:00:00+00:00 | 2026-04-22T18:01:40+00:00 |
| cisco-sa-sdwan-authbp-qwcx8d4v | Cisco Catalyst SD-WAN Vulnerabilities | 2026-02-25T16:00:00+00:00 | 2026-04-22T15:10:56+00:00 |
| cisco-sa-webex-cui-cert-8jszyhwl | Cisco Webex Services Certificate Validation Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-16T18:52:15+00:00 |
| cisco-sa-wsa-auth-bypass-6yzktqhd | Cisco Secure Web Appliance Authentication Bypass Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-16T13:14:04+00:00 |
| cisco-sa-webexcc-xss-wex5nuna | Cisco Webex Contact Center Cross-Site Scripting Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-unity-vulns-n2ejsbbw | Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-unity-file-download-rmkevwpx | Cisco Unity Connection Arbitrary File Download Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-te-agentfilewrite-tquw3smu | Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-isexss-bs8cte7u | Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-ise-rce-4fverepv | Cisco Identity Services Engine Remote Code Execution Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-ise-cmd-inj-5wsjcyjb | Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-iosxe-mntc-dos-lzweqcyq | Cisco IOS XE Software Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-04-02T19:43:54+00:00 |
| cisco-sa-ssm-cli-execution-chucwunr | Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-ndi-afw-rjurc5dz | Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-nd-ssrf-naen4o7r | Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-nd-cbid-5yqkoshu | Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-epnm-improp-auth-muwfwuu3 | Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2026-42826 | Azure DevOps Information Disclosure Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-41105 | Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-40379 | Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-35435 | Azure AI Foundry Elevation of Privilege Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-35428 | Azure Cloud Shell Spoofing Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-34327 | Microsoft Partner Center Spoofing Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-33844 | Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-33823 | Microsoft Team Events Portal Information Disclosure Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-33111 | Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-33109 | Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-32207 | Azure Machine Learning Notebook Spoofing Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-26164 | M365 Copilot Information Disclosure Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2026-26129 | M365 Copilot Information Disclosure Vulnerability | 2026-05-07T07:00:00.000Z | 2026-05-07T07:00:00.000Z |
| msrc_cve-2025-68768 | inet: frags: flush pending skbs in fqdir_pre_exit() | 2026-01-02T00:00:00.000Z | 2026-05-07T01:47:56.000Z |
| msrc_cve-2026-41082 | CVE-2026-41082 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:13:38.000Z |
| msrc_cve-2026-25833 | CVE-2026-25833 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:13:32.000Z |
| msrc_cve-2026-25834 | CVE-2026-25834 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:13:26.000Z |
| msrc_cve-2026-34872 | CVE-2026-34872 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:13:21.000Z |
| msrc_cve-2026-34871 | CVE-2026-34871 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:13:15.000Z |
| msrc_cve-2026-34873 | CVE-2026-34873 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:13:10.000Z |
| msrc_cve-2025-66442 | CVE-2025-66442 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:13:04.000Z |
| msrc_cve-2026-25835 | CVE-2026-25835 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:12:58.000Z |
| msrc_cve-2026-34876 | CVE-2026-34876 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:12:52.000Z |
| msrc_cve-2026-34874 | CVE-2026-34874 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:12:47.000Z |
| msrc_cve-2026-34875 | CVE-2026-34875 | 2026-04-02T00:00:00.000Z | 2026-05-07T01:12:41.000Z |
| msrc_cve-2026-43964 | CVE-2026-43964 | 2026-05-02T00:00:00.000Z | 2026-05-07T01:12:35.000Z |
| msrc_cve-2026-6383 | Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation | 2026-04-02T00:00:00.000Z | 2026-05-07T01:12:30.000Z |
| msrc_cve-2026-33857 | Apache HTTP Server: Off-by-one OOB reads in AJP getter functions | 2026-05-02T00:00:00.000Z | 2026-05-07T01:12:22.000Z |
| msrc_cve-2026-29168 | Apache HTTP Server: mod_md unrestricted OCSP response | 2026-05-02T00:00:00.000Z | 2026-05-07T01:12:14.000Z |
| msrc_cve-2026-29169 | Apache HTTP Server: mod_dav_lock indirect lock crash | 2026-05-02T00:00:00.000Z | 2026-05-07T01:12:05.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ncsc-2026-0135 | Kwetsbaarheden verholpen in Ivanti Endpoint Manager Mobile | 2026-05-07T16:17:26.313490Z | 2026-05-07T16:17:26.313490Z |
| ncsc-2026-0134 | Kwetsbaarheden verholpen in Apache HTTP Server | 2026-05-06T11:33:26.390004Z | 2026-05-06T11:33:26.390004Z |
| ncsc-2026-0133 | Kwetsbaarheden verholpen in Progress MOVEit Automation | 2026-05-06T09:18:44.336770Z | 2026-05-06T09:18:44.336770Z |
| ncsc-2026-0132 | Kwetsbaarheid verholpen in Palo Alto Networks PAN-OS | 2026-05-06T08:38:23.996672Z | 2026-05-06T08:42:18.423397Z |
| ncsc-2026-0131 | Kwetsbaarheid verholpen in Linux kernel cryptographic subsystem | 2026-05-01T06:13:56.267237Z | 2026-05-01T06:13:56.267237Z |
| ncsc-2026-0130 | Kwetsbaarheid verholpen in cPanel en WHM | 2026-04-30T08:00:11.291177Z | 2026-04-30T08:00:11.291177Z |
| ncsc-2026-0129 | Kwetsbaarheden verholpen in Apache Camel | 2026-04-29T08:12:14.412477Z | 2026-04-29T08:12:14.412477Z |
| ncsc-2026-0128 | Kwetsbaarheden verholpen in GitLab EE en CE | 2026-04-23T11:21:11.080481Z | 2026-04-23T11:21:11.080481Z |
| ncsc-2026-0127 | Kwetsbaarheden verholpen in Oracle PeopleSoft | 2026-04-22T14:10:36.199130Z | 2026-04-22T14:10:36.199130Z |
| ncsc-2026-0126 | Kwetsbaarheden verholpen in Oracle E-Business Suite | 2026-04-22T12:56:26.266249Z | 2026-04-22T12:56:26.266249Z |
| ncsc-2026-0125 | Kwetsbaarheden verholpen in Oracle Enterprise Manager | 2026-04-22T12:46:17.624971Z | 2026-04-22T12:46:17.624971Z |
| ncsc-2026-0124 | Kwetsbaarheden verholpen in Oracle Identity Manager Connector | 2026-04-22T11:33:45.816246Z | 2026-04-22T11:33:45.816246Z |
| ncsc-2026-0123 | Kwetsbaarheid verholpen in ASP.NET Core van Microsoft | 2026-04-22T09:40:27.334869Z | 2026-04-22T09:40:27.334869Z |
| ncsc-2026-0122 | Kwetsbaarheid verholpen in Cisco Webex Services | 2026-04-17T08:37:31.398143Z | 2026-04-17T08:37:31.398143Z |
| ncsc-2026-0121 | Kwetsbaarheden verholpen in Fortinet FortiSandbox | 2026-04-15T12:23:16.801183Z | 2026-04-15T12:23:16.801183Z |
| ncsc-2026-0120 | Kwetsbaarheden verholpen in Fortinet FortiAnalyzer en FortiManager | 2026-04-15T12:20:38.675602Z | 2026-04-15T12:20:38.675602Z |
| ncsc-2026-0115 | Kwetsbaarheid verholpen in Microsoft Defender | 2026-04-14T19:19:48.691858Z | 2026-04-15T08:54:16.881135Z |
| ncsc-2026-0119 | Kwetsbaarheden verholpen in Microsoft Windows | 2026-04-15T08:53:38.926894Z | 2026-04-15T08:53:38.926894Z |
| ncsc-2026-0118 | Kwetsbaarheden verholpen in Microsoft SQL Server | 2026-04-14T19:24:22.610160Z | 2026-04-14T19:24:22.610160Z |
| ncsc-2026-0117 | Kwetsbaarheden verholpen in Microsoft Azure | 2026-04-14T19:23:30.733725Z | 2026-04-14T19:23:30.733725Z |
| ncsc-2026-0116 | Kwetsbaarheden verholpen in Microsoft Office | 2026-04-14T19:20:56.343558Z | 2026-04-14T19:20:56.343558Z |
| ncsc-2026-0114 | Kwetsbaarheden verholpen in Microsoft Developer tools | 2026-04-14T19:18:58.666745Z | 2026-04-14T19:18:58.666745Z |
| ncsc-2026-0113 | Kwetsbaarheden verholpen in SAP-producten | 2026-04-14T12:55:40.388960Z | 2026-04-14T12:55:40.388960Z |
| ncsc-2026-0112 | Kwetsbaarheden verholpen in Siemens producten | 2026-04-14T11:37:21.682429Z | 2026-04-14T11:37:21.682429Z |
| ncsc-2026-0111 | Kwetsbaarheid verholpen in Adobe Acrobat | 2026-04-12T08:42:18.844193Z | 2026-04-13T09:38:04.129352Z |
| ncsc-2026-0110 | Kwetsbaarheid verholpen in Cisco Smart Software Manager On-Prem | 2026-04-10T14:28:58.703642Z | 2026-04-10T14:28:58.703642Z |
| ncsc-2026-0007 | Kwetsbaarheden verholpen in Microsoft Windows | 2026-01-13T19:16:30.720079Z | 2026-04-10T12:53:42.521564Z |
| ncsc-2026-0109 | Kwetsbaarheden verholpen in Synology SSL VPN Client | 2026-04-10T12:11:00.859799Z | 2026-04-10T12:11:00.859799Z |
| ncsc-2026-0108 | Kwetsbaarheid verholpen in Juniper Networks Junos OS Evolved | 2026-04-10T12:06:13.479822Z | 2026-04-10T12:06:13.479822Z |
| ncsc-2026-0107 | Kwetsbaarheid verholpen in FortiClient EMS van Fortinet | 2026-04-04T13:49:19.002116Z | 2026-04-04T13:49:19.002116Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| nn-2026:2-01 | Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 | 2026-04-15T11:00:00.000Z | 2026-04-15T11:00:00.000Z |
| nn-2026:1-01 | Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 | 2026-04-15T11:00:00.000Z | 2026-04-15T11:00:00.000Z |
| nn-2025:18-01 | Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:17-01 | HTML injection in Sensor Map in CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:16-01 | HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:15-01 | Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:14-01 | HTML injection in Asset List in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:13-01 | Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:12-01 | HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:11-01 | Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 | 2025-11-25T11:00:00.000Z | 2025-11-26T11:00:00.000Z |
| nn-2025:9-01 | Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:8-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:7-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:6-01 | Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:5-01 | Incorrect authorization for CLI in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:4-01 | Client-side path traversal in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:10-01 | Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:3-01 | Incorrect authorization for traces request/download in CMC before 25.1.0 | 2025-08-26T11:00:00.000Z | 2025-08-26T11:00:00.000Z |
| nn-2025:2-01 | Privilege escalation in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2025:1-01 | Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2023_17-01 | Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-11T11:00:00.000Z |
| nn-2023:17-01 | Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-11T11:00:00.000Z |
| nn-2024_1-01 | DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-10T11:00:00.000Z |
| nn-2024:1-01 | DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-04-10T11:00:00.000Z |
| nn-2023_12-01 | Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 | 2024-01-15T11:00:00.000Z | 2024-01-16T11:00:00.000Z |
| nn-2023:12-01 | Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 | 2024-01-15T11:00:00.000Z | 2024-01-16T11:00:00.000Z |
| nn-2023_9-01 | Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023_8-01 | Session Fixation in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023_7-01 | DoS via SAML configuration in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| nn-2023_6-01 | Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2023-11-16T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| opensuse-su-2026:10715-1 | libtree-sitter0_26-0.26.8-2.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10714-1 | traefik2-2.11.45-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10713-1 | traefik-3.6.16-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10712-1 | semaphore-2.18.1-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10711-1 | redis-8.6.3-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10710-1 | python311-jupyter-server-2.18.1-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10709-1 | python313-Django6-6.0.5-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10708-1 | python311-Django4-4.2.30-2.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10707-1 | postfix-3.11.2-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10706-1 | podman-5.8.2-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10705-1 | libpcp-devel-6.3.8-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10704-1 | micropython-1.28.0-2.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10703-1 | kernel-devel-7.0.3-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10702-1 | hauler-1.4.3-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10701-1 | avahi-0.8-44.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10700-1 | apptainer-1.4.5-4.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:10699-1 | amazon-cloudwatch-agent-1.300066.1-1.1 on GA media | 2026-05-06T00:00:00Z | 2026-05-06T00:00:00Z |
| opensuse-su-2026:20681-1 | Security update for java-21-openjdk | 2026-05-05T16:02:08Z | 2026-05-05T16:02:08Z |
| opensuse-su-2026:20680-1 | Security update for java-17-openjdk | 2026-05-05T15:49:16Z | 2026-05-05T15:49:16Z |
| opensuse-su-2026:20683-1 | Security update for opencc | 2026-05-05T15:14:20Z | 2026-05-05T15:14:20Z |
| opensuse-su-2026:20682-1 | Security update for frr | 2026-05-05T14:33:42Z | 2026-05-05T14:33:42Z |
| opensuse-su-2026:10686-1 | libwireshark19-4.6.5-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10685-1 | libthrift-0_23_0-0.23.0-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10684-1 | teleport-17.7.23-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10683-1 | skim-4.6.1-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10682-1 | rclone-1.74.0-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10681-1 | python311-social-auth-core-4.8.7-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10680-1 | python311-django-allauth-65.16.1-2.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10679-1 | net-tools-3.14~alpha~git.20251212.7011617-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| opensuse-su-2026:10678-1 | liblxc-devel-7.0.0-1.1 on GA media | 2026-05-04T00:00:00Z | 2026-05-04T00:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| oxdc-adv-2026-0001 | OX Dovecot Security Advisory OXDC-ADV-2026-0001 | 2026-03-27T00:00:00+00:00 | 2026-03-27T00:00:00+00:00 |
| oxdc-adv-2025-0001 | OX Dovecot Pro Security Advisory OXDC-ADV-2025-0001 | 2025-10-31T00:00:00+00:00 | 2025-11-27T00:00:00+00:00 |
| oxas-adv-2025-0003 | OX App Suite Security Advisory OXAS-ADV-2025-0003 | 2025-09-24T00:00:00+02:00 | 2025-11-27T00:00:00+00:00 |
| oxas-adv-2025-0002 | OX App Suite Security Advisory OXAS-ADV-2025-0002 | 2025-08-12T00:00:00+02:00 | 2025-10-31T00:00:00+00:00 |
| oxas-adv-2025-0001 | OX App Suite Security Advisory OXAS-ADV-2025-0001 | 2025-01-27T00:00:00+01:00 | 2025-04-07T00:00:00+00:00 |
| oxdc-adv-2024-0003 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 | 2024-09-10T00:00:00+02:00 | 2024-09-10T00:00:00+00:00 |
| oxdc-adv-2024-0002 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 | 2024-09-10T00:00:00+02:00 | 2024-09-10T00:00:00+00:00 |
| oxas-adv-2024-0005 | OX App Suite Security Advisory OXAS-ADV-2024-0005 | 2024-07-08T00:00:00+02:00 | 2024-09-09T00:00:00+00:00 |
| oxdc-adv-2024-0001 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 | 2024-09-02T00:00:00+02:00 | 2024-09-06T00:00:00+00:00 |
| oxas-adv-2024-0004 | OX App Suite Security Advisory OXAS-ADV-2024-0004 | 2024-06-13T00:00:00+02:00 | 2024-08-19T00:00:00+00:00 |
| oxas-adv-2024-0003 | OX App Suite Security Advisory OXAS-ADV-2024-0003 | 2024-04-24T00:00:00+02:00 | 2024-08-19T00:00:00+00:00 |
| oxas-adv-2024-0002 | OX App Suite Security Advisory OXAS-ADV-2024-0002 | 2024-03-06T00:00:00+01:00 | 2024-05-06T00:00:00+00:00 |
| oxas-adv-2024-0001 | OX App Suite Security Advisory OXAS-ADV-2024-0001 | 2024-02-08T00:00:00+01:00 | 2024-04-25T00:00:00+00:00 |
| oxas-adv-2023-0007 | OX App Suite Security Advisory OXAS-ADV-2023-0007 | 2023-12-11T00:00:00+01:00 | 2024-02-16T00:00:00+00:00 |
| oxas-adv-2023-0006 | OX App Suite Security Advisory OXAS-ADV-2023-0006 | 2023-09-25T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0005 | OX App Suite Security Advisory OXAS-ADV-2023-0005 | 2023-09-19T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0004 | OX App Suite Security Advisory OXAS-ADV-2023-0004 | 2023-08-01T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0003 | OX App Suite Security Advisory OXAS-ADV-2023-0003 | 2023-05-02T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0002 | OX App Suite Security Advisory OXAS-ADV-2023-0002 | 2023-03-20T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0001 | OX App Suite Security Advisory OXAS-ADV-2023-0001 | 2023-02-06T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2022-0002 | OX App Suite Security Advisory OXAS-ADV-2022-0002 | 2022-11-02T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2022-0001 | OX App Suite Security Advisory OXAS-ADV-2022-0001 | 2022-08-10T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2026:14937 | Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage | 2026-05-07T21:30:41+00:00 | 2026-05-07T22:05:10+00:00 |
| rhsa-2026:9848 | Red Hat Security Advisory: multicluster engine for Kubernetes v2.6.10 security update | 2026-04-22T17:54:30+00:00 | 2026-05-07T21:44:58+00:00 |
| rhsa-2026:9453 | Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.4 | 2026-04-21T17:29:36+00:00 | 2026-05-07T21:44:58+00:00 |
| rhsa-2026:9448 | Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.7 | 2026-04-21T17:23:46+00:00 | 2026-05-07T21:44:57+00:00 |
| rhsa-2026:9385 | Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.2 release | 2026-04-21T15:08:38+00:00 | 2026-05-07T21:44:57+00:00 |
| rhsa-2026:9109 | Red Hat Security Advisory: containernetworking-plugins security update | 2026-04-20T20:04:52+00:00 | 2026-05-07T21:44:56+00:00 |
| rhsa-2026:9108 | Red Hat Security Advisory: gvisor-tap-vsock security update | 2026-04-20T19:56:47+00:00 | 2026-05-07T21:44:56+00:00 |
| rhsa-2026:9098 | Red Hat Security Advisory: skopeo security update | 2026-04-20T18:55:22+00:00 | 2026-05-07T21:44:56+00:00 |
| rhsa-2026:8229 | Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.13.6 security update | 2026-04-15T02:15:09+00:00 | 2026-05-07T21:44:56+00:00 |
| rhsa-2026:9097 | Red Hat Security Advisory: runc security update | 2026-04-20T18:53:07+00:00 | 2026-05-07T21:44:55+00:00 |
| rhsa-2026:8433 | Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update | 2026-04-16T10:06:55+00:00 | 2026-05-07T21:44:54+00:00 |
| rhsa-2026:8431 | Red Hat Security Advisory: OpenShift Container Platform 4.20.19 security and extras update | 2026-04-22T06:59:10+00:00 | 2026-05-07T21:44:54+00:00 |
| rhsa-2026:8338 | Red Hat Security Advisory: Red Hat Web Terminal Operator 1.13.0 release. | 2026-04-15T18:17:16+00:00 | 2026-05-07T21:44:54+00:00 |
| rhsa-2026:8337 | Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release. | 2026-04-15T18:11:57+00:00 | 2026-05-07T21:44:54+00:00 |
| rhsa-2026:8218 | Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.5 security update | 2026-04-15T01:45:31+00:00 | 2026-05-07T21:44:54+00:00 |
| rhsa-2026:8167 | Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release. | 2026-04-14T18:58:52+00:00 | 2026-05-07T21:44:53+00:00 |
| rhsa-2026:7854 | Red Hat Security Advisory: podman security update | 2026-04-13T12:51:03+00:00 | 2026-05-07T21:44:51+00:00 |
| rhsa-2026:14868 | Red Hat Security Advisory: buildah security update | 2026-05-07T18:15:36+00:00 | 2026-05-07T21:44:50+00:00 |
| rhsa-2026:8151 | Red Hat Security Advisory: Submariner v0.22 security fixes and container updates | 2026-04-14T15:55:27+00:00 | 2026-05-07T21:44:49+00:00 |
| rhsa-2026:7942 | Red Hat Security Advisory: HawtIO 4.3.1 for Red Hat build of Apache Camel 4 Release and security update. | 2026-04-13T21:59:31+00:00 | 2026-05-07T21:44:49+00:00 |
| rhsa-2026:7676 | Red Hat Security Advisory: rhc security update | 2026-04-13T02:21:56+00:00 | 2026-05-07T21:44:48+00:00 |
| rhsa-2026:7249 | Red Hat Security Advisory: OpenShift Container Platform 4.19.28 bug fix and security update | 2026-04-16T10:18:08+00:00 | 2026-05-07T21:44:48+00:00 |
| rhsa-2026:6564 | Red Hat Security Advisory: OpenShift Container Platform 4.20.18 bug fix and security update | 2026-04-09T13:13:19+00:00 | 2026-05-07T21:44:48+00:00 |
| rhsa-2026:6554 | Red Hat Security Advisory: OpenShift Container Platform 4.18.37 bug fix and security update | 2026-04-09T07:52:48+00:00 | 2026-05-07T21:44:48+00:00 |
| rhsa-2026:13829 | Red Hat Security Advisory: RHACS 4.10.2 security and bug fix update | 2026-05-05T16:27:09+00:00 | 2026-05-07T21:44:46+00:00 |
| rhsa-2026:13791 | Red Hat Security Advisory: RHACS 4.9.6 security and bug fix update | 2026-05-05T15:33:29+00:00 | 2026-05-07T21:44:46+00:00 |
| rhsa-2026:13545 | Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update | 2026-05-04T17:14:54+00:00 | 2026-05-07T21:44:46+00:00 |
| rhsa-2026:12282 | Red Hat Security Advisory: OpenShift Container Platform 4.12.88 bug fix and security update | 2026-05-06T13:32:35+00:00 | 2026-05-07T21:44:46+00:00 |
| rhsa-2026:12032 | Red Hat Security Advisory: containernetworking-plugins security update | 2026-04-30T03:33:54+00:00 | 2026-05-07T21:44:46+00:00 |
| rhsa-2026:12279 | Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19.15 security, enhancement & bug fix update | 2026-04-30T11:36:26+00:00 | 2026-05-07T21:44:45+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| sevd-2026-104-03 | Use of Hard-coded Credentials vulnerability on Easergy MiCOM Px40 Series | 2026-04-14T07:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2026-104-02 | Third-Party vulnerability on Modicon Networking Managed Switches | 2026-04-14T07:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2026-104-01 | Multiple Vulnerabilities on PowerChute™ Serial Shutdown | 2026-04-14T07:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2025-224-05 | Modicon M340 Controller and Communication Modules | 2025-08-12T04:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2025-014-05 | Web Server on Modicon M340, Modbus/TCP Ethernet Modicon M340 module, Modbus/TCP Ethernet Modicon M340 FactoryCast module and Ethernet / Serial RTU communication modules | 2025-01-14T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2024-317-02 | Modicon Controllers M340 / Momentum / MC80 & EcoStruxure™ Control Expert | 2024-11-12T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2024-163-01 | Modicon M340, Modbus/TCP Ethernet Modicon M340 module, and Modbus/TCP Ethernet Modicon M340 FactoryCast module | 2024-06-11T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2024-044-01 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 Safety PLCs | 2024-02-13T12:41:43.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2023-010-06 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 CPU Safety | 2023-01-10T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2019-134-11 | Multiple Vulnerabilities in Modicon Controller Products | 2019-05-14T16:48:40.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2026-069-02 | Improper Neutralization vulnerability in Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-31T07:00:00.000Z |
| sevd-2026-069-01 | Improper Resource Shutdown or Release vulnerability in Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-31T07:00:00.000Z |
| sevd-2026-069-03 | Deserialization of Untrusted Data vulnerability on EcoStruxure™ Foxboro DCS | 2026-03-10T07:00:00.000Z | 2026-03-13T07:00:00.000Z |
| sevd-2026-069-06 | Deserialization of Untrusted Data vulnerability on Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-069-05 | Use of Hard-coded Credentials vulnerability in EcoStruxure™ IT Data Center Expert | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-069-04 | Improper Control of Generation of Code ('Code Injection') vulnerability on EcoStruxure™ Automation Expert | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-013-04 | Multiple Vulnerabilities on EcoStruxure Power Build Rapsody | 2026-01-13T08:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-013-01 | Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx | 2026-01-13T08:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2025-014-07 | FlexNet Publisher Vulnerability | 2025-01-14T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-041-02 | Multiple Vulnerabilities on EcoStruxure™ Building Operation Workstation and EcoStruxure™ Building Operation Webstation | 2026-02-10T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2026-041-01 | Improper Check for Unusual or Exceptional Conditions on Multiple Products | 2026-02-10T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-343-01 | EcoStruxure™ Foxboro DCS | 2025-12-09T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-189-03 | EcoStruxure™ Power Operation | 2025-07-08T04:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-042-02 | Improper Input Validation Vulnerability in Uni-Telway Driver | 2025-02-11T05:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2026-013-03 | Multiple Vulnerabilities on Zigbee Products | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2026-013-02 | Incorrect Default Permissions Vulnerability on EcoStruxure™ Process Expert | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2025-014-06 | RemoteConnect and SCADAPack™ x70 Utilities | 2025-01-14T00:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2024-317-03 | Modicon Controllers M340 / Momentum / MC80 | 2024-11-12T05:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2025-343-02 | EcoStruxure™ Foxboro DCS Advisor | 2025-12-09T08:00:00.000Z | 2025-12-09T08:00:00.000Z |
| sevd-2025-252-01 | Multiple Altivar Process Drives and Communication Modules | 2025-09-09T04:00:00.000Z | 2025-12-09T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| sca-2026-0007 | Sudo vulnerability affects Endress+Hauser MCS200HW | 2026-04-21T13:00:00.000Z | 2026-04-21T13:00:00.000Z |
| sca-2025-0003 | FreeRTOS Vulnerabilities have no impact on SICK Products | 2025-02-28T00:00:00.000Z | 2026-04-17T11:00:00.000Z |
| sca-2026-0006 | Vulnerabilities affecting SICK Lector85x and SICK Lector83x | 2026-03-06T14:00:00.000Z | 2026-03-06T14:00:00.000Z |
| sca-2026-0005 | Vulnerabilities affecting SICK LMS1000 and SICK MRS1000 | 2026-02-27T14:00:00.000Z | 2026-02-27T14:00:00.000Z |
| sca-2026-0004 | Eclipse Cyclone DDS Vulnerabilities have no impact on SICK picoScan150 & SICK picoScan120 products | 2026-02-13T14:00:00.000Z | 2026-02-13T14:00:00.000Z |
| sca-2026-0003 | Vulnerability affecting SICK nanoScan3 and microScan3 | 2026-01-26T14:00:00.000Z | 2026-01-26T14:00:00.000Z |
| sca-2026-0002 | Vulnerabilities affecting SICK Incoming Goods Suite | 2026-01-15T14:00:00.000Z | 2026-01-22T19:00:00.000Z |
| sca-2026-0001 | Vulnerabilities affecting SICK TDC-X401GL | 2026-01-15T14:00:00.000Z | 2026-01-15T14:00:00.000Z |
| sca-2025-0013 | Vulnerabilities affecting SICK TLOC100-100 | 2025-10-27T14:00:00.000Z | 2025-11-11T14:00:00.000Z |
| sca-2025-0014 | CodeMeter vulnerablity affects SICK CODE-LOC and SICK LIDAR-LOC | 2025-11-03T11:00:00.000Z | 2025-11-03T14:00:00.000Z |
| sca-2025-0012 | Sudo vulnerability affects SICK SID products | 2025-10-27T11:00:00.000Z | 2025-10-27T14:00:00.000Z |
| sca-2025-0011 | Vulnerabilities affecting Endress+Hauser SSG-E210GC | 2025-10-02T13:00:00.000Z | 2025-10-02T13:00:00.000Z |
| sca-2025-0010 | Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products | 2025-10-02T13:00:00.000Z | 2025-10-02T13:00:00.000Z |
| sca-2025-0009 | Vulnerabilities affecting SICK TDC-E210GC | 2025-08-01T13:00:00.000Z | 2025-08-01T13:00:00.000Z |
| sca-2025-0008 | Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 | 2025-07-03T13:00:00.000Z | 2025-07-03T13:00:00.000Z |
| sca-2025-0007 | Multiple vulnerabilities in SICK Field Analytics and SICK Media Server | 2025-06-12T13:00:00.000Z | 2025-06-12T13:00:00.000Z |
| sca-2025-0006 | Vulnerability affecting picoScan and multiScan | 2025-04-28T13:00:00.000Z | 2025-04-28T13:00:00.000Z |
| sca-2025-0005 | Vulnerabilities in SICK Flexi Compact | 2025-04-28T10:00:00.000Z | 2025-04-28T10:00:00.000Z |
| sca-2025-0004 | Critical vulnerabilities in SICK DL100-2xxxxxxx | 2025-03-14T11:00:00.000Z | 2025-03-14T11:00:00.000Z |
| sca-2025-0001 | Multiple vulnerabilities in SICK MEAC300 | 2025-02-14T14:00:00.000Z | 2025-02-21T14:00:00.000Z |
| sca-2025-0002 | Vulnerability in SICK Lector8xx and SICK InspectorP8xx | 2025-02-14T10:19:00.000Z | 2025-02-14T10:19:00.000Z |
| sca-2024-0007 | Vulnerability in SICK OLM | 2024-12-31T00:00:00.000Z | 2024-12-31T00:00:00.000Z |
| sca-2024-0006 | Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx | 2024-12-06T00:00:00.000Z | 2024-12-06T00:00:00.000Z |
| sca-2024-0005 | Vulnerability in SICK Incoming Goods Suite | 2024-11-19T00:00:00.000Z | 2024-11-19T00:00:00.000Z |
| sca-2024-0004 | Third party vulnerabilities in SICK CDE-100 | 2024-11-07T12:00:00.000Z | 2024-11-07T12:00:00.000Z |
| sca-2024-0003 | Critical vulnerability in multiple SICK products | 2024-10-17T13:00:00.000Z | 2024-10-17T13:00:00.000Z |
| sca-2024-0002 | Vulnerability in SICK MSC800 | 2024-09-11T23:00:00.000Z | 2024-09-11T23:00:00.000Z |
| sca-2024-0001 | Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics | 2024-01-29T00:00:00.000Z | 2024-01-29T00:00:00.000Z |
| sca-2023-0011 | Vulnerability in multiple SICK Flexi Soft Gateways | 2023-10-23T11:00:00.000Z | 2023-10-23T11:00:00.000Z |
| SCA-2023-0011 | Vulnerability in multiple SICK Flexi Soft Gateways | 2023-10-23T11:00:00.000Z | 2023-10-23T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ssa-981622 | SSA-981622: Improper Certificate Validation Vulnerability in Siemens Analytics Toolkit | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-913875 | SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11 | 2021-07-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-827968 | SSA-827968: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices | 2026-01-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-801704 | SSA-801704: Authentication Bypass Vulnerability in SINEC NMS | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-741509 | SSA-741509: Privilege Escalation Vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager Primary Before V5.8 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-726834 | SSA-726834: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices | 2023-03-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-726617 | SSA-726617: Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module | 2025-05-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-712929 | SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products | 2022-06-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-710008 | SSA-710008: Multiple Web Vulnerabilities in SCALANCE Products | 2022-08-09T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-628843 | SSA-628843: Out of Bound Read Vulnerability in TPM 2.0 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-609469 | SSA-609469: Authorization Bypass Vulnerability in Industrial Edge Management | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-605717 | SSA-605717: Authorization Bypass Vulnerability in SINEC NMS Before V4.0 SP3 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-599968 | SSA-599968: Denial of Service Vulnerability in Profinet Devices | 2021-07-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-552702 | SSA-552702: Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products | 2022-10-11T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-408105 | SSA-408105: Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products | 2022-12-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-311973 | SSA-311973: Multiple Local Privilege Escalation Vulnerabilities in SINEC NMS and User Management Component (UMC) | 2026-02-10T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-244969 | SSA-244969: OpenSSL Vulnerability in Industrial Products | 2022-02-08T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-225816 | SSA-225816: Memory Corruption Vulnerability in RUGGEDCOM CROSSBOW Station Access Controller Before V5.8 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-216014 | SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs | 2025-03-11T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-186293 | SSA-186293: XML External Entity (XXE) Injection Vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER | 2025-08-12T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-019200 | SSA-019200: Multiple Vulnerabilities in SCALANCE W-700 IEEE 802.11n Devices Before V6.6.0 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-246443 | SSA-246443: Multiple Vulnerabilities in SICAM 8 Products | 2026-03-26T00:00:00.000Z | 2026-03-26T00:00:00.000Z |
| ssa-452276 | SSA-452276: Eval Injection Vulnerability in SIMATIC S7-1500 | 2026-03-10T00:00:00.000Z | 2026-03-19T00:00:00.000Z |
| ssa-975644 | SSA-975644: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-903736 | SSA-903736: Multiple vulnerabilities in SICAM SIAPP SDK before V2.1.7 | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-868571 | SSA-868571: Missing Server Certificate Validation in IAM Client | 2025-12-09T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-770770 | SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices | 2025-02-11T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-710408 | SSA-710408: Missing Server Certificate Validation in Siemens Advanced Licensing (SALT) Toolkit | 2025-12-09T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-535115 | SSA-535115: Data Validation Vulnerability in NX Before V2512 | 2026-02-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-513708 | SSA-513708: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices | 2025-06-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| suse-su-2026:1724-1 | Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7) | 2026-05-06T15:05:00Z | 2026-05-06T15:05:00Z |
| suse-su-2026:1723-1 | Security update for openCryptoki | 2026-05-06T14:57:30Z | 2026-05-06T14:57:30Z |
| suse-su-2026:1718-1 | Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) | 2026-05-06T12:33:52Z | 2026-05-06T12:33:52Z |
| suse-su-2026:1717-1 | Security update for curl | 2026-05-06T12:13:54Z | 2026-05-06T12:13:54Z |
| suse-su-2026:1716-1 | Security update for libpng12 | 2026-05-06T12:11:50Z | 2026-05-06T12:11:50Z |
| suse-su-2026:1715-1 | Security update for python3 | 2026-05-06T12:09:50Z | 2026-05-06T12:09:50Z |
| suse-su-2026:1714-1 | Security update for erlang | 2026-05-06T12:08:10Z | 2026-05-06T12:08:10Z |
| suse-su-2026:1713-1 | Security update for flatpak | 2026-05-06T12:06:52Z | 2026-05-06T12:06:52Z |
| suse-su-2026:1712-1 | Security update for openexr | 2026-05-06T12:06:44Z | 2026-05-06T12:06:44Z |
| suse-su-2026:1711-1 | Security update for openssl-3 | 2026-05-06T12:04:47Z | 2026-05-06T12:04:47Z |
| suse-su-2026:1710-1 | Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) | 2026-05-06T11:38:10Z | 2026-05-06T11:38:10Z |
| suse-su-2026:1708-1 | Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7) | 2026-05-06T11:04:10Z | 2026-05-06T11:04:10Z |
| suse-su-2026:1706-1 | Security update for the Linux Kernel (Live Patch 79 for SUSE Linux Enterprise 12 SP5) | 2026-05-06T10:28:45Z | 2026-05-06T10:28:45Z |
| suse-su-2026:1705-1 | Security update for java-21-openjdk | 2026-05-06T10:28:38Z | 2026-05-06T10:28:38Z |
| suse-su-2026:1704-1 | Security update for java-25-openjdk | 2026-05-06T10:28:14Z | 2026-05-06T10:28:14Z |
| suse-su-2026:1703-1 | Security update for java-11-openjdk | 2026-05-06T08:45:01Z | 2026-05-06T08:45:01Z |
| suse-su-2026:1702-1 | Security update for libpng12 | 2026-05-06T07:42:57Z | 2026-05-06T07:42:57Z |
| suse-su-2026:1701-1 | Security update for PackageKit | 2026-05-06T07:42:44Z | 2026-05-06T07:42:44Z |
| suse-su-2026:1700-1 | Security update for PackageKit | 2026-05-06T07:42:33Z | 2026-05-06T07:42:33Z |
| suse-su-2026:1699-1 | Security update for sed | 2026-05-06T07:26:44Z | 2026-05-06T07:26:44Z |
| suse-su-2026:1698-1 | Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) | 2026-05-06T01:49:45Z | 2026-05-06T01:49:45Z |
| suse-su-2026:1694-1 | Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7) | 2026-05-05T23:19:07Z | 2026-05-05T23:19:07Z |
| suse-su-2026:21491-1 | Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) | 2026-05-05T14:58:33Z | 2026-05-05T14:58:33Z |
| suse-su-2026:21492-1 | Security update for openCryptoki | 2026-05-05T13:42:13Z | 2026-05-05T13:42:13Z |
| suse-su-2026:21485-1 | Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) | 2026-05-05T13:36:02Z | 2026-05-05T13:36:02Z |
| suse-su-2026:21490-1 | Security update for containerd | 2026-05-05T13:35:46Z | 2026-05-05T13:35:46Z |
| suse-su-2026:21484-1 | Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) | 2026-05-05T13:18:42Z | 2026-05-05T13:18:42Z |
| suse-su-2026:21489-1 | Security update for the Linux Kernel RT (Live Patch 19 for SUSE Linux Enterprise Micro 6.0) | 2026-05-05T13:18:14Z | 2026-05-05T13:18:14Z |
| suse-su-2026:21488-1 | Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) | 2026-05-05T13:15:07Z | 2026-05-05T13:15:07Z |
| suse-su-2026:21487-1 | Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) | 2026-05-05T13:15:07Z | 2026-05-05T13:15:07Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2026:13565 | Important: kernel security update | 2026-05-04T00:00:00Z | 2026-05-07T00:12:38Z |
| alsa-2026:13566 | Important: kernel security update | 2026-05-04T00:00:00Z | 2026-05-06T23:00:55Z |
| alsa-2026:13917 | Important: fence-agents security update | 2026-05-06T00:00:00Z | 2026-05-06T21:16:01Z |
| alsa-2026:13978 | Moderate: libsoup security update | 2026-05-06T00:00:00Z | 2026-05-06T21:14:44Z |
| alsa-2026:13857 | Important: dovecot security update | 2026-05-05T00:00:00Z | 2026-05-06T21:14:44Z |
| alsa-2026:14200 | Important: git-lfs security update | 2026-05-06T00:00:00Z | 2026-05-06T21:14:42Z |
| alsa-2026:13916 | Important: fence-agents security update | 2026-05-06T00:00:00Z | 2026-05-06T15:28:30Z |
| alsa-2026:13642 | Important: image-builder security update | 2026-05-05T00:00:00Z | 2026-05-06T12:45:30Z |
| alsa-2026:13498 | Important: dovecot security update | 2026-05-04T00:00:00Z | 2026-05-06T09:59:41Z |
| alsa-2026:13515 | Moderate: freeipmi security update | 2026-05-04T00:00:00Z | 2026-05-06T09:58:01Z |
| alsa-2026:13641 | Moderate: python-tornado security update | 2026-05-05T00:00:00Z | 2026-05-06T09:55:57Z |
| alsa-2026:13643 | Important: osbuild-composer security update | 2026-05-05T00:00:00Z | 2026-05-06T09:54:22Z |
| alsa-2026:13902 | Important: resource-agents security update | 2026-05-06T00:00:00Z | 2026-05-06T09:10:55Z |
| alsa-2026:13670 | Moderate: python-tornado security update | 2026-05-05T00:00:00Z | 2026-05-06T08:48:26Z |
| alsa-2026:13657 | Moderate: corosync security update | 2026-05-05T00:00:00Z | 2026-05-06T08:44:52Z |
| alsa-2026:13651 | Moderate: systemd security update | 2026-05-05T00:00:00Z | 2026-05-05T19:29:01Z |
| alsa-2026:13677 | Moderate: systemd security update | 2026-05-05T00:00:00Z | 2026-05-05T19:25:12Z |
| alsa-2026:13830 | Important: dovecot security update | 2026-05-05T00:00:00Z | 2026-05-05T19:20:58Z |
| alsa-2026:13671 | Important: image-builder security update | 2026-05-05T00:00:00Z | 2026-05-05T17:13:15Z |
| alsa-2026:3840 | Important: image-builder security update | 2026-03-05T00:00:00Z | 2026-05-05T17:11:52Z |
| alsa-2026:1838 | Moderate: image-builder security update | 2026-02-03T00:00:00Z | 2026-05-05T17:10:17Z |
| alsa-2026:3839 | Important: image-builder security update | 2026-03-05T00:00:00Z | 2026-05-05T11:43:10Z |
| alsa-2026:13578 | Important: kernel-rt security update | 2026-05-05T00:00:00Z | 2026-05-05T10:47:31Z |
| alsa-2026:13537 | Important: thunderbird security update | 2026-05-04T00:00:00Z | 2026-05-05T10:39:20Z |
| alsa-2026:13414 | Important: tigervnc security update | 2026-05-04T00:00:00Z | 2026-05-05T10:37:05Z |
| alsa-2026:13577 | Important: kernel security update | 2026-05-05T00:00:00Z | 2026-05-05T10:33:06Z |
| alsa-2026:13284 | Important: LibRaw security update | 2026-05-04T00:00:00Z | 2026-05-05T09:25:57Z |
| alsa-2026:13285 | Important: libcap security update | 2026-05-04T00:00:00Z | 2026-05-04T20:52:05Z |
| alsa-2026:13383 | Important: openssh security update | 2026-05-04T00:00:00Z | 2026-05-04T20:49:17Z |
| alsa-2026:13380 | Important: openssh security update | 2026-05-04T00:00:00Z | 2026-05-04T20:47:27Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| hsec-2026-0006 | Cabal deletes project source files during configure | 2026-04-08T14:23:27Z | 2026-04-08T14:23:27Z |
| hsec-2026-0004 | Hackage package metadata stored XSS vulnerability | 2026-03-28T16:05:12Z | 2026-03-28T16:05:12Z |
| hsec-2026-0002 | Hackage CSRF vulnerability | 2026-03-28T16:04:58Z | 2026-03-28T16:04:58Z |
| hsec-2024-0004 | Hackage package and doc upload stored XSS vulnerability | 2026-01-16T11:18:20Z | 2026-01-16T11:18:20Z |
| hsec-2025-0007 | cmark-gfm: resource exhaustion due to quadratic complexity in parser | 2025-12-27T08:58:56Z | 2025-12-27T08:58:56Z |
| hsec-2025-0006 | Private key leak via inherited file descriptor | 2025-11-17T02:22:38Z | 2025-11-17T02:22:38Z |
| hsec-2025-0005 | cabal-install dependency confusion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0004 | Broken Path Sanitization in spacecookie Library | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0003 | Use after free in multithreaded lzma (.xz) decoder | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0002 | Double Public Key Signing Function Oracle Attack on Ed25519 | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0001 | Subword division operations may produce incorrect results | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0009 | Public key confusion in third-party blocks | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0008 | Sign extension error in the PPC64le FFI | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0007 | Sign extension error in the AArch64 NCG | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0006 | fromIntegral: conversion error | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0003 | process: command injection via argument list on Windows | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0002 | out-of-bounds write when there are many bzip2 selectors | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0001 | Reflected XSS vulnerability in keter | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0015 | cabal-install uses expired key policies | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0014 | Arbitrary file write is possible when using PDF output or --extract-media with untrusted input | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0013 | git-annex plaintext storage of embedded credentials on encrypted remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0012 | git-annex checksum exposure to encrypted special remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0011 | git-annex GPG decryption attack via compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0010 | git-annex private data exfiltration to compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0009 | git-annex command injection via malicious SSH hostname | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0008 | Stored XSS in hledger-web | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0007 | readFloat: memory exhaustion with large exponent | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0006 | x509-validation does not enforce pathLenConstraint | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0005 | tls-extra: certificate validation does not check Basic Constraints | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0004 | xml-conduit unbounded entity expansion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osec-2026-03 | opam install sandbox escape | 2026-04-15T22:00:00Z | 2026-04-16T21:00:00Z |
| osec-2026-01 | Buffer Over-Read in OCaml Marshal Deserialization | 2026-02-17T13:30:00Z | 2026-02-27T09:30:00Z |
| osec-2026-02 | ARP unbounded memory usage | 2026-02-18T10:30:00Z | 2026-02-18T10:30:00Z |
| osec-2022-01 | Infinite loop in console output on xen | 2022-12-07T00:00:00Z | 2026-02-18T09:30:00Z |
| osec-2025-01 | Albatross console out of memory | 2025-08-15T00:18:22Z | 2026-01-13T12:00:00Z |
| osec-2019-02 | Grant unshare vulnerability in mirage-xen | 2019-04-26T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2019-01 | Memory disclosure in mirage-net-xen | 2019-03-21T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2016-02 | Memory disclosure in mirage-net-xen | 2016-05-03T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2023-01 | Time of check time of use issue in opam's cache | 2023-05-25T12:00:00Z | 2026-01-09T12:00:00Z |
| osec-2016-01 | Buffer overflow and information leak in OCaml < 4.03.0 | 2016-04-29T00:18:22Z | 2026-01-01T12:00:00Z |
| osec-2018-01 | An integer overflow in the `bigarray` serialization module leads to arbitrary code execution | 2018-04-06T18:29:00Z | 2025-12-16T12:00:00Z |
| osec-2017-01 | Local privilege escalation issue with ocaml binaries | 2017-06-23T15:19:47Z | 2025-12-16T12:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2023-307 | Heap-buffer-overflow in bit_read_BB | 2023-04-13T14:02:09.774988Z | 2026-05-07T14:17:01.342020Z |
| osv-2022-714 | Heap-buffer-overflow in dynapi_set_helper | 2022-08-15T00:00:47.794062Z | 2026-05-07T14:13:31.834583Z |
| osv-2022-653 | Heap-double-free in dwg_free_common_entity_data | 2022-07-30T00:01:52.491112Z | 2026-05-07T14:13:24.635002Z |
| osv-2022-1259 | Heap-buffer-overflow in dwg_decode_INSERT_private | 2022-12-13T13:00:46.870838Z | 2026-05-07T14:10:02.070092Z |
| osv-2022-1198 | Heap-buffer-overflow in dwg_json_LTYPE | 2022-11-23T13:02:06.623044Z | 2026-05-07T14:09:47.448031Z |
| osv-2022-1176 | Heap-double-free in dwg_free | 2022-11-18T13:00:26.857477Z | 2026-05-07T14:08:05.880700Z |
| osv-2022-1165 | Heap-buffer-overflow in parse_content_length | 2022-11-12T13:00:05.964113Z | 2026-05-07T14:07:27.321654Z |
| osv-2021-1343 | Heap-buffer-overflow in get_next_owned_entity | 2021-09-21T00:01:33.177403Z | 2026-05-07T14:07:09.424954Z |
| osv-2022-400 | Heap-double-free in dwg_free_XRECORD_private | 2022-05-08T00:00:40.782520Z | 2026-05-07T14:07:07.574564Z |
| osv-2021-1086 | Heap-buffer-overflow in dwg_convert_SAB_to_SAT1 | 2021-08-02T00:00:31.888461Z | 2026-05-07T14:07:06.078048Z |
| osv-2022-388 | Segv on unknown address in dwg_ref_get_object | 2022-05-01T00:01:54.904711Z | 2026-05-07T14:07:03.424302Z |
| osv-2022-379 | Segv on unknown address in bit_write_TV | 2022-04-27T00:00:44.539231Z | 2026-05-07T14:07:00.834986Z |
| osv-2022-372 | Heap-buffer-overflow in dwg_encode_VERTEX_2D | 2022-04-26T00:00:09.352798Z | 2026-05-07T14:04:57.284808Z |
| osv-2024-719 | Heap-buffer-overflow in hevc_ref_pic_lists_modification | 2024-08-07T00:05:22.699506Z | 2026-05-06T14:47:57.671872Z |
| osv-2024-695 | Stack-buffer-overflow in gf_vvc_parse_nalu_bs | 2024-07-31T00:02:35.217594Z | 2026-05-06T14:46:48.762980Z |
| osv-2024-664 | Heap-buffer-overflow in gf_dash_group_get_template | 2024-07-18T00:13:55.576218Z | 2026-05-06T14:44:38.886623Z |
| osv-2024-659 | Index-out-of-bounds in gf_vvc_parse_nalu_bs | 2024-07-18T00:01:18.765548Z | 2026-05-06T14:43:22.128420Z |
| osv-2026-76 | Security exception in org.htmlunit.cyberneko.HTMLTagBalancer.endElement | 2026-01-18T00:02:11.715201Z | 2026-05-06T14:36:18.326705Z |
| osv-2022-1235 | Heap-buffer-overflow in _rrparse | 2022-12-04T13:00:30.303410Z | 2026-05-06T14:23:13.848368Z |
| osv-2022-882 | Use-of-uninitialized-value in SfxEntry::test_condition | 2022-09-11T00:01:48.463118Z | 2026-05-05T14:11:40.775630Z |
| osv-2024-680 | Security exception in com.github.javaparser.GeneratedJavaParser.Expression | 2024-07-26T00:06:29.761307Z | 2026-05-04T14:22:08.224431Z |
| osv-2024-675 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-07-24T00:07:37.523933Z | 2026-05-04T14:21:28.619874Z |
| osv-2024-662 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-07-18T00:06:40.832938Z | 2026-05-04T14:21:15.393865Z |
| osv-2024-248 | Security exception in com.github.javaparser.CommentsInserter.insertComments | 2024-04-10T00:06:40.907073Z | 2026-05-04T14:19:23.695308Z |
| osv-2024-195 | Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept | 2024-03-24T00:14:24.746452Z | 2026-05-04T14:18:35.195926Z |
| osv-2023-606 | Heap-buffer-overflow in ZSTD_decompressMultiFrame | 2023-07-23T14:01:02.159160Z | 2026-05-04T14:15:29.176008Z |
| osv-2023-1350 | Heap-buffer-overflow in inflate | 2023-12-23T00:12:38.562149Z | 2026-05-04T14:15:26.036213Z |
| osv-2023-319 | Heap-buffer-overflow in ZSTD_decompressSequencesLong_bmi2 | 2023-04-16T14:01:58.406534Z | 2026-05-04T14:14:52.268260Z |
| osv-2022-1134 | Heap-buffer-overflow in ndlz8_decompress | 2022-11-04T00:02:11.463429Z | 2026-05-04T14:09:28.582818Z |
| osv-2024-85 | Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept | 2024-02-08T00:13:58.690460Z | 2026-05-04T14:09:11.112779Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2026-0120 | NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0119 | CPU exhaustion during message encoding due to O(n²) name compression | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0118 | NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0117 | Fragile bounds check when sampling from image | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0116 | Improper check of an invariant resulting in incorrect bounds checks | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0115 | Fragile bounds check when sampling from image | 2026-05-01T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0114 | Panic when allocating a table exceeding the size of the host's address space | 2026-04-30T12:00:00Z | 2026-05-07T08:56:41Z |
| rustsec-2026-0121 | Denial of service in Steamworks game clients/servers using P2P authentication | 2026-05-05T12:00:00Z | 2026-05-06T13:41:21Z |
| rustsec-2026-0111 | Possible UTF-8 corruption in Diesels SQLite backend | 2026-04-24T12:00:00Z | 2026-05-06T06:32:50Z |
| rustsec-2026-0109 | Broken hard revocation handling | 2026-04-21T12:00:00Z | 2026-05-06T06:32:50Z |
| rustsec-2026-0108 | `sui-execution-cut` was removed from crates.io for malicious code | 2026-04-23T12:00:00Z | 2026-05-06T06:32:50Z |
| rustsec-2026-0107 | `mysten-metrics` was removed from crates.io for malicious code | 2026-04-22T12:00:00Z | 2026-05-06T06:32:50Z |
| rustsec-2026-0113 | `unpack_in` can chmod arbitrary directories by following symlinks | 2026-04-27T12:00:00Z | 2026-04-28T13:17:23Z |
| rustsec-2026-0112 | PAX Header Desynchronization in astral-tokio-tar | 2026-04-27T12:00:00Z | 2026-04-28T13:17:23Z |
| rustsec-2026-0103 | Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics | 2026-04-14T12:00:00Z | 2026-04-27T20:28:03Z |
| rustsec-2026-0105 | core2 is unmaintained, all versions yanked | 2026-04-14T12:00:00Z | 2026-04-25T15:01:07Z |
| rustsec-2026-0078 | Symbol confusion after hasher panic in `intaglio` interners | 2026-03-30T12:00:00Z | 2026-04-25T07:25:22Z |
| rustsec-2023-0071 | Marvin Attack: potential key recovery through timing sidechannels | 2023-11-22T12:00:00Z | 2026-04-25T06:40:09Z |
| rustsec-2026-0110 | bare-metal is deprecated | 2026-04-23T12:00:00Z | 2026-04-24T09:37:01Z |
| rustsec-2026-0106 | Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation | 2026-04-22T12:00:00Z | 2026-04-22T19:53:31Z |
| rustsec-2026-0104 | Reachable panic in certificate revocation list parsing | 2026-04-22T12:00:00Z | 2026-04-22T08:56:10Z |
| rustsec-2026-0097 | Rand is unsound with a custom logger using `rand::rng()` | 2026-04-09T12:00:00Z | 2026-04-17T15:55:25Z |
| rustsec-2026-0102 | `microsoftsystem64` was removed from crates.io for malicious code | 2026-04-13T12:00:00Z | 2026-04-15T21:38:09Z |
| rustsec-2026-0101 | `safe-agent-rs` was removed from crates.io for being affiliated with malicious code | 2026-04-13T12:00:00Z | 2026-04-15T21:38:09Z |
| rustsec-2026-0100 | `pretty-changelog-logger` was removed from crates.io for malicious code | 2026-04-13T12:00:00Z | 2026-04-15T21:38:09Z |
| rustsec-2026-0099 | Name constraints were accepted for certificates asserting a wildcard name | 2026-04-14T12:00:00Z | 2026-04-15T09:57:12Z |
| rustsec-2026-0098 | Name constraints for URI names were incorrectly accepted | 2026-04-14T12:00:00Z | 2026-04-15T07:36:20Z |
| rustsec-2025-0161 | libsecp256k1 is unmaintained | 2025-01-14T12:00:00Z | 2026-04-14T11:24:03Z |
| rustsec-2026-0096 | Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0095 | Wasmtime with Winch compiler backend may allow a sandbox-escaping memory access | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-valkey-2026-25243 | redis-server RESTORE invalid memory access may allow remote code execution | 2026-05-07T11:52:00.374Z | 2026-05-07T12:11:36.665Z |
| bit-valkey-2026-23631 | redis-server Lua use-after-free may allow remote code execution | 2026-05-07T11:51:58.626Z | 2026-05-07T12:11:36.665Z |
| bit-valkey-2026-23479 | redis-server use-after-free in unblock client flow may allow remote code execution | 2026-05-07T11:51:56.838Z | 2026-05-07T12:11:36.665Z |
| bit-redis-2026-25243 | redis-server RESTORE invalid memory access may allow remote code execution | 2026-05-07T11:51:17.557Z | 2026-05-07T12:11:36.665Z |
| bit-keydb-2026-25243 | redis-server RESTORE invalid memory access may allow remote code execution | 2026-05-07T11:43:05.710Z | 2026-05-07T12:11:36.665Z |
| bit-thrift-2026-43870 | Apache Thrift: Node.js web_server.js multi-vulnerability | 2026-05-07T08:53:18.614Z | 2026-05-07T09:12:02.780Z |
| bit-thrift-2026-43869 | Apache Thrift: TSSLTransportFactory.java hostname verification | 2026-05-07T08:53:17.253Z | 2026-05-07T09:12:02.780Z |
| bit-thrift-2026-43868 | Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern | 2026-05-07T08:53:15.762Z | 2026-05-07T09:12:02.780Z |
| bit-redis-2026-25589 | RedisBloom RESTORE invalid memory access may allow remote code execution | 2026-05-07T08:53:11.906Z | 2026-05-07T09:12:02.780Z |
| bit-redis-2026-25588 | RedisTimeSeries RESTORE invalid memory access may allow remote code execution | 2026-05-07T08:53:10.146Z | 2026-05-07T09:12:02.780Z |
| bit-redis-2026-23631 | redis-server Lua use-after-free may allow remote code execution | 2026-05-07T08:53:06.760Z | 2026-05-07T09:12:02.780Z |
| bit-redis-2026-23479 | redis-server use-after-free in unblock client flow may allow remote code execution | 2026-05-07T08:53:05.164Z | 2026-05-07T09:12:02.780Z |
| bit-modsecurity2-2026-30923 | libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings | 2026-05-07T08:46:02.356Z | 2026-05-07T09:12:02.780Z |
| bit-modsecurity-2026-30923 | libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings | 2026-05-07T08:45:59.405Z | 2026-05-07T09:12:02.780Z |
| bit-keydb-2026-25589 | RedisBloom RESTORE invalid memory access may allow remote code execution | 2026-05-07T08:42:59.502Z | 2026-05-07T09:12:02.780Z |
| bit-keydb-2026-25588 | RedisTimeSeries RESTORE invalid memory access may allow remote code execution | 2026-05-07T08:42:57.726Z | 2026-05-07T09:12:02.780Z |
| bit-keydb-2026-23631 | redis-server Lua use-after-free may allow remote code execution | 2026-05-07T08:42:54.096Z | 2026-05-07T09:12:02.780Z |
| bit-keydb-2026-23479 | redis-server use-after-free in unblock client flow may allow remote code execution | 2026-05-07T08:42:52.441Z | 2026-05-07T09:12:02.780Z |
| bit-dotnet-2026-33116 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 2026-05-07T08:39:34.257Z | 2026-05-07T09:12:02.780Z |
| bit-dotnet-2026-32203 | .NET and Visual Studio Denial of Service Vulnerability | 2026-05-07T08:39:32.547Z | 2026-05-07T09:12:02.780Z |
| bit-apache-2026-29168 | Apache HTTP Server: mod_md unrestricted OCSP response | 2026-05-07T08:38:45.362Z | 2026-05-07T09:12:02.780Z |
| bit-apache-2026-28780 | Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() | 2026-05-07T08:38:43.651Z | 2026-05-07T09:12:02.780Z |
| bit-java-2026-34282 | 2026-05-06T14:46:19.457Z | 2026-05-06T15:10:05.412Z | |
| bit-java-2026-34268 | 2026-05-06T14:46:17.850Z | 2026-05-06T15:10:05.412Z | |
| bit-java-2026-23865 | 2026-05-06T14:46:16.250Z | 2026-05-06T15:10:05.412Z | |
| bit-java-2026-22021 | 2026-05-06T14:46:14.835Z | 2026-05-06T15:10:05.412Z | |
| bit-java-2026-22018 | 2026-05-06T14:46:13.467Z | 2026-05-06T15:10:05.412Z | |
| bit-java-2026-22016 | 2026-05-06T14:46:12.241Z | 2026-05-06T15:10:05.412Z | |
| bit-java-2026-22013 | 2026-05-06T14:46:10.852Z | 2026-05-06T15:10:05.412Z | |
| bit-java-2026-22008 | 2026-05-06T14:46:09.450Z | 2026-05-06T15:10:05.412Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-gn46454 | When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written | 2026-04-30T00:36:57.162497Z | 2026-04-29T13:34:44Z |
| cleanstart-2026-fu04414 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-30T00:38:58.272669Z | 2026-04-29T09:22:25Z |
| cleanstart-2026-cz07385 | Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default | 2026-04-30T00:39:59.023250Z | 2026-04-29T09:21:35Z |
| cleanstart-2026-fk30234 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web To... | 2026-04-30T00:36:57.018431Z | 2026-04-29T09:20:07Z |
| cleanstart-2026-cn84623 | Within HostnameError | 2026-04-30T00:53:26.653377Z | 2026-04-29T09:12:44Z |
| cleanstart-2026-gy48351 | Within HostnameError | 2026-04-30T00:53:26.601522Z | 2026-04-29T09:10:13Z |
| cleanstart-2026-mi12470 | Within HostnameError | 2026-04-30T00:49:56.616377Z | 2026-04-29T09:05:33Z |
| cleanstart-2026-fr97108 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T00:58:27.074156Z | 2026-04-29T07:50:05Z |
| cleanstart-2026-kt28044 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T01:03:26.906365Z | 2026-04-29T07:43:21Z |
| cleanstart-2026-hq88036 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T01:00:58.604637Z | 2026-04-29T07:41:49Z |
| cleanstart-2026-do31246 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-30T01:04:59.604515Z | 2026-04-29T07:38:43Z |
| cleanstart-2026-dn20646 | spdystream is a Go library for multiplexing streams over SPDY connections | 2026-04-30T01:01:32.482507Z | 2026-04-29T07:32:10Z |
| cleanstart-2026-md91760 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-04-30T01:00:59.806172Z | 2026-04-29T07:27:32Z |
| cleanstart-2026-hv96032 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-04-30T01:01:32.104241Z | 2026-04-29T07:26:58Z |
| cleanstart-2026-cz64396 | Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-wjrx-6529-hcj3 applied in versions: 0.37.1-r1 | 2026-04-30T01:01:28.425053Z | 2026-04-29T07:22:17Z |
| cleanstart-2026-lz84631 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-04-30T01:01:45.829893Z | 2026-04-29T07:14:23Z |
| cleanstart-2026-bu99819 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-29T00:37:56.608985Z | 2026-04-28T06:46:53Z |
| cleanstart-2026-ms93111 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-28T00:36:04.248443Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-kl42544 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-04-28T00:36:04.463924Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-jp09281 | In libexpat before 2 | 2026-04-28T00:36:34.505244Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-dj93523 | In libexpat before 2 | 2026-04-28T00:37:35.208500Z | 2026-04-27T10:21:39Z |
| cleanstart-2026-hq78610 | Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java | 2026-04-25T00:45:02.559999Z | 2026-04-24T22:46:48Z |
| cleanstart-2026-ly60131 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-25T00:38:42.064940Z | 2026-04-24T13:16:02Z |
| cleanstart-2026-ij61309 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-25T00:38:42.251779Z | 2026-04-24T13:16:02Z |
| cleanstart-2026-kx82113 | In libexpat before 2 | 2026-04-23T00:37:25.300123Z | 2026-04-22T09:49:02Z |
| cleanstart-2026-hm96194 | In libexpat before 2 | 2026-04-23T00:37:25.660354Z | 2026-04-22T09:49:02Z |
| cleanstart-2026-is05941 | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native | 2026-04-23T00:39:55.461024Z | 2026-04-22T06:13:27Z |
| cleanstart-2026-fo49462 | Security fixes for ghsa-3xc5-wrhm-f963 applied in versions: 1.31.1-r0 | 2026-04-22T00:36:28.593230Z | 2026-04-21T09:53:20Z |
| cleanstart-2026-kb76878 | When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written | 2026-04-22T00:39:59.241183Z | 2026-04-21T09:47:18Z |
| cleanstart-2026-al68245 | filippo | 2026-04-22T00:37:28.755649Z | 2026-04-21T09:29:42Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2026-033 | 2026-04-22T17:47:43.000Z | 2026-04-22T17:47:43.000Z | |
| drupal-contrib-2026-032 | 2026-04-08T16:09:54.000Z | 2026-04-10T16:51:06.000Z | |
| drupal-contrib-2026-031 | 2026-04-01T16:38:14.000Z | 2026-04-02T14:13:13.000Z | |
| drupal-contrib-2026-029 | 2026-03-11T16:35:02.000Z | 2026-03-26T19:50:52.000Z | |
| drupal-contrib-2026-028 | 2026-03-11T16:33:14.000Z | 2026-03-26T19:43:59.000Z | |
| drupal-contrib-2026-030 | 2026-03-18T16:10:00.000Z | 2026-03-18T16:10:00.000Z | |
| drupal-contrib-2026-015 | 2026-02-25T18:47:57.000Z | 2026-03-17T13:20:54.000Z | |
| drupal-contrib-2026-024 | 2026-03-04T17:59:51.000Z | 2026-03-05T14:03:05.000Z | |
| drupal-contrib-2026-027 | 2026-03-04T18:02:59.000Z | 2026-03-04T18:02:59.000Z | |
| drupal-contrib-2026-026 | 2026-03-04T18:02:14.000Z | 2026-03-04T18:02:14.000Z | |
| drupal-contrib-2026-025 | 2026-03-04T18:00:41.000Z | 2026-03-04T18:00:41.000Z | |
| drupal-contrib-2026-023 | 2026-03-04T17:58:55.000Z | 2026-03-04T17:58:55.000Z | |
| drupal-contrib-2026-022 | 2026-03-04T17:57:58.000Z | 2026-03-04T17:57:58.000Z | |
| drupal-contrib-2026-021 | 2026-03-04T17:56:18.000Z | 2026-03-04T17:56:18.000Z | |
| drupal-contrib-2026-020 | 2026-03-04T17:54:27.000Z | 2026-03-04T17:54:27.000Z | |
| drupal-contrib-2026-016 | 2026-02-25T18:49:59.000Z | 2026-02-25T19:30:03.000Z | |
| drupal-contrib-2026-019 | 2026-02-25T18:51:43.000Z | 2026-02-25T18:51:43.000Z | |
| drupal-contrib-2026-018 | 2026-02-25T18:51:26.000Z | 2026-02-25T18:51:26.000Z | |
| drupal-contrib-2026-017 | 2026-02-25T18:51:01.000Z | 2026-02-25T18:51:01.000Z | |
| drupal-contrib-2026-014 | 2026-02-25T18:46:10.000Z | 2026-02-25T18:46:10.000Z | |
| drupal-contrib-2026-013 | 2026-02-25T18:45:13.000Z | 2026-02-25T18:45:13.000Z | |
| drupal-contrib-2026-012 | 2026-02-25T18:44:38.000Z | 2026-02-25T18:44:38.000Z | |
| drupal-contrib-2026-011 | 2026-02-25T18:43:32.000Z | 2026-02-25T18:43:32.000Z | |
| drupal-contrib-2026-010 | 2026-02-11T16:54:18.000Z | 2026-02-25T17:17:46.000Z | |
| drupal-contrib-2026-009 | 2026-02-11T16:53:32.000Z | 2026-02-12T15:37:20.000Z | |
| drupal-contrib-2026-008 | 2026-02-04T17:23:40.000Z | 2026-02-04T17:23:40.000Z | |
| drupal-contrib-2025-110 | 2025-09-24T17:27:41.000Z | 2025-09-24T17:27:41.000Z |
| ID | Description | Updated |
|---|---|---|
| ts-2026-001 | TS-2026-001 | 2026-01-15T00:00 |
| ts-2025-008 | TS-2025-008 | 2025-11-19T00:00 |
| ts-2025-007 | TS-2025-007 | 2025-11-07T00:00 |
| ts-2025-006 | TS-2025-006 | 2025-10-28T00:00 |
| ts-2025-005 | TS-2025-005 | 2025-08-07T00:00 |
| ts-2025-004 | TS-2025-004 | 2025-05-27T00:00 |
| ts-2025-003 | TS-2025-003 | 2025-05-21T00:00 |
| ts-2025-002 | TS-2025-002 | 2025-05-15T00:00 |
| ts-2025-001 | TS-2025-001 | 2025-03-07T00:00 |
| ts-2024-013 | TS-2024-013 | 2024-12-04T00:00 |
| ts-2024-012 | TS-2024-012 | 2024-10-02T00:00 |
| ts-2024-011 | TS-2024-011 | 2024-07-22T00:00 |
| ts-2024-010 | TS-2024-010 | 2024-07-19T00:00 |
| ts-2024-009 | TS-2024-009 | 2024-06-27T00:00 |
| ts-2024-008 | TS-2024-008 | 2024-06-14T00:00 |
| ts-2024-007 | TS-2024-007 | 2024-06-12T00:00 |
| ts-2024-006 | TS-2024-006 | 2024-05-22T00:00 |
| ts-2024-005 | TS-2024-005 | 2024-05-08T00:00 |
| ts-2024-004 | TS-2024-004 | 2024-05-06T00:00 |
| ts-2024-003 | TS-2024-003 | 2024-04-23T00:00 |
| ts-2024-002 | TS-2024-002 | 2024-01-30T00:00 |
| ts-2024-001 | TS-2024-001 | 2024-01-08T00:00 |
| ts-2023-009 | TS-2023-009 | 2023-12-22T00:00 |
| ts-2023-008 | TS-2023-008 | 2023-11-01T00:00 |
| ts-2023-007 | TS-2023-007 | 2023-10-26T00:00 |
| ts-2023-006 | TS-2023-006 | 2023-08-22T00:00 |
| ts-2023-005 | TS-2023-005 | 2023-04-28T00:00 |
| ts-2023-004 | TS-2023-004 | 2023-04-04T00:00 |
| ts-2023-003 | TS-2023-003 | 2023-03-22T00:00 |
| ts-2023-002 | TS-2023-002 | 2023-01-24T00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-ale-003 | Note d’alerte – Ciblage des messageries instantanées | 2026-03-20T00:00:00.000000 | 2026-04-20T00:00:00.000000 |
| certfr-2026-ale-004 | Vulnérabilité dans F5 BIG-IP Access Policy Manager | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-ale-002 | [MàJ] Vulnérabilité dans Cisco Catalyst SD-WAN | 2026-02-25T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| CERTFR-2025-ALE-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| CERTFR-2026-ALE-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| CERTFR-2025-ALE-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| CERTFR-2025-ALE-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| CERTFR-2025-ALE-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| CERTFR-2025-ALE-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| CERTFR-2025-ALE-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| CERTFR-2025-ALE-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| CERTFR-2025-ALE-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-04T00:00:00.000000 | 2025-04-11T00:00:00.000000 |
| CERTFR-2025-ALE-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| CERTFR-2025-ALE-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| CERTFR-2025-ALE-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| CERTFR-2025-ALE-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-04T00:00:00.000000 | 2025-04-11T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-05-07T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0552 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0551 | Multiples vulnérabilités dans GLPI | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0550 | Multiples vulnérabilités dans les produits IBM | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0549 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0548 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0547 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0546 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0545 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0544 | Multiples vulnérabilités dans les produits Cisco | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0543 | Multiples vulnérabilités dans Spring Cloud Config | 2026-05-07T00:00:00.000000 | 2026-05-07T00:00:00.000000 |
| certfr-2026-avi-0542 | Multiples vulnérabilités dans Progress Telerik | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0541 | Multiples vulnérabilités dans Zabbix | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0540 | Multiples vulnérabilités dans VMware Tanzu Gemfire | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0539 | Multiples vulnérabilités dans Juniper Networks Secure Analytics | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0538 | Multiples vulnérabilités dans Asterisk | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0537 | Vulnérabilité dans Palo Alto Networks User-ID Authentication Portal | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0536 | Multiples vulnérabilités dans Redis | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0535 | Multiples vulnérabilités dans Google Chrome | 2026-05-06T00:00:00.000000 | 2026-05-06T00:00:00.000000 |
| certfr-2026-avi-0534 | Vulnérabilité dans Google Android | 2026-05-05T00:00:00.000000 | 2026-05-05T00:00:00.000000 |
| certfr-2026-avi-0533 | Multiples vulnérabilités dans Papercut | 2026-05-05T00:00:00.000000 | 2026-05-05T00:00:00.000000 |
| certfr-2026-avi-0532 | Multiples vulnérabilités dans Progress MOVEit Automation | 2026-05-05T00:00:00.000000 | 2026-05-05T00:00:00.000000 |
| certfr-2026-avi-0531 | Vulnérabilité dans Traefik | 2026-05-05T00:00:00.000000 | 2026-05-05T00:00:00.000000 |
| certfr-2026-avi-0530 | Multiples vulnérabilités dans Apache HTTP Server | 2026-05-05T00:00:00.000000 | 2026-05-05T00:00:00.000000 |
| certfr-2026-avi-0529 | Multiples vulnérabilités dans Mozilla Thunderbird | 2026-05-04T00:00:00.000000 | 2026-05-04T00:00:00.000000 |
| certfr-2026-avi-0528 | Vulnérabilité dans Qnap QTS | 2026-05-04T00:00:00.000000 | 2026-05-04T00:00:00.000000 |
| certfr-2026-avi-0527 | Multiples vulnérabilités dans VMware Tanzu Kubernetes Runtime | 2026-05-04T00:00:00.000000 | 2026-05-04T00:00:00.000000 |
| certfr-2026-avi-0526 | Multiples vulnérabilités dans les produits Microsoft | 2026-05-04T00:00:00.000000 | 2026-05-04T00:00:00.000000 |
| certfr-2026-avi-0525 | Multiples vulnérabilités dans Microsoft Edge | 2026-05-04T00:00:00.000000 | 2026-05-04T00:00:00.000000 |
| certfr-2026-avi-0524 | Multiples vulnérabilités dans Exim | 2026-04-30T00:00:00.000000 | 2026-04-30T00:00:00.000000 |
| certfr-2026-avi-0523 | Multiples vulnérabilités dans les produits IBM | 2026-04-30T00:00:00.000000 | 2026-04-30T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-000066 | Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor | 2026-04-30T17:02+09:00 | 2026-04-30T17:02+09:00 |
| jvndb-2026-000064 | GROWI vulnerable to Regular expression Denial-of-Service (ReDoS) | 2026-04-23T16:57+09:00 | 2026-04-30T12:19+09:00 |
| jvndb-2026-006408 | Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810] | 2026-04-24T17:56+09:00 | 2026-04-24T17:56+09:00 |
| jvndb-2026-012056 | Multiple vulnerabilities in silex technology SD-330AC and AMC Manager | 2026-04-21T15:27+09:00 | 2026-04-23T17:57+09:00 |
| jvndb-2026-000063 | IP Setting Software may insecurely load Dynamic Link Libraries | 2026-04-23T16:57+09:00 | 2026-04-23T16:57+09:00 |
| jvndb-2026-000062 | CMS ALAYA vulnerable to SQL injection | 2026-04-23T16:57+09:00 | 2026-04-23T16:57+09:00 |
| jvndb-2026-000059 | Multiple vulnerabilities in LogonTracer | 2026-04-23T16:57+09:00 | 2026-04-23T16:57+09:00 |
| jvndb-2026-000061 | Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries | 2026-04-22T15:45+09:00 | 2026-04-22T15:45+09:00 |
| jvndb-2026-000060 | DeepL Chrome browser extension vulnerable to cross-site scripting | 2026-04-22T15:45+09:00 | 2026-04-22T15:45+09:00 |
| jvndb-2026-000058 | Ziostation2 vulnerable to path traversal | 2026-04-22T15:45+09:00 | 2026-04-22T15:45+09:00 |
| jvndb-2026-000051 | SKYSEA Client View and SKYMEC IT Manager improper file access permission settings | 2026-04-20T14:47+09:00 | 2026-04-20T14:47+09:00 |
| jvndb-2026-011472 | OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries | 2026-04-17T14:54+09:00 | 2026-04-17T14:54+09:00 |
| jvndb-2026-000057 | Multiple vulnerabilities in CubeCart | 2026-04-17T13:32+09:00 | 2026-04-17T13:32+09:00 |
| jvndb-2026-000056 | Arcserve UDP Console vulnerable to redirect to a dummy URL | 2026-04-16T17:29+09:00 | 2026-04-16T17:29+09:00 |
| jvndb-2026-000055 | GROWI vulnerable to stored cross-site scripting | 2026-04-15T17:21+09:00 | 2026-04-15T17:21+09:00 |
| jvndb-2026-010851 | Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers | 2026-04-14T18:13+09:00 | 2026-04-14T18:13+09:00 |
| jvndb-2026-000053 | EmoCheck loads Dynamic Link Libraries insecurely | 2026-04-10T13:38+09:00 | 2026-04-10T13:38+09:00 |
| jvndb-2026-007973 | Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005) | 2026-03-23T14:54+09:00 | 2026-04-09T13:55+09:00 |
| jvndb-2026-000052 | Multiple vulnerabilities in MATCHA series | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-000050 | Multiple vulnerabilities in Movable Type | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-010301 | Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-010300 | Multiple Vulnerabilities in Hitachi Ops Center Viewpoint | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-010299 | Multiple Vulnerabilities in Hitachi Ops Center Common Services | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-009720 | Multiple vulnerabilities in FUJI Electric V-SFT (April 2026) | 2026-04-02T14:58+09:00 | 2026-04-03T15:50+09:00 |
| jvndb-2026-000049 | Multiple vulnerabilities in NEC Aterm series (NV26-001) | 2026-04-03T15:09+09:00 | 2026-04-03T15:09+09:00 |
| jvndb-2026-009412 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009411 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009410 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009409 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009408 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-19056 | Google Android权限提升漏洞(CNVD-2026-19056) | 2026-03-06 | 2026-04-30 |
| cnvd-2026-19046 | WordPress插件WCFM Marketplace SQL注入漏洞 | 2026-04-21 | 2026-04-30 |
| cnvd-2026-19045 | 多款Apple产品拒绝服务漏洞(CNVD-2026-19045) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19044 | Linux kernel本地权限提升漏洞(CNVD-2026-19044) | 2026-04-23 | 2026-04-30 |
| cnvd-2026-19043 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19043) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19042 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19042) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19041 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19041) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19040 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19040) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19039 | Apple macOS Tahoe堆缓冲区溢出漏洞 | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19038 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19038) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19037 | Apple macOS存在未明漏洞(CNVD-2026-19037) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19036 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19036) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19035 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-19035) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19034 | Apple macOS存在未明漏洞(CNVD-2026-19034) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19033 | Apple macOS信息泄露漏洞(CNVD-2026-19033) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19032 | Apple macOS拒绝服务漏洞(CNVD-2026-19032) | 2026-03-31 | 2026-04-30 |
| cnvd-2026-19031 | WordPress插件YouTube Showcase跨站脚本漏洞 | 2026-04-21 | 2026-04-30 |
| cnvd-2026-19030 | OpenClaw存在未明漏洞(CNVD-2026-19030) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19029 | OpenClaw存在未明漏洞(CNVD-2026-19029) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19028 | OpenClaw后置链接漏洞(CNVD-2026-19028) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19027 | OpenClaw路径遍历漏洞(CNVD-2026-19027) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19026 | OpenClaw存在未明漏洞(CNVD-2026-19026) | 2026-04-28 | 2026-04-30 |
| cnvd-2026-19025 | Flowise信息泄露漏洞 | 2026-04-24 | 2026-04-30 |
| cnvd-2026-19013 | Delta Electronics AS320T拒绝服务漏洞 | 2026-04-25 | 2026-04-29 |
| cnvd-2026-18831 | TOTOLINK A3300R password参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18823 | TOTOLINK A3300R provider参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18822 | TOTOLINK A3300R ttlWay参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18821 | TOTOLINK A3300R dhcpMtu参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18820 | TOTOLINK A3300R pppoeMtu参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| cnvd-2026-18819 | TOTOLINK A3300R pppoeServiceName参数命令注入漏洞 | 2026-04-24 | 2026-04-29 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01844 | Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01843 | Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01842 | Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01841 | Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01840 | Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01839 | Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01838 | Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01837 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01836 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01835 | Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01834 | Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01833 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01832 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01831 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01830 | Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01829 | Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01827 | Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01826 | Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01825 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01824 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01823 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01822 | Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01821 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01820 | Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01819 | Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01818 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01817 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01816 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01815 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… | 16.02.2026 | 16.02.2026 |
| ID | Description | Updated |
|---|---|---|
| var-202407-2188 | Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digita… | 2024-07-23T22:46:32.699000Z |
| var-202406-3119 | Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 is a new generation of multi-s… | 2024-07-23T22:46:22.685000Z |
| var-202407-1740 | NBR6135-E is a router. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6135-E ha… | 2024-07-23T22:46:18.378000Z |
| var-202407-1417 | Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digita… | 2024-07-23T22:46:07.784000Z |
| var-202407-1103 | Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digita… | 2024-07-23T22:46:01.992000Z |
| var-202407-0957 | WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile… | 2024-07-23T22:45:59.391000Z |
| var-202407-0819 | SIMATIC S7-1500 is a modular control system suitable for various automation applications … | 2024-07-23T22:45:56.958000Z |
| var-202407-0818 | NBR6210-E is a router product. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6… | 2024-07-23T22:45:56.946000Z |
| var-202407-0779 | Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Tenda of … | 2024-07-23T22:45:56.150000Z |
| var-202407-0778 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnera… | 2024-07-23T22:45:56.131000Z |
| var-202407-0745 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnera… | 2024-07-23T22:45:55.498000Z |
| var-202305-1479 | D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution … | 2024-07-23T22:45:09.335000Z |
| var-202108-1158 | A race condition was addressed with improved locking. This issue is fixed in macOS Monter… | 2024-07-23T22:44:06.976000Z |
| var-201109-0089 | Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used… | 2024-07-23T22:43:49.590000Z |
| var-200702-0378 | Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 … | 2024-07-23T22:43:25.614000Z |
| var-201011-0225 | Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent … | 2024-07-23T22:41:43.584000Z |
| var-201112-0297 | Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Ne… | 2024-07-23T22:41:20.004000Z |
| var-201507-0645 | D-Link is an internationally renowned provider of network equipment and solutions, includ… | 2024-07-23T22:41:18.832000Z |
| var-201803-1810 | A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial … | 2024-07-23T22:41:17.171000Z |
| var-201809-0087 | WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vul… | 2024-07-23T22:41:16.554000Z |
| var-200607-0396 | Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) b… | 2024-07-23T22:41:04.279000Z |
| var-201702-0423 | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft… | 2024-07-23T22:40:53.160000Z |
| var-202305-1588 | D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerabilit… | 2024-07-23T22:40:05.297000Z |
| var-201112-0173 | The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, … | 2024-07-23T22:39:32.535000Z |
| var-201103-0371 | SAP Crystal Reports Server is a complete reporting solution for creating, managing, and d… | 2024-07-23T22:39:32.874000Z |
| var-201706-0017 | In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClie… | 2024-07-23T22:38:34.494000Z |
| var-202305-1520 | D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vul… | 2024-07-23T22:38:26.576000Z |
| var-202407-0490 | A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP … | 2024-07-23T22:38:24.768000Z |
| var-201810-0396 | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabili… | 2024-07-23T22:37:44.850000Z |
| var-202001-0833 | A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe mo… | 2024-07-23T22:37:43.471000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-028 | Draeger: ICMHelper is vulnerable to a privilege escalation | 2025-08-05T10:00:00.000Z | 2026-01-06T11:00:00.000Z |
| vde-2019-012 | TECSON/GOK: Improper Authentication and Access Control on multiple devices | 2019-06-04T13:21:00.000Z | 2025-05-14T13:00:14.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-023 | Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSL | 2026-04-22T08:00:00.000Z | 2026-04-22T08:00:00.000Z |
| vde-2025-104 | Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware | 2026-03-18T08:00:00.000Z | 2026-03-18T08:00:00.000Z |
| vde-2025-109 | Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware | 2026-02-10T08:00:00.000Z | 2026-02-23T14:00:00.000Z |
| vde-2025-073 | Phoenix Contact: Security Advisory for TC ROUTER and CLOUD CLIENT Industrial mobile network routers | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| vde-2025-071 | Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx Firmware | 2025-12-09T08:00:00.000Z | 2026-01-12T08:00:00.000Z |
| vde-2025-074 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-10-14T10:00:00.000Z | 2025-10-15T10:00:00.000Z |
| vde-2025-072 | Phoenix Contact: Security Advisory for QUINT4-UPS EIP | 2025-10-14T06:00:00.000Z | 2025-10-14T06:00:00.000Z |
| vde-2018-003 | PHOENIX CONTACT: addressing Meltdown and Spectre vulnerabilities | 2018-03-23T09:43:00.000Z | 2025-10-01T08:00:00.000Z |
| vde-2025-077 | Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2025-064 | Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation | 2025-09-09T07:00:00.000Z | 2025-09-09T07:00:00.000Z |
| vde-2024-039 | Phoenix Contact: Multiple Vulnerabilities in mGuard devices | 2024-09-10T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-022 | Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers | 2024-08-13T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-063 | Phoenix Contact: Device and Update Management Windows Installer Privilege Escalation | 2025-08-12T10:00:00.000Z | 2025-08-12T10:00:00.000Z |
| vde-2025-019 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-07-08T10:00:00.000Z | 2025-07-22T08:00:00.000Z |
| vde-2019-015 | PHOENIX CONTACT: Security Advisory for multiple Industrial Controllers | 2019-08-07T00:00:00.000Z | 2025-07-11T07:00:00.000Z |
| vde-2025-054 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2025-053 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2025-014 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2023-057 | Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC | 2023-12-12T07:00:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2023-001 | PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware | 2023-02-14T07:50:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2020-002 | PHOENIX CONTACT: Advisory for multiple FL Switch GHS utilising VxWorks | 2020-02-25T09:07:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2024-073 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2024-12-09T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-071 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2024-12-09T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-058 | Phoenix Contact: PLCnext Control prone to download of code without integrity check | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-056 | Phoenix Contact: PLCnext prone to Incorrect Permission Assignment for Critical Resource | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-054 | Phoenix Contact: ProConOS prone to Download of Code Without Integrity Check | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-051 | Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732 | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-018 | Phoenix Contact: Multiple vulnerabilities in WP 6xxx Web panels | 2023-08-08T06:41:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-017 | Phoenix Contact: Multiple vulnerabilities in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices | 2023-08-08T04:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-016 | Phoenix Contact: PLCnext Engineer Vulnerabilities in LibGit2Sharp/LibGit2 | 2023-08-08T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-085 | Welotec: Path Traversal in SmartEMS Upload Handling | 2025-09-10T07:00:00.000Z | 2025-09-22T08:00:00.000Z |
| vde-2025-076 | Welotec: Hard-coded JWT secret in egOS WebGUI | 2025-08-26T07:00:00.000Z | 2025-08-26T07:00:00.000Z |
| vde-2024-009 | Welotec: Two vulnerabilities in TK500v1 router series | 2024-04-09T08:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-043 | Welotec: Multiple products are vulnerable to regreSSHion | 2024-08-22T06:00:00.000Z | 2024-08-22T06:00:00.000Z |
| vde-2024-023 | Welotec: Clickjacking Vulnerability in WebUI | 2024-04-23T08:00:00.000Z | 2024-04-23T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| advisory2026-04_vde-2026-040 | CODESYS EtherNetIP - Improper timeout handling | 2026-04-23T12:00:00.000Z | 2026-04-23T12:00:00.000Z |
| advisory2026-03_vde-2026-018 | CODESYS Control V3 - Externally-controlled format string in Auditlog | 2026-03-24T08:00:00.000Z | 2026-03-24T08:00:00.000Z |
| advisory2026-02_vde-2026-011 | CODESYS Control V3 - Untrusted boot application | 2026-03-24T08:00:00.000Z | 2026-03-24T08:00:00.000Z |
| advisory2026-01_vde-2026-012 | CODESYS Installer - Possible Privilege Escalation | 2026-03-10T10:00:00.000Z | 2026-03-10T10:00:00.000Z |
| advisory2025-10_vde-2025-100 | CODESYS Control - Invalid type usage in visualization | 2025-12-01T10:00:00.000Z | 2026-02-12T11:00:00.000Z |
| advisory2025-09_vde-2025-099 | CODESYS Control - Linux/QNX SysSocket flaw | 2025-12-01T11:00:00.000Z | 2026-02-12T11:00:00.000Z |
| advisory2025-11_vde-2025-101 | CODESYS Development System - Deserialization of Untrusted Data | 2025-12-01T10:00:00.000Z | 2025-12-01T10:00:00.000Z |
| advisory2025-08_vde-2025-070 | CODESYS Control V3 - NULL pointer dereference | 2025-08-04T08:00:00.000Z | 2025-10-14T08:00:00.000Z |
| advisory2025-07_vde-2025-051 | CODESYS Control V3 - Exposed PKI folder | 2025-08-04T10:00:00.000Z | 2025-09-01T10:00:00.000Z |
| advisory2025-06_vde-2025-049 | CODESYS Control V3 - Insecure default permissions | 2025-08-04T10:00:00.000Z | 2025-08-04T10:00:00.000Z |
| advisory2025-04_vde-2025-022 | CODESYS Control V3 - OPC UA Server Authentication bypass | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-03_vde-2025-015 | CODESYS Control V3 removable media path traversal | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-02_vde-2025-013 | CODESYS (Edge) Gateway for Windows insecure default | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-01_vde-2025-001 | CODESYS Key physical side-channel vulnerability | 2025-01-21T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| vde-2024-024 | CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files | 2024-05-06T08:00:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2024-027 | CODESYS: Vulnerability in multiple products through exposure of resource to wrong sphere | 2024-06-04T06:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-026 | CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products | 2024-06-04T08:00:00.000Z | 2025-05-14T13:00:14.000Z |
| advisory2025-05_vde-2025-027 | CODESYS Visualization user management bypass in WebVisu | 2025-04-23T10:00:00.000Z | 2025-04-23T10:00:00.000Z |
| advisory2024-05_vde-2024-057 | CODESYS: CODESYS web server vulnerable to DoS | 2024-09-25T21:59:00.000Z | 2025-04-03T10:00:00.000Z |
| vde-2024-046 | OSCAT: Out-of-bounds read in OSCAT Basic library | 2024-09-10T14:00:00.000Z | 2024-09-10T14:00:00.000Z |
| vde-2023-066 | CODESYS: OS Command Injection Vulnerability in multiple CODESYS Control products | 2023-12-05T14:25:00.000Z | 2023-12-05T14:25:00.000Z |
| vde-2023-035 | CODESYS: Multiple products affected by WIBU Codemeter vulnerability | 2023-12-05T07:00:00.000Z | 2023-12-05T07:00:00.000Z |
| vde-2023-025 | CODESYS: Control runtime system memory and integrity check vulnerabilities | 2023-08-03T11:18:00.000Z | 2023-08-03T11:18:00.000Z |
| vde-2023-023 | CODESYS: Missing Brute-Force protection in CODESYS Development System | 2023-08-03T11:08:00.000Z | 2023-08-03T11:08:00.000Z |
| vde-2023-022 | CODESYS: Missing integrity check in CODESYS Development System | 2023-08-03T10:52:00.000Z | 2023-08-03T10:52:00.000Z |
| vde-2023-021 | CODESYS: Vulnerability in CODESYS Development System allows execution of binaries | 2023-08-03T10:48:00.000Z | 2023-08-03T10:48:00.000Z |
| vde-2023-019 | CODESYS: Multiple Vulnerabilities in CmpApp CmpAppBP and CmpAppForce | 2023-08-03T10:42:00.000Z | 2023-08-03T10:42:00.000Z |
| vde-2023-024 | CODESYS: Vulnerability in CODESYS Development System and CODESYS Scripting | 2023-07-28T07:45:00.000Z | 2023-07-28T07:45:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-067 | Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access | 2025-08-10T10:00:00.000Z | 2025-08-25T10:00:00.000Z |
| vde-2022-057 | Wiesemann & Theis multiple products prone to web interface vulnerability | 2022-12-13T07:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-018 | Wiesemann & Theis: Multiple products prone to unquoted search path | 2024-02-28T07:00:00.000Z | 2025-05-14T12:36:39.000Z |
| vde-2025-024 | Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated jQuery version | 2025-05-13T10:00:00.000Z | 2025-05-13T10:00:00.000Z |
| vde-2025-032 | Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting | 2025-05-06T10:00:00.000Z | 2025-05-06T10:00:00.000Z |
| vde-2025-031 | Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions | 2025-04-28T10:00:00.000Z | 2025-04-28T10:00:00.000Z |
| vde-2022-043 | Wiesemann & Theis: Multiple Vulnerabilities in the Com-Server Family | 2022-11-07T11:43:00.000Z | 2022-11-07T12:14:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-030 | MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2026-04-02T11:00:00.000Z | 2026-04-02T11:00:00.000Z |
| vde-2026-024 | MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2026-03-23T12:00:00.000Z | 2026-03-23T12:00:00.000Z |
| vde-2024-068 | MB connect line: Multiple Vulnerabilities in MB connect line Products | 2024-10-15T08:00:00.000Z | 2026-03-06T08:00:00.000Z |
| vde-2024-056 | MB connect line: Multiple Vulnerabilities in mbNET.mini Product | 2024-10-15T08:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-010 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-03-18T11:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-065 | MB connect line: Sandbox escape in mbNET's LUA interpreter | 2025-07-31T10:00:00.000Z | 2025-07-31T10:00:00.000Z |
| vde-2025-058 | MB connect line: Multiple vulnerabilities in mbNET.mini | 2025-07-21T10:00:00.000Z | 2025-07-21T10:00:00.000Z |
| vde-2025-035 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2025-034 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2021-030 | MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 (Update A) | 2022-09-07T10:48:00.000Z | 2025-06-06T07:00:00.000Z |
| vde-2023-002 | MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24 | 2023-05-15T14:06:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-037 | MB connect line: Remote user enumeration in mbCONNECT24/mymbCONNECT24 | 2021-10-27T10:15:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-031 | MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24 | 2021-07-22T11:33:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-017 | MB connect line: Privilege escalation in mbDIALUP | 2021-07-22T11:35:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-012 | MB connect line: multiple products partially affected by DNSpooq | 2021-04-26T08:04:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-035 | MB connect line: Multiple Vulnerabilities in mymbCONNECT24 and mbCONNECT24 <= v2.6.1 | 2020-09-18T12:30:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-030 | MB connect line: mbNET.mini vulnerable to OS command injection | 2024-07-03T09:00:00.000Z | 2024-07-03T09:00:00.000Z |
| vde-2023-041 | MB connect line: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24 | 2023-10-16T08:38:00.000Z | 2023-10-16T08:38:00.000Z |
| vde-2024-042 | MB connect line: Multiple products are vulnerable to regreSSHion | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2023-012 | MB connect line: Cross-site Scripting vulnerability in mbNET/mbNET.rokey | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2022-011 | MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24 | 2022-09-07T12:50:00.000Z | 2022-09-07T12:50:00.000Z |
| vde-2021-003 | MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A) | 2022-09-07T10:46:00.000Z | 2022-09-07T10:46:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-015 | Helmholz: Use of a Broken or Risky Cryptographic Algorithm | 2026-04-21T10:00:00.000Z | 2026-04-21T12:00:00.000Z |
| vde-2026-043 | Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual | 2026-04-13T11:00:00.000Z | 2026-04-13T11:00:00.000Z |
| vde-2026-013 | Helmholz: Use of a Broken or Risky Cryptographic Algorithm | 2026-04-07T08:00:00.000Z | 2026-04-07T08:00:00.000Z |
| vde-2026-025 | Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual | 2026-03-23T12:00:00.000Z | 2026-03-23T12:00:00.000Z |
| vde-2024-069 | Helmholz: Multiple Vulnerabilities in Helmholz products | 2024-10-15T08:00:00.000Z | 2026-03-06T08:00:00.000Z |
| vde-2024-066 | Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product | 2024-10-15T08:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-069 | Helmholz: Sandbox escape in REX200/250 LUA interpreter | 2025-07-31T10:00:00.000Z | 2025-07-31T10:00:00.000Z |
| vde-2025-059 | Helmholz: Multiple vulnerabilities in REX 100 | 2025-07-21T10:00:00.000Z | 2025-07-21T10:00:00.000Z |
| vde-2025-038 | Vulnerabilities in myREX24/myREX24.virtual | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2025-037 | Vulnerabilities in myREX24/myREX24.virtual | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2021-057 | Helmholz: Privilege Escalation in shDialup (Update A) | 2021-03-28T13:03:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2024-031 | Helmholz: Vulnerabilities in myREX24 V2/myREX24.virtual | 2025-03-18T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2022-017 | Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual | 2022-09-07T12:54:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-058 | Helmholz: Remote user enumeration in myREX24/myREX24-virtual | 2021-12-08T13:04:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-044 | Helmholz: Multiple products are vulnerable to regreSSHion | 2024-07-31T08:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-032 | Helmholz: REX 100 vulnerable to OS command injection | 2024-07-03T09:00:00.000Z | 2024-07-03T13:33:00.000Z |
| vde-2023-043 | Helmholz: Vulnerability allows access to non-critical information in myREX24 and myREX24.virtual | 2023-10-16T08:38:00.000Z | 2023-10-16T08:38:00.000Z |
| vde-2023-029 | Helmholz: Cross-site Scripting vulnerability in REX 200/REX 250 | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2023-008 | Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual | 2023-05-15T12:06:00.000Z | 2023-05-15T12:06:00.000Z |
| vde-2022-039 | Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual | 2022-09-07T10:56:00.000Z | 2022-09-07T10:56:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fsa-202601 | Several CODESYS vulnerabilities in Festo Automation Suite | 2026-02-26T08:00:00.000Z | 2026-02-26T08:00:00.000Z |
| fsa-202302 | Festo: Several vulnerabilities in FactoryViews | 2023-07-10T10:00:00.000Z | 2026-02-02T08:00:00.000Z |
| fsa-202402 | Several Vulnerabilities in MES PC (Windows 10) | 2024-02-27T12:00:00.000Z | 2025-12-08T07:00:00.000Z |
| fsa-202405 | Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability | 2024-09-09T07:00:00.000Z | 2025-11-05T08:00:00.000Z |
| fsa-202401 | Festo: Multiple products contain CoDe16 vulnerability | 2024-01-30T07:00:00.000Z | 2025-11-04T11:00:00.000Z |
| fsa-202202 | Festo: Controller CECC-S,LK,D family <= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system | 2022-07-18T10:00:00.000Z | 2025-11-03T11:00:00.000Z |
| fsa-202209 | Festo: Incomplete documentation of remote accessible functions and protocols in Festo products | 2022-11-29T11:49:00.000Z | 2025-11-03T10:00:00.000Z |
| fsa-202208 | Festo: Multiple Festo products contain an unsafe default Codesys configuration | 2022-11-29T11:41:00.000Z | 2025-10-28T11:00:00.000Z |
| fsa-202206 | Festo: Vulnerable WIBU-SYSTEMS CodeMeter Runtime in multiple products | 2022-12-13T11:50:00.000Z | 2025-10-01T10:50:00.000Z |
| fsa-202304 | Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions | 2023-09-05T10:00:00.000Z | 2025-10-01T10:00:00.000Z |
| fsa-202301 | Festo: Cross-Site-Scripting (XSS) vulnerability in LX-Appliance | 2023-08-29T10:00:00.000Z | 2025-10-01T10:00:00.000Z |
| fsa-202303 | Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products | 2023-10-17T06:00:00.000Z | 2025-10-01T06:00:00.000Z |
| fsa-202101 | Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q | 2021-09-22T11:13:00.000Z | 2025-08-26T10:00:00.000Z |
| fsa-202207 | Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function | 2022-09-20T10:00:00.000Z | 2025-07-28T10:00:00.000Z |
| fsa-202203 | Festo: Controller CECC-S,LK,D family firmware 2.4.2.0 - multiple vulnerabilities in CODESYS V3 runtime system | 2022-07-18T10:00:00.000Z | 2025-07-10T10:00:00.000Z |
| fsa-202201 | Festo: CECC-X-M1 - command injection vulnerabilities | 2022-07-06T07:00:00.000Z | 2025-06-23T08:00:00.000Z |
| fsa-202305 | Festo: Vulnerable WIBU-SYSTEMS CodeMeter Runtime in several products | 2023-11-28T07:00:00.000Z | 2025-05-13T10:00:00.000Z |
| fsa-202406 | Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo | 2024-12-03T11:00:00.000Z | 2024-12-03T14:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-011 | PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability and information disclosure | 2025-05-26T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-038 | Pepperl+Fuchs: Anonymous FTP server and Telnet access allows information disclosure and manipulation | 2024-07-10T06:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-002 | PEPPERL+FUCHS: HMI – devices are affected by Windows RCE | 2025-02-25T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-017 | Pepperl+Fuchs: ICE2- * and ICE3- * are affected by multiple vulnerabilities | 2024-04-10T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-021 | Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities | 2022-05-16T14:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-041 | Pepperl+Fuchs: Multiple DTM and VisuNet Software affected by log4net vulnerability | 2021-10-26T13:35:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-053 | Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities | 2021-03-08T13:44:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-017 | Pepperl+Fuchs, PACTware: Two password vulnerabilities found | 2020-05-29T10:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-033 | PEPPERL+FUCHS: Device Master ICDM-RX/* – Vulnerability may allow unauthenticated remote attacker information disclosure and denial of service | 2024-08-13T12:00:00.000Z | 2025-05-14T14:34:17.000Z |
| vde-2020-014 | Pepperl+Fuchs: Kr00k vulnerabilities in Broadcom Wi-Fi chipsets | 2020-03-31T13:30:00.000Z | 2025-05-14T14:34:17.000Z |
| vde-2021-006 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-11-16T14:53:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2020-050 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-02-15T13:33:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2021-028 | Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities | 2021-08-16T12:01:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-027 | Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-10-16T12:00:00.001Z | 2025-05-14T13:00:14.000Z |
| vde-2020-038 | Pepperl+Fuchs: Multiple vulnerabilites in Comtrol IO-Link Master | 2021-01-04T13:01:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2019-002 | Pepperl+Fuchs: Path traversal in WirelessHART Gateway | 2019-03-06T10:35:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-007 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-02-16T14:53:00.000Z | 2025-05-14T12:53:43.000Z |
| vde-2024-065 | PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key | 2024-11-26T11:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-063 | PEPPERL+FUCHS: Multiple products are affected by regreSSHion | 2024-10-08T12:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-001 | Pepperl+Fuchs: Vulnerability allowing code-excution in PACTware <=5.0.5.31 | 2021-01-15T12:41:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2018-016 | Pepperl+Fuchs: ecom Mobile devices prone to Android privilege elevation vulnerability | 2018-10-19T10:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2018-002 | Pepperl+Fuchs: HMI devices vulnerable to Meltdown and Spectre Attacks | 2018-02-14T08:50:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-037 | Pepperl+Fuchs: Use after free vulnerability in Smart-Ex 02 and Smart-Ex 03 | 2024-07-10T06:00:00.000Z | 2024-07-10T06:00:00.000Z |
| vde-2022-012 | Pepperl+Fuchs: Vulnerability in multiple VisuNet devices | 2022-04-26T12:00:00.000Z | 2022-05-16T14:15:00.000Z |
| vde-2021-034 | Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices | 2021-07-30T07:55:00.000Z | 2021-07-30T07:55:00.000Z |
| vde-2021-018 | Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules | 2021-05-12T08:57:00.000Z | 2021-05-12T08:57:00.000Z |
| vde-2020-040 | Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux | 2020-10-05T12:00:00.000Z | 2020-10-05T12:00:00.000Z |
| vde-2020-034 | Pepperl+Fuchs: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components | 2020-09-10T13:22:00.000Z | 2020-09-10T13:22:00.000Z |
| vde-2019-011 | Pepperl+Fuchs: Remote code execution vulnerability in HMI devices | 2019-05-29T07:35:00.000Z | 2019-10-07T10:00:00.000Z |
| vde-2019-004 | Pepperl+Fuchs: ecom Mobile Devices prone to BlueBorne Attack | 2019-03-14T07:52:00.000Z | 2019-03-14T07:52:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ppsa-2026-002 | Pilz: Vulnerability affecting PASvisu Runtime | 2026-04-23T12:00:00.000Z | 2026-04-23T12:00:00.000Z |
| ppsa-2026-001 | Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service | 2026-02-02T08:00:00.000Z | 2026-02-02T10:00:00.000Z |
| ppsa-2025-004 | Pilz: Vulnerability affecting PASvisu Runtime | 2025-10-20T10:00:00.000Z | 2025-10-20T10:00:00.000Z |
| ppsa-2025-003 | Pilz: Authentication Bypass in IndustrialPI Webstatus | 2025-07-01T10:00:00.000Z | 2025-07-01T10:00:00.000Z |
| ppsa-2025-002 | Pilz: Missing Authentication in Node-RED integration | 2025-07-01T10:00:00.000Z | 2025-07-01T10:00:00.000Z |
| ppsa-2025-001 | Pilz: Authentication Bypass and Cross-Site-Scripting in PiCtory | 2025-06-30T10:00:00.000Z | 2025-06-30T10:00:00.000Z |
| vde-2022-044 | Pilz: Multiple products affected by ZipSlip | 2022-11-24T09:00:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2023-048 | Pilz: Multiple products prone to libwebp vulnerability | 2023-12-05T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-033 | Pilz: WIBU Vulnerabilitiy in multiple Products | 2023-10-12T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-045 | Pilz: PAS 4000 prone to ZipSlip | 2022-11-24T09:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-009 | Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities | 2021-09-20T11:56:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-033 | Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities | 2020-09-10T13:18:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2023-050 | Pilz: Vulnerability in PASvisu and PMI v8xx | 2024-01-30T07:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-002 | Pilz: Multiple products affected by uC/HTTP vulnerability | 2024-02-06T07:00:00.000Z | 2024-02-06T07:00:00.000Z |
| vde-2023-059 | Pilz: Electron Vulnerabilities in PASvisu and PMI v8xx | 2023-12-05T07:06:00.000Z | 2023-12-05T07:06:00.000Z |
| vde-2022-033 | Pilz: PASvisu and PMI affected by multiple vulnerabilities | 2022-11-24T09:00:00.000Z | 2022-11-24T09:00:00.000Z |
| vde-2021-061 | Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2021-055 | Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2021-054 | Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-008 | Wago: Vulnerability in WBM through Open VPN | 2026-04-08T07:00:00.000Z | 2026-04-08T07:00:00.000Z |
| vde-2026-021 | WAGO: Multiple Vulnerabilities in WAGO VC Hub | 2026-03-30T07:00:00.000Z | 2026-03-30T07:00:00.000Z |
| vde-2026-010 | WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere | 2026-03-30T07:00:00.000Z | 2026-03-30T07:00:00.000Z |
| vde-2026-020 | WAGO: Vulnerability in managed switches | 2026-03-23T08:00:00.000Z | 2026-03-23T08:00:00.000Z |
| vde-2026-004 | WAGO: Vulnerabilities in Managed Switch | 2026-02-09T08:00:00.000Z | 2026-02-09T08:00:00.000Z |
| vde-2025-095 | WAGO: Vulnerabilities in WAGO Industrial-Managed Switches | 2025-12-10T10:00:00.000Z | 2026-01-19T08:00:00.000Z |
| vde-2025-018 | WAGO: Vulnerabilities in WAGO Device Manager | 2025-06-16T10:00:00.000Z | 2025-11-21T12:00:00.000Z |
| vde-2025-062 | WAGO: Multiple Vulnerabilities in CODESYS components | 2025-11-03T11:00:00.000Z | 2025-11-03T11:00:00.000Z |
| vde-2025-087 | WAGO: Vulnerabilities in Device Sphere and Solution Builder | 2025-09-24T09:00:00.000Z | 2025-09-24T09:00:00.000Z |
| vde-2018-013 | WAGO: 750-8xx Controller Denial of Service | 2018-08-17T09:45:00.000Z | 2025-09-22T10:00:00.000Z |
| vde-2025-083 | WAGO: Vulnerability in hardware switch circuit | 2025-09-15T08:00:00.000Z | 2025-09-15T08:00:00.000Z |
| vde-2025-080 | WAGO: Multiple Vulnerabilities in I/O-Check Service | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2025-082 | WAGO: Critical sudo Vulnerability in Multiple Products | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-048 | WAGO: Escalation of Privileges in Coupler Firmware | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-057 | WAGO: Vulnerability in WAGO Device Sphere | 2025-06-23T10:00:00.000Z | 2025-07-07T06:15:00.000Z |
| vde-2025-040 | WAGO: Vulnerabilities in ctrlX OS app | 2025-06-16T10:00:00.000Z | 2025-06-16T10:00:00.000Z |
| vde-2024-014 | WAGO: Multiple products affected by Terrapin | 2024-02-22T07:00:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2025-020 | WAGO: Switches affected by year 2k38 problem | 2025-06-02T06:00:00.000Z | 2025-06-02T06:00:00.000Z |
| vde-2024-047 | WAGO: Multiple vulnerabilities in docker configuration | 2024-11-18T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-026 | WAGO: Multiple products prone to multiple vulnerabilities in e!Runtime / CODESYS V3 Runtime | 2023-07-31T07:36:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-007 | WAGO: Unauthenticated command execution via Web-based-management UPDATE A | 2023-05-15T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-009 | WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe | 2022-04-06T07:30:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-002 | WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT and WAGO-I/O-Pro | 2022-01-31T13:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-060 | WAGO: Smart Script affected by Log4Shell Vulnerability | 2022-01-05T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-049 | WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3 | 2021-11-16T12:05:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-014 | WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 | 2021-05-20T09:08:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-011 | WAGO: Multiple Vulnerabilities in I/O-Check Service | 2020-03-09T09:30:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-009 | WAGO: e!Cockpit Two Update Package Vulnerabilities | 2020-03-09T09:18:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2018-010 | WAGO: Multiple vulnerabilities in e!DISPLAY products | 2018-07-10T09:50:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-008 | WAGO: Vulnerabilities in CODESYS Control | 2025-02-04T11:00:00.000Z | 2025-05-14T13:00:15.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-005 | ifm: Multiple Vulnerabilities in CR3171 | 2026-05-06T08:00:00.000Z | 2026-05-06T08:00:00.000Z |
| vde-2024-061 | ifm: Improper Access Control vulnerability | 2025-06-30T10:00:00.000Z | 2026-02-18T08:00:00.000Z |
| vde-2024-028 | ifm moneo password reset can be exploited | 2024-05-06T10:00:00.000Z | 2026-01-15T11:00:00.000Z |
| vde-2024-012 | ifm: Vulnerabilities in ifm AC14 firmware | 2024-07-09T07:00:00.000Z | 2026-01-15T11:00:00.000Z |
| vde-2022-050 | IFM: weak password recovery vulnerability in moneo appliance | 2022-12-12T11:00:00.000Z | 2026-01-06T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-106 | Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server | 2026-01-26T10:00:00.000Z | 2026-02-12T09:00:00.000Z |
| vde-2025-092 | Beckhoff: Privilege escalation and information leak via Beckhoff Device Manager | 2026-01-27T11:00:00.000Z | 2026-01-27T11:00:00.000Z |
| vde-2025-075 | Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2022-003 | BECKHOFF: Null Pointer Dereference vulnerability in products with OPC UA technology | 2022-03-01T12:34:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2024-050 | Beckhoff: Denial-of-Service vulnerability in the MDP package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-049 | Beckhoff: Denial-of-Service vulnerability in the IPC-Diagnostics package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-048 | Beckhoff: Improper neutralization of input in IPC-Diagnostics-www package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-045 | Beckhoff: Local authentication bypass in IPC-Diagnostics package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-067 | Beckhoff: Open redirect in TwinCAT/BSD package authelia-bhf | 2023-12-13T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-051 | Beckhoff: Relative path traversal vulnerability through TwinCAT OPC UA Server | 2021-11-04T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-008 | Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products | 2024-10-21T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-037 | Beckhoff: Privilege Escalation through TwinCat System Tray (TcSysUI.exe) | 2020-11-19T13:41:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-019 | Beckhoff: EtherLeak in TwinCAT RT network driver | 2020-06-16T08:31:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-005 | Beckhoff: BK9000 couplers - Denial of service inhibits function | 2020-03-10T13:17:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2019-019 | Beckhoff: TwinCAT Denial-of-Service in Profinet driver | 2019-10-09T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-064 | Beckhoff: Local command injection via TwinCAT Package Manager | 2024-10-31T11:00:00.000Z | 2025-04-11T07:00:00.000Z |
| vde-2020-051 | Beckhoff: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server | 2021-04-27T08:08:00.000Z | 2021-05-11T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-007 | TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability | 2026-02-23T08:00:00.000Z | 2026-02-23T08:00:00.000Z |
| vde-2021-011 | TRUMPF Laser GmbH: TruControl 2.14.0 to 3.14.0 affected by recent sudo vulnerability | 2021-03-22T08:59:00.000Z | 2026-02-02T14:25:00.000Z |
| vde-2025-078 | TRUMPF: Remote support uses an outdated encryption algorithm | 2025-08-25T06:00:00.000Z | 2025-08-29T10:00:00.000Z |
| vde-2024-005 | TRUMPF: Multiple products contain vulnerable version of 7-zip | 2024-01-23T07:00:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2024-004 | TRUMPF: Multiple products affected by log4net vulnerability | 2025-04-22T10:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-003 | TRUMPF: Multiple products include a vulnerable version of Notepad++ | 2024-01-23T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-049 | TRUMPF: Multiple products prone to X.Org server vulnerabilities | 2022-11-07T11:43:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-039 | TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities | 2020-10-27T10:28:00.000Z | 2025-05-14T12:36:39.000Z |
| vde-2024-040 | Multiple TRUMPF products prone to regreSSHion OpenSSH server vulnerabilities | 2024-06-25T10:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-034 | Multiple TRUMPF products prone to nftables server vulnerabilities | 2024-06-25T10:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-001 | TRUMPF: Multiple products contain WIBU CodeMeter vulnerabilities | 2024-01-29T07:00:00.000Z | 2024-01-29T07:00:00.000Z |
| vde-2024-006 | TRUMPF: Oseon contains vulnerable version of OpenSSL 1.1.x | 2024-01-23T07:00:00.000Z | 2024-01-23T07:00:00.000Z |
| vde-2023-031 | Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability | 2023-09-13T10:00:00.000Z | 2023-11-13T11:00:00.000Z |
| vde-2022-023 | TRUMPF TruTops prone to improper access control | 2022-10-17T10:00:00.000Z | 2022-10-17T10:00:00.000Z |
| vde-2022-034 | TRUMPF: Products prone to Unified Automation vulnerabilities | 2022-08-15T10:00:00.000Z | 2022-08-15T10:00:00.000Z |
| vde-2022-016 | TRUMPF: TruTops Fab, TruTops Boost prone to vulnerability | 2022-05-02T10:00:00.000Z | 2022-05-02T10:00:00.000Z |
| vde-2021-033 | TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities | 2021-08-12T13:02:00.001Z | 2021-08-12T13:02:00.001Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-043 | Lenze: PLC Designer V4 with insecure storage of sensitive information | 2025-06-25T10:00:00.000Z | 2025-06-25T10:00:00.000Z |
| vde-2025-042 | Lenze: VPN Client Privilege Escalation in combination with Lenze x500 IoT Gateway | 2025-05-27T09:00:00.000Z | 2025-05-27T09:00:00.000Z |
| vde-2024-053 | Lenze: Install Directory with insufficient permissions | 2024-09-03T08:00:00.000Z | 2025-03-13T11:30:00.000Z |
| vde-2022-030 | Lenze: Vulnerability in the OPC-UA authentification connection in the firmware | 2022-07-11T10:00:00.000Z | 2022-07-11T10:00:00.000Z |
| vde-2021-048 | Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication | 2021-10-04T12:33:00.000Z | 2021-10-04T12:33:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2022-029 | Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0 | 2022-09-26T08:00:00.000Z | 2026-03-02T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-047 | AUMA: Incorrect delivery status of the Bluetooth configuration | 2025-06-10T10:00:00.000Z | 2025-06-10T10:00:00.000Z |
| vde-2023-028 | AUMA: SIMA Master Station affected by WRECK vulnerability | 2023-08-07T11:35:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2022-024 | Auma: SIMA² Master Station Denial of Service Vulnerability on Automation Runtime Webserver | 2022-06-15T10:00:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2025-026 | AUMA Riester: Buffer overflow in service telegram | 2025-05-12T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2023-027 | AUMA: Reflected Cross-Site Scripting Vulnerability in SIMA Master Stations | 2023-08-07T09:35:00.000Z | 2023-08-07T09:35:00.000Z |
| vde-2022-032 | AUMA: Multiple Vulnerabilities in Automation Runtime NTP Service | 2022-08-09T08:00:00.000Z | 2022-08-09T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-084 | Bender Charge Controller Vulnerability - Unsecure Communication | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-061 | Bender Charge Controller Vulnerability - Disclosure Of Stored Credentials When Authenticated | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2021-047 | Bender/ebee: Multiple Charge Controller Vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2020-043 | Bender: COMTRAXX < 4.2.0 affected by inadquate credentials check vulnerability | 2020-10-16T06:54:00.000Z | 2020-10-16T06:54:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-032 | Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HW | 2026-04-21T07:00:00.000Z | 2026-04-21T07:00:00.000Z |
| vde-2025-107 | Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities | 2025-12-05T11:00:00.000Z | 2026-04-02T10:00:00.000Z |
| vde-2026-003 | Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime | 2026-03-31T08:00:00.000Z | 2026-04-01T11:00:00.000Z |
| vde-2026-002 | Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation | 2026-03-02T07:00:00.000Z | 2026-03-02T07:00:00.000Z |
| vde-2025-068 | Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions | 2025-09-02T10:00:00.000Z | 2026-02-20T09:00:00.000Z |
| vde-2025-105 | Endress+Hauser: Multiple products affected by Wibu-Systems CodeMeter Vulnerability | 2025-12-08T09:00:00.000Z | 2025-12-08T09:00:00.000Z |
| vde-2024-054 | Endress+Hauser: Netilion Network Insights is affected by multiple vulnerabilities | 2024-10-21T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-044 | Endress+Hauser: Multiple products affected by log4net vulnerability | 2022-01-20T08:06:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-005 | Endress+Hauser: Multiple Devices affected by fdtContainer vulnerability | 2021-03-01T06:39:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-031 | Endress+Hauser: Multiple products prone to WIBU CodeMeter vulnerabilities | 2020-10-27T13:10:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-022 | Endress+Hauser: Ecograph T utilizing Webserver firmware version 2.x exposes sensitive information | 2020-11-19T14:48:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-040 | Endress+Hauser: Promass 83 with EtherNet/IP affected by a stack-based buffer overflow | 2021-10-04T12:30:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-010 | Endress+Hauser: products utilizing WPA2 vulnerable to KRACK attacks | 2021-05-18T09:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-021 | Endress+Hauser: Ecograph T utilizing Webserver firmware version 1.x suffers from improper privilege management | 2020-11-19T14:48:00.000Z | 2025-04-11T07:00:00.000Z |
| vde-2025-036 | Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 | 2025-03-06T14:00:00.000Z | 2025-03-06T14:00:00.000Z |
| vde-2024-041 | Endress+Hauser: Multiple products are vulnerable to code injection | 2024-09-10T08:00:00.000Z | 2024-09-10T08:00:00.000Z |
| vde-2022-019 | Endress+Hauser: Multiple products utilizing vulnerable WIBU-SYSTEMS CodeMeter components | 2022-06-02T15:11:00.000Z | 2022-06-02T15:11:00.000Z |
| vde-2022-006 | Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware | 2022-03-24T10:48:00.000Z | 2022-03-24T10:48:00.000Z |
| vde-2019-005 | Endress+Hauser: WIFI enabled products utilising WPA2 | 2019-03-19T15:34:00.000Z | 2019-03-19T15:34:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-030 | Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability | 2025-07-07T10:00:00.000Z | 2025-07-29T10:00:00.000Z |
| vde-2023-049 | Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability | 2023-12-11T07:00:00.000Z | 2023-12-11T07:00:00.000Z |
| vde-2023-038 | Frauscher: Multiple Vulnerabilities in FDS101 | 2023-09-21T06:00:00.000Z | 2023-09-21T06:00:00.000Z |
| vde-2023-011 | Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability | 2023-07-05T08:00:00.000Z | 2023-07-05T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2019-010 | Miele: Multiple Vulnerabilities in XGW 3000 ZigBee Gateway | 2019-05-20T06:58:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2020-024 | Miele: Treck TCP/IP Vulnerabilities (Ripple20) affecting Communication Module XKM3000 L MED | 2020-07-08T07:29:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2022-052 | Miele: Vulnerability in ease2pay cloud service used by appWash | 2022-11-21T09:00:00.000Z | 2022-11-21T09:00:00.000Z |
| vde-2022-015 | Miele: Security vulnerability in Benchmark Programming Tool | 2022-04-27T12:00:00.000Z | 2022-04-27T12:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-096 | Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230 | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| vde-2025-044 | Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities | 2025-05-27T09:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-052 | Weidmueller: Security routers IE-SR-2TX are affected by multiple vulnerabilities | 2025-06-11T10:00:00.000Z | 2025-07-23T10:00:00.000Z |
| vde-2023-032 | Weidmueller: WIBU Vulnerability in multiple Products | 2023-11-09T07:42:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2019-018 | Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches | 2019-12-05T12:03:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-041 | Weidmueller: ResMa is affected by a Vulnerability for ASP.NET AJAX | 2025-05-19T09:00:00.000Z | 2025-05-19T09:00:00.000Z |
| vde-2025-021 | Weidmueller: Authentication Vulnerability in PROCON-WIN 5 | 2025-03-05T09:00:00.000Z | 2025-05-14T13:26:53.000Z |
| vde-2021-026 | Weidmueller: Multiple vulnerabilities in Industrial WLAN devices | 2021-06-23T11:04:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2021-042 | Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities | 2021-10-18T08:24:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-016 | Weidmueller: Accidentally open network port in u-controls and IoT-Gateways | 2021-05-04T08:17:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-002 | Weidmueller: WI Manager affected by fdtContainer vulnerability | 2021-01-20T13:32:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-041 | Weidmueller: u-create studio < 1.20.2 affected by WIBU-SYSTEMS CodeMeter vulnerabilities | 2020-10-12T09:14:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2025-023 | Weidmueller: OpenSSL vulnerability in industrial ethernet switches | 2025-03-05T08:00:00.000Z | 2025-03-05T11:00:00.000Z |
| vde-2022-056 | Weidmueller: Multiple IoT and control products affected by JavaScript injection vulnerability | 2022-12-14T07:00:00.000Z | 2022-12-14T07:00:00.000Z |
| vde-2021-004 | Weidmueller: EtherNet/IP Fieldbus Coupler out-of-bounds write | 2022-06-21T08:00:00.000Z | 2022-06-21T08:00:00.000Z |
| vde-2022-008 | WEIDMUELLER: Multiple vulnerabilities in Modbus TCP/RTU Gateways | 2022-04-07T06:00:00.000Z | 2022-04-07T06:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-066 | SMA: Directory Traversal in Sunny Boy | 2025-08-27T08:00:00.000Z | 2025-08-27T08:00:00.000Z |
| vde-2025-050 | SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user | 2025-08-19T10:00:00.000Z | 2025-08-19T10:00:00.000Z |
| vde-2024-075 | SMA: Sunny Webbox clickjacking vulnerability | 2025-01-27T13:00:00.000Z | 2025-06-17T06:00:00.000Z |
| vde-2025-012 | SMA: Sunny Portal Remote Code Execution | 2025-02-26T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-010 | SMA: Sunny Portal demo system privilege escalation | 2025-05-13T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-074 | SMA: SQL injection in Sunny Central UP | 2024-11-27T09:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-020 | SMA: Cluster Controller CSRF vulnerability | 2025-01-27T13:00:00.000Z | 2025-02-12T16:48:47.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-013 | HIMA: Multiple products affected by DoS and Port-Based-VLAN Crossing | 2024-02-13T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-059 | HIMA: unquoted path vulnerabilities in X-OPC and X-OTS | 2023-01-16T09:00:00.000Z | 2025-05-22T13:03:10.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-091 | Murrelektronik: Cleartext Transmission of Sensitive Information in IMPACT67 Pro | 2025-10-14T10:00:00.000Z | 2025-10-14T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2020-016 | SWARCO: Critical Vulnerability in CPU LS4000 | 2020-05-28T13:00:00.000Z | 2020-05-28T13:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-016 | ADS-TEC Industrial IT: Docker vulnerability affects multiple products | 2024-02-19T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-033 | ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products | 2025-04-14T10:00:00.000Z | 2025-04-14T10:00:00.000Z |
| vde-2023-009 | ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000 | 2023-05-08T13:37:00.000Z | 2023-05-08T13:37:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2022-061 | VARTA: Multiple devices prone to hard-coded credentials | 2023-03-15T09:00:00.000Z | 2023-03-15T09:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-060 | Sauter: Multiple vulnerabilities in SAUTER modulo 6 | 2025-10-21T10:00:00.000Z | 2025-10-27T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-079 | Janitza: Multiple vulnerabilities in UMG 96RM-E | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| vde-2025-094 | Janitza: Vulnerability in Modbus interface of UMG 96-PA and UMG 96-PA-MID+ | 2025-11-24T12:00:00.000Z | 2025-11-24T12:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-029 | METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances | 2026-04-23T10:00:00.000Z | 2026-04-23T10:00:00.000Z |
| vde-2026-001 | METTLER TOLEDO: ASP.NET core vulnerability in LabX | 2026-03-04T07:00:00.000Z | 2026-03-04T07:00:00.000Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| MOKSHA-2026-0089 |
2.3 (3.1)
5.3 (4.0)
|
Raw kbps Value Exposure in Private Xenstore via VIF.qo… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0088 |
2.3 (3.1)
5.3 (4.0)
|
Int64 Overflow in bytes_per_interval via VIF.qos_algor… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0087 |
2.3 (3.1)
5.3 (4.0)
|
QEMU Device Model Selection via VM.platform device-mod… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0086 |
2.3 (3.1)
4.6 (4.0)
|
License Expiry Manipulation via Host.license_params expiry |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0085 |
2.3 (3.1)
4.6 (4.0)
|
Feature Restriction Bypass via Host.license_params res… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0084 |
3.1 (3.1)
5.3 (4.0)
|
Firmware Type Denial of Service via VM.HVM_boot_params… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0083 |
3.1 (3.1)
5.3 (4.0)
|
Boot Order Manipulation via VM.HVM_boot_params order |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0082 |
3.1 (3.1)
5.3 (4.0)
|
VDI Lifecycle Behavior Manipulation via VDI.other_conf… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0081 |
3.1 (3.1)
5.3 (4.0)
|
I/O Polling Parameter Manipulation via VBD.other_confi… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0080 |
3.8 (3.1)
5.1 (4.0)
|
I/O Scheduler Sysfs Injection via SR.other_config scheduler |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0079 |
4.1 (3.1)
5.1 (4.0)
|
Network Sharing Bypass via Network.other_config assume… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0078 |
4.3 (3.1)
2.3 (4.0)
|
Guest Clock Manipulation via VDI.other_config timeoffset |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0077 |
4.3 (3.1)
5.3 (4.0)
|
VIF NIC Offload Disablement via VIF.other_config ethto… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0076 |
4.9 (3.1)
5.1 (4.0)
|
Network Offload Disablement via PIF.other_config ethto… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0075 |
4.9 (3.1)
5.1 (4.0)
|
Memory Ratio Bounds Relaxation via Pool.other_config |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0074 |
4.9 (3.1)
6.9 (4.0)
|
GC and Coalesce Disablement via SR.other_config |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0073 |
4.9 (3.1)
5.1 (4.0)
|
SR Destruction Protection Bypass and DoS via SR.other_… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0072 |
4.9 (3.1)
5.1 (4.0)
|
SR Scan Interval Manipulation via Host.other_config au… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0071 |
4.9 (3.1)
5.1 (4.0)
|
OVS In-Band Management Disablement via Network.other_config |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0070 |
5.0 (3.1)
5.3 (4.0)
|
Infrastructure Metadata Leak via SR-IOV VIF Xenstore P… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0069 |
5.3 (3.1)
5.3 (4.0)
|
Hypervisor Security Feature Manipulation via VM.platfo… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0068 |
5.3 (3.1)
5.3 (4.0)
|
Guest Xenstore Data Injection via VM.platform Map |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0067 |
5.3 (3.1)
5.3 (4.0)
|
Cross-Pool Metadata Injection via VDI.xenstore_data on… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0066 |
5.3 (3.1)
5.3 (4.0)
|
Metadata Propagation via VDI Snapshot and Clone Operations |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0065 |
5.3 (3.1)
5.3 (4.0)
|
SCSI Identity Forgery in XAPI Database via VDI.xenstore_data |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0064 |
5.3 (3.1)
5.3 (4.0)
|
Database Field Poisoning via VDI.xenstore_data Arbitra… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0063 |
5.3 (3.1)
5.3 (4.0)
|
Negative kbps Injection in VIF.qos_algorithm_params |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0062 |
5.3 (3.1)
5.3 (4.0)
|
Rate Limit Removal via kbps=0 in VIF.qos_algorithm_params |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0061 |
5.3 (3.1)
5.3 (4.0)
|
I/O Scheduling Downgrade to Idle Class via VBD.qos_alg… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z | |
| MOKSHA-2026-0060 |
5.3 (3.1)
5.3 (4.0)
|
Arbitrary Integer Passthrough to ionice via VBD.qos_al… |
Cloud Software Group |
XenServer |
2026-04-24T06:00:00Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| GCVE-1-2026-0032 |
6.8 (4.0)
|
MISP core - Stored XSS in MISP template (old engine) e… |
misp |
misp |
2026-05-07T12:09:04.093898Z | 2026-05-07T12:09:04.093898Z |
| GCVE-1-2026-0031 |
9.4 (4.0)
|
MISP - SQL injection via unvalidated ordering paramete… |
misp |
misp |
2026-04-29T20:14:00.000Z | 2026-05-06T16:00:13.755114Z |
| GCVE-1-2026-0030 |
9.3 (4.0)
|
MISP - Improper access control in auth key reset allow… |
misp |
misp |
2026-04-29T20:10:00.000Z | 2026-05-06T16:01:17.334511Z |
| GCVE-1-2026-0029 |
6.3 (4.0)
|
Improper UUID validation in MISP Collections |
misp |
misp |
2026-04-29T20:03:00.000Z | 2026-05-06T16:01:52.283022Z |
| GCVE-1-2026-0028 |
9.3 (4.0)
|
LookyLoo - PlaywrightCapture permits access to local f… |
LookyLoo |
PlaywrightCapture |
2026-04-29T19:28:00.000Z | 2026-04-29T19:28:44.316023Z |
| GCVE-1-2026-0027 |
5.8 (4.0)
|
Unsafe remote resource fetching in expansion misp-modules |
misp |
misp-modules |
2026-04-29T12:05:00.000Z | 2026-05-06T16:03:40.556833Z |
| GCVE-1-2026-0026 |
9.3 (4.0)
|
misp-modules website - Missing CSRF protection in the … |
misp |
misp-modules |
2026-04-29T09:24:00.000Z | 2026-05-06T16:04:44.788582Z |
| GCVE-1-2026-0025 |
6.9 (4.0)
|
RansomLook - Improper Filtering of Private Location En… |
ransomlook |
ransomlook |
2026-04-12T15:22:00.000Z | 2026-04-15T20:29:51.794609Z |
| GCVE-1-2026-0024 |
8.8 (4.0)
|
LDAP injection in MISP ApacheAuthenticate when using a… |
misp |
misp |
2026-04-08T08:28:00.000Z | 2026-04-09T04:44:04.936665Z |
| GCVE-1-2026-0023 |
8.5 (4.0)
|
Stored XSS in modal item preview for long item content… |
ail-project |
ail-framework |
2026-04-07T06:29:00.000Z | 2026-04-08T04:22:15.084342Z |
| GCVE-1-2026-0022 |
6.4 (4.0)
|
MISP - Beta Overmind UI Stored Cross-Site Scripting in… |
misp |
misp |
2026-03-30T09:48:36.968649Z | 2026-03-30T09:48:36.968649Z |
| GCVE-1-2026-0021 |
10 (4.0)
|
Critical RCE Vulnerability reported in Windchill |
windchill |
FlexPLM |
2026-03-23T12:30:40.249187Z | 2026-03-23T12:30:40.249187Z |
| GCVE-1-2026-0020 |
10 (4.0)
|
Remote Code Execution Attack Against Eircom D1000 Router |
Eir |
D1000 |
2026-03-11T14:12:00.000Z | 2026-03-11T14:23:24.609831Z |
| GCVE-1-2026-0019 |
6.4 (4.0)
|
Improper URL validation in MISP dashboard button widge… |
misp |
misp |
2026-02-27T14:55:00.000Z | 2026-02-27T15:44:29.998063Z |
| GCVE-1-2026-0018 |
6.5 (4.0)
|
Improper access control in MISP user contact form allo… |
misp |
misp |
2026-02-27T13:25:32.632362Z | 2026-02-27T13:25:32.632362Z |
| GCVE-1-2026-0017 |
7.2 (4.0)
|
Improper Neutralization of Raw HTML in MISP modules Ma… |
misp |
misp-modules |
2026-02-27T13:10:24.641948Z | 2026-02-27T13:10:24.641948Z |
| GCVE-1-2026-0016 |
7 (4.0)
|
Server-Side Request Forgery via Event Report Import Fr… |
misp |
misp |
2026-02-27T10:56:32.745676Z | 2026-02-27T10:56:32.745676Z |
| GCVE-1-2026-0015 |
7.2 (4.0)
|
Threat actors use FortiCloud SSO bypass to collect LDA… |
fortinet |
fortios |
2026-02-09T09:09:00.000Z | 2026-02-09T09:14:59.004089Z |
| GCVE-1-2026-0014 |
7.4 (4.0)
|
Missing Authorization Check Allows Unauthorized Modifi… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:32:14.341383Z | 2026-02-04T19:32:14.341383Z |
| GCVE-1-2026-0013 |
2.1 (4.0)
|
Flask Application Username Route Collision Allows Rese… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:27:00.000Z | 2026-02-04T19:32:49.787763Z |
| GCVE-1-2026-0012 |
2.1 (4.0)
|
Authentication Error Message Allows Email Address Enum… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:21:34.411344Z | 2026-02-04T19:21:34.411344Z |
| GCVE-1-2026-0011 |
8.7 (4.0)
|
Out-of-bounds memory write in the network packet … |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:37:00.000Z | 2026-01-29T14:39:17.728822Z |
| GCVE-1-2026-0010 |
9.3 (4.0)
|
Improper input validation in the file transfer ha… |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:33:18.822829Z | 2026-01-29T14:33:18.822829Z |
| GCVE-1-2026-0009 |
9.3 (4.0)
|
Stack-based buffer overflow in the multiplayer ne… |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:30:38.596928Z | 2026-01-29T14:30:38.596928Z |
| GCVE-1-2026-0008 |
10 (4.0)
|
gpg-agent stack buffer overflow in pkdecrypt using KEM |
gnupg |
gpg-agent |
2026-01-28T13:48:12.350509Z | 2026-01-28T13:48:12.350509Z |
| GCVE-1-2026-0007 |
10 (4.0)
|
GNU InetUtils Security Advisory: remote authentication… |
gnu |
InetUtils |
2026-01-20T20:57:00.000Z | 2026-01-26T16:32:40.831364Z |
| GCVE-1-2026-0006 |
8.5 (4.0)
|
Improper Access Control in Cerebrate AuthKey and Encry… |
cerebrate |
cerebrate |
2026-01-13T15:37:17.337254Z | 2026-01-13T15:37:17.337254Z |
| GCVE-1-2026-0005 |
8.5 (4.0)
|
Improper Access Control in Cerebrate Alignment Model A… |
cerebrate |
cerebrate |
2026-01-13T15:31:00.000Z | 2026-01-13T15:38:02.888546Z |
| GCVE-1-2026-0004 |
8.5 (4.0)
|
Authorization Bypass in Cerebrate IndividualsControlle… |
cerebrate |
cerebrate |
2026-01-13T15:28:00.000Z | 2026-01-13T15:38:37.744618Z |
| GCVE-1-2026-0003 |
6.3 (4.0)
|
Stored/Reflected XSS via Unsanitized Parameters in URL… |
misp |
misp |
2026-01-13T10:50:00.000Z | 2026-01-13T10:54:13.659223Z |