Recent vulnerabilities
Recent vulnerabilities from
Select from 69 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-40175 |
4.8 (3.1)
|
Axios has Unrestricted Cloud Metadata Exfiltration via… |
axios |
axios |
2026-04-10T19:23:52.285Z | 2026-04-16T18:45:12.892Z |
| CVE-2025-62718 |
6.3 (4.0)
|
Axios has a NO_PROXY Hostname Normalization Bypass tha… |
axios |
axios |
2026-04-09T14:31:46.067Z | 2026-04-16T18:44:20.705Z |
| CVE-2025-54510 |
5.9 (4.0)
|
Missing lock check in AMD Platform Security Proce… |
AMD |
AMD EPYC™ 9004 Series Processors |
2026-04-16T18:44:10.182Z | 2026-04-16T18:44:10.182Z |
| CVE-2026-6442 |
8.3 (3.1)
|
Improper Command Detection Logic Allows RCE in Cortex … |
Snowflake |
Cortex Code CLI |
2026-04-16T18:43:21.181Z | 2026-04-16T18:43:21.181Z |
| CVE-2023-20585 |
5.6 (4.0)
|
Insuffient checks of the RMP on host buffer acces… |
AMD |
AMD EPYC™ 7003 Series Processors |
2026-04-16T18:42:28.281Z | 2026-04-16T18:42:28.281Z |
| CVE-2026-33082 |
8.7 (4.0)
|
DataEase: SQL Injection in v2 Dataset Export |
dataease |
dataease |
2026-04-16T17:39:37.894Z | 2026-04-16T18:41:46.111Z |
| CVE-2026-41082 |
7.3 (3.1)
|
In OCaml opam before 2.5.1, a .install field cont… |
OCaml |
opam |
2026-04-16T17:32:40.068Z | 2026-04-16T18:37:08.983Z |
| CVE-2026-33121 |
8.7 (4.0)
|
DataEase has SQL Injection via Datasource Save Flow |
dataease |
dataease |
2026-04-16T18:16:02.485Z | 2026-04-16T18:34:54.187Z |
| CVE-2025-36579 |
5.1 (3.1)
|
Dell Client Platform BIOS contains a Weak Passwor… |
Dell |
Dell Pro 14 Essential PV14250 |
2026-04-16T16:05:32.561Z | 2026-04-16T18:32:52.672Z |
| CVE-2026-5121 |
7.5 (3.1)
|
Libarchive: libarchive: arbitrary code execution via i… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-03-30T07:47:28.562Z | 2026-04-16T18:27:41.447Z |
| CVE-2026-4424 |
7.5 (3.1)
|
Libarchive: libarchive: information disclosure via hea… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-19T13:50:27.294Z | 2026-04-16T18:27:36.662Z |
| CVE-2026-3497 |
2.7 (4.0)
|
Vulnerability in the OpenSSH GSSAPI delta include… |
Ubuntu |
openssh |
2026-03-12T18:27:44.917Z | 2026-04-16T18:24:30.556Z |
| CVE-2026-31987 |
N/A
|
Apache Airflow: JWT token appearing in logs |
Apache Software Foundation |
Apache Airflow |
2026-04-16T13:31:52.336Z | 2026-04-16T18:24:29.466Z |
| CVE-2025-27363 |
8.1 (3.1)
|
An out of bounds write exists in FreeType version… |
FreeType |
FreeType |
2025-03-11T13:28:31.705Z | 2026-04-16T18:24:28.329Z |
| CVE-2026-41035 |
7.4 (3.1)
|
In rsync 3.0.1 through 3.4.1, receive_xattr relie… |
Samba |
rsync |
2026-04-16T06:53:05.237Z | 2026-04-16T18:23:49.396Z |
| CVE-2026-27820 |
1.7 (4.0)
|
zlib: Buffer Overflow in Zlib::GzipReader ungetc via l… |
ruby |
zlib |
2026-04-16T17:27:48.944Z | 2026-04-16T18:20:21.451Z |
| CVE-2026-33084 |
8.7 (4.0)
|
DataEase has SQL Injection through its getFieldEnumObj… |
dataease |
dataease |
2026-04-16T18:14:07.316Z | 2026-04-16T18:14:07.316Z |
| CVE-2025-43883 |
4.1 (3.1)
|
Dell PowerScale OneFS, versions prior to 9.12.0.0… |
Dell |
PowerScale OneFS |
2026-04-16T17:54:09.831Z | 2026-04-16T18:05:57.154Z |
| CVE-2026-34197 |
N/A
|
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache Ac… |
Apache Software Foundation |
Apache ActiveMQ Broker |
2026-04-07T07:50:10.958Z | 2026-04-16T18:03:11.189Z |
| CVE-2025-43937 |
6.6 (3.1)
|
Dell PowerScale OneFS, versions prior to 9.12.0.0… |
Dell |
PowerScale OneFS |
2026-04-16T18:03:08.750Z | 2026-04-16T18:03:08.750Z |
| CVE-2025-43935 |
4.4 (3.1)
|
Dell PowerScale OneFS, versions prior to 9.12.0.0… |
Dell |
PowerScale OneFS |
2026-04-16T17:59:04.315Z | 2026-04-16T17:59:04.315Z |
| CVE-2026-5329 |
8.5 (3.1)
|
Rapid7 Velociraptor Improper Input Validation in Clien… |
Rapid7 |
Velociraptor |
2026-04-09T17:52:05.885Z | 2026-04-16T17:55:09.212Z |
| CVE-2026-33083 |
8.7 (4.0)
|
DataEase has SQL Injection in Order By Clause |
dataease |
dataease |
2026-04-16T17:52:37.255Z | 2026-04-16T17:52:37.255Z |
| CVE-2026-2336 |
8.7 (4.0)
|
Weak webstax_auth Cookie Authentication Allows Privile… |
Microchip |
IStaX |
2026-04-16T17:02:06.352Z | 2026-04-16T17:34:39.672Z |
| CVE-2026-30656 |
7.5 (3.1)
|
A NULL pointer dereference vulnerability exists i… |
n/a |
n/a |
2026-04-16T00:00:00.000Z | 2026-04-16T17:33:52.962Z |
| CVE-2026-37336 |
7.3 (3.1)
|
SourceCodester Simple Music Cloud Community Syste… |
n/a |
n/a |
2026-04-16T00:00:00.000Z | 2026-04-16T17:28:46.565Z |
| CVE-2026-37337 |
7.3 (3.1)
|
SourceCodester Simple Music Cloud Community Syste… |
n/a |
n/a |
2026-04-16T00:00:00.000Z | 2026-04-16T17:26:11.625Z |
| CVE-2026-24749 |
5.3 (3.1)
|
Silverstripe Assets Module has a DBFile::getURL() perm… |
silverstripe |
silverstripe-assets |
2026-04-16T17:08:59.133Z | 2026-04-16T17:08:59.133Z |
| CVE-2025-61594 |
2.1 (4.0)
|
URI Credential Leakage Bypass over CVE-2025-27221 |
ruby |
uri |
2025-12-30T21:03:08.990Z | 2026-04-16T17:02:32.149Z |
| CVE-2026-41080 |
2.9 (3.1)
|
libexpat before 2.7.6 uses insufficient entropy, … |
libexpat project |
libexpat |
2026-04-16T16:52:01.177Z | 2026-04-16T16:56:59.212Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-34781 |
2.8 (3.1)
|
Electron crashes in clipboard.readImage() on malformed… |
electron |
electron |
2026-04-07T21:20:12.517Z | 2026-04-08T16:14:38.564Z |
| CVE-2026-27140 |
8.8 (3.1)
|
Code execution vulnerability in SWIG code generation i… |
Go toolchain |
cmd/go |
2026-04-08T01:06:57.893Z | 2026-04-13T13:22:34.117Z |
| CVE-2026-27143 |
9.8 (3.1)
|
Missing bound checks can lead to memory corruption in … |
Go toolchain |
cmd/compile |
2026-04-08T01:06:57.168Z | 2026-04-13T18:20:17.933Z |
| CVE-2026-27144 |
7.1 (3.1)
|
Miscompilation allows memory corruption via CONVNOP-wr… |
Go toolchain |
cmd/compile |
2026-04-08T01:06:56.908Z | 2026-04-13T18:20:28.098Z |
| CVE-2026-32280 |
7.5 (3.1)
|
Unexpected work during chain building in crypto/x509 |
Go standard library |
crypto/x509 |
2026-04-08T01:06:58.595Z | 2026-04-08T17:46:47.347Z |
| CVE-2026-6442 |
8.3 (3.1)
|
Improper Command Detection Logic Allows RCE in Cortex … |
Snowflake |
Cortex Code CLI |
2026-04-16T18:43:21.181Z | 2026-04-16T18:43:21.181Z |
| CVE-2026-5121 |
7.5 (3.1)
|
Libarchive: libarchive: arbitrary code execution via i… |
Red Hat |
Red Hat Enterprise Linux 8 |
2026-03-30T07:47:28.562Z | 2026-04-16T18:27:41.447Z |
| CVE-2026-4424 |
7.5 (3.1)
|
Libarchive: libarchive: information disclosure via hea… |
Red Hat |
Red Hat Enterprise Linux 10 |
2026-03-19T13:50:27.294Z | 2026-04-16T18:27:36.662Z |
| CVE-2026-40175 |
4.8 (3.1)
|
Axios has Unrestricted Cloud Metadata Exfiltration via… |
axios |
axios |
2026-04-10T19:23:52.285Z | 2026-04-16T18:45:12.892Z |
| CVE-2026-3497 |
2.7 (4.0)
|
Vulnerability in the OpenSSH GSSAPI delta include… |
Ubuntu |
openssh |
2026-03-12T18:27:44.917Z | 2026-04-16T18:24:30.556Z |
| CVE-2026-34197 |
N/A
|
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache Ac… |
Apache Software Foundation |
Apache ActiveMQ Broker |
2026-04-07T07:50:10.958Z | 2026-04-16T18:03:11.189Z |
| CVE-2026-33121 |
8.7 (4.0)
|
DataEase has SQL Injection via Datasource Save Flow |
dataease |
dataease |
2026-04-16T18:16:02.485Z | 2026-04-16T18:34:54.187Z |
| CVE-2026-33084 |
8.7 (4.0)
|
DataEase has SQL Injection through its getFieldEnumObj… |
dataease |
dataease |
2026-04-16T18:14:07.316Z | 2026-04-16T18:14:07.316Z |
| CVE-2026-31987 |
N/A
|
Apache Airflow: JWT token appearing in logs |
Apache Software Foundation |
Apache Airflow |
2026-04-16T13:31:52.336Z | 2026-04-16T18:24:29.466Z |
| CVE-2025-62718 |
6.3 (4.0)
|
Axios has a NO_PROXY Hostname Normalization Bypass tha… |
axios |
axios |
2026-04-09T14:31:46.067Z | 2026-04-16T18:44:20.705Z |
| CVE-2025-54510 |
5.9 (4.0)
|
Missing lock check in AMD Platform Security Proce… |
AMD |
AMD EPYC™ 9004 Series Processors |
2026-04-16T18:44:10.182Z | 2026-04-16T18:44:10.182Z |
| CVE-2025-43937 |
6.6 (3.1)
|
Dell PowerScale OneFS, versions prior to 9.12.0.0… |
Dell |
PowerScale OneFS |
2026-04-16T18:03:08.750Z | 2026-04-16T18:03:08.750Z |
| CVE-2025-43935 |
4.4 (3.1)
|
Dell PowerScale OneFS, versions prior to 9.12.0.0… |
Dell |
PowerScale OneFS |
2026-04-16T17:59:04.315Z | 2026-04-16T17:59:04.315Z |
| CVE-2025-27363 |
8.1 (3.1)
|
An out of bounds write exists in FreeType version… |
FreeType |
FreeType |
2025-03-11T13:28:31.705Z | 2026-04-16T18:24:28.329Z |
| CVE-2023-20585 |
5.6 (4.0)
|
Insuffient checks of the RMP on host buffer acces… |
AMD |
AMD EPYC™ 7003 Series Processors |
2026-04-16T18:42:28.281Z | 2026-04-16T18:42:28.281Z |
| CVE-2026-32281 |
7.5 (3.1)
|
Inefficient policy validation in crypto/x509 |
Go standard library |
crypto/x509 |
2026-04-08T01:06:58.354Z | 2026-04-13T18:19:44.779Z |
| CVE-2026-32282 |
6.4 (3.1)
|
TOCTOU permits root escape on Linux via Root.Chmod in … |
Go standard library |
internal/syscall/unix |
2026-04-08T01:06:55.953Z | 2026-04-13T18:20:56.456Z |
| CVE-2026-32283 |
7.5 (3.1)
|
Unauthenticated TLS 1.3 KeyUpdate record can cause per… |
Go standard library |
crypto/tls |
2026-04-08T01:06:57.670Z | 2026-04-13T18:19:55.848Z |
| CVE-2026-32288 |
5.5 (3.1)
|
Unbounded allocation for old GNU sparse in archive/tar |
Go standard library |
archive/tar |
2026-04-08T01:06:57.416Z | 2026-04-13T18:20:08.191Z |
| CVE-2026-29131 |
4.9 (4.0)
|
PGP Decryption Recipient LDAP Injection |
SEPPmail |
Secure Email Gateway |
2026-04-02T08:46:15.928Z | 2026-04-02T13:31:31.492Z |
| CVE-2026-29132 |
6.3 (4.0)
|
ESWmail-Verify Bypass |
SEPPmail |
Secure Email Gateway |
2026-04-02T08:25:00.574Z | 2026-04-02T14:50:57.915Z |
| CVE-2026-32289 |
6.1 (3.1)
|
JsBraceDepth Context Tracking Bugs (XSS) in html/template |
Go standard library |
html/template |
2026-04-08T01:06:56.297Z | 2026-04-13T18:20:46.377Z |
| CVE-2026-29133 |
5.3 (4.0)
|
UID Regex Bypass |
SEPPmail |
Secure Email Gateway |
2026-04-02T08:26:26.949Z | 2026-04-02T14:50:21.869Z |
| CVE-2026-29134 |
5.3 (4.0)
|
GINA Domain Switch |
SEPPmail |
Secure Email Gateway |
2026-04-02T08:29:20.693Z | 2026-04-02T14:42:41.757Z |
| CVE-2026-29135 |
5.3 (4.0)
|
Webmail Password Tag Sanitization Bypass |
SEPPmail |
Secure Email Gateway |
2026-04-02T08:31:52.227Z | 2026-04-02T14:41:45.142Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2026-35581 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class c… | 2026-04-07T17:16:33.493 | 2026-04-16T18:00:24.503 |
| fkie_cve-2019-25559 | SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field t… | 2026-03-21T13:16:18.777 | 2026-04-16T17:59:31.790 |
| fkie_cve-2026-35580 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files… | 2026-04-07T17:16:33.307 | 2026-04-16T17:59:02.860 |
| fkie_cve-2019-25558 | Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that all… | 2026-03-21T13:16:18.590 | 2026-04-16T17:55:01.000 |
| fkie_cve-2019-25554 | Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers… | 2026-03-21T13:16:17.857 | 2026-04-16T17:54:13.030 |
| fkie_cve-2019-25550 | Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the a… | 2026-03-21T13:16:17.147 | 2026-04-16T17:53:07.683 |
| fkie_cve-2019-25549 | VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to… | 2026-03-21T13:16:16.980 | 2026-04-16T17:52:50.220 |
| fkie_cve-2019-25548 | BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to cr… | 2026-03-21T13:16:16.753 | 2026-04-16T17:52:18.590 |
| fkie_cve-2026-35574 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting… | 2026-04-07T17:16:32.963 | 2026-04-16T17:49:56.133 |
| fkie_cve-2026-3635 | Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like t… | 2026-03-23T14:16:34.720 | 2026-04-16T17:46:58.897 |
| fkie_cve-2019-25545 | Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attacker… | 2026-03-21T13:16:16.193 | 2026-04-16T17:44:44.923 |
| fkie_cve-2019-25544 | Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the a… | 2026-03-21T13:16:15.270 | 2026-04-16T17:42:51.770 |
| fkie_cve-2026-35002 | Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execut… | 2026-04-02T15:16:52.063 | 2026-04-16T17:41:17.293 |
| fkie_cve-2026-33746 | Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before v… | 2026-04-02T16:16:22.803 | 2026-04-16T17:38:08.700 |
| fkie_cve-2026-26961 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Mul… | 2026-04-02T17:16:21.973 | 2026-04-16T17:33:26.013 |
| fkie_cve-2026-34230 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Uti… | 2026-04-02T17:16:23.570 | 2026-04-16T17:27:43.037 |
| fkie_cve-2026-34763 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Dir… | 2026-04-02T17:16:24.723 | 2026-04-16T17:26:24.647 |
| fkie_cve-2026-21003 | Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 a… | 2026-04-13T05:16:02.230 | 2026-04-16T17:25:45.080 |
| fkie_cve-2026-21013 | Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers t… | 2026-04-13T06:16:06.010 | 2026-04-16T17:24:33.990 |
| fkie_cve-2026-21014 | Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to acce… | 2026-04-13T06:16:06.140 | 2026-04-16T17:23:57.580 |
| fkie_cve-2026-34785 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sta… | 2026-04-02T17:16:24.873 | 2026-04-16T17:19:35.290 |
| fkie_cve-2026-34786 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sta… | 2026-04-02T17:16:25.030 | 2026-04-16T17:19:00.317 |
| fkie_cve-2026-5121 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the … | 2026-03-30T08:16:18.780 | 2026-04-16T17:16:55.303 |
| fkie_cve-2026-4424 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archiv… | 2026-03-19T15:16:28.300 | 2026-04-16T17:16:55.070 |
| fkie_cve-2026-41080 | libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML… | 2026-04-16T17:16:54.917 | 2026-04-16T17:16:54.917 |
| fkie_cve-2026-37338 | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file … | 2026-04-16T15:17:36.680 | 2026-04-16T17:16:54.760 |
| fkie_cve-2026-25704 | A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabil… | 2026-03-30T08:16:16.990 | 2026-04-16T17:16:54.590 |
| fkie_cve-2025-36579 | Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthentic… | 2026-04-16T17:16:54.073 | 2026-04-16T17:16:54.073 |
| fkie_cve-2021-22925 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely… | 2021-08-05T21:15:11.467 | 2026-04-16T17:16:52.780 |
| fkie_cve-2026-34826 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Uti… | 2026-04-02T17:16:25.880 | 2026-04-16T17:09:16.217 |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-9342-92gg-6v29 |
7.5 (3.1)
6.0 (4.0)
|
Jakarta Mail vulnerable to SMTP Injection | 2025-07-21T18:32:19Z | 2026-04-16T18:47:48Z |
| ghsa-fvcv-3m26-pcqx |
4.8 (3.1)
|
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain | 2026-04-10T19:47:16Z | 2026-04-16T18:45:23Z |
| ghsa-3p68-rc4w-qgx5 |
4.8 (3.1)
6.3 (4.0)
|
Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF | 2026-04-09T17:32:19Z | 2026-04-16T18:44:31Z |
| ghsa-v47p-q5xc-j34w |
8.7 (4.0)
|
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user… | 2026-04-16T18:31:22Z | 2026-04-16T18:31:22Z |
| ghsa-prf8-m597-vc2p |
4.1 (3.1)
|
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or except… | 2026-04-16T18:31:22Z | 2026-04-16T18:31:22Z |
| ghsa-hgfx-pj29-fw66 |
7.5 (3.1)
|
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job… | 2026-04-16T15:31:32Z | 2026-04-16T18:31:22Z |
| ghsa-g88c-8gfj-6c98 |
|
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to … | 2026-04-16T18:31:22Z | 2026-04-16T18:31:22Z |
| ghsa-fpqv-cr66-h6pc |
2.9 (3.1)
|
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML… | 2026-04-16T18:31:22Z | 2026-04-16T18:31:22Z |
| ghsa-fpjj-7r25-62gj |
9.1 (3.1)
|
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the… | 2026-04-16T15:31:32Z | 2026-04-16T18:31:22Z |
| ghsa-c9qp-qc83-7rwj |
|
An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmwa… | 2026-04-16T18:31:22Z | 2026-04-16T18:31:22Z |
| ghsa-97q5-qf47-hvrw |
7.3 (3.1)
|
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach… | 2026-04-16T18:31:22Z | 2026-04-16T18:31:22Z |
| ghsa-2h3v-69mw-9j56 |
5.1 (3.1)
|
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthentic… | 2026-04-16T18:31:22Z | 2026-04-16T18:31:22Z |
| ghsa-rjr7-qx4v-48vv |
9.8 (3.1)
|
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fi… | 2026-04-16T15:31:32Z | 2026-04-16T18:31:21Z |
| ghsa-q6fh-hrhq-5x64 |
9.4 (3.1)
|
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file … | 2026-04-16T15:31:32Z | 2026-04-16T18:31:21Z |
| ghsa-px27-v386-gc8q |
8.8 (3.1)
|
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut… | 2026-04-09T00:32:00Z | 2026-04-16T18:31:21Z |
| ghsa-mjx3-57hm-4rw6 |
2.8 (3.1)
5.1 (4.0)
|
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to acce… | 2026-04-13T06:30:31Z | 2026-04-16T18:31:21Z |
| ghsa-fc25-pm3m-2gqh |
7.8 (3.1)
8.5 (4.0)
|
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networ… | 2026-04-10T00:30:29Z | 2026-04-16T18:31:21Z |
| ghsa-c54p-hmw4-rrxj |
7.3 (3.1)
|
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file … | 2026-04-16T15:31:32Z | 2026-04-16T18:31:21Z |
| ghsa-c29w-82wc-qh7v |
7.1 (3.1)
|
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated at… | 2026-04-16T15:31:32Z | 2026-04-16T18:31:21Z |
| ghsa-8x4h-8ccm-x267 |
6.8 (3.1)
5.2 (4.0)
|
Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 a… | 2026-04-13T06:30:30Z | 2026-04-16T18:31:21Z |
| ghsa-7c2r-j947-3p6p |
5.5 (3.1)
6.9 (4.0)
|
Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers t… | 2026-04-13T06:30:31Z | 2026-04-16T18:31:21Z |
| ghsa-3xhp-52jc-www8 |
4.7 (3.1)
|
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the… | 2026-04-16T15:31:32Z | 2026-04-16T18:31:21Z |
| ghsa-3j9x-gmp6-9x73 |
7.3 (3.1)
|
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file … | 2026-04-16T15:31:32Z | 2026-04-16T18:31:21Z |
| ghsa-2fw9-cxch-qx5h |
5.3 (3.1)
|
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain poten… | 2026-04-09T00:32:00Z | 2026-04-16T18:31:21Z |
| ghsa-cwpc-gq4p-xxwh |
8.8 (3.1)
|
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private… | 2026-04-02T00:31:04Z | 2026-04-16T18:31:16Z |
| ghsa-69rx-rvq8-835f |
4.0 (3.1)
|
HCL BigFix Platform is affected by insufficient authentication. The application might allow users … | 2026-04-02T00:31:04Z | 2026-04-16T18:31:16Z |
| ghsa-h5vx-6jh5-qhq7 |
5.8 (4.0)
|
A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabil… | 2026-03-30T09:31:28Z | 2026-04-16T18:31:15Z |
| ghsa-2vwv-vqpv-v8vc |
9.8 (3.1)
|
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the … | 2026-03-30T09:31:29Z | 2026-04-16T18:31:15Z |
| ghsa-c75f-55f6-f63q |
7.5 (3.1)
|
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archiv… | 2026-03-19T15:31:21Z | 2026-04-16T18:31:14Z |
| ghsa-wwcp-26wc-3fxm |
5.3 (3.1)
6.9 (4.0)
|
JSON-lib mishandles an unbalanced comment string | 2024-10-04T06:30:45Z | 2026-04-16T18:11:17Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-3 |
|
After an API token exposure from an exploited Trivy dependency, two new releases of `teln… | telnyx | 2026-03-27T14:53:14Z | |
| pysec-2026-2 |
|
After an API Token exposure from an exploited Trivy dependency, two new releases of `lite… | litellm | 2026-03-24T15:35:32Z | |
| pysec-2024-85 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-03-03T16:29:37.848846Z |
| pysec-2024-84 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-03-03T16:29:37.756762Z |
| pysec-2024-83 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-03-03T16:29:37.662671Z |
| pysec-2024-82 |
8.8 (3.1)
|
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… | mindsdb | 2024-09-12T13:15:00Z | 2026-03-03T16:29:37.563380Z |
| pysec-2023-278 |
5.3 (3.1)
|
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… | mindsdb | 2023-12-11T21:15:00Z | 2026-03-03T16:29:37.448520Z |
| pysec-2023-121 |
|
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as a… | zstd | 2023-03-31T20:15:00+00:00 | 2026-02-25T19:20:58+00:00 |
| pysec-2026-1 |
|
A PyPI user account compromised by an attacker and was able to upload a malicious version… | dydx-v4-client | 2026-01-28T21:09:02+00:00 | |
| pysec-2025-52 |
|
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | mlflow | 2025-06-23T15:15:29Z | 2025-12-05T13:25:55.146081Z |
| pysec-2020-220 |
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage coll… | ansible | 2020-10-05T14:15:00Z | 2025-10-31T04:43:53.616247Z |
| pysec-2025-72 |
|
The `num2words` project was compromised via a phishing attack and two new versions were u… | num2words | 2025-07-31T14:34:47+00:00 | |
| pysec-2025-71 |
|
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in Fas… | cadwyn | 2025-07-21T21:15:25+00:00 | 2025-07-23T15:24:03.825615+00:00 |
| pysec-2025-70 |
10.0 (3.1)
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… | langchain-community | 2025-06-23T21:15:25+00:00 | 2025-07-16T21:23:40.211079+00:00 |
| pysec-2024-259 |
9.8 (3.1)
|
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by m… | torch | 2024-10-29T21:15:04+00:00 | 2025-07-16T03:09:57.748865+00:00 |
| pysec-2024-258 |
|
In scrapy/scrapy, an issue was identified where the Authorization header is not removed d… | scrapy | 2024-05-20T08:15:08+00:00 | 2025-07-15T17:37:50.051730+00:00 |
| pysec-2025-69 |
|
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker tem… | roundup | 2025-07-13T20:15:25+00:00 | 2025-07-13T21:23:01.161315+00:00 |
| pysec-2025-68 |
8.0 (3.1)
|
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.449399+00:00 |
| pysec-2025-67 |
9.8 (3.1)
|
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerabil… | upsonic | 2025-06-19T21:15:27+00:00 | 2025-07-08T19:22:27.385619+00:00 |
| pysec-2025-66 |
|
Improper privilege management in a REST interface allowed registered users to access unau… | streampipes | 2025-03-03T11:15:11+00:00 | 2025-07-08T15:23:46.628375+00:00 |
| pysec-2025-65 |
|
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0… | llama-index | 2025-07-07T13:15:28+00:00 | 2025-07-07T15:23:42.730681+00:00 |
| pysec-2025-61 |
|
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap … | pillow | 2025-07-01T19:15:27Z | 2025-07-07T14:12:46.226030Z |
| pysec-2025-64 |
9.8 (3.1)
|
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0… | python-a2a | 2025-06-17T07:15:18+00:00 | 2025-07-02T21:23:13.806273+00:00 |
| pysec-2025-63 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… | vllm | 2025-03-19T16:15:32+00:00 | 2025-07-01T23:22:49.176005+00:00 |
| pysec-2025-62 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Mal… | vllm | 2025-02-07T20:15:34+00:00 | 2025-07-01T23:22:49.083695+00:00 |
| pysec-2025-60 |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Inform… | apache-iotdb | 2025-05-14T11:16:28+00:00 | 2025-07-01T21:22:47.232036+00:00 |
| pysec-2025-59 |
|
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attack… | apache-iotdb | 2025-05-14T11:15:47+00:00 | 2025-07-01T21:22:47.177405+00:00 |
| pysec-2024-257 |
7.5 (3.1)
|
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… | mobsf | 2024-03-22T23:15:07+00:00 | 2025-06-30T15:23:50.085549+00:00 |
| pysec-2025-58 |
8.8 (3.1)
|
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py impl… | vllm | 2025-01-27T18:15:41+00:00 | 2025-06-27T21:22:36.583615+00:00 |
| pysec-2025-57 |
|
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… | zenml | 2025-03-20T10:15:48+00:00 | 2025-06-27T17:22:55.175431+00:00 |
| ID | Description | Updated |
|---|---|---|
| gsd-2024-33884 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.534455Z |
| gsd-2024-33901 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.525896Z |
| gsd-2024-33887 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.503613Z |
| gsd-2024-33895 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.493081Z |
| gsd-2024-33894 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.488420Z |
| gsd-2024-33902 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.486429Z |
| gsd-2024-33888 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.468423Z |
| gsd-2024-33885 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.441746Z |
| gsd-2024-33891 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via th… | 2024-04-29T05:02:07.412035Z |
| gsd-2024-33899 | RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the scr… | 2024-04-29T05:02:07.400574Z |
| gsd-2024-33889 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.392587Z |
| gsd-2024-33893 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.381761Z |
| gsd-2024-33892 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.378170Z |
| gsd-2024-33890 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.344384Z |
| gsd-2024-33896 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.313250Z |
| gsd-2024-33903 | In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pede… | 2024-04-29T05:02:07.295775Z |
| gsd-2024-33900 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.290639Z |
| gsd-2024-33898 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.287632Z |
| gsd-2024-33886 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.287167Z |
| gsd-2024-33897 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:07.283756Z |
| gsd-2024-33883 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certa… | 2024-04-29T05:02:07.271727Z |
| gsd-2024-4303 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.716348Z |
| gsd-2024-4300 | E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remo… | 2024-04-29T05:02:05.715239Z |
| gsd-2024-4297 | The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlo… | 2024-04-29T05:02:05.700888Z |
| gsd-2024-4301 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.678292Z |
| gsd-2024-4296 | The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock… | 2024-04-29T05:02:05.621428Z |
| gsd-2024-4299 | The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSheroc… | 2024-04-29T05:02:05.606402Z |
| gsd-2024-4302 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-29T05:02:05.603637Z |
| gsd-2024-4298 | The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, Audit… | 2024-04-29T05:02:05.598531Z |
| gsd-2024-33876 | The format of the source doesn't require a description, click on the link for more details. | 2024-04-28T05:02:07.990196Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-2819 | Malicious code in pynosist (PyPI) | 2026-04-16T17:48:29Z | 2026-04-16T18:58:58Z |
| mal-2026-2818 | Malicious code in genosys (PyPI) | 2026-04-16T17:48:14Z | 2026-04-16T18:58:57Z |
| mal-2026-2817 | Malicious code in lightweight-charts-4.1 (npm) | 2026-04-16T17:35:59Z | 2026-04-16T17:35:59Z |
| mal-2025-938 | Malicious code in just-test-framework (PyPI) | 2025-01-10T01:24:54Z | 2026-04-16T15:42:11Z |
| mal-2025-6495 | Malicious code in discord-booster (PyPI) | 2025-05-29T22:39:05Z | 2026-04-16T15:42:11Z |
| mal-2025-4270 | Malicious code in web3automation (PyPI) | 2025-04-27T08:06:41Z | 2026-04-16T15:42:11Z |
| mal-2025-4232 | Malicious code in pyinitialyze (PyPI) | 2025-05-09T20:14:13Z | 2026-04-16T15:42:11Z |
| mal-2025-3484 | Malicious code in yolov8mini (PyPI) | 2025-03-23T21:03:35Z | 2026-04-16T15:42:11Z |
| mal-2025-3473 | Malicious code in textgradient (PyPI) | 2025-03-28T17:41:31Z | 2026-04-16T15:42:11Z |
| mal-2025-3441 | Malicious code in colorina (PyPI) | 2025-04-10T07:47:51Z | 2026-04-16T15:42:11Z |
| mal-2025-3014 | Malicious code in w3socket (PyPI) | 2025-02-17T10:36:37Z | 2026-04-16T15:42:11Z |
| mal-2025-3010 | Malicious code in transaction-analysis (PyPI) | 2025-02-24T10:06:17Z | 2026-04-16T15:42:11Z |
| mal-2025-2967 | Malicious code in heroku-tl (PyPI) | 2025-03-08T07:34:12Z | 2026-04-16T15:42:11Z |
| mal-2025-2949 | Malicious code in colorizetext (PyPI) | 2025-03-05T16:15:15Z | 2026-04-16T15:42:11Z |
| mal-2025-1994 | Malicious code in requesttss (PyPI) | 2025-01-25T16:53:01Z | 2026-04-16T15:42:11Z |
| mal-2025-1984 | Malicious code in nflx-metaflow (PyPI) | 2025-02-05T22:04:22Z | 2026-04-16T15:42:11Z |
| mal-2025-1980 | Malicious code in mlc-ai-nightly (PyPI) | 2025-01-21T18:27:56Z | 2026-04-16T15:42:11Z |
| mal-2025-192914 | Malicious code in queenbee-plugin (RubyGems) | 2025-12-23T08:41:05Z | 2026-04-16T15:42:11Z |
| mal-2025-191631 | Malicious code in hexdecpy (PyPI) | 2025-10-24T21:59:02Z | 2026-04-16T15:42:11Z |
| mal-2025-191630 | Malicious code in hexdecli (PyPI) | 2025-10-25T16:03:26Z | 2026-04-16T15:42:11Z |
| mal-2026-2661 | Malicious code in vip-landing (npm) | 2026-04-14T11:47:12Z | 2026-04-16T15:42:10Z |
| mal-2026-2660 | Malicious code in use-feature-flags-plugin (npm) | 2026-04-14T11:47:12Z | 2026-04-16T15:42:10Z |
| mal-2026-2659 | Malicious code in ui-utils-udhay-alerts (npm) | 2026-04-14T11:47:49Z | 2026-04-16T15:42:10Z |
| mal-2026-2251 | Malicious code in testtestsharp (npm) | 2026-03-27T03:07:31Z | 2026-04-16T15:42:10Z |
| mal-2026-2250 | Malicious code in test1sharp (npm) | 2026-03-27T03:07:31Z | 2026-04-16T15:42:10Z |
| mal-2026-2196 | Malicious code in tailwind-compile (npm) | 2026-03-25T14:20:59Z | 2026-04-16T15:42:10Z |
| mal-2026-1973 | Malicious code in woltpickerapp (npm) | 2026-03-20T04:48:44Z | 2026-04-16T15:42:10Z |
| mal-2026-1968 | Malicious code in safe-json-parsex (npm) | 2026-03-20T04:41:13Z | 2026-04-16T15:42:10Z |
| mal-2026-1926 | Malicious code in tokenshower (npm) | 2026-03-19T15:16:36Z | 2026-04-16T15:42:10Z |
| mal-2026-1839 | Malicious code in react-state-optimizer-core (npm) | 2026-03-18T13:07:12Z | 2026-04-16T15:42:10Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| 7paa020125 | Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850 communication stack | 2026-04-13T00:30:00.000Z | 2026-04-13T00:30:00.000Z |
| 7paa017341 | PostgreSQL vulnerabilities in ABB Ability™ Symphony® Plus Engineering | 2026-04-13T00:30:00.000Z | 2026-04-13T00:30:00.000Z |
| 7paa023732 | System 800xA affected by 3rd party component vulnerabilities | 2026-03-31T00:30:00.000Z | 2026-03-31T00:30:00.000Z |
| 4hzm000604 | ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (SQLite 3.2.4) | 2026-03-26T00:30:00.000Z | 2026-03-26T00:30:00.000Z |
| 4jno000329 | AWIN Gateways Vulnerabilities in Embedded Webserver | 2026-03-13T00:30:00.000Z | 2026-03-13T00:30:00.000Z |
| 3adr011536 | AC500 V3 Stack buffer overflow in Cryptographic Message Syntax | 2026-03-12T00:30:00.000Z | 2026-03-12T00:30:00.000Z |
| 3adr011525 | ABB Automation Builder Gateway for Windows with insecure defaults | 2026-02-24T00:30:00.000Z | 2026-02-24T00:30:00.000Z |
| 3adr011524 | AC500 V3 Multiple vulnerabilities | 2026-02-24T00:30:00.000Z | 2026-02-24T00:30:00.000Z |
| sa25p007 | B&R Automation Studio Update of SQLite version | 2026-02-18T00:30:00.000Z | 2026-02-18T00:30:00.000Z |
| sa26p001 | PVI Insertion of Sensitive Information into Logfile | 2026-01-29T00:30:00.000Z | 2026-01-29T00:30:00.000Z |
| sa24p003 | B&R PCs vulnerable to PixieFail attack | 2026-01-29T00:30:00.000Z | 2026-01-29T00:30:00.000Z |
| 7paa013309 | System 800xA SECURITY Advisory - ABB 800xA Base 6.0.x, 6.1.x CSLib communication DoS vulnerability | 2024-06-05T00:30:00.000Z | 2026-01-23T00:30:00.000Z |
| sa25p005 | B&R Automation Runtime Improper Handling of Flooding conditions on ANSL Server | 2026-01-19T00:30:00.000Z | 2026-01-19T00:30:00.000Z |
| sa25p004 | Automation Studio Insufficient Server Certificate Validation | 2026-01-19T00:30:00.000Z | 2026-01-19T00:30:00.000Z |
| 9akk108472a1331 | ABB Ability™ OPTIMAX® Authentication Bypass in Single-Sign On with Azure Active Directory | 2026-01-16T00:30:00.000Z | 2026-01-16T00:30:00.000Z |
| 2crt000009 | WebPro SNMP Card PowerValue Multiple Vulnerabilities | 2026-01-07T00:30:00.000Z | 2026-01-07T00:30:00.000Z |
| 9akk108471a8107 | Terra AC wallbox Heap Memory Corruption Vulnerability | 2025-09-16T00:30:00.000Z | 2025-11-28T08:00:00.000Z |
| 4hzm000603 | ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (VLC) | 2025-11-27T00:30:00.000Z | 2025-11-28T00:30:00.000Z |
| 7paa022088 | Edgenius Management Portal Authentication Bypass | 2025-11-20T00:30:00.000Z | 2025-11-20T00:30:00.000Z |
| 2nga002813 | PCM600 SharpZip library vulnerability | 2025-11-03T00:30:00.000Z | 2025-11-03T00:30:00.000Z |
| 4tz00000006007 | ALS-mini-S4/S8 IP Missing Authentication Vulnerability and its Mitigations | 2025-10-20T00:30:00.000Z | 2025-10-23T00:30:00.000Z |
| 9akk108471a8948 | Terra AC wallbox Heap Memory Corruption Vulnerability | 2025-10-20T00:30:00.000Z | 2025-10-21T00:30:00.000Z |
| 3kxg200000r4801 | CoreSense™ HM and CoreSense™ M10 File Path Traversal Vulnerability | 2025-04-16T00:30:00.000Z | 2025-10-20T00:30:00.000Z |
| sa25p003 | B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) | 2025-10-07T00:30:00.000Z | 2025-10-14T00:30:00.000Z |
| 4tz00000006008 | LVS MConfig Insecure memory handling | 2025-10-08T00:30:00.000Z | 2025-10-08T00:30:00.000Z |
| sa25p002 | B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) | 2025-10-07T00:30:00.000Z | 2025-10-07T00:30:00.000Z |
| 9akk108471a7808 | EIBPORT Reflected XSS | 2025-10-07T00:30:00.000Z | 2025-10-07T00:30:00.000Z |
| 9akk108471a7121 | FLXeon Controllers Multiple vulnerabilities | 2025-09-09T00:30:00.000Z | 2025-09-18T00:30:00.000Z |
| 9akk108471a4462 | ELSB/BLBA ASPECT advisory several CVEs | 2025-08-11T00:30:00.000Z | 2025-09-04T00:30:00.000Z |
| 9akk108471a3623 | RMC - 100 Vulnerabilities in web UI (REST Interface) | 2025-07-03T00:30:00.000Z | 2025-08-18T00:30:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| wid-sec-w-2026-0991 | Apache ActiveMQ, Client, Broker und Web: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-15T22:00:00.000+00:00 |
| wid-sec-w-2026-0915 | Kyocera Drucker: Mehrere Schwachstellen | 2026-03-30T22:00:00.000+00:00 | 2026-04-15T22:00:00.000+00:00 |
| wid-sec-w-2026-1054 | Apache log4net: Schwachstelle ermöglicht Manipulation von Dateien | 2026-04-12T22:00:00.000+00:00 | 2026-04-14T22:00:00.000+00:00 |
| wid-sec-w-2026-0950 | Linux Kernel: Mehrere Schwachstellen | 2026-03-31T22:00:00.000+00:00 | 2026-04-14T22:00:00.000+00:00 |
| wid-sec-w-2026-1068 | Adobe Acrobat und Acrobat Reader: Mehrere Schwachstellen | 2020-08-11T22:00:00.000+00:00 | 2026-04-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2890 | Microsoft Windows: Mehrere Schwachstellen | 2023-11-14T23:00:00.000+00:00 | 2026-04-13T22:00:00.000+00:00 |
| wid-sec-w-2026-1047 | Adobe Acrobat Reader: Schwachstelle ermöglicht Offenlegung von Informationen und Codeausführung | 2026-04-09T22:00:00.000+00:00 | 2026-04-12T22:00:00.000+00:00 |
| wid-sec-w-2026-0884 | OpenClaw: Mehrere Schwachstellen | 2026-03-26T23:00:00.000+00:00 | 2026-04-12T22:00:00.000+00:00 |
| wid-sec-w-2026-0856 | OpenClaw: Mehrere Schwachstellen | 2026-03-24T23:00:00.000+00:00 | 2026-04-12T22:00:00.000+00:00 |
| wid-sec-w-2026-0542 | OpenClaw: Mehrere Schwachstellen | 2026-02-25T23:00:00.000+00:00 | 2026-04-12T22:00:00.000+00:00 |
| wid-sec-w-2026-0472 | OpenClaw: Mehrere Schwachstellen | 2026-02-22T23:00:00.000+00:00 | 2026-04-12T22:00:00.000+00:00 |
| wid-sec-w-2026-1036 | OpenCTI: Schwachstelle ermöglicht Codeausführung | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1027 | LangChain: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1023 | libpng: Schwachstelle ermöglicht Offenlegung von Informationen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1022 | Juniper Patchday April 2026: Mehrere Schwachstellen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1020 | Intel Prozessoren (Pentium Silver Series, Celeron J Series, und Celeron N series): Schwachstelle ermöglicht Privilegieneskalation | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1012 | SonicWall SMA1000 : Mehrere Schwachstellen | 2026-04-08T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1006 | Golang Go: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-1002 | Django: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0997 | Mozilla Firefox und Thunderbird: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0995 | OpenSSL: Mehrere Schwachstellen | 2026-04-07T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0967 | Red Hat Enterprise Linux (fontforge): Schwachstelle ermöglicht Codeausführung | 2026-04-06T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0966 | Red Hat Enterprise Linux (crun): Schwachstelle ermöglicht Privilegieneskalation | 2026-04-06T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0939 | cPanel cPanel/WHM (perl-YAML-Syck): Schwachstelle ermöglicht Codeausführung und DoS | 2026-03-31T22:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0888 | tigervnc: Schwachstelle ermöglicht Offenlegung von Informationen, Manipulation von Dateien, und Denial of Service | 2026-03-26T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0887 | Internet Systems Consortium Kea: Schwachstelle ermöglicht Denial of Service | 2026-03-26T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0875 | Red Hat Enterprise Linux (ncurses): Schwachstelle ermöglicht Codeausführung | 2026-03-25T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0870 | libpng: Mehrere Schwachstellen | 2026-03-25T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0863 | Internet Systems Consortium BIND: Mehrere Schwachstellen | 2026-03-25T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| wid-sec-w-2026-0860 | NGINX und NGINX Plus: Mehrere Schwachstellen | 2026-03-24T23:00:00.000+00:00 | 2026-04-09T22:00:00.000+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| icsa-26-099-02 | GPL Odorizers GPL750 | 2026-04-09T06:00:00.000000Z | 2026-04-09T06:00:00.000000Z |
| icsa-26-099-01 | Contemporary Controls BASC 20T | 2026-04-09T06:00:00.000000Z | 2026-04-09T06:00:00.000000Z |
| icsa-25-345-10 | OpenPLC_V3 (Update A) | 2025-12-11T07:00:00.000000Z | 2026-04-09T06:00:00.000000Z |
| va-26-097-02 | IBM Maximo Application Suite Sensitive Tokens without 'Secure' Attribute | 2026-04-07T20:51:13Z | 2026-04-07T20:51:13Z |
| va-26-097-01 | Thales Sentinel LDK Runtime Stored XSS | 2026-04-07T20:50:15Z | 2026-04-07T20:50:15Z |
| icsa-26-097-01 | Mitsubishi Electric GENESIS64 and ICONICS Suite products | 2026-04-07T00:00:00.000000Z | 2026-04-07T06:00:00.000000Z |
| icsa-24-338-04 | Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C) | 2024-12-03T00:00:00.000000Z | 2026-04-07T06:00:00.000000Z |
| icsa-24-184-03 | Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update D) | 2024-07-02T06:00:00.000000Z | 2026-04-07T06:00:00.000000Z |
| icsa-25-217-01 | Mitsubishi Electric Iconics Digital Solutions Multiple Products (Update B) | 2025-08-05T05:00:00.000000Z | 2026-04-07T05:00:00.000000Z |
| icsa-25-140-04 | Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update F) | 2025-05-20T04:00:00.000000Z | 2026-04-07T05:00:00.000000Z |
| va-26-092-01 | Bentley Systems iTwin Platform exposed access token | 2026-04-02T17:11:43Z | 2026-04-02T17:11:43Z |
| va-26-092-02 | Zscaler Client Connector hard-coded proxy configuration domain | 2026-04-02T13:54:30Z | 2026-04-02T13:54:30Z |
| icsa-26-092-03 | Hitachi Energy Ellipse | 2026-02-24T00:00:00.000000Z | 2026-04-02T06:00:00.000000Z |
| icsa-26-092-02 | Yokogawa CENTUM VP | 2026-04-02T06:00:00.000000Z | 2026-04-02T06:00:00.000000Z |
| icsa-26-092-01 | Siemens SICAM 8 Products | 2026-03-26T00:00:00.000000Z | 2026-04-02T06:00:00.000000Z |
| icsa-25-037-02 | Schneider Electric EcoStruxure (Update D) | 2025-01-14T07:00:00.000000Z | 2026-04-02T06:00:00.000000Z |
| icsa-26-055-03 | Gardyn Home Kit (Update A) | 2026-02-24T06:00:00.000000Z | 2026-04-02T05:00:00.000000Z |
| va-26-084-01 | Nanoleaf Lines unauthenticated firmware file store | 2026-03-25T00:00:00Z | 2026-04-02T00:00:00Z |
| icsa-26-090-02 | PX4 Autopilot | 2026-03-31T06:00:00.000000Z | 2026-03-31T06:00:00.000000Z |
| icsa-26-090-01 | Anritsu Remote Spectrum Monitor | 2026-03-31T06:00:00.000000Z | 2026-03-31T06:00:00.000000Z |
| icsa-24-324-01 | Mitsubishi Electric MELSEC iQ-F Series (Update A) | 2024-11-19T00:00:00.000Z | 2026-03-31T00:00:00.000000Z |
| icsma-26-083-01 | Grassroots DICOM (GDCM) | 2026-03-24T06:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsma-25-364-01 | WHILL Model C2 Electric Wheelchairs and Model F Power Chairs (Update A) | 2025-12-30T07:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsa-26-083-03 | "Schneider Electric Plant iT/Brewmaxx" | 2026-01-13T08:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsa-26-083-02 | Schneider Electric EcoStruxure Foxboro DCS | 2026-03-10T07:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsa-26-083-01 | Pharos Controls Mosaic Show Controller | 2026-03-24T06:00:00.000000Z | 2026-03-24T06:00:00.000000Z |
| icsa-26-078-08 | Automated Logic WebCTRL Premium Server | 2026-03-19T06:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-078-05 | Mitsubishi Electric CNC Series | 2026-03-10T00:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-078-04 | Schneider Electric EcoStruxure PME and EPO | 2026-03-10T07:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| icsa-26-078-03 | Schneider Electric EcoStruxure Automation Expert | 2026-03-10T07:00:00.000000Z | 2026-03-19T06:00:00.000000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cisco-sa-wsa-auth-bypass-6yzktqhd | Cisco Secure Web Appliance Authentication Bypass Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-16T13:14:04+00:00 |
| cisco-sa-webexcc-xss-wex5nuna | Cisco Webex Contact Center Cross-Site Scripting Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-webex-cui-cert-8jszyhwl | Cisco Webex Services Certificate Validation Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-unity-vulns-n2ejsbbw | Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-unity-file-download-rmkevwpx | Cisco Unity Connection Arbitrary File Download Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-te-agentfilewrite-tquw3smu | Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-isexss-bs8cte7u | Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-ise-rce-traversal-8byndvrz | Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-ise-rce-4fverepv | Cisco Identity Services Engine Remote Code Execution Vulnerabilities | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-ise-cmd-inj-5wsjcyjb | Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability | 2026-04-15T16:00:00+00:00 | 2026-04-15T16:00:00+00:00 |
| cisco-sa-iosxe-mntc-dos-lzweqcyq | Cisco IOS XE Software Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-04-02T19:43:54+00:00 |
| cisco-sa-ssm-cli-execution-chucwunr | Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-ndi-afw-rjurc5dz | Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-nd-ssrf-naen4o7r | Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-nd-cbid-5yqkoshu | Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-epnm-improp-auth-muwfwuu3 | Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-cssm-priv-esc-xranouo8 | Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-cimc-cmd-inj-3hkn3bvt | Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-cimc-auth-bypass-agg2bxtn | Cisco Integrated Management Controller Authentication Bypass Vulnerability | 2026-04-01T16:00:00+00:00 | 2026-04-01T16:00:00+00:00 |
| cisco-sa-ndfc-cmdinj-uvyzrkfr | Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability | 2024-10-02T16:00:00+00:00 | 2026-03-31T18:47:53+00:00 |
| cisco-sa-xe-secureboot-bypass-b6uyxysz | Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-wlc-dos-hnx5kgom | Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-vmanage-xss-zqkhp9w9 | Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-scp-dos-duadxtcg | Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iox-xss-lpgkzwtj | Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iox-crlf-nvgktkjz | Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iosxe_infodis-6j847ueb | Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iosxe-tls-dos-tvgldezl | Cisco IOS XE Software TLS Memory Exhaustion Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-iosxe-lobby-privesc-kwxbqjy | Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| cisco-sa-ios-http-dos-sbv8xrpl | Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability | 2026-03-25T16:00:00+00:00 | 2026-03-25T16:00:00+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2026-32223 | Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability | 2026-04-14T07:00:00.000Z | 2026-04-16T07:00:00.000Z |
| msrc_cve-2025-64669 | Windows Admin Center Elevation of Privilege Vulnerability | 2025-12-09T00:00:00.000Z | 2026-04-16T07:00:00.000Z |
| msrc_cve-2026-35201 | Discount has an Out-of-bounds Read in rdiscount | 2026-04-02T00:00:00.000Z | 2026-04-15T14:46:03.000Z |
| msrc_cve-2026-40385 | CVE-2026-40385 | 2026-04-02T00:00:00.000Z | 2026-04-15T14:45:30.000Z |
| msrc_cve-2026-40386 | CVE-2026-40386 | 2026-04-02T00:00:00.000Z | 2026-04-15T14:45:23.000Z |
| msrc_cve-2026-23666 | .NET Framework Denial of Service Vulnerability | 2026-04-14T07:00:00.000Z | 2026-04-15T07:00:00.000Z |
| msrc_cve-2026-34757 | LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure | 2026-04-02T00:00:00.000Z | 2026-04-15T01:49:16.000Z |
| msrc_cve-2026-27140 | Code execution vulnerability in SWIG code generation in cmd/go | 2026-04-02T00:00:00.000Z | 2026-04-15T01:49:03.000Z |
| msrc_cve-2026-27143 | Missing bound checks can lead to memory corruption in safe Go in cmd/compile | 2026-04-02T00:00:00.000Z | 2026-04-15T01:48:42.000Z |
| msrc_cve-2026-32282 | TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix | 2026-04-02T00:00:00.000Z | 2026-04-15T01:48:20.000Z |
| msrc_cve-2026-27144 | Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile | 2026-04-02T00:00:00.000Z | 2026-04-15T01:47:59.000Z |
| msrc_cve-2026-32280 | Unexpected work during chain building in crypto/x509 | 2026-04-02T00:00:00.000Z | 2026-04-15T01:47:43.000Z |
| msrc_cve-2026-32283 | Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls | 2026-04-02T00:00:00.000Z | 2026-04-15T01:47:16.000Z |
| msrc_cve-2026-32281 | Inefficient policy validation in crypto/x509 | 2026-04-02T00:00:00.000Z | 2026-04-15T01:46:32.000Z |
| msrc_cve-2026-32288 | Unbounded allocation for old GNU sparse in archive/tar | 2026-04-02T00:00:00.000Z | 2026-04-15T01:46:07.000Z |
| msrc_cve-2026-28390 | Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo | 2026-04-02T00:00:00.000Z | 2026-04-15T01:45:23.000Z |
| msrc_cve-2026-31789 | Heap Buffer Overflow in Hexadecimal Conversion | 2026-04-02T00:00:00.000Z | 2026-04-15T01:45:06.000Z |
| msrc_cve-2026-28389 | Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo | 2026-04-02T00:00:00.000Z | 2026-04-15T01:44:54.000Z |
| msrc_cve-2026-28388 | NULL Pointer Dereference When Processing a Delta CRL | 2026-04-02T00:00:00.000Z | 2026-04-15T01:44:38.000Z |
| msrc_cve-2026-28387 | Potential Use-after-free in DANE Client Code | 2026-04-02T00:00:00.000Z | 2026-04-15T01:44:18.000Z |
| msrc_cve-2026-33055 | tar-rs incorrectly ignores PAX size headers if header size is nonzero | 2026-03-02T00:00:00.000Z | 2026-04-15T01:44:10.000Z |
| msrc_cve-2026-33056 | tar-rs: unpack_in can chmod arbitrary directories by following symlinks | 2026-03-02T00:00:00.000Z | 2026-04-15T01:43:57.000Z |
| msrc_cve-2026-2646 | Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function | 2026-03-02T00:00:00.000Z | 2026-04-15T01:43:43.000Z |
| msrc_cve-2026-2645 | Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 | 2026-03-02T00:00:00.000Z | 2026-04-15T01:43:37.000Z |
| msrc_cve-2026-3579 | Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I | 2026-03-02T00:00:00.000Z | 2026-04-15T01:43:31.000Z |
| msrc_cve-2026-3849 | Buffer Overflow in HPKE via Oversized ECH Config | 2026-03-02T00:00:00.000Z | 2026-04-15T01:43:25.000Z |
| msrc_cve-2026-35611 | Addressable has a Regular Expression Denial of Service in Addressable templates | 2026-04-02T00:00:00.000Z | 2026-04-15T01:43:25.000Z |
| msrc_cve-2026-35093 | Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins | 2026-04-02T00:00:00.000Z | 2026-04-15T01:42:54.000Z |
| msrc_cve-2026-34743 | XZ Utils: Buffer overflow in lzma_index_append() | 2026-04-02T00:00:00.000Z | 2026-04-15T01:42:40.000Z |
| msrc_cve-2026-3644 | Incomplete control character validation in http.cookies | 2026-03-02T00:00:00.000Z | 2026-04-15T01:42:33.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ncsc-2026-0121 | Kwetsbaarheden verholpen in Fortinet FortiSandbox | 2026-04-15T12:23:16.801183Z | 2026-04-15T12:23:16.801183Z |
| ncsc-2026-0120 | Kwetsbaarheden verholpen in Fortinet FortiAnalyzer en FortiManager | 2026-04-15T12:20:38.675602Z | 2026-04-15T12:20:38.675602Z |
| ncsc-2026-0115 | Kwetsbaarheid verholpen in Microsoft Defender | 2026-04-14T19:19:48.691858Z | 2026-04-15T08:54:16.881135Z |
| ncsc-2026-0119 | Kwetsbaarheden verholpen in Microsoft Windows | 2026-04-15T08:53:38.926894Z | 2026-04-15T08:53:38.926894Z |
| ncsc-2026-0118 | Kwetsbaarheden verholpen in Microsoft SQL Server | 2026-04-14T19:24:22.610160Z | 2026-04-14T19:24:22.610160Z |
| ncsc-2026-0117 | Kwetsbaarheden verholpen in Microsoft Azure | 2026-04-14T19:23:30.733725Z | 2026-04-14T19:23:30.733725Z |
| ncsc-2026-0116 | Kwetsbaarheden verholpen in Microsoft Office | 2026-04-14T19:20:56.343558Z | 2026-04-14T19:20:56.343558Z |
| ncsc-2026-0114 | Kwetsbaarheden verholpen in Microsoft Developer tools | 2026-04-14T19:18:58.666745Z | 2026-04-14T19:18:58.666745Z |
| ncsc-2026-0113 | Kwetsbaarheden verholpen in SAP-producten | 2026-04-14T12:55:40.388960Z | 2026-04-14T12:55:40.388960Z |
| ncsc-2026-0112 | Kwetsbaarheden verholpen in Siemens producten | 2026-04-14T11:37:21.682429Z | 2026-04-14T11:37:21.682429Z |
| ncsc-2026-0111 | Kwetsbaarheid verholpen in Adobe Acrobat | 2026-04-12T08:42:18.844193Z | 2026-04-13T09:38:04.129352Z |
| ncsc-2026-0110 | Kwetsbaarheid verholpen in Cisco Smart Software Manager On-Prem | 2026-04-10T14:28:58.703642Z | 2026-04-10T14:28:58.703642Z |
| ncsc-2026-0007 | Kwetsbaarheden verholpen in Microsoft Windows | 2026-01-13T19:16:30.720079Z | 2026-04-10T12:53:42.521564Z |
| ncsc-2026-0109 | Kwetsbaarheden verholpen in Synology SSL VPN Client | 2026-04-10T12:11:00.859799Z | 2026-04-10T12:11:00.859799Z |
| ncsc-2026-0108 | Kwetsbaarheid verholpen in Juniper Networks Junos OS Evolved | 2026-04-10T12:06:13.479822Z | 2026-04-10T12:06:13.479822Z |
| ncsc-2026-0107 | Kwetsbaarheid verholpen in FortiClient EMS van Fortinet | 2026-04-04T13:49:19.002116Z | 2026-04-04T13:49:19.002116Z |
| ncsc-2026-0106 | Kwetsbaarheden verholpen in Cisco Integrated Management Controller | 2026-04-03T10:34:46.145536Z | 2026-04-03T10:34:46.145536Z |
| ncsc-2026-0105 | Kwetsbaarheden verholpen in Cisco Nexus Dashboard en Nexus Dashboard Insights | 2026-04-03T08:20:48.187725Z | 2026-04-03T08:20:48.187725Z |
| ncsc-2026-0047 | Kwetsbaarheid verholpen in Fortinet FortiClient EMS | 2026-02-09T10:16:18.048622Z | 2026-03-30T11:36:22.656910Z |
| ncsc-2025-0319 | Kwetsbaarheden verholpen in F5 Networks BIG-IP, F5OS en NGINX App Protect WAF | 2025-10-15T15:21:14.871532Z | 2026-03-27T18:09:03.259108Z |
| ncsc-2026-0104 | Kwetsbaarheden verholpen in Cisco IOS XE Software | 2026-03-26T09:50:03.269095Z | 2026-03-26T09:50:03.269095Z |
| ncsc-2026-0103 | Kwetsbaarheden verholpen in GitLab | 2026-03-26T09:48:10.874427Z | 2026-03-26T09:48:10.874427Z |
| ncsc-2026-0102 | Kwetsbaarheden verholpen in Apple macOS | 2026-03-25T14:15:56.073353Z | 2026-03-25T14:15:56.073353Z |
| ncsc-2026-0101 | Kwetsbaarheden verholpen in Apple iOS en iPadOS | 2026-03-25T14:02:07.392994Z | 2026-03-25T14:02:07.392994Z |
| ncsc-2026-0100 | Kwetsbaarheden verholpen in Citrix Netscaler ADC en Netscaler Gateway | 2026-03-23T13:43:30.957806Z | 2026-03-23T13:43:30.957806Z |
| ncsc-2026-0099 | Kwetsbaarheid verholpen in Oracle Identity Manager en Oracle Web Services Manager | 2026-03-20T15:56:12.716324Z | 2026-03-20T15:56:12.716324Z |
| ncsc-2026-0010 | Kwetsbaarheden verholpen in Microsoft Office | 2026-01-13T19:18:45.984019Z | 2026-03-20T14:03:59.225773Z |
| ncsc-2026-0076 | Kwetsbaarheden verholpen in Cisco Secure Firewall Management Center | 2026-03-04T20:49:12.211658Z | 2026-03-19T11:48:18.917205Z |
| ncsc-2026-0098 | Kwetsbaarheden verholpen in Apple iOS en iPadOS | 2026-03-13T08:41:19.155490Z | 2026-03-13T08:41:19.155490Z |
| ncsc-2026-0097 | Kwetsbaarheden verholpen in Google Chrome | 2026-03-13T08:33:43.877125Z | 2026-03-13T08:33:43.877125Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| nn-2026:2-01 | Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 | 2026-04-15T11:00:00.000Z | 2026-04-15T11:00:00.000Z |
| nn-2026:1-01 | Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 | 2026-04-15T11:00:00.000Z | 2026-04-15T11:00:00.000Z |
| nn-2025:18-01 | Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:17-01 | HTML injection in Sensor Map in CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:16-01 | HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 | 2026-03-04T11:00:00.000Z | 2026-03-04T11:00:00.000Z |
| nn-2025:15-01 | Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:14-01 | HTML injection in Asset List in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:13-01 | Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:12-01 | HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 | 2025-12-18T11:00:00.000Z | 2025-12-18T11:00:00.000Z |
| nn-2025:11-01 | Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 | 2025-11-25T11:00:00.000Z | 2025-11-26T11:00:00.000Z |
| nn-2025:9-01 | Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:8-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:7-01 | Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:6-01 | Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:5-01 | Incorrect authorization for CLI in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:4-01 | Client-side path traversal in Guardian/CMC before 25.2.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:10-01 | Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 | 2025-10-07T11:00:00.000Z | 2025-10-07T11:00:00.000Z |
| nn-2025:3-01 | Incorrect authorization for traces request/download in CMC before 25.1.0 | 2025-08-26T11:00:00.000Z | 2025-08-26T11:00:00.000Z |
| nn-2025:2-01 | Privilege escalation in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2025:1-01 | Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 | 2025-06-10T11:00:00.000Z | 2025-06-10T11:00:00.000Z |
| nn-2024:2-01 | Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 | 2024-09-11T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2024:1-01 | DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:9-01 | Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 | 2023-09-18T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:8-01 | Session Fixation in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:7-01 | DoS via SAML configuration in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:6-01 | Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:4-01 | Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:3-01 | Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:2-01 | Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 | 2023-08-09T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| nn-2023:17-01 | Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 | 2024-04-10T11:00:00.000Z | 2024-09-19T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| opensuse-su-2026:10557-1 | xwayland-24.1.9-2.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10556-1 | xorg-x11-server-21.1.21-5.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10555-1 | libsdb2_4_2-6.1.4-1.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10554-1 | python314-3.14.4-1.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10553-1 | python313-3.13.13-1.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10552-1 | python311-3.11.15-5.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10551-1 | perl-YAML-Syck-1.440.0-1.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10550-1 | apache-pdfbox-2.0.36-1.1 on GA media | 2026-04-15T00:00:00Z | 2026-04-15T00:00:00Z |
| opensuse-su-2026:10539-1 | oci-cli-3.76.2-1.1 on GA media | 2026-04-13T00:00:00Z | 2026-04-13T00:00:00Z |
| opensuse-su-2026:10538-1 | helm-4.1.4-2.1 on GA media | 2026-04-13T00:00:00Z | 2026-04-13T00:00:00Z |
| opensuse-su-2026:10535-1 | python311-cryptography-46.0.7-1.1 on GA media | 2026-04-11T00:00:00Z | 2026-04-11T00:00:00Z |
| opensuse-su-2026:10534-1 | libopenvswitch-3_7-0-3.7.1-33.1 on GA media | 2026-04-11T00:00:00Z | 2026-04-11T00:00:00Z |
| opensuse-su-2026:10533-1 | libopenssl-3-devel-3.5.3-4.1 on GA media | 2026-04-11T00:00:00Z | 2026-04-11T00:00:00Z |
| opensuse-su-2026:10532-1 | helm3-3.20.2-1.1 on GA media | 2026-04-11T00:00:00Z | 2026-04-11T00:00:00Z |
| opensuse-su-2026:10531-1 | cockpit-360-1.1 on GA media | 2026-04-11T00:00:00Z | 2026-04-11T00:00:00Z |
| opensuse-su-2026:10530-1 | chromedriver-147.0.7727.55-1.1 on GA media | 2026-04-11T00:00:00Z | 2026-04-11T00:00:00Z |
| opensuse-su-2026:10522-1 | python315-3.15.0~a8-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10521-1 | python312-3.12.13-5.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10520-1 | python310-3.10.20-4.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10519-1 | glances-common-4.5.3-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10518-1 | python311-Flask-HTTPAuth-4.8.1-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10517-1 | python313-Django6-6.0.4-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10516-1 | python311-Django4-4.2.30-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10515-1 | libprotobuf-lite34_1_0-32bit-34.1-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10514-1 | go1.25-1.25.9-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10513-1 | fontforge-20251009-6.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10512-1 | aws-c-event-stream-devel-0.7.0-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:10511-1 | MozillaFirefox-149.0.2-1.1 on GA media | 2026-04-09T00:00:00Z | 2026-04-09T00:00:00Z |
| opensuse-su-2026:20477-1 | Security update for aws-c-event-stream | 2026-04-08T13:03:50Z | 2026-04-08T13:03:50Z |
| opensuse-su-2026:10499-1 | python311-social-auth-app-django-5.7.0-1.1 on GA media | 2026-04-07T00:00:00Z | 2026-04-07T00:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| oxdc-adv-2026-0001 | OX Dovecot Security Advisory OXDC-ADV-2026-0001 | 2026-03-27T00:00:00+00:00 | 2026-03-27T00:00:00+00:00 |
| oxdc-adv-2025-0001 | OX Dovecot Pro Security Advisory OXDC-ADV-2025-0001 | 2025-10-31T00:00:00+00:00 | 2025-11-27T00:00:00+00:00 |
| oxas-adv-2025-0003 | OX App Suite Security Advisory OXAS-ADV-2025-0003 | 2025-09-24T00:00:00+02:00 | 2025-11-27T00:00:00+00:00 |
| oxas-adv-2025-0002 | OX App Suite Security Advisory OXAS-ADV-2025-0002 | 2025-08-12T00:00:00+02:00 | 2025-10-31T00:00:00+00:00 |
| oxas-adv-2025-0001 | OX App Suite Security Advisory OXAS-ADV-2025-0001 | 2025-01-27T00:00:00+01:00 | 2025-04-07T00:00:00+00:00 |
| oxdc-adv-2024-0003 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0003 | 2024-09-10T00:00:00+02:00 | 2024-09-10T00:00:00+00:00 |
| oxdc-adv-2024-0002 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0002 | 2024-09-10T00:00:00+02:00 | 2024-09-10T00:00:00+00:00 |
| oxas-adv-2024-0005 | OX App Suite Security Advisory OXAS-ADV-2024-0005 | 2024-07-08T00:00:00+02:00 | 2024-09-09T00:00:00+00:00 |
| oxdc-adv-2024-0001 | OX Dovecot Pro Security Advisory OXDC-ADV-2024-0001 | 2024-09-02T00:00:00+02:00 | 2024-09-06T00:00:00+00:00 |
| oxas-adv-2024-0004 | OX App Suite Security Advisory OXAS-ADV-2024-0004 | 2024-06-13T00:00:00+02:00 | 2024-08-19T00:00:00+00:00 |
| oxas-adv-2024-0003 | OX App Suite Security Advisory OXAS-ADV-2024-0003 | 2024-04-24T00:00:00+02:00 | 2024-08-19T00:00:00+00:00 |
| oxas-adv-2024-0002 | OX App Suite Security Advisory OXAS-ADV-2024-0002 | 2024-03-06T00:00:00+01:00 | 2024-05-06T00:00:00+00:00 |
| oxas-adv-2024-0001 | OX App Suite Security Advisory OXAS-ADV-2024-0001 | 2024-02-08T00:00:00+01:00 | 2024-04-25T00:00:00+00:00 |
| oxas-adv-2023-0007 | OX App Suite Security Advisory OXAS-ADV-2023-0007 | 2023-12-11T00:00:00+01:00 | 2024-02-16T00:00:00+00:00 |
| oxas-adv-2023-0006 | OX App Suite Security Advisory OXAS-ADV-2023-0006 | 2023-09-25T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0005 | OX App Suite Security Advisory OXAS-ADV-2023-0005 | 2023-09-19T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0004 | OX App Suite Security Advisory OXAS-ADV-2023-0004 | 2023-08-01T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0003 | OX App Suite Security Advisory OXAS-ADV-2023-0003 | 2023-05-02T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0002 | OX App Suite Security Advisory OXAS-ADV-2023-0002 | 2023-03-20T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2023-0001 | OX App Suite Security Advisory OXAS-ADV-2023-0001 | 2023-02-06T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2022-0002 | OX App Suite Security Advisory OXAS-ADV-2022-0002 | 2022-11-02T00:00:00+01:00 | 2024-01-22T00:00:00+00:00 |
| oxas-adv-2022-0001 | OX App Suite Security Advisory OXAS-ADV-2022-0001 | 2022-08-10T00:00:00+02:00 | 2024-01-22T00:00:00+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:22529 | Red Hat Security Advisory: Red Hat Ceph Storage | 2025-12-01T21:59:44+00:00 | 2026-04-14T10:05:07+00:00 |
| rhsa-2026:0934 | Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements | 2026-01-22T04:35:39+00:00 | 2026-04-14T10:01:48+00:00 |
| rhsa-2025:8958 | Red Hat Security Advisory: libxml2 security update | 2025-06-11T22:21:36+00:00 | 2026-04-14T10:01:48+00:00 |
| rhsa-2025:21913 | Red Hat Security Advisory: OpenShift File Integrity Operator bug fix and enhancement update | 2025-11-21T21:19:46+00:00 | 2026-04-14T10:01:47+00:00 |
| rhsa-2025:14396 | Red Hat Security Advisory: OpenShift Container Platform 4.15.57 bug fix and security update | 2025-08-27T21:47:05+00:00 | 2026-04-14T10:01:47+00:00 |
| rhsa-2025:21885 | Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update | 2025-11-20T19:56:52+00:00 | 2026-04-14T10:01:46+00:00 |
| rhsa-2025:18219 | Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.16.0 | 2025-10-16T08:41:21+00:00 | 2026-04-14T10:01:46+00:00 |
| rhsa-2025:15308 | Red Hat Security Advisory: OpenShift Container Platform 4.12.80 bug fix and security update | 2025-09-11T12:02:09+00:00 | 2026-04-14T10:01:46+00:00 |
| rhsa-2025:16159 | Red Hat Security Advisory: OpenShift Container Platform 4.15.58 bug fix and security update | 2025-09-25T09:09:37+00:00 | 2026-04-14T10:01:45+00:00 |
| rhsa-2025:15828 | Red Hat Security Advisory: updated web-terminal/tooling container image | 2025-09-15T15:14:08+00:00 | 2026-04-14T10:01:45+00:00 |
| rhsa-2025:15827 | Red Hat Security Advisory: updated web-terminal/tooling container image | 2025-09-15T15:13:16+00:00 | 2026-04-14T10:01:45+00:00 |
| rhsa-2025:15672 | Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update | 2025-09-18T05:46:13+00:00 | 2026-04-14T10:01:45+00:00 |
| rhsa-2025:14858 | Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update | 2025-09-04T17:05:36+00:00 | 2026-04-14T10:01:44+00:00 |
| rhsa-2025:14853 | Red Hat Security Advisory: OpenShift Container Platform 4.14.56 bug fix and security update | 2025-09-04T17:05:30+00:00 | 2026-04-14T10:01:43+00:00 |
| rhsa-2025:14819 | Red Hat Security Advisory: OpenShift Container Platform 4.19.10 bug fix and security update | 2025-09-02T19:25:33+00:00 | 2026-04-14T10:01:43+00:00 |
| rhsa-2025:14818 | Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update | 2025-09-04T17:03:51+00:00 | 2026-04-14T10:01:43+00:00 |
| rhsa-2025:14644 | Red Hat Security Advisory: Insights proxy Container Image | 2025-08-26T15:51:25+00:00 | 2026-04-14T10:01:43+00:00 |
| rhsa-2025:13806 | Red Hat Security Advisory: libxml2 security update | 2025-08-13T16:02:36+00:00 | 2026-04-14T10:01:42+00:00 |
| rhsa-2025:14186 | Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage | 2025-08-20T16:02:39+00:00 | 2026-04-14T10:01:41+00:00 |
| rhsa-2025:14059 | Red Hat Security Advisory: OpenShift Container Platform 4.17.38 bug fix and security update | 2025-08-27T21:46:50+00:00 | 2026-04-14T10:01:41+00:00 |
| rhsa-2025:13789 | Red Hat Security Advisory: libxml2 security update | 2025-08-13T10:46:22+00:00 | 2026-04-14T10:01:41+00:00 |
| rhsa-2025:13788 | Red Hat Security Advisory: libxml2 security update | 2025-08-13T10:38:41+00:00 | 2026-04-14T10:01:40+00:00 |
| rhsa-2025:13622 | Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.2 release | 2025-08-11T11:42:43+00:00 | 2026-04-14T10:01:40+00:00 |
| rhsa-2025:13689 | Red Hat Security Advisory: libxml2 security update | 2025-08-12T12:44:33+00:00 | 2026-04-14T10:01:39+00:00 |
| rhsa-2025:13688 | Red Hat Security Advisory: libxml2 security update | 2025-08-12T13:01:38+00:00 | 2026-04-14T10:01:39+00:00 |
| rhsa-2025:13684 | Red Hat Security Advisory: libxml2 security update | 2025-08-12T12:25:23+00:00 | 2026-04-14T10:01:39+00:00 |
| rhsa-2025:13683 | Red Hat Security Advisory: libxml2 security update | 2025-08-12T12:30:08+00:00 | 2026-04-14T10:01:39+00:00 |
| rhsa-2025:13681 | Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update | 2025-08-14T13:51:01+00:00 | 2026-04-14T10:01:39+00:00 |
| rhsa-2025:13677 | Red Hat Security Advisory: libxml2 security update | 2025-08-12T09:47:28+00:00 | 2026-04-14T10:01:37+00:00 |
| rhsa-2025:13464 | Red Hat Security Advisory: libxml2 security update | 2025-08-07T16:06:15+00:00 | 2026-04-14T10:01:37+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| sevd-2026-104-03 | Use of Hard-coded Credentials vulnerability on Easergy MiCOM Px40 Series | 2026-04-14T07:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2026-104-02 | Third-Party vulnerability on Modicon Networking Managed Switches | 2026-04-14T07:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2026-104-01 | Multiple Vulnerabilities on PowerChute™ Serial Shutdown | 2026-04-14T07:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2025-224-05 | Modicon M340 Controller and Communication Modules | 2025-08-12T04:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2025-014-05 | Web Server on Modicon M340, Modbus/TCP Ethernet Modicon M340 module, Modbus/TCP Ethernet Modicon M340 FactoryCast module and Ethernet / Serial RTU communication modules | 2025-01-14T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2024-317-02 | Modicon Controllers M340 / Momentum / MC80 & EcoStruxure™ Control Expert | 2024-11-12T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2024-163-01 | Modicon M340, Modbus/TCP Ethernet Modicon M340 module, and Modbus/TCP Ethernet Modicon M340 FactoryCast module | 2024-06-11T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2024-044-01 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 Safety PLCs | 2024-02-13T12:41:43.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2023-010-06 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 CPU Safety | 2023-01-10T00:00:00.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2019-134-11 | Multiple Vulnerabilities in Modicon Controller Products | 2019-05-14T16:48:40.000Z | 2026-04-14T07:00:00.000Z |
| sevd-2026-069-02 | Improper Neutralization vulnerability in Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-31T07:00:00.000Z |
| sevd-2026-069-01 | Improper Resource Shutdown or Release vulnerability in Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-31T07:00:00.000Z |
| sevd-2026-069-03 | Deserialization of Untrusted Data vulnerability on EcoStruxure™ Foxboro DCS | 2026-03-10T07:00:00.000Z | 2026-03-13T07:00:00.000Z |
| sevd-2026-069-06 | Deserialization of Untrusted Data vulnerability on Multiple Products | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-069-05 | Use of Hard-coded Credentials vulnerability in EcoStruxure™ IT Data Center Expert | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-069-04 | Improper Control of Generation of Code ('Code Injection') vulnerability on EcoStruxure™ Automation Expert | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-013-04 | Multiple Vulnerabilities on EcoStruxure Power Build Rapsody | 2026-01-13T08:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-013-01 | Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx | 2026-01-13T08:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2025-014-07 | FlexNet Publisher Vulnerability | 2025-01-14T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| sevd-2026-041-02 | Multiple Vulnerabilities on EcoStruxure™ Building Operation Workstation and EcoStruxure™ Building Operation Webstation | 2026-02-10T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2026-041-01 | Improper Check for Unusual or Exceptional Conditions on Multiple Products | 2026-02-10T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-343-01 | EcoStruxure™ Foxboro DCS | 2025-12-09T08:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-189-03 | EcoStruxure™ Power Operation | 2025-07-08T04:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2025-042-02 | Improper Input Validation Vulnerability in Uni-Telway Driver | 2025-02-11T05:00:00.000Z | 2026-02-10T08:00:00.000Z |
| sevd-2026-013-03 | Multiple Vulnerabilities on Zigbee Products | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2026-013-02 | Incorrect Default Permissions Vulnerability on EcoStruxure™ Process Expert | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2025-014-06 | RemoteConnect and SCADAPack™ x70 Utilities | 2025-01-14T00:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2024-317-03 | Modicon Controllers M340 / Momentum / MC80 | 2024-11-12T05:00:00.000Z | 2026-01-13T08:00:00.000Z |
| sevd-2025-343-02 | EcoStruxure™ Foxboro DCS Advisor | 2025-12-09T08:00:00.000Z | 2025-12-09T08:00:00.000Z |
| sevd-2025-252-01 | Multiple Altivar Process Drives and Communication Modules | 2025-09-09T04:00:00.000Z | 2025-12-09T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| sca-2026-0006 | Vulnerabilities affecting SICK Lector85x and SICK Lector83x | 2026-03-06T14:00:00.000Z | 2026-03-06T14:00:00.000Z |
| sca-2026-0005 | Vulnerabilities affecting SICK LMS1000 and SICK MRS1000 | 2026-02-27T14:00:00.000Z | 2026-02-27T14:00:00.000Z |
| sca-2026-0004 | Eclipse Cyclone DDS Vulnerabilities have no impact on SICK picoScan150 & SICK picoScan120 products | 2026-02-13T14:00:00.000Z | 2026-02-13T14:00:00.000Z |
| sca-2026-0003 | Vulnerability affecting SICK nanoScan3 and microScan3 | 2026-01-26T14:00:00.000Z | 2026-01-26T14:00:00.000Z |
| sca-2026-0002 | Vulnerabilities affecting SICK Incoming Goods Suite | 2026-01-15T14:00:00.000Z | 2026-01-22T19:00:00.000Z |
| sca-2026-0001 | Vulnerabilities affecting SICK TDC-X401GL | 2026-01-15T14:00:00.000Z | 2026-01-15T14:00:00.000Z |
| sca-2025-0013 | Vulnerabilities affecting SICK TLOC100-100 | 2025-10-27T14:00:00.000Z | 2025-11-11T14:00:00.000Z |
| sca-2025-0014 | CodeMeter vulnerablity affects SICK CODE-LOC and SICK LIDAR-LOC | 2025-11-03T11:00:00.000Z | 2025-11-03T14:00:00.000Z |
| sca-2025-0012 | Sudo vulnerability affects SICK SID products | 2025-10-27T11:00:00.000Z | 2025-10-27T14:00:00.000Z |
| sca-2025-0011 | Vulnerabilities affecting Endress+Hauser SSG-E210GC | 2025-10-02T13:00:00.000Z | 2025-10-02T13:00:00.000Z |
| sca-2025-0010 | Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products | 2025-10-02T13:00:00.000Z | 2025-10-02T13:00:00.000Z |
| sca-2025-0009 | Vulnerabilities affecting SICK TDC-E210GC | 2025-08-01T13:00:00.000Z | 2025-08-01T13:00:00.000Z |
| sca-2025-0008 | Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 | 2025-07-03T13:00:00.000Z | 2025-07-03T13:00:00.000Z |
| sca-2025-0007 | Multiple vulnerabilities in SICK Field Analytics and SICK Media Server | 2025-06-12T13:00:00.000Z | 2025-06-12T13:00:00.000Z |
| sca-2025-0003 | FreeRTOS Vulnerabilities have no impact on SICK Products | 2025-02-28T00:00:00.000Z | 2025-05-20T11:00:00.000Z |
| sca-2025-0006 | Vulnerability affecting picoScan and multiScan | 2025-04-28T13:00:00.000Z | 2025-04-28T13:00:00.000Z |
| sca-2025-0005 | Vulnerabilities in SICK Flexi Compact | 2025-04-28T10:00:00.000Z | 2025-04-28T10:00:00.000Z |
| sca-2025-0004 | Critical vulnerabilities in SICK DL100-2xxxxxxx | 2025-03-14T11:00:00.000Z | 2025-03-14T11:00:00.000Z |
| sca-2025-0001 | Multiple vulnerabilities in SICK MEAC300 | 2025-02-14T14:00:00.000Z | 2025-02-21T14:00:00.000Z |
| sca-2025-0002 | Vulnerability in SICK Lector8xx and SICK InspectorP8xx | 2025-02-14T10:19:00.000Z | 2025-02-14T10:19:00.000Z |
| sca-2024-0007 | Vulnerability in SICK OLM | 2024-12-31T00:00:00.000Z | 2024-12-31T00:00:00.000Z |
| sca-2024-0006 | Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx | 2024-12-06T00:00:00.000Z | 2024-12-06T00:00:00.000Z |
| sca-2024-0005 | Vulnerability in SICK Incoming Goods Suite | 2024-11-19T00:00:00.000Z | 2024-11-19T00:00:00.000Z |
| sca-2024-0004 | Third party vulnerabilities in SICK CDE-100 | 2024-11-07T12:00:00.000Z | 2024-11-07T12:00:00.000Z |
| sca-2024-0003 | Critical vulnerability in multiple SICK products | 2024-10-17T13:00:00.000Z | 2024-10-17T13:00:00.000Z |
| sca-2024-0002 | Vulnerability in SICK MSC800 | 2024-09-11T23:00:00.000Z | 2024-09-11T23:00:00.000Z |
| sca-2024-0001 | Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics | 2024-01-29T00:00:00.000Z | 2024-01-29T00:00:00.000Z |
| sca-2023-0011 | Vulnerability in multiple SICK Flexi Soft Gateways | 2023-10-23T11:00:00.000Z | 2023-10-23T11:00:00.000Z |
| sca-2023-0010 | Vulnerabilities in SICK Application Processing Unit | 2023-10-09T11:00:00.000Z | 2023-10-09T11:00:00.000Z |
| sca-2023-0008 | Vulnerability in SICK SIM1012 | 2023-09-29T13:00:00.000Z | 2023-09-29T13:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ssa-981622 | SSA-981622: Improper Certificate Validation Vulnerability in Siemens Analytics Toolkit | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-913875 | SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11 | 2021-07-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-827968 | SSA-827968: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices | 2026-01-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-801704 | SSA-801704: Authentication Bypass Vulnerability in SINEC NMS | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-741509 | SSA-741509: Privilege Escalation Vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager Primary Before V5.8 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-726834 | SSA-726834: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices | 2023-03-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-726617 | SSA-726617: Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module | 2025-05-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-712929 | SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products | 2022-06-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-710008 | SSA-710008: Multiple Web Vulnerabilities in SCALANCE Products | 2022-08-09T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-628843 | SSA-628843: Out of Bound Read Vulnerability in TPM 2.0 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-609469 | SSA-609469: Authorization Bypass Vulnerability in Industrial Edge Management | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-605717 | SSA-605717: Authorization Bypass Vulnerability in SINEC NMS Before V4.0 SP3 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-599968 | SSA-599968: Denial of Service Vulnerability in Profinet Devices | 2021-07-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-552702 | SSA-552702: Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products | 2022-10-11T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-408105 | SSA-408105: Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products | 2022-12-13T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-311973 | SSA-311973: Multiple Local Privilege Escalation Vulnerabilities in SINEC NMS and User Management Component (UMC) | 2026-02-10T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-244969 | SSA-244969: OpenSSL Vulnerability in Industrial Products | 2022-02-08T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-225816 | SSA-225816: Memory Corruption Vulnerability in RUGGEDCOM CROSSBOW Station Access Controller Before V5.8 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-216014 | SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs | 2025-03-11T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-186293 | SSA-186293: XML External Entity (XXE) Injection Vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER | 2025-08-12T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-019200 | SSA-019200: Multiple Vulnerabilities in SCALANCE W-700 IEEE 802.11n Devices Before V6.6.0 | 2026-04-14T00:00:00.000Z | 2026-04-14T00:00:00.000Z |
| ssa-246443 | SSA-246443: Multiple Vulnerabilities in SICAM 8 Products | 2026-03-26T00:00:00.000Z | 2026-03-26T00:00:00.000Z |
| ssa-452276 | SSA-452276: Eval Injection Vulnerability in SIMATIC S7-1500 | 2026-03-10T00:00:00.000Z | 2026-03-19T00:00:00.000Z |
| ssa-975644 | SSA-975644: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-903736 | SSA-903736: Multiple vulnerabilities in SICAM SIAPP SDK before V2.1.7 | 2026-03-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-868571 | SSA-868571: Missing Server Certificate Validation in IAM Client | 2025-12-09T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-770770 | SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices | 2025-02-11T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-710408 | SSA-710408: Missing Server Certificate Validation in Siemens Advanced Licensing (SALT) Toolkit | 2025-12-09T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-535115 | SSA-535115: Data Validation Vulnerability in NX Before V2512 | 2026-02-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ssa-513708 | SSA-513708: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices | 2025-06-10T00:00:00.000Z | 2026-03-10T00:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| suse-su-2026:1371-1 | Security update for nodejs20 | 2026-04-15T14:46:54Z | 2026-04-15T14:46:54Z |
| suse-su-2026:1370-1 | Security update for util-linux | 2026-04-15T14:44:52Z | 2026-04-15T14:44:52Z |
| suse-su-2026:1369-1 | Security update for glibc | 2026-04-15T14:42:56Z | 2026-04-15T14:42:56Z |
| suse-su-2026:1368-1 | Security update for libpng16 | 2026-04-15T14:35:26Z | 2026-04-15T14:35:26Z |
| suse-su-2026:1367-1 | Security update for mariadb | 2026-04-15T14:34:10Z | 2026-04-15T14:34:10Z |
| suse-su-2026:1366-1 | Security update for bind | 2026-04-15T14:33:06Z | 2026-04-15T14:33:06Z |
| suse-su-2026:1365-1 | Security update for python | 2026-04-15T14:30:35Z | 2026-04-15T14:30:35Z |
| suse-su-2026:1364-1 | Security update for webkit2gtk3 | 2026-04-15T14:27:58Z | 2026-04-15T14:27:58Z |
| suse-su-2026:1363-1 | Security update for nodejs20 | 2026-04-15T14:16:20Z | 2026-04-15T14:16:20Z |
| suse-su-2026:1361-1 | Security update for himmelblau | 2026-04-15T14:14:00Z | 2026-04-15T14:14:00Z |
| suse-su-2026:1360-1 | Security update for tigervnc | 2026-04-15T14:10:48Z | 2026-04-15T14:10:48Z |
| suse-su-2026:1359-1 | Security update for sudo | 2026-04-15T14:07:03Z | 2026-04-15T14:07:03Z |
| suse-su-2026:1356-1 | Security update for nfs-utils | 2026-04-15T13:43:43Z | 2026-04-15T13:43:43Z |
| suse-su-2026:1355-1 | Security update for rubygem-bundler | 2026-04-15T13:37:50Z | 2026-04-15T13:37:50Z |
| suse-su-2026:1354-1 | Security update for python313 | 2026-04-15T13:37:43Z | 2026-04-15T13:37:43Z |
| suse-su-2026:1353-1 | Security update for netty, netty-tcnative | 2026-04-15T13:37:19Z | 2026-04-15T13:37:19Z |
| suse-su-2026:1352-1 | Security update for expat | 2026-04-15T13:36:53Z | 2026-04-15T13:36:53Z |
| suse-su-2026:1351-1 | Security update for bind | 2026-04-15T13:36:44Z | 2026-04-15T13:36:44Z |
| suse-su-2026:1350-1 | Security update for nghttp2 | 2026-04-15T13:36:21Z | 2026-04-15T13:36:21Z |
| suse-su-2026:1349-1 | Security update for python311 | 2026-04-15T13:35:56Z | 2026-04-15T13:35:56Z |
| suse-su-2026:1347-1 | Security update for vim | 2026-04-15T12:26:44Z | 2026-04-15T12:26:44Z |
| suse-su-2026:1345-1 | Security update for python36 | 2026-04-15T12:04:26Z | 2026-04-15T12:04:26Z |
| suse-su-2026:1344-1 | Security update for libssh | 2026-04-15T10:21:31Z | 2026-04-15T10:21:31Z |
| suse-su-2026:1343-1 | Security update for Mesa | 2026-04-15T10:18:55Z | 2026-04-15T10:18:55Z |
| suse-su-2026:1342-1 | Security update for the Linux Kernel | 2026-04-15T10:15:54Z | 2026-04-15T10:15:54Z |
| suse-su-2026:1338-1 | Security update for giflib | 2026-04-15T07:33:53Z | 2026-04-15T07:33:53Z |
| suse-su-2026:1337-1 | Security update for rust1.92 | 2026-04-15T07:33:26Z | 2026-04-15T07:33:26Z |
| suse-su-2026:1335-1 | Security update for xorg-x11-server | 2026-04-14T17:28:43Z | 2026-04-14T17:28:43Z |
| suse-su-2026:1333-1 | Security update for xorg-x11-server | 2026-04-14T17:18:59Z | 2026-04-14T17:18:59Z |
| suse-su-2026:1332-1 | Security update for xorg-x11-server | 2026-04-14T17:15:06Z | 2026-04-14T17:15:06Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2026:6572 | Moderate: kernel-rt security update | 2026-04-06T00:00:00Z | 2026-04-06T09:38:16Z |
| alsa-2026:6571 | Moderate: kernel security update | 2026-04-06T00:00:00Z | 2026-04-06T09:27:57Z |
| alsa-2026:6621 | Moderate: crun security update | 2026-04-06T00:00:00Z | 2026-04-06T08:42:59Z |
| alsa-2026:6622 | Moderate: crun security update | 2026-04-06T00:00:00Z | 2026-04-06T08:36:15Z |
| alsa-2026:6300 | Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update | 2026-03-31T00:00:00Z | 2026-04-03T17:13:38Z |
| alsa-2026:6436 | Moderate: rsync security update | 2026-04-02T00:00:00Z | 2026-04-03T12:29:15Z |
| alsa-2026:6439 | Important: libpng15 security update | 2026-04-02T00:00:00Z | 2026-04-03T12:19:53Z |
| alsa-2026:6445 | Important: libpng12 security update | 2026-04-02T00:00:00Z | 2026-04-03T12:13:28Z |
| alsa-2026:6470 | Important: perl-YAML-Syck security update | 2026-04-02T00:00:00Z | 2026-04-03T12:07:59Z |
| alsa-2026:6473 | Important: python3 security update | 2026-04-02T00:00:00Z | 2026-04-03T12:02:03Z |
| alsa-2026:6388 | Important: grafana-pcp security update | 2026-04-01T00:00:00Z | 2026-04-03T10:02:10Z |
| alsa-2026:6344 | Important: grafana security update | 2026-04-01T00:00:00Z | 2026-04-03T09:56:37Z |
| alsa-2026:6259 | Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update | 2026-03-31T00:00:00Z | 2026-04-03T09:45:31Z |
| alsa-2026:6053 | Moderate: kernel security update | 2026-03-30T00:00:00Z | 2026-04-03T09:23:17Z |
| alsa-2026:6390 | Moderate: rsync security update | 2026-04-01T00:00:00Z | 2026-04-02T09:23:33Z |
| alsa-2026:6383 | Important: grafana-pcp security update | 2026-04-01T00:00:00Z | 2026-04-02T09:15:46Z |
| alsa-2026:6382 | Important: grafana security update | 2026-04-01T00:00:00Z | 2026-04-02T09:12:36Z |
| alsa-2026:6340 | Important: freerdp security update | 2026-04-01T00:00:00Z | 2026-04-02T09:09:13Z |
| alsa-2026:6005 | Important: freerdp security update | 2026-03-30T00:00:00Z | 2026-04-02T09:00:17Z |
| alsa-2026:6153 | Moderate: kernel security update | 2026-03-30T00:00:00Z | 2026-04-02T08:46:53Z |
| alsa-2026:6188 | Important: thunderbird security update | 2026-03-30T00:00:00Z | 2026-04-02T08:18:50Z |
| alsa-2026:6342 | Important: thunderbird security update | 2026-04-01T00:00:00Z | 2026-04-01T11:59:47Z |
| alsa-2026:6301 | Important: squid security update | 2026-03-31T00:00:00Z | 2026-04-01T09:27:45Z |
| alsa-2026:6256 | Important: python3.12 security update | 2026-03-31T00:00:00Z | 2026-04-01T09:23:35Z |
| alsa-2026:6266 | Moderate: libxslt security update | 2026-03-31T00:00:00Z | 2026-04-01T09:19:08Z |
| alsa-2026:6286 | Important: python3.11 security update | 2026-03-31T00:00:00Z | 2026-04-01T09:15:24Z |
| alsa-2026:6285 | Important: python3.12 security update | 2026-03-31T00:00:00Z | 2026-04-01T09:07:09Z |
| alsa-2026:6283 | Important: python3.12 security update | 2026-03-31T00:00:00Z | 2026-04-01T08:56:58Z |
| alsa-2026:6281 | Important: python3.11 security update | 2026-03-31T00:00:00Z | 2026-04-01T08:52:26Z |
| alsa-2026:6004 | Important: freerdp security update | 2026-03-30T00:00:00Z | 2026-03-31T08:19:51Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| hsec-2026-0006 | Cabal deletes project source files during configure | 2026-04-08T14:23:27Z | 2026-04-08T14:23:27Z |
| hsec-2026-0004 | Hackage package metadata stored XSS vulnerability | 2026-03-28T16:05:12Z | 2026-03-28T16:05:12Z |
| hsec-2026-0002 | Hackage CSRF vulnerability | 2026-03-28T16:04:58Z | 2026-03-28T16:04:58Z |
| hsec-2024-0004 | Hackage package and doc upload stored XSS vulnerability | 2026-01-16T11:18:20Z | 2026-01-16T11:18:20Z |
| hsec-2025-0007 | cmark-gfm: resource exhaustion due to quadratic complexity in parser | 2025-12-27T08:58:56Z | 2025-12-27T08:58:56Z |
| hsec-2025-0006 | Private key leak via inherited file descriptor | 2025-11-17T02:22:38Z | 2025-11-17T02:22:38Z |
| hsec-2025-0005 | cabal-install dependency confusion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0004 | Broken Path Sanitization in spacecookie Library | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0003 | Use after free in multithreaded lzma (.xz) decoder | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0002 | Double Public Key Signing Function Oracle Attack on Ed25519 | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2025-0001 | Subword division operations may produce incorrect results | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0009 | Public key confusion in third-party blocks | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0008 | Sign extension error in the PPC64le FFI | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0007 | Sign extension error in the AArch64 NCG | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0006 | fromIntegral: conversion error | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0003 | process: command injection via argument list on Windows | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0002 | out-of-bounds write when there are many bzip2 selectors | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2024-0001 | Reflected XSS vulnerability in keter | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0015 | cabal-install uses expired key policies | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0014 | Arbitrary file write is possible when using PDF output or --extract-media with untrusted input | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0013 | git-annex plaintext storage of embedded credentials on encrypted remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0012 | git-annex checksum exposure to encrypted special remotes | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0011 | git-annex GPG decryption attack via compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0010 | git-annex private data exfiltration to compromised remote | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0009 | git-annex command injection via malicious SSH hostname | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0008 | Stored XSS in hledger-web | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0007 | readFloat: memory exhaustion with large exponent | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0006 | x509-validation does not enforce pathLenConstraint | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0005 | tls-extra: certificate validation does not check Basic Constraints | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| hsec-2023-0004 | xml-conduit unbounded entity expansion | 2025-11-14T14:45:34Z | 2025-11-14T14:45:34Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osec-2026-03 | opam install sandbox escape | 2026-04-15T22:00:00Z | 2026-04-15T22:00:00Z |
| osec-2026-01 | Buffer Over-Read in OCaml Marshal Deserialization | 2026-02-17T13:30:00Z | 2026-02-27T09:30:00Z |
| osec-2026-02 | ARP unbounded memory usage | 2026-02-18T10:30:00Z | 2026-02-18T10:30:00Z |
| osec-2022-01 | Infinite loop in console output on xen | 2022-12-07T00:00:00Z | 2026-02-18T09:30:00Z |
| osec-2025-01 | Albatross console out of memory | 2025-08-15T00:18:22Z | 2026-01-13T12:00:00Z |
| osec-2019-02 | Grant unshare vulnerability in mirage-xen | 2019-04-26T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2019-01 | Memory disclosure in mirage-net-xen | 2019-03-21T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2016-02 | Memory disclosure in mirage-net-xen | 2016-05-03T00:00:00Z | 2026-01-13T12:00:00Z |
| osec-2023-01 | Time of check time of use issue in opam's cache | 2023-05-25T12:00:00Z | 2026-01-09T12:00:00Z |
| osec-2016-01 | Buffer overflow and information leak in OCaml < 4.03.0 | 2016-04-29T00:18:22Z | 2026-01-01T12:00:00Z |
| osec-2018-01 | An integer overflow in the `bigarray` serialization module leads to arbitrary code execution | 2018-04-06T18:29:00Z | 2025-12-16T12:00:00Z |
| osec-2017-01 | Local privilege escalation issue with ocaml binaries | 2017-06-23T15:19:47Z | 2025-12-16T12:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2024-698 | Heap-use-after-free in xmlCharEncCloseFunc | 2024-07-31T00:12:19.254629Z | 2026-04-16T14:30:06.495743Z |
| osv-2021-777 | Heap-use-after-free in xmlAddNextSibling | 2021-05-20T00:00:30.166614Z | 2026-04-16T14:20:10.040296Z |
| osv-2023-390 | Heap-buffer-overflow in sdhci_write | 2023-05-12T14:00:08.854823Z | 2026-04-15T14:39:49.852620Z |
| osv-2022-581 | Heap-buffer-overflow in megasas_map_sgl | 2022-07-14T00:00:45.644503Z | 2026-04-15T14:39:04.467770Z |
| osv-2021-820 | UNKNOWN READ in virtio_gpu_disable_scanout | 2021-06-02T00:00:31.619765Z | 2026-04-15T14:36:08.297322Z |
| osv-2022-834 | Heap-use-after-free in mk_event_timeout_destroy | 2022-09-04T00:00:31.605787Z | 2026-04-15T14:19:29.667112Z |
| osv-2022-1277 | Heap-use-after-free in mk_event_timeout_destroy | 2023-06-26T14:01:01.876870Z | 2026-04-15T14:15:42.438884Z |
| osv-2022-150 | Heap-buffer-overflow in coap_split_uri_sub | 2022-02-14T00:00:50.308933Z | 2026-04-14T14:11:39.559701Z |
| osv-2023-35 | Heap-buffer-overflow in parse_classes_64 | 2023-01-29T13:01:45.762871Z | 2026-04-13T14:21:54.947682Z |
| osv-2023-96 | Heap-buffer-overflow in load_buffer | 2023-02-23T13:00:28.515290Z | 2026-04-13T14:21:48.708753Z |
| osv-2022-599 | Use-of-uninitialized-value in mrb_bint_as_int | 2022-07-20T00:00:11.865502Z | 2026-04-13T14:17:11.247038Z |
| osv-2022-652 | Use-of-uninitialized-value in udiv | 2022-07-29T00:02:04.321859Z | 2026-04-13T14:16:38.313159Z |
| osv-2022-1137 | Heap-buffer-overflow in io_memory_read | 2022-11-05T00:00:44.243862Z | 2026-04-13T14:16:27.408482Z |
| osv-2022-993 | Stack-use-after-return in check_buffer | 2022-09-29T00:02:10.256639Z | 2026-04-13T14:16:10.642347Z |
| osv-2022-679 | Heap-buffer-overflow in udiv | 2022-08-07T00:01:59.645310Z | 2026-04-13T14:12:31.755206Z |
| osv-2024-245 | Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept | 2024-04-08T00:11:03.595756Z | 2026-04-12T14:19:34.243085Z |
| osv-2022-388 | Segv on unknown address in dwg_ref_get_object | 2022-05-01T00:01:54.904711Z | 2026-04-11T14:05:23.758549Z |
| osv-2020-876 | Use-of-uninitialized-value in XCFImageFormat::mergeRGBToRGB | 2020-07-14T22:13:55.541274Z | 2026-04-11T14:04:22.896195Z |
| osv-2024-679 | Heap-buffer-overflow in readImage4v2 | 2024-07-25T00:14:34.485446Z | 2026-04-10T14:17:32.974190Z |
| osv-2023-307 | Heap-buffer-overflow in bit_read_BB | 2023-04-13T14:02:09.774988Z | 2026-04-10T14:15:06.653636Z |
| osv-2022-714 | Heap-buffer-overflow in dynapi_set_helper | 2022-08-15T00:00:47.794062Z | 2026-04-10T14:14:49.083912Z |
| osv-2022-653 | Heap-double-free in dwg_free_common_entity_data | 2022-07-30T00:01:52.491112Z | 2026-04-10T14:13:58.401974Z |
| osv-2023-877 | Heap-buffer-overflow in btf_ensure_modifiable | 2023-09-18T14:02:44.989260Z | 2026-04-10T14:13:13.162417Z |
| osv-2023-800 | Heap-buffer-overflow in XCFImageFormat::loadTileRLE | 2023-09-07T14:00:27.693270Z | 2026-04-10T14:12:33.285572Z |
| osv-2023-55 | Index-out-of-bounds in LibRaw::apply_tiff | 2023-02-07T13:00:07.438565Z | 2026-04-10T14:12:13.379692Z |
| osv-2022-400 | Heap-double-free in dwg_free_XRECORD_private | 2022-05-08T00:00:40.782520Z | 2026-04-10T14:11:34.568715Z |
| osv-2022-372 | Heap-buffer-overflow in dwg_encode_VERTEX_2D | 2022-04-26T00:00:09.352798Z | 2026-04-10T14:11:27.492166Z |
| osv-2022-379 | Segv on unknown address in bit_write_TV | 2022-04-27T00:00:44.539231Z | 2026-04-10T14:11:26.691044Z |
| osv-2022-1176 | Heap-double-free in dwg_free | 2022-11-18T13:00:26.857477Z | 2026-04-10T14:10:36.470316Z |
| osv-2022-1259 | Heap-buffer-overflow in dwg_decode_INSERT_private | 2022-12-13T13:00:46.870838Z | 2026-04-10T14:10:23.558612Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2026-0102 | `microsoftsystem64` was removed from crates.io for malicious code | 2026-04-13T12:00:00Z | 2026-04-15T21:38:09Z |
| rustsec-2026-0101 | `safe-agent-rs` was removed from crates.io for being affiliated with malicious code | 2026-04-13T12:00:00Z | 2026-04-15T21:38:09Z |
| rustsec-2026-0100 | `pretty-changelog-logger` was removed from crates.io for malicious code | 2026-04-13T12:00:00Z | 2026-04-15T21:38:09Z |
| rustsec-2026-0099 | Name constraints were accepted for certificates asserting a wildcard name | 2026-04-14T12:00:00Z | 2026-04-15T09:57:12Z |
| rustsec-2026-0098 | Name constraints for URI names were incorrectly accepted | 2026-04-14T12:00:00Z | 2026-04-15T07:36:20Z |
| rustsec-2025-0161 | libsecp256k1 is unmaintained | 2025-01-14T12:00:00Z | 2026-04-14T11:24:03Z |
| rustsec-2026-0097 | Rand is unsound with a custom logger using `rand::rng()` | 2026-04-09T12:00:00Z | 2026-04-14T05:30:54Z |
| rustsec-2026-0096 | Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0095 | Wasmtime with Winch compiler backend may allow a sandbox-escaping memory access | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0094 | Improperly masked return value from `table.grow` with Winch compiler backend | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0093 | Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0092 | Panic when transcoding misaligned component model UTF-16 strings | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0091 | Out-of-bounds write or crash when transcoding component model strings | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0090 | Use-after-free bug after cloning `wasmtime::Linker` | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0089 | Host panic when Winch compiler executes `table.fill` | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0088 | Data leakage between pooling allocator instances | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0087 | Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64 | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0086 | Host data leakage with 64-bit tables and Winch | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0085 | Panic when lifting `flags` component value | 2026-04-09T12:00:00Z | 2026-04-09T19:59:38Z |
| rustsec-2026-0084 | `logprinter` was removed from crates.io for malicious code | 2026-04-09T12:00:00Z | 2026-04-09T11:23:07Z |
| rustsec-2026-0083 | zantetsu-trainer is unmaintained | 2026-04-07T12:00:00Z | 2026-04-08T08:55:27Z |
| rustsec-2026-0082 | zantetsu-ffi is unmaintained | 2026-04-07T12:00:00Z | 2026-04-08T08:55:27Z |
| rustsec-2026-0081 | `logtrace` was removed from crates.io for malicious code | 2026-04-05T12:00:00Z | 2026-04-05T23:52:05Z |
| rustsec-2026-0080 | Multiple soundness issues in `scaly` safe APIs | 2026-01-19T12:00:00Z | 2026-04-05T05:30:42Z |
| rustsec-2026-0079 | `DynFuture` drop can construct a dangling reference | 2026-01-21T12:00:00Z | 2026-04-05T05:30:42Z |
| rustsec-2023-0125 | Logs AWS credentials when TRACE-level logging is enabled | 2023-04-19T12:00:00Z | 2026-04-02T14:44:59Z |
| rustsec-2026-0078 | Symbol confusion after hasher panic in `intaglio` interners | 2026-03-30T12:00:00Z | 2026-03-30T21:40:18Z |
| rustsec-2025-0160 | `custom-req-on-workers` was removed from crates.io for malicious code | 2025-01-30T12:00:00Z | 2026-03-30T21:40:18Z |
| rustsec-2025-0159 | `sophosfirewall-python` was removed from crates.io for malicious code | 2025-02-15T12:00:00Z | 2026-03-30T21:40:18Z |
| rustsec-2025-0158 | `jfrog_quotes` was removed from crates.io for malicious code | 2025-01-30T12:00:00Z | 2026-03-30T21:40:18Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-wiremock-2023-41329 | Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio | 2026-04-13T16:00:00.480Z | 2026-04-13T16:23:32.396Z |
| bit-wiremock-2023-41327 | Controlled SSRF through URL in the WireMock | 2026-04-13T15:59:58.176Z | 2026-04-13T16:23:32.396Z |
| bit-tomcat-2026-29146 | Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default | 2026-04-13T16:01:34.700Z | 2026-04-13T16:23:32.396Z |
| bit-drupal-2020-11022 | jQuery has a potential XSS vulnerability | 2024-03-06T10:59:15.938Z | 2026-04-13T15:28:02.082Z |
| bit-nifi-2024-45477 | Apache NiFi: Improper Neutralization of Input in Parameter Description | 2026-04-13T14:17:18.796Z | 2026-04-13T14:44:23.860Z |
| bit-wiremock-2023-50069 | 2026-04-13T11:50:15.583Z | 2026-04-13T12:09:46.643Z | |
| bit-tomcat-2026-34500 | Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled | 2026-04-13T10:20:02.205Z | 2026-04-13T10:42:00.723Z |
| bit-tomcat-2026-34487 | Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token | 2026-04-13T10:20:00.791Z | 2026-04-13T10:42:00.723Z |
| bit-tomcat-2026-34483 | Apache Tomcat: Incomplete escaping of JSON access logs | 2026-04-13T10:19:58.030Z | 2026-04-13T10:42:00.723Z |
| bit-tomcat-2026-29145 | Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled | 2026-04-13T10:19:53.698Z | 2026-04-13T10:42:00.723Z |
| bit-tomcat-2026-25854 | Apache Tomcat: Occasionally open redirect | 2026-04-13T10:19:50.972Z | 2026-04-13T10:42:00.723Z |
| bit-tomcat-2026-24880 | Apache Tomcat: Request smuggling via invalid chunk extension | 2026-04-13T10:19:49.629Z | 2026-04-13T10:42:00.723Z |
| bit-mongodb-2026-4148 | ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators | 2026-04-13T10:13:07.402Z | 2026-04-13T10:42:00.723Z |
| bit-mongodb-2026-4147 | Stack memory disclosure in filemd5 command | 2026-04-13T10:13:04.983Z | 2026-04-13T10:42:00.723Z |
| bit-minio-2026-39414 | MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing | 2026-04-13T10:10:51.384Z | 2026-04-13T10:42:00.723Z |
| bit-tomcat-2026-34486 | Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor | 2026-04-13T05:53:08.595Z | 2026-04-13T06:11:47.324Z |
| bit-tomcat-2026-32990 | Apache Tomcat: Fix for CVE-2025-66614 is incomplete | 2026-04-13T05:53:05.369Z | 2026-04-13T06:11:47.324Z |
| bit-tomcat-2026-29129 | Apache Tomcat: TLS cipher order is not preserved | 2026-04-13T05:53:00.617Z | 2026-04-13T06:11:47.324Z |
| bit-tomcat-2026-24734 | Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass | 2026-02-20T09:53:00.269Z | 2026-04-13T06:11:47.324Z |
| bit-node-2026-21717 | 2026-04-06T07:58:47.295Z | 2026-04-13T06:11:47.324Z | |
| bit-node-2026-21716 | 2026-04-06T07:58:44.008Z | 2026-04-13T06:11:47.324Z | |
| bit-node-2026-21715 | 2026-04-06T07:58:41.424Z | 2026-04-13T06:11:47.324Z | |
| bit-node-2026-21714 | 2026-04-06T07:58:38.953Z | 2026-04-13T06:11:47.324Z | |
| bit-node-2026-21713 | 2026-04-06T07:58:36.353Z | 2026-04-13T06:11:47.324Z | |
| bit-node-2026-21710 | 2026-04-06T07:58:28.068Z | 2026-04-13T06:11:47.324Z | |
| bit-logstash-2026-33466 | Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write | 2026-04-13T05:42:10.653Z | 2026-04-13T06:11:47.324Z |
| bit-kibana-2026-4498 | Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope | 2026-04-13T05:42:05.042Z | 2026-04-13T06:11:47.324Z |
| bit-kibana-2026-33461 | Incorrect Authorization in Kibana Fleet Leading to Information Disclosure | 2026-04-13T05:42:03.441Z | 2026-04-13T06:11:47.324Z |
| bit-kibana-2026-33460 | Incorrect Authorization in Kibana Fleet Leading to Information Disclosure | 2026-04-13T05:42:01.870Z | 2026-04-13T06:11:47.324Z |
| bit-kibana-2026-33459 | Uncontrolled Resource Consumption in Kibana Leading to Denial of Service | 2026-04-13T05:42:00.230Z | 2026-04-13T06:11:47.324Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-fb07695 | When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint | 2026-04-15T00:45:38.848496Z | 2026-04-14T11:38:13Z |
| cleanstart-2026-mp87020 | If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources | 2026-04-15T00:39:08.262212Z | 2026-04-14T11:37:13Z |
| cleanstart-2026-ec57959 | protojson | 2026-04-15T00:38:38.411296Z | 2026-04-14T11:35:55Z |
| cleanstart-2026-bz28794 | Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service | 2026-04-15T00:41:09.072733Z | 2026-04-14T10:03:45Z |
| cleanstart-2026-fa60324 | It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session | 2026-04-15T00:42:39.375533Z | 2026-04-14T09:27:59Z |
| cleanstart-2026-kc83705 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-15T00:53:10.163760Z | 2026-04-14T09:04:57Z |
| cleanstart-2026-fz27876 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-15T00:44:39.850466Z | 2026-04-14T08:58:37Z |
| cleanstart-2026-fd98843 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-15T00:43:03.053896Z | 2026-04-14T08:58:37Z |
| cleanstart-2026-eo57061 | In libexpat before 2 | 2026-04-15T00:45:38.991412Z | 2026-04-14T08:58:37Z |
| cleanstart-2026-mw52599 | OpenVPN version 2 | 2026-04-15T00:50:39.610141Z | 2026-04-14T06:07:21Z |
| cleanstart-2026-nh62318 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-14T00:38:02.309746Z | 2026-04-13T11:37:38Z |
| cleanstart-2026-ka64649 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-14T00:38:03.199310Z | 2026-04-13T11:37:38Z |
| cleanstart-2026-jh41080 | In libexpat before 2 | 2026-04-14T00:41:12.662437Z | 2026-04-13T11:37:38Z |
| cleanstart-2026-nj21771 | png_image_free in png | 2026-04-14T00:41:12.278705Z | 2026-04-13T10:08:55Z |
| cleanstart-2026-fh63386 | When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint | 2026-04-14T00:44:12.807187Z | 2026-04-13T10:06:48Z |
| cleanstart-2026-lk73694 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-14T00:43:42.897096Z | 2026-04-13T05:21:32Z |
| cleanstart-2026-ne70100 | Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6 | 2026-04-12T00:36:10.440964Z | 2026-04-11T06:04:40Z |
| cleanstart-2026-mz25894 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0 | 2026-04-12T00:36:10.207025Z | 2026-04-11T06:04:40Z |
| cleanstart-2026-hu81793 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-12T00:36:09.840766Z | 2026-04-11T06:04:40Z |
| cleanstart-2026-jt73156 | protojson | 2026-04-11T00:42:17.168521Z | 2026-04-10T12:27:18Z |
| cleanstart-2026-ei21238 | Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4 | 2026-04-11T00:37:54.711613Z | 2026-04-10T10:45:58Z |
| cleanstart-2026-lb69194 | In libexpat before 2 | 2026-04-11T00:39:42.680532Z | 2026-04-10T05:48:24Z |
| cleanstart-2026-ay21238 | security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion | 2026-04-10T00:37:58.214935Z | 2026-04-09T11:56:50Z |
| cleanstart-2026-ng75665 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions | 2026-04-10T00:56:28.527348Z | 2026-04-09T11:53:35Z |
| cleanstart-2026-bm53321 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-04-10T00:51:58.426076Z | 2026-04-09T11:53:35Z |
| cleanstart-2026-ng28268 | gRPC-Go is the Go language implementation of gRPC | 2026-04-10T00:47:58.418185Z | 2026-04-09T11:52:13Z |
| cleanstart-2026-jy63371 | Delete function fails to properly validate offsets when processing malformed JSON input | 2026-04-10T00:45:58.478015Z | 2026-04-09T11:52:13Z |
| cleanstart-2026-cd13174 | gRPC-Go is the Go language implementation of gRPC | 2026-04-10T00:49:58.731115Z | 2026-04-09T11:52:13Z |
| cleanstart-2026-dk61762 | filippo | 2026-04-10T00:51:28.611547Z | 2026-04-09T11:46:58Z |
| cleanstart-2026-ar20742 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-04-10T00:51:28.608050Z | 2026-04-09T11:46:58Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2026-032 | 2026-04-08T16:09:54.000Z | 2026-04-10T16:51:06.000Z | |
| drupal-contrib-2026-031 | 2026-04-01T16:38:14.000Z | 2026-04-02T14:13:13.000Z | |
| drupal-contrib-2026-029 | 2026-03-11T16:35:02.000Z | 2026-03-26T19:50:52.000Z | |
| drupal-contrib-2026-028 | 2026-03-11T16:33:14.000Z | 2026-03-26T19:43:59.000Z | |
| drupal-contrib-2026-030 | 2026-03-18T16:10:00.000Z | 2026-03-18T16:10:00.000Z | |
| drupal-contrib-2026-015 | 2026-02-25T18:47:57.000Z | 2026-03-17T13:20:54.000Z | |
| drupal-contrib-2026-024 | 2026-03-04T17:59:51.000Z | 2026-03-05T14:03:05.000Z | |
| drupal-contrib-2026-027 | 2026-03-04T18:02:59.000Z | 2026-03-04T18:02:59.000Z | |
| drupal-contrib-2026-026 | 2026-03-04T18:02:14.000Z | 2026-03-04T18:02:14.000Z | |
| drupal-contrib-2026-025 | 2026-03-04T18:00:41.000Z | 2026-03-04T18:00:41.000Z | |
| drupal-contrib-2026-023 | 2026-03-04T17:58:55.000Z | 2026-03-04T17:58:55.000Z | |
| drupal-contrib-2026-022 | 2026-03-04T17:57:58.000Z | 2026-03-04T17:57:58.000Z | |
| drupal-contrib-2026-021 | 2026-03-04T17:56:18.000Z | 2026-03-04T17:56:18.000Z | |
| drupal-contrib-2026-020 | 2026-03-04T17:54:27.000Z | 2026-03-04T17:54:27.000Z | |
| drupal-contrib-2026-016 | 2026-02-25T18:49:59.000Z | 2026-02-25T19:30:03.000Z | |
| drupal-contrib-2026-019 | 2026-02-25T18:51:43.000Z | 2026-02-25T18:51:43.000Z | |
| drupal-contrib-2026-018 | 2026-02-25T18:51:26.000Z | 2026-02-25T18:51:26.000Z | |
| drupal-contrib-2026-017 | 2026-02-25T18:51:01.000Z | 2026-02-25T18:51:01.000Z | |
| drupal-contrib-2026-014 | 2026-02-25T18:46:10.000Z | 2026-02-25T18:46:10.000Z | |
| drupal-contrib-2026-013 | 2026-02-25T18:45:13.000Z | 2026-02-25T18:45:13.000Z | |
| drupal-contrib-2026-012 | 2026-02-25T18:44:38.000Z | 2026-02-25T18:44:38.000Z | |
| drupal-contrib-2026-011 | 2026-02-25T18:43:32.000Z | 2026-02-25T18:43:32.000Z | |
| drupal-contrib-2026-010 | 2026-02-11T16:54:18.000Z | 2026-02-25T17:17:46.000Z | |
| drupal-contrib-2026-009 | 2026-02-11T16:53:32.000Z | 2026-02-12T15:37:20.000Z | |
| drupal-contrib-2026-008 | 2026-02-04T17:23:40.000Z | 2026-02-04T17:23:40.000Z | |
| drupal-contrib-2026-007 | 2026-01-28T17:29:32.000Z | 2026-01-28T17:29:32.000Z | |
| drupal-contrib-2026-006 | 2026-01-28T17:28:31.000Z | 2026-01-28T17:28:31.000Z | |
| drupal-contrib-2026-005 | 2026-01-14T17:57:31.000Z | 2026-01-14T18:33:02.000Z | |
| drupal-contrib-2026-004 | 2026-01-14T17:56:28.000Z | 2026-01-14T17:56:28.000Z | |
| drupal-contrib-2026-003 | 2026-01-14T17:55:41.000Z | 2026-01-14T17:55:41.000Z |
| ID | Description | Updated |
|---|---|---|
| ts-2026-001 | TS-2026-001 | 2026-01-15T00:00 |
| ts-2025-008 | TS-2025-008 | 2025-11-19T00:00 |
| ts-2025-007 | TS-2025-007 | 2025-11-07T00:00 |
| ts-2025-006 | TS-2025-006 | 2025-10-28T00:00 |
| ts-2025-005 | TS-2025-005 | 2025-08-07T00:00 |
| ts-2025-004 | TS-2025-004 | 2025-05-27T00:00 |
| ts-2025-003 | TS-2025-003 | 2025-05-21T00:00 |
| ts-2025-002 | TS-2025-002 | 2025-05-15T00:00 |
| ts-2025-001 | TS-2025-001 | 2025-03-07T00:00 |
| ts-2024-013 | TS-2024-013 | 2024-12-04T00:00 |
| ts-2024-012 | TS-2024-012 | 2024-10-02T00:00 |
| ts-2024-011 | TS-2024-011 | 2024-07-22T00:00 |
| ts-2024-010 | TS-2024-010 | 2024-07-19T00:00 |
| ts-2024-009 | TS-2024-009 | 2024-06-27T00:00 |
| ts-2024-008 | TS-2024-008 | 2024-06-14T00:00 |
| ts-2024-007 | TS-2024-007 | 2024-06-12T00:00 |
| ts-2024-006 | TS-2024-006 | 2024-05-22T00:00 |
| ts-2024-005 | TS-2024-005 | 2024-05-08T00:00 |
| ts-2024-004 | TS-2024-004 | 2024-05-06T00:00 |
| ts-2024-003 | TS-2024-003 | 2024-04-23T00:00 |
| ts-2024-002 | TS-2024-002 | 2024-01-30T00:00 |
| ts-2024-001 | TS-2024-001 | 2024-01-08T00:00 |
| ts-2023-009 | TS-2023-009 | 2023-12-22T00:00 |
| ts-2023-008 | TS-2023-008 | 2023-11-01T00:00 |
| ts-2023-007 | TS-2023-007 | 2023-10-26T00:00 |
| ts-2023-006 | TS-2023-006 | 2023-08-22T00:00 |
| ts-2023-005 | TS-2023-005 | 2023-04-28T00:00 |
| ts-2023-004 | TS-2023-004 | 2023-04-04T00:00 |
| ts-2023-003 | TS-2023-003 | 2023-03-22T00:00 |
| ts-2023-002 | TS-2023-002 | 2023-01-24T00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-ale-004 | Vulnérabilité dans F5 BIG-IP Access Policy Manager | 2026-03-31T00:00:00.000000 | 2026-03-31T00:00:00.000000 |
| certfr-2026-ale-002 | [MàJ] Vulnérabilité dans Cisco Catalyst SD-WAN | 2026-02-25T00:00:00.000000 | 2026-03-26T00:00:00.000000 |
| certfr-2026-ale-003 | Note d’alerte – Ciblage des messageries instantanées | 2026-03-20T00:00:00.000000 | 2026-03-20T00:00:00.000000 |
| certfr-2025-ale-014 | [MàJ] Vulnérabilité dans React Server Components | 2025-12-05T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-ale-001 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2026-01-30T00:00:00.000000 | 2026-02-03T00:00:00.000000 |
| certfr-2025-ale-013 | [MàJ] Multiples vulnérabilités dans Cisco ASA et FTD | 2025-09-25T00:00:00.000000 | 2025-10-06T00:00:00.000000 |
| certfr-2025-ale-012 | Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2025-08-26T00:00:00.000000 | 2025-09-26T00:00:00.000000 |
| certfr-2025-ale-010 | [MàJ] Multiples vulnérabilités dans Microsoft SharePoint | 2025-07-21T00:00:00.000000 | 2025-08-26T00:00:00.000000 |
| certfr-2025-ale-011 | Incidents de sécurité dans les pare-feux SonicWall | 2025-08-05T00:00:00.000000 | 2025-08-18T00:00:00.000000 |
| certfr-2025-ale-009 | Multiples vulnérabilités dans Citrix NetScaler ADC et NetScaler Gateway | 2025-07-01T00:00:00.000000 | 2025-07-17T00:00:00.000000 |
| certfr-2025-ale-004 | Activités de post-exploitation dans Fortinet FortiGate | 2025-04-11T00:00:00.000000 | 2025-08-07T00:00:00.000000 |
| certfr-2025-ale-008 | [MàJ] Vulnérabilité dans Roundcube | 2025-06-05T00:00:00.000000 | 2025-07-21T00:00:00.000000 |
| certfr-2025-ale-007 | Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile (EPMM) | 2025-05-14T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-006 | Vulnérabilité dans les produits Fortinet | 2025-05-13T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-005 | Vulnérabilité dans SAP NetWeaver | 2025-04-28T00:00:00.000000 | 2025-06-24T00:00:00.000000 |
| certfr-2025-ale-003 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-04-04T00:00:00.000000 | 2025-04-11T00:00:00.000000 |
| certfr-2025-ale-002 | [MàJ] Vulnérabilité dans les produits Fortinet | 2025-05-07T00:00:00.000000 | 2025-01-14T00:00:00.000000 |
| certfr-2025-ale-001 | [MàJ] Vulnérabilité dans les produits Ivanti | 2025-01-09T00:00:00.000000 | 2025-04-01T00:00:00.000000 |
| certfr-2024-ale-014 | [MàJ] Multiples vulnérabilités dans Fortinet FortiManager | 2024-10-30T00:00:00.000000 | 2024-10-23T00:00:00.000000 |
| certfr-2024-ale-013 | Exploitations de vulnérabilités dans Ivanti Cloud Services Appliance (CSA) | 2025-03-31T00:00:00.000000 | 2024-10-25T00:00:00.000000 |
| certfr-2024-ale-015 | [MàJ] Multiples vulnérabilités sur l'interface d'administration des équipements Palo Alto Networks | 2024-11-15T00:00:00.000000 | 2024-11-18T00:00:00.000000 |
| certfr-2024-ale-012 | [MàJ] Vulnérabilités affectant OpenPrinting CUPS | 2024-09-27T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-011 | Vulnérabilité dans SonicWall | 2024-09-10T00:00:00.000000 | 2024-11-21T00:00:00.000000 |
| certfr-2024-ale-010 | Multiples vulnérabilités dans Roundcube | 2024-08-09T00:00:00.000000 | 2024-10-07T00:00:00.000000 |
| certfr-2024-ale-009 | Vulnérabilité dans OpenSSH | 2024-07-01T00:00:00.000000 | 2024-07-03T00:00:00.000000 |
| certfr-2024-ale-008 | [MàJ] Vulnérabilité dans les produits Check Point | 2024-05-30T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-007 | Multiples vulnérabilités dans les produits Cisco | 2024-04-25T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-006 | [MàJ] Vulnérabilité dans Palo Alto Networks GlobalProtect | 2024-04-12T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-004 | [MàJ] Vulnérabilité dans Fortinet FortiOS | 2024-02-09T00:00:00.000000 | 2024-07-01T00:00:00.000000 |
| certfr-2024-ale-005 | [MàJ] Vulnérabilité dans Microsoft Outlook | 2024-02-15T00:00:00.000000 | 2024-04-15T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0451 | Multiples vulnérabilités dans les produits Cisco | 2026-04-16T00:00:00.000000 | 2026-04-16T00:00:00.000000 |
| certfr-2026-avi-0450 | Multiples vulnérabilités dans les produits Splunk | 2026-04-16T00:00:00.000000 | 2026-04-16T00:00:00.000000 |
| certfr-2026-avi-0449 | Vulnérabilité dans Apache Kafka | 2026-04-16T00:00:00.000000 | 2026-04-16T00:00:00.000000 |
| certfr-2026-avi-0448 | Multiples vulnérabilités dans Google Chrome | 2026-04-16T00:00:00.000000 | 2026-04-16T00:00:00.000000 |
| certfr-2026-avi-0447 | Multiples vulnérabilités dans Drupal | 2026-04-16T00:00:00.000000 | 2026-04-16T00:00:00.000000 |
| certfr-2026-avi-0446 | Multiples vulnérabilités dans Mattermost Server | 2026-04-16T00:00:00.000000 | 2026-04-16T00:00:00.000000 |
| certfr-2026-avi-0436 | Multiples vulnérabilités dans Tenable Identity Exposure | 2026-04-15T00:00:00.000000 | 2026-04-16T00:00:00.000000 |
| certfr-2026-avi-0445 | Multiples vulnérabilités dans les produits Microsoft | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0444 | Multiples vulnérabilités dans Microsoft Azure | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0443 | Multiples vulnérabilités dans Microsoft .Net | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0442 | Multiples vulnérabilités dans Microsoft Windows | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0441 | Multiples vulnérabilités dans Microsoft Office | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0440 | Multiples vulnérabilités dans les produits Fortinet | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0439 | Multiples vulnérabilités dans Ivanti Neurons | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0438 | Multiples vulnérabilités dans les produits Adobe | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0437 | Vulnérabilité dans Python | 2026-04-15T00:00:00.000000 | 2026-04-15T00:00:00.000000 |
| certfr-2026-avi-0435 | Multiples vulnérabilités dans les produits Microsoft | 2026-04-14T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0434 | Multiples vulnérabilités dans les produits SAP | 2026-04-14T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0433 | Multiples vulnérabilités dans les produits Schneider Electric | 2026-04-14T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0432 | Multiples vulnérabilités dans les produits Siemens | 2026-04-14T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0431 | Multiples vulnérabilités dans Synology SSL VPN Client | 2026-04-14T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0430 | Multiples vulnérabilités dans Python | 2026-04-14T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0320 | Multiples vulnérabilités dans Roundcube | 2026-03-19T00:00:00.000000 | 2026-04-14T00:00:00.000000 |
| certfr-2026-avi-0429 | Vulnérabilité dans Adobe Acrobat | 2026-04-13T00:00:00.000000 | 2026-04-13T00:00:00.000000 |
| certfr-2026-avi-0428 | Multiples vulnérabilités dans les produits Microsoft | 2026-04-13T00:00:00.000000 | 2026-04-13T00:00:00.000000 |
| certfr-2026-avi-0427 | Multiples vulnérabilités dans Microsoft Edge | 2026-04-13T00:00:00.000000 | 2026-04-13T00:00:00.000000 |
| certfr-2026-avi-0426 | Multiples vulnérabilités dans Python | 2026-04-13T00:00:00.000000 | 2026-04-13T00:00:00.000000 |
| certfr-2026-avi-0425 | Vulnérabilité dans Foxit PDF Services API | 2026-04-13T00:00:00.000000 | 2026-04-13T00:00:00.000000 |
| certfr-2026-avi-0424 | Multiples vulnérabilités dans les produits IBM | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| certfr-2026-avi-0423 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-04-10T00:00:00.000000 | 2026-04-10T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-000055 | GROWI vulnerable to stored cross-site scripting | 2026-04-15T17:21+09:00 | 2026-04-15T17:21+09:00 |
| jvndb-2026-010851 | Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers | 2026-04-14T18:13+09:00 | 2026-04-14T18:13+09:00 |
| jvndb-2026-000053 | EmoCheck loads Dynamic Link Libraries insecurely | 2026-04-10T13:38+09:00 | 2026-04-10T13:38+09:00 |
| jvndb-2026-007973 | Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005) | 2026-03-23T14:54+09:00 | 2026-04-09T13:55+09:00 |
| jvndb-2026-000052 | Multiple vulnerabilities in MATCHA series | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-000050 | Multiple vulnerabilities in Movable Type | 2026-04-08T16:15+09:00 | 2026-04-08T16:15+09:00 |
| jvndb-2026-010301 | Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-010300 | Multiple Vulnerabilities in Hitachi Ops Center Viewpoint | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-010299 | Multiple Vulnerabilities in Hitachi Ops Center Common Services | 2026-04-08T12:11+09:00 | 2026-04-08T12:11+09:00 |
| jvndb-2026-009720 | Multiple vulnerabilities in FUJI Electric V-SFT (April 2026) | 2026-04-02T14:58+09:00 | 2026-04-03T15:50+09:00 |
| jvndb-2026-000049 | Multiple vulnerabilities in NEC Aterm series (NV26-001) | 2026-04-03T15:09+09:00 | 2026-04-03T15:09+09:00 |
| jvndb-2026-009412 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009411 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009410 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009409 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009408 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009406 | Security information for Hitachi Disk Array Systems | 2026-03-31T15:53+09:00 | 2026-03-31T15:53+09:00 |
| jvndb-2026-009147 | Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | 2026-03-27T18:18+09:00 | 2026-03-27T18:18+09:00 |
| jvndb-2026-009148 | Open Redirect Vulnerability in Hitachi Ops Center Administrator | 2026-03-27T18:17+09:00 | 2026-03-27T18:17+09:00 |
| jvndb-2026-000047 | Multiple vulnerabilities in baserCMS | 2026-03-27T18:00+09:00 | 2026-03-27T18:00+09:00 |
| jvndb-2026-000045 | WordPress Plugin "OpenStreetMap" vulnerable to cross-site scripting | 2026-03-27T17:34+09:00 | 2026-03-27T17:34+09:00 |
| jvndb-2026-000046 | Multiple vulnerabilities in BUFFALO Wi-Fi routers | 2026-03-27T17:18+09:00 | 2026-03-27T17:18+09:00 |
| jvndb-2026-000044 | Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows | 2026-03-26T17:41+09:00 | 2026-03-26T17:41+09:00 |
| jvndb-2026-000042 | Digital Photo Frame GH-WDF10A vulnerable to improper access restriction | 2026-03-26T17:41+09:00 | 2026-03-26T17:41+09:00 |
| jvndb-2026-000043 | SHARP routers missing authentication for some web APIs | 2026-03-25T18:41+09:00 | 2026-03-25T18:41+09:00 |
| jvndb-2026-000040 | Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries | 2026-03-25T18:13+09:00 | 2026-03-25T18:13+09:00 |
| jvndb-2026-000041 | SANYO DENKI SANUPS SOFTWARE registers Windows services with unquoted file paths | 2026-03-25T17:58+09:00 | 2026-03-25T17:58+09:00 |
| jvndb-2026-007524 | Vulnerability in Hitachi Command Suite | 2026-03-17T16:42+09:00 | 2026-03-17T16:42+09:00 |
| jvndb-2026-000038 | Installer for IBM Trusteer Rapport may insecurely load Dynamic Link Libraries | 2026-03-17T14:57+09:00 | 2026-03-17T14:57+09:00 |
| jvndb-2026-000039 | Missing authorization in the OpenAI thread/message API endpoints of GROWI | 2026-03-16T17:18+09:00 | 2026-03-16T17:18+09:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-16137 | IBM InfoSphere Information Server代码问题漏洞(CNVD-2026-16137) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16136 | IBM Concert代码问题漏洞(CNVD-2026-16136) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16135 | IBM Concert加密问题漏洞(CNVD-2026-16135) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16134 | IBM Concert加密问题漏洞(CNVD-2026-16134) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16133 | IBM InfoSphere Information Server加密问题漏洞 | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16132 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16132) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16131 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16131) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16130 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16130) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16129 | IBM InfoSphere Information Server信息泄露漏洞(CNVD-2026-16129) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16128 | IBM Concert访问控制错误漏洞(CNVD-2026-16128) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16069 | WordPress插件WP Gmail SMTP信息泄露漏洞 | 2025-10-24 | 2026-04-03 |
| cnvd-2026-16068 | WordPress插件TNC Toolbox Web Performance存在未明漏洞 | 2025-11-14 | 2026-04-03 |
| cnvd-2026-16067 | WordPress插件ELEX WordPress HelpDesk & Customer Ticketing System存在未明漏洞 | 2026-02-11 | 2026-04-03 |
| cnvd-2026-16066 | WordPress插件King Addons for Elementor信息泄露漏洞 | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16065 | WordPress插件Download Manager信息泄露漏洞 | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16064 | WordPress插件SMTP Mailer信息泄露漏洞 | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16063 | GNU BinUtils缓冲区溢出漏洞(CNVD-2026-16063) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16062 | Artifex Ghostscript pdfmark_coerce_dest函数堆栈缓冲区溢出漏洞 | 2025-09-25 | 2026-04-03 |
| cnvd-2026-16061 | Artifex Ghostscript pdf_write_cmap函数堆栈缓冲区溢出漏洞 | 2025-09-25 | 2026-04-03 |
| cnvd-2026-16060 | Artifex Ghostscript ocr_begin_page函数堆缓冲区溢出漏洞 | 2025-09-25 | 2026-04-03 |
| cnvd-2026-16059 | Apple macOS信息泄露漏洞(CNVD-2026-16059) | 2025-12-25 | 2026-04-03 |
| cnvd-2026-16058 | Apple macOS存在未明漏洞(CNVD-2026-16058) | 2026-03-31 | 2026-04-03 |
| cnvd-2026-16057 | OpenClaw路径遍历漏洞(CNVD-2026-16057) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16056 | OpenClaw安全绕过漏洞(CNVD-2026-16056) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16055 | OpenClaw安全绕过漏洞(CNVD-2026-16055) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16054 | OpenClaw命令执行漏洞(CNVD-2026-16054) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16053 | OpenClaw拒绝服务漏洞(CNVD-2026-16053) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16052 | OpenClaw访问控制错误漏洞(CNVD-2026-16052) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16051 | OpenClaw安全绕过漏洞(CNVD-2026-16051) | 2026-03-26 | 2026-04-03 |
| cnvd-2026-16050 | OpenClaw操作系统命令注入漏洞(CNVD-2026-16050) | 2026-03-26 | 2026-04-03 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01844 | Уязвимость сервиса безопасности Advanced DNS Security (ADNS) операционной системы PAN-OS,… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01843 | Уязвимость функции loadRLE() загрузчика TGA-изображений (PluginTARGA.cpp) графической биб… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01842 | Уязвимость функции ws_user_gerList() сценария pwg.users.php системы управления контентом … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01841 | Уязвимость компонента Updater облачной платформы управления контейнерами Arcane, позволяю… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01840 | Уязвимость ИИ-агента OpenClaw (ранее - ClawdBot или MoltBot), связанная с отсутствием про… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01839 | Уязвимость функции blocked_path() пакета Python для создания приложений для моделей машин… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01838 | Уязвимость драйверов графических процессоров NVIDIA NVS, Quadro, NVIDIA RTX, GeForce, свя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01837 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01836 | Уязвимость микропрограммного обеспечения графических процессоров Imagination, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01835 | Уязвимость драйвера ESXi base микропрограммного обеспечения сетевых контроллеров Intel 80… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01834 | Уязвимость микропрограммного обеспечения контроллеров Intel Ethernet серии E810, связанна… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01833 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01832 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01831 | Уязвимость технологий Intel Active Management Technology (AMT) и Intel Standard Manageabi… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01830 | Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществи… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01829 | Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю ока… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01828 | Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать во… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01827 | Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая н… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01826 | Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01825 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01824 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01823 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01822 | Уязвимость операционных систем Fortinet FortiOS, связанная с недостаточной проверкой исто… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01821 | Уязвимость функции межсетевых экранов SSL-VPN операционных систем Fortinet FortiOS, позво… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01820 | Уязвимость интерфейса командной строки операционных систем Fortinet FortiOS, позволяющая … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01819 | Уязвимость графического пользовательского интерфейса операционных систем Fortinet FortiOS… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01818 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01817 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01816 | Уязвимость программного обеспечения для разработки 3D-моделей Autodesk Fusion, связанная … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01815 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с не… | 16.02.2026 | 16.02.2026 |
| ID | Description | Updated |
|---|---|---|
| var-200607-0396 | Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) b… | 2026-04-11T00:11:09.115000Z |
| var-201112-0173 | The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, … | 2026-04-11T00:10:01.483000Z |
| var-201109-0089 | Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used… | 2026-04-11T00:09:36.192000Z |
| var-202603-3180 | Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password… | 2026-04-11T00:08:48.958000Z |
| var-201011-0225 | Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent … | 2026-04-11T00:05:29.625000Z |
| var-201507-0645 | D-Link is an internationally renowned provider of network equipment and solutions, includ… | 2026-04-11T00:04:01.946000Z |
| var-201807-0341 | ABB Panel Builder 800 all versions has an improper input validation vulnerability which m… | 2026-04-11T00:03:30.310000Z |
| var-201103-0371 | SAP Crystal Reports Server is a complete reporting solution for creating, managing, and d… | 2026-04-11T00:02:24.048000Z |
| var-201702-0423 | An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft… | 2026-04-11T00:02:20.323000Z |
| var-201803-1810 | A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial … | 2026-04-11T00:02:19.122000Z |
| var-202212-0564 | Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in t… | 2026-04-11T00:02:14.203000Z |
| var-202604-0419 | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-3… | 2026-04-11T00:02:03.907000Z |
| var-202604-0545 | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, … | 2026-04-11T00:02:03.860000Z |
| var-201810-0396 | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabili… | 2026-04-11T00:00:09.308000Z |
| var-200202-0006 | Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause… | 2026-04-10T23:59:45.929000Z |
| var-201809-0087 | WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vul… | 2026-04-10T23:58:29.472000Z |
| var-202001-0832 | A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistic… | 2026-04-10T23:58:28.008000Z |
| var-202001-0833 | A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe mo… | 2026-04-10T23:58:27.923000Z |
| var-201208-0222 | Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow r… | 2026-04-10T23:58:27.850000Z |
| var-201105-0156 | Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 30… | 2026-04-10T23:54:41.678000Z |
| var-201402-0028 | The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when Uni… | 2026-04-10T23:54:21.837000Z |
| var-201402-0027 | The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows re… | 2026-04-10T23:54:21.783000Z |
| var-201402-0026 | Buffer overflow in the process_ra function in the router advertisement daemon (radvd) bef… | 2026-04-10T23:54:21.723000Z |
| var-202407-0233 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data … | 2026-04-10T23:53:35.760000Z |
| var-201806-1058 | Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices befo… | 2026-04-10T23:52:22.797000Z |
| var-202005-0008 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buf… | 2026-04-10T23:52:18.503000Z |
| var-202206-2050 | The affected product is vulnerable to multiple SQL injections, which may allow an unautho… | 2026-04-10T23:52:15.611000Z |
| var-202603-4092 | Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded passw… | 2026-04-10T23:52:08.488000Z |
| var-201112-0297 | Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Ne… | 2026-04-10T23:51:14.155000Z |
| var-201904-0181 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow… | 2026-04-10T23:50:53.514000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-028 | Draeger: ICMHelper is vulnerable to a privilege escalation | 2025-08-05T10:00:00.000Z | 2026-01-06T11:00:00.000Z |
| vde-2019-012 | TECSON/GOK: Improper Authentication and Access Control on multiple devices | 2019-06-04T13:21:00.000Z | 2025-05-14T13:00:14.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-104 | Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware | 2026-03-18T08:00:00.000Z | 2026-03-18T08:00:00.000Z |
| vde-2025-109 | Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware | 2026-02-10T08:00:00.000Z | 2026-02-23T14:00:00.000Z |
| vde-2025-073 | Phoenix Contact: Security Advisory for TC ROUTER and CLOUD CLIENT Industrial mobile network routers | 2026-01-13T08:00:00.000Z | 2026-01-13T08:00:00.000Z |
| vde-2025-071 | Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx Firmware | 2025-12-09T08:00:00.000Z | 2026-01-12T08:00:00.000Z |
| vde-2025-074 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-10-14T10:00:00.000Z | 2025-10-15T10:00:00.000Z |
| vde-2025-072 | Phoenix Contact: Security Advisory for QUINT4-UPS EIP | 2025-10-14T06:00:00.000Z | 2025-10-14T06:00:00.000Z |
| vde-2018-003 | PHOENIX CONTACT: addressing Meltdown and Spectre vulnerabilities | 2018-03-23T09:43:00.000Z | 2025-10-01T08:00:00.000Z |
| vde-2025-077 | Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2025-064 | Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation | 2025-09-09T07:00:00.000Z | 2025-09-09T07:00:00.000Z |
| vde-2024-039 | Phoenix Contact: Multiple Vulnerabilities in mGuard devices | 2024-09-10T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-022 | Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers | 2024-08-13T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-063 | Phoenix Contact: Device and Update Management Windows Installer Privilege Escalation | 2025-08-12T10:00:00.000Z | 2025-08-12T10:00:00.000Z |
| vde-2025-019 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-07-08T10:00:00.000Z | 2025-07-22T08:00:00.000Z |
| vde-2019-015 | PHOENIX CONTACT: Security Advisory for multiple Industrial Controllers | 2019-08-07T00:00:00.000Z | 2025-07-11T07:00:00.000Z |
| vde-2025-054 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2025-053 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2025-014 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers | 2025-07-08T10:00:00.000Z | 2025-07-08T10:00:00.000Z |
| vde-2023-057 | Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC | 2023-12-12T07:00:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2023-001 | PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware | 2023-02-14T07:50:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2020-002 | PHOENIX CONTACT: Advisory for multiple FL Switch GHS utilising VxWorks | 2020-02-25T09:07:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2024-073 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2024-12-09T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-071 | Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware | 2024-12-09T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-058 | Phoenix Contact: PLCnext Control prone to download of code without integrity check | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-056 | Phoenix Contact: PLCnext prone to Incorrect Permission Assignment for Critical Resource | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-054 | Phoenix Contact: ProConOS prone to Download of Code Without Integrity Check | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-051 | Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732 | 2023-12-12T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-018 | Phoenix Contact: Multiple vulnerabilities in WP 6xxx Web panels | 2023-08-08T06:41:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-017 | Phoenix Contact: Multiple vulnerabilities in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices | 2023-08-08T04:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-016 | Phoenix Contact: PLCnext Engineer Vulnerabilities in LibGit2Sharp/LibGit2 | 2023-08-08T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-051 | PHOENIX CONTACT: Denial-of-Service vulnerability in mGuard product family | 2022-11-15T09:27:00.000Z | 2025-05-22T13:03:10.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-085 | Welotec: Path Traversal in SmartEMS Upload Handling | 2025-09-10T07:00:00.000Z | 2025-09-22T08:00:00.000Z |
| vde-2025-076 | Welotec: Hard-coded JWT secret in egOS WebGUI | 2025-08-26T07:00:00.000Z | 2025-08-26T07:00:00.000Z |
| vde-2024-009 | Welotec: Two vulnerabilities in TK500v1 router series | 2024-04-09T08:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-043 | Welotec: Multiple products are vulnerable to regreSSHion | 2024-08-22T06:00:00.000Z | 2024-08-22T06:00:00.000Z |
| vde-2024-023 | Welotec: Clickjacking Vulnerability in WebUI | 2024-04-23T08:00:00.000Z | 2024-04-23T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| advisory2026-03_vde-2026-018 | CODESYS Control V3 - Externally-controlled format string in Auditlog | 2026-03-24T08:00:00.000Z | 2026-03-24T08:00:00.000Z |
| advisory2026-02_vde-2026-011 | CODESYS Control V3 - Untrusted boot application | 2026-03-24T08:00:00.000Z | 2026-03-24T08:00:00.000Z |
| advisory2026-01_vde-2026-012 | CODESYS Installer - Possible Privilege Escalation | 2026-03-10T10:00:00.000Z | 2026-03-10T10:00:00.000Z |
| advisory2025-10_vde-2025-100 | CODESYS Control - Invalid type usage in visualization | 2025-12-01T10:00:00.000Z | 2026-02-12T11:00:00.000Z |
| advisory2025-09_vde-2025-099 | CODESYS Control - Linux/QNX SysSocket flaw | 2025-12-01T11:00:00.000Z | 2026-02-12T11:00:00.000Z |
| advisory2025-11_vde-2025-101 | CODESYS Development System - Deserialization of Untrusted Data | 2025-12-01T10:00:00.000Z | 2025-12-01T10:00:00.000Z |
| advisory2025-08_vde-2025-070 | CODESYS Control V3 - NULL pointer dereference | 2025-08-04T08:00:00.000Z | 2025-10-14T08:00:00.000Z |
| advisory2025-07_vde-2025-051 | CODESYS Control V3 - Exposed PKI folder | 2025-08-04T10:00:00.000Z | 2025-09-01T10:00:00.000Z |
| advisory2025-06_vde-2025-049 | CODESYS Control V3 - Insecure default permissions | 2025-08-04T10:00:00.000Z | 2025-08-04T10:00:00.000Z |
| advisory2025-04_vde-2025-022 | CODESYS Control V3 - OPC UA Server Authentication bypass | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-03_vde-2025-015 | CODESYS Control V3 removable media path traversal | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-02_vde-2025-013 | CODESYS (Edge) Gateway for Windows insecure default | 2025-03-18T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| advisory2025-01_vde-2025-001 | CODESYS Key physical side-channel vulnerability | 2025-01-21T11:00:00.000Z | 2025-06-05T13:31:01.000Z |
| vde-2024-024 | CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files | 2024-05-06T08:00:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2024-027 | CODESYS: Vulnerability in multiple products through exposure of resource to wrong sphere | 2024-06-04T06:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-026 | CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products | 2024-06-04T08:00:00.000Z | 2025-05-14T13:00:14.000Z |
| advisory2025-05_vde-2025-027 | CODESYS Visualization user management bypass in WebVisu | 2025-04-23T10:00:00.000Z | 2025-04-23T10:00:00.000Z |
| advisory2024-05_vde-2024-057 | CODESYS: CODESYS web server vulnerable to DoS | 2024-09-25T21:59:00.000Z | 2025-04-03T10:00:00.000Z |
| vde-2024-046 | OSCAT: Out-of-bounds read in OSCAT Basic library | 2024-09-10T14:00:00.000Z | 2024-09-10T14:00:00.000Z |
| vde-2023-066 | CODESYS: OS Command Injection Vulnerability in multiple CODESYS Control products | 2023-12-05T14:25:00.000Z | 2023-12-05T14:25:00.000Z |
| vde-2023-035 | CODESYS: Multiple products affected by WIBU Codemeter vulnerability | 2023-12-05T07:00:00.000Z | 2023-12-05T07:00:00.000Z |
| vde-2023-025 | CODESYS: Control runtime system memory and integrity check vulnerabilities | 2023-08-03T11:18:00.000Z | 2023-08-03T11:18:00.000Z |
| vde-2023-023 | CODESYS: Missing Brute-Force protection in CODESYS Development System | 2023-08-03T11:08:00.000Z | 2023-08-03T11:08:00.000Z |
| vde-2023-022 | CODESYS: Missing integrity check in CODESYS Development System | 2023-08-03T10:52:00.000Z | 2023-08-03T10:52:00.000Z |
| vde-2023-021 | CODESYS: Vulnerability in CODESYS Development System allows execution of binaries | 2023-08-03T10:48:00.000Z | 2023-08-03T10:48:00.000Z |
| vde-2023-019 | CODESYS: Multiple Vulnerabilities in CmpApp CmpAppBP and CmpAppForce | 2023-08-03T10:42:00.000Z | 2023-08-03T10:42:00.000Z |
| vde-2023-024 | CODESYS: Vulnerability in CODESYS Development System and CODESYS Scripting | 2023-07-28T07:45:00.000Z | 2023-07-28T07:45:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-067 | Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access | 2025-08-10T10:00:00.000Z | 2025-08-25T10:00:00.000Z |
| vde-2022-057 | Wiesemann & Theis multiple products prone to web interface vulnerability | 2022-12-13T07:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-018 | Wiesemann & Theis: Multiple products prone to unquoted search path | 2024-02-28T07:00:00.000Z | 2025-05-14T12:36:39.000Z |
| vde-2025-024 | Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated jQuery version | 2025-05-13T10:00:00.000Z | 2025-05-13T10:00:00.000Z |
| vde-2025-032 | Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting | 2025-05-06T10:00:00.000Z | 2025-05-06T10:00:00.000Z |
| vde-2025-031 | Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions | 2025-04-28T10:00:00.000Z | 2025-04-28T10:00:00.000Z |
| vde-2022-043 | Wiesemann & Theis: Multiple Vulnerabilities in the Com-Server Family | 2022-11-07T11:43:00.000Z | 2022-11-07T12:14:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-030 | MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2026-04-02T11:00:00.000Z | 2026-04-02T11:00:00.000Z |
| vde-2026-024 | MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2026-03-23T12:00:00.000Z | 2026-03-23T12:00:00.000Z |
| vde-2024-068 | MB connect line: Multiple Vulnerabilities in MB connect line Products | 2024-10-15T08:00:00.000Z | 2026-03-06T08:00:00.000Z |
| vde-2024-056 | MB connect line: Multiple Vulnerabilities in mbNET.mini Product | 2024-10-15T08:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-010 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-03-18T11:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-065 | MB connect line: Sandbox escape in mbNET's LUA interpreter | 2025-07-31T10:00:00.000Z | 2025-07-31T10:00:00.000Z |
| vde-2025-058 | MB connect line: Multiple vulnerabilities in mbNET.mini | 2025-07-21T10:00:00.000Z | 2025-07-21T10:00:00.000Z |
| vde-2025-035 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2025-034 | Vulnerabilities in mbCONNECT24/mymbCONNECT24 | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2021-030 | MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 (Update A) | 2022-09-07T10:48:00.000Z | 2025-06-06T07:00:00.000Z |
| vde-2023-002 | MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24 | 2023-05-15T14:06:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-037 | MB connect line: Remote user enumeration in mbCONNECT24/mymbCONNECT24 | 2021-10-27T10:15:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-031 | MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24 | 2021-07-22T11:33:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-017 | MB connect line: Privilege escalation in mbDIALUP | 2021-07-22T11:35:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-012 | MB connect line: multiple products partially affected by DNSpooq | 2021-04-26T08:04:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-035 | MB connect line: Multiple Vulnerabilities in mymbCONNECT24 and mbCONNECT24 <= v2.6.1 | 2020-09-18T12:30:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-030 | MB connect line: mbNET.mini vulnerable to OS command injection | 2024-07-03T09:00:00.000Z | 2024-07-03T09:00:00.000Z |
| vde-2023-041 | MB connect line: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24 | 2023-10-16T08:38:00.000Z | 2023-10-16T08:38:00.000Z |
| vde-2024-042 | MB connect line: Multiple products are vulnerable to regreSSHion | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2023-012 | MB connect line: Cross-site Scripting vulnerability in mbNET/mbNET.rokey | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2022-011 | MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24 | 2022-09-07T12:50:00.000Z | 2022-09-07T12:50:00.000Z |
| vde-2021-003 | MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A) | 2022-09-07T10:46:00.000Z | 2022-09-07T10:46:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-043 | Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual | 2026-04-13T11:00:00.000Z | 2026-04-13T11:00:00.000Z |
| vde-2026-013 | Helmholz: Use of a Broken or Risky Cryptographic Algorithm | 2026-04-07T08:00:00.000Z | 2026-04-07T08:00:00.000Z |
| vde-2026-025 | Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual | 2026-03-23T12:00:00.000Z | 2026-03-23T12:00:00.000Z |
| vde-2024-069 | Helmholz: Multiple Vulnerabilities in Helmholz products | 2024-10-15T08:00:00.000Z | 2026-03-06T08:00:00.000Z |
| vde-2024-066 | Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product | 2024-10-15T08:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-069 | Helmholz: Sandbox escape in REX200/250 LUA interpreter | 2025-07-31T10:00:00.000Z | 2025-07-31T10:00:00.000Z |
| vde-2025-059 | Helmholz: Multiple vulnerabilities in REX 100 | 2025-07-21T10:00:00.000Z | 2025-07-21T10:00:00.000Z |
| vde-2025-038 | Vulnerabilities in myREX24/myREX24.virtual | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2025-037 | Vulnerabilities in myREX24/myREX24.virtual | 2025-06-24T10:00:00.000Z | 2025-06-24T10:00:00.000Z |
| vde-2021-057 | Helmholz: Privilege Escalation in shDialup (Update A) | 2021-03-28T13:03:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2024-031 | Helmholz: Vulnerabilities in myREX24 V2/myREX24.virtual | 2025-03-18T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2022-017 | Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual | 2022-09-07T12:54:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-058 | Helmholz: Remote user enumeration in myREX24/myREX24-virtual | 2021-12-08T13:04:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-044 | Helmholz: Multiple products are vulnerable to regreSSHion | 2024-07-31T08:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-032 | Helmholz: REX 100 vulnerable to OS command injection | 2024-07-03T09:00:00.000Z | 2024-07-03T13:33:00.000Z |
| vde-2023-043 | Helmholz: Vulnerability allows access to non-critical information in myREX24 and myREX24.virtual | 2023-10-16T08:38:00.000Z | 2023-10-16T08:38:00.000Z |
| vde-2023-029 | Helmholz: Cross-site Scripting vulnerability in REX 200/REX 250 | 2023-08-17T12:00:00.000Z | 2023-08-17T12:00:00.000Z |
| vde-2023-008 | Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual | 2023-05-15T12:06:00.000Z | 2023-05-15T12:06:00.000Z |
| vde-2022-039 | Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual | 2022-09-07T10:56:00.000Z | 2022-09-07T10:56:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fsa-202601 | Several CODESYS vulnerabilities in Festo Automation Suite | 2026-02-26T08:00:00.000Z | 2026-02-26T08:00:00.000Z |
| fsa-202302 | Festo: Several vulnerabilities in FactoryViews | 2023-07-10T10:00:00.000Z | 2026-02-02T08:00:00.000Z |
| fsa-202402 | Several Vulnerabilities in MES PC (Windows 10) | 2024-02-27T12:00:00.000Z | 2025-12-08T07:00:00.000Z |
| fsa-202405 | Festo: Siemens S7-1500/ET200SP CPU used in Festo Didactic products contains a memory protection bypass vulnerability | 2024-09-09T07:00:00.000Z | 2025-11-05T08:00:00.000Z |
| fsa-202401 | Festo: Multiple products contain CoDe16 vulnerability | 2024-01-30T07:00:00.000Z | 2025-11-04T11:00:00.000Z |
| fsa-202202 | Festo: Controller CECC-S,LK,D family <= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system | 2022-07-18T10:00:00.000Z | 2025-11-03T11:00:00.000Z |
| fsa-202209 | Festo: Incomplete documentation of remote accessible functions and protocols in Festo products | 2022-11-29T11:49:00.000Z | 2025-11-03T10:00:00.000Z |
| fsa-202208 | Festo: Multiple Festo products contain an unsafe default Codesys configuration | 2022-11-29T11:41:00.000Z | 2025-10-28T11:00:00.000Z |
| fsa-202206 | Festo: Vulnerable WIBU-SYSTEMS CodeMeter Runtime in multiple products | 2022-12-13T11:50:00.000Z | 2025-10-01T10:50:00.000Z |
| fsa-202304 | Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions | 2023-09-05T10:00:00.000Z | 2025-10-01T10:00:00.000Z |
| fsa-202301 | Festo: Cross-Site-Scripting (XSS) vulnerability in LX-Appliance | 2023-08-29T10:00:00.000Z | 2025-10-01T10:00:00.000Z |
| fsa-202303 | Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products | 2023-10-17T06:00:00.000Z | 2025-10-01T06:00:00.000Z |
| fsa-202101 | Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q | 2021-09-22T11:13:00.000Z | 2025-08-26T10:00:00.000Z |
| fsa-202207 | Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function | 2022-09-20T10:00:00.000Z | 2025-07-28T10:00:00.000Z |
| fsa-202203 | Festo: Controller CECC-S,LK,D family firmware 2.4.2.0 - multiple vulnerabilities in CODESYS V3 runtime system | 2022-07-18T10:00:00.000Z | 2025-07-10T10:00:00.000Z |
| fsa-202201 | Festo: CECC-X-M1 - command injection vulnerabilities | 2022-07-06T07:00:00.000Z | 2025-06-23T08:00:00.000Z |
| fsa-202305 | Festo: Vulnerable WIBU-SYSTEMS CodeMeter Runtime in several products | 2023-11-28T07:00:00.000Z | 2025-05-13T10:00:00.000Z |
| fsa-202406 | Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo | 2024-12-03T11:00:00.000Z | 2024-12-03T14:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-011 | PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability and information disclosure | 2025-05-26T10:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2024-038 | Pepperl+Fuchs: Anonymous FTP server and Telnet access allows information disclosure and manipulation | 2024-07-10T06:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-002 | PEPPERL+FUCHS: HMI – devices are affected by Windows RCE | 2025-02-25T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-017 | Pepperl+Fuchs: ICE2- * and ICE3- * are affected by multiple vulnerabilities | 2024-04-10T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-021 | Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities | 2022-05-16T14:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-041 | Pepperl+Fuchs: Multiple DTM and VisuNet Software affected by log4net vulnerability | 2021-10-26T13:35:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-053 | Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities | 2021-03-08T13:44:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-017 | Pepperl+Fuchs, PACTware: Two password vulnerabilities found | 2020-05-29T10:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-033 | PEPPERL+FUCHS: Device Master ICDM-RX/* – Vulnerability may allow unauthenticated remote attacker information disclosure and denial of service | 2024-08-13T12:00:00.000Z | 2025-05-14T14:34:17.000Z |
| vde-2020-014 | Pepperl+Fuchs: Kr00k vulnerabilities in Broadcom Wi-Fi chipsets | 2020-03-31T13:30:00.000Z | 2025-05-14T14:34:17.000Z |
| vde-2021-006 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-11-16T14:53:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2020-050 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-02-15T13:33:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2021-028 | Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities | 2021-08-16T12:01:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-027 | Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-10-16T12:00:00.001Z | 2025-05-14T13:00:14.000Z |
| vde-2020-038 | Pepperl+Fuchs: Multiple vulnerabilites in Comtrol IO-Link Master | 2021-01-04T13:01:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2019-002 | Pepperl+Fuchs: Path traversal in WirelessHART Gateway | 2019-03-06T10:35:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-007 | Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service | 2021-02-16T14:53:00.000Z | 2025-05-14T12:53:43.000Z |
| vde-2024-065 | PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key | 2024-11-26T11:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-063 | PEPPERL+FUCHS: Multiple products are affected by regreSSHion | 2024-10-08T12:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-001 | Pepperl+Fuchs: Vulnerability allowing code-excution in PACTware <=5.0.5.31 | 2021-01-15T12:41:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2018-016 | Pepperl+Fuchs: ecom Mobile devices prone to Android privilege elevation vulnerability | 2018-10-19T10:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2018-002 | Pepperl+Fuchs: HMI devices vulnerable to Meltdown and Spectre Attacks | 2018-02-14T08:50:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-037 | Pepperl+Fuchs: Use after free vulnerability in Smart-Ex 02 and Smart-Ex 03 | 2024-07-10T06:00:00.000Z | 2024-07-10T06:00:00.000Z |
| vde-2022-012 | Pepperl+Fuchs: Vulnerability in multiple VisuNet devices | 2022-04-26T12:00:00.000Z | 2022-05-16T14:15:00.000Z |
| vde-2021-034 | Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices | 2021-07-30T07:55:00.000Z | 2021-07-30T07:55:00.000Z |
| vde-2021-018 | Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules | 2021-05-12T08:57:00.000Z | 2021-05-12T08:57:00.000Z |
| vde-2020-040 | Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux | 2020-10-05T12:00:00.000Z | 2020-10-05T12:00:00.000Z |
| vde-2020-034 | Pepperl+Fuchs: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components | 2020-09-10T13:22:00.000Z | 2020-09-10T13:22:00.000Z |
| vde-2019-011 | Pepperl+Fuchs: Remote code execution vulnerability in HMI devices | 2019-05-29T07:35:00.000Z | 2019-10-07T10:00:00.000Z |
| vde-2019-004 | Pepperl+Fuchs: ecom Mobile Devices prone to BlueBorne Attack | 2019-03-14T07:52:00.000Z | 2019-03-14T07:52:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ppsa-2026-001 | Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service | 2026-02-02T08:00:00.000Z | 2026-02-02T10:00:00.000Z |
| ppsa-2025-004 | Pilz: Vulnerability affecting PASvisu Runtime | 2025-10-20T10:00:00.000Z | 2025-10-20T10:00:00.000Z |
| ppsa-2025-003 | Pilz: Authentication Bypass in IndustrialPI Webstatus | 2025-07-01T10:00:00.000Z | 2025-07-01T10:00:00.000Z |
| ppsa-2025-002 | Pilz: Missing Authentication in Node-RED integration | 2025-07-01T10:00:00.000Z | 2025-07-01T10:00:00.000Z |
| ppsa-2025-001 | Pilz: Authentication Bypass and Cross-Site-Scripting in PiCtory | 2025-06-30T10:00:00.000Z | 2025-06-30T10:00:00.000Z |
| vde-2022-044 | Pilz: Multiple products affected by ZipSlip | 2022-11-24T09:00:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2023-048 | Pilz: Multiple products prone to libwebp vulnerability | 2023-12-05T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-033 | Pilz: WIBU Vulnerabilitiy in multiple Products | 2023-10-12T06:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-045 | Pilz: PAS 4000 prone to ZipSlip | 2022-11-24T09:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-009 | Pilz: Multiple products prone to Niche Ethernet Stack vulnerabilities | 2021-09-20T11:56:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-033 | Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities | 2020-09-10T13:18:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2023-050 | Pilz: Vulnerability in PASvisu and PMI v8xx | 2024-01-30T07:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-002 | Pilz: Multiple products affected by uC/HTTP vulnerability | 2024-02-06T07:00:00.000Z | 2024-02-06T07:00:00.000Z |
| vde-2023-059 | Pilz: Electron Vulnerabilities in PASvisu and PMI v8xx | 2023-12-05T07:06:00.000Z | 2023-12-05T07:06:00.000Z |
| vde-2022-033 | Pilz: PASvisu and PMI affected by multiple vulnerabilities | 2022-11-24T09:00:00.000Z | 2022-11-24T09:00:00.000Z |
| vde-2021-061 | Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2021-055 | Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2021-054 | Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-008 | Wago: Vulnerability in WBM through Open VPN | 2026-04-08T07:00:00.000Z | 2026-04-08T07:00:00.000Z |
| vde-2026-021 | WAGO: Multiple Vulnerabilities in WAGO VC Hub | 2026-03-30T07:00:00.000Z | 2026-03-30T07:00:00.000Z |
| vde-2026-010 | WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere | 2026-03-30T07:00:00.000Z | 2026-03-30T07:00:00.000Z |
| vde-2026-020 | WAGO: Vulnerability in managed switches | 2026-03-23T08:00:00.000Z | 2026-03-23T08:00:00.000Z |
| vde-2026-004 | WAGO: Vulnerabilities in Managed Switch | 2026-02-09T08:00:00.000Z | 2026-02-09T08:00:00.000Z |
| vde-2025-095 | WAGO: Vulnerabilities in WAGO Industrial-Managed Switches | 2025-12-10T10:00:00.000Z | 2026-01-19T08:00:00.000Z |
| vde-2025-018 | WAGO: Vulnerabilities in WAGO Device Manager | 2025-06-16T10:00:00.000Z | 2025-11-21T12:00:00.000Z |
| vde-2025-062 | WAGO: Multiple Vulnerabilities in CODESYS components | 2025-11-03T11:00:00.000Z | 2025-11-03T11:00:00.000Z |
| vde-2025-087 | WAGO: Vulnerabilities in Device Sphere and Solution Builder | 2025-09-24T09:00:00.000Z | 2025-09-24T09:00:00.000Z |
| vde-2018-013 | WAGO: 750-8xx Controller Denial of Service | 2018-08-17T09:45:00.000Z | 2025-09-22T10:00:00.000Z |
| vde-2025-083 | WAGO: Vulnerability in hardware switch circuit | 2025-09-15T08:00:00.000Z | 2025-09-15T08:00:00.000Z |
| vde-2025-080 | WAGO: Multiple Vulnerabilities in I/O-Check Service | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2025-082 | WAGO: Critical sudo Vulnerability in Multiple Products | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-048 | WAGO: Escalation of Privileges in Coupler Firmware | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-057 | WAGO: Vulnerability in WAGO Device Sphere | 2025-06-23T10:00:00.000Z | 2025-07-07T06:15:00.000Z |
| vde-2025-040 | WAGO: Vulnerabilities in ctrlX OS app | 2025-06-16T10:00:00.000Z | 2025-06-16T10:00:00.000Z |
| vde-2024-014 | WAGO: Multiple products affected by Terrapin | 2024-02-22T07:00:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2025-020 | WAGO: Switches affected by year 2k38 problem | 2025-06-02T06:00:00.000Z | 2025-06-02T06:00:00.000Z |
| vde-2024-047 | WAGO: Multiple vulnerabilities in docker configuration | 2024-11-18T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-026 | WAGO: Multiple products prone to multiple vulnerabilities in e!Runtime / CODESYS V3 Runtime | 2023-07-31T07:36:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-007 | WAGO: Unauthenticated command execution via Web-based-management UPDATE A | 2023-05-15T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-009 | WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe | 2022-04-06T07:30:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-002 | WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT and WAGO-I/O-Pro | 2022-01-31T13:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-060 | WAGO: Smart Script affected by Log4Shell Vulnerability | 2022-01-05T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-049 | WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3 | 2021-11-16T12:05:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-014 | WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 | 2021-05-20T09:08:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-011 | WAGO: Multiple Vulnerabilities in I/O-Check Service | 2020-03-09T09:30:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-009 | WAGO: e!Cockpit Two Update Package Vulnerabilities | 2020-03-09T09:18:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2018-010 | WAGO: Multiple vulnerabilities in e!DISPLAY products | 2018-07-10T09:50:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-008 | WAGO: Vulnerabilities in CODESYS Control | 2025-02-04T11:00:00.000Z | 2025-05-14T13:00:15.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-061 | ifm: Improper Access Control vulnerability | 2025-06-30T10:00:00.000Z | 2026-02-18T08:00:00.000Z |
| vde-2024-028 | ifm moneo password reset can be exploited | 2024-05-06T10:00:00.000Z | 2026-01-15T11:00:00.000Z |
| vde-2024-012 | ifm: Vulnerabilities in ifm AC14 firmware | 2024-07-09T07:00:00.000Z | 2026-01-15T11:00:00.000Z |
| vde-2022-050 | IFM: weak password recovery vulnerability in moneo appliance | 2022-12-12T11:00:00.000Z | 2026-01-06T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-106 | Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server | 2026-01-26T10:00:00.000Z | 2026-02-12T09:00:00.000Z |
| vde-2025-092 | Beckhoff: Privilege escalation and information leak via Beckhoff Device Manager | 2026-01-27T11:00:00.000Z | 2026-01-27T11:00:00.000Z |
| vde-2025-075 | Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering | 2025-09-09T10:00:00.000Z | 2025-09-09T10:00:00.000Z |
| vde-2022-003 | BECKHOFF: Null Pointer Dereference vulnerability in products with OPC UA technology | 2022-03-01T12:34:00.000Z | 2025-06-05T13:28:13.000Z |
| vde-2024-050 | Beckhoff: Denial-of-Service vulnerability in the MDP package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-049 | Beckhoff: Denial-of-Service vulnerability in the IPC-Diagnostics package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-048 | Beckhoff: Improper neutralization of input in IPC-Diagnostics-www package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-045 | Beckhoff: Local authentication bypass in IPC-Diagnostics package included in TwinCAT/BSD operating system | 2024-08-27T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2023-067 | Beckhoff: Open redirect in TwinCAT/BSD package authelia-bhf | 2023-12-13T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-051 | Beckhoff: Relative path traversal vulnerability through TwinCAT OPC UA Server | 2021-11-04T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-008 | Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products | 2024-10-21T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-037 | Beckhoff: Privilege Escalation through TwinCat System Tray (TcSysUI.exe) | 2020-11-19T13:41:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-019 | Beckhoff: EtherLeak in TwinCAT RT network driver | 2020-06-16T08:31:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-005 | Beckhoff: BK9000 couplers - Denial of service inhibits function | 2020-03-10T13:17:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2019-019 | Beckhoff: TwinCAT Denial-of-Service in Profinet driver | 2019-10-09T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-064 | Beckhoff: Local command injection via TwinCAT Package Manager | 2024-10-31T11:00:00.000Z | 2025-04-11T07:00:00.000Z |
| vde-2020-051 | Beckhoff: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server | 2021-04-27T08:08:00.000Z | 2021-05-11T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-007 | TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability | 2026-02-23T08:00:00.000Z | 2026-02-23T08:00:00.000Z |
| vde-2021-011 | TRUMPF Laser GmbH: TruControl 2.14.0 to 3.14.0 affected by recent sudo vulnerability | 2021-03-22T08:59:00.000Z | 2026-02-02T14:25:00.000Z |
| vde-2025-078 | TRUMPF: Remote support uses an outdated encryption algorithm | 2025-08-25T06:00:00.000Z | 2025-08-29T10:00:00.000Z |
| vde-2024-005 | TRUMPF: Multiple products contain vulnerable version of 7-zip | 2024-01-23T07:00:00.000Z | 2025-06-05T13:28:12.000Z |
| vde-2024-004 | TRUMPF: Multiple products affected by log4net vulnerability | 2025-04-22T10:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2024-003 | TRUMPF: Multiple products include a vulnerable version of Notepad++ | 2024-01-23T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-049 | TRUMPF: Multiple products prone to X.Org server vulnerabilities | 2022-11-07T11:43:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2020-039 | TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities | 2020-10-27T10:28:00.000Z | 2025-05-14T12:36:39.000Z |
| vde-2024-040 | Multiple TRUMPF products prone to regreSSHion OpenSSH server vulnerabilities | 2024-06-25T10:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-034 | Multiple TRUMPF products prone to nftables server vulnerabilities | 2024-06-25T10:00:00.000Z | 2025-04-10T13:00:00.000Z |
| vde-2024-001 | TRUMPF: Multiple products contain WIBU CodeMeter vulnerabilities | 2024-01-29T07:00:00.000Z | 2024-01-29T07:00:00.000Z |
| vde-2024-006 | TRUMPF: Oseon contains vulnerable version of OpenSSL 1.1.x | 2024-01-23T07:00:00.000Z | 2024-01-23T07:00:00.000Z |
| vde-2023-031 | Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability | 2023-09-13T10:00:00.000Z | 2023-11-13T11:00:00.000Z |
| vde-2022-023 | TRUMPF TruTops prone to improper access control | 2022-10-17T10:00:00.000Z | 2022-10-17T10:00:00.000Z |
| vde-2022-034 | TRUMPF: Products prone to Unified Automation vulnerabilities | 2022-08-15T10:00:00.000Z | 2022-08-15T10:00:00.000Z |
| vde-2022-016 | TRUMPF: TruTops Fab, TruTops Boost prone to vulnerability | 2022-05-02T10:00:00.000Z | 2022-05-02T10:00:00.000Z |
| vde-2021-033 | TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities | 2021-08-12T13:02:00.001Z | 2021-08-12T13:02:00.001Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-043 | Lenze: PLC Designer V4 with insecure storage of sensitive information | 2025-06-25T10:00:00.000Z | 2025-06-25T10:00:00.000Z |
| vde-2025-042 | Lenze: VPN Client Privilege Escalation in combination with Lenze x500 IoT Gateway | 2025-05-27T09:00:00.000Z | 2025-05-27T09:00:00.000Z |
| vde-2024-053 | Lenze: Install Directory with insufficient permissions | 2024-09-03T08:00:00.000Z | 2025-03-13T11:30:00.000Z |
| vde-2022-030 | Lenze: Vulnerability in the OPC-UA authentification connection in the firmware | 2022-07-11T10:00:00.000Z | 2022-07-11T10:00:00.000Z |
| vde-2021-048 | Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication | 2021-10-04T12:33:00.000Z | 2021-10-04T12:33:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2022-029 | Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0 | 2022-09-26T08:00:00.000Z | 2026-03-02T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-047 | AUMA: Incorrect delivery status of the Bluetooth configuration | 2025-06-10T10:00:00.000Z | 2025-06-10T10:00:00.000Z |
| vde-2023-028 | AUMA: SIMA Master Station affected by WRECK vulnerability | 2023-08-07T11:35:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2022-024 | Auma: SIMA² Master Station Denial of Service Vulnerability on Automation Runtime Webserver | 2022-06-15T10:00:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2025-026 | AUMA Riester: Buffer overflow in service telegram | 2025-05-12T10:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2023-027 | AUMA: Reflected Cross-Site Scripting Vulnerability in SIMA Master Stations | 2023-08-07T09:35:00.000Z | 2023-08-07T09:35:00.000Z |
| vde-2022-032 | AUMA: Multiple Vulnerabilities in Automation Runtime NTP Service | 2022-08-09T08:00:00.000Z | 2022-08-09T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-084 | Bender Charge Controller Vulnerability - Unsecure Communication | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2025-061 | Bender Charge Controller Vulnerability - Disclosure Of Stored Credentials When Authenticated | 2025-09-08T07:00:00.000Z | 2025-09-08T07:00:00.000Z |
| vde-2021-047 | Bender/ebee: Multiple Charge Controller Vulnerabilities | 2022-04-26T10:00:00.000Z | 2022-04-26T10:00:00.000Z |
| vde-2020-043 | Bender: COMTRAXX < 4.2.0 affected by inadquate credentials check vulnerability | 2020-10-16T06:54:00.000Z | 2020-10-16T06:54:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-107 | Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities | 2025-12-05T11:00:00.000Z | 2026-04-02T10:00:00.000Z |
| vde-2026-003 | Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime | 2026-03-31T08:00:00.000Z | 2026-04-01T11:00:00.000Z |
| vde-2026-002 | Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation | 2026-03-02T07:00:00.000Z | 2026-03-02T07:00:00.000Z |
| vde-2025-068 | Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions | 2025-09-02T10:00:00.000Z | 2026-02-20T09:00:00.000Z |
| vde-2025-105 | Endress+Hauser: Multiple products affected by Wibu-Systems CodeMeter Vulnerability | 2025-12-08T09:00:00.000Z | 2025-12-08T09:00:00.000Z |
| vde-2024-054 | Endress+Hauser: Netilion Network Insights is affected by multiple vulnerabilities | 2024-10-21T08:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2021-044 | Endress+Hauser: Multiple products affected by log4net vulnerability | 2022-01-20T08:06:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-005 | Endress+Hauser: Multiple Devices affected by fdtContainer vulnerability | 2021-03-01T06:39:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-031 | Endress+Hauser: Multiple products prone to WIBU CodeMeter vulnerabilities | 2020-10-27T13:10:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2020-022 | Endress+Hauser: Ecograph T utilizing Webserver firmware version 2.x exposes sensitive information | 2020-11-19T14:48:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-040 | Endress+Hauser: Promass 83 with EtherNet/IP affected by a stack-based buffer overflow | 2021-10-04T12:30:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-010 | Endress+Hauser: products utilizing WPA2 vulnerable to KRACK attacks | 2021-05-18T09:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-021 | Endress+Hauser: Ecograph T utilizing Webserver firmware version 1.x suffers from improper privilege management | 2020-11-19T14:48:00.000Z | 2025-04-11T07:00:00.000Z |
| vde-2025-036 | Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4 | 2025-03-06T14:00:00.000Z | 2025-03-06T14:00:00.000Z |
| vde-2024-041 | Endress+Hauser: Multiple products are vulnerable to code injection | 2024-09-10T08:00:00.000Z | 2024-09-10T08:00:00.000Z |
| vde-2022-019 | Endress+Hauser: Multiple products utilizing vulnerable WIBU-SYSTEMS CodeMeter components | 2022-06-02T15:11:00.000Z | 2022-06-02T15:11:00.000Z |
| vde-2022-006 | Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware | 2022-03-24T10:48:00.000Z | 2022-03-24T10:48:00.000Z |
| vde-2019-005 | Endress+Hauser: WIFI enabled products utilising WPA2 | 2019-03-19T15:34:00.000Z | 2019-03-19T15:34:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-030 | Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability | 2025-07-07T10:00:00.000Z | 2025-07-29T10:00:00.000Z |
| vde-2023-049 | Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability | 2023-12-11T07:00:00.000Z | 2023-12-11T07:00:00.000Z |
| vde-2023-038 | Frauscher: Multiple Vulnerabilities in FDS101 | 2023-09-21T06:00:00.000Z | 2023-09-21T06:00:00.000Z |
| vde-2023-011 | Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability | 2023-07-05T08:00:00.000Z | 2023-07-05T08:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2019-010 | Miele: Multiple Vulnerabilities in XGW 3000 ZigBee Gateway | 2019-05-20T06:58:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2020-024 | Miele: Treck TCP/IP Vulnerabilities (Ripple20) affecting Communication Module XKM3000 L MED | 2020-07-08T07:29:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2022-052 | Miele: Vulnerability in ease2pay cloud service used by appWash | 2022-11-21T09:00:00.000Z | 2022-11-21T09:00:00.000Z |
| vde-2022-015 | Miele: Security vulnerability in Benchmark Programming Tool | 2022-04-27T12:00:00.000Z | 2022-04-27T12:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-096 | Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230 | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| vde-2025-044 | Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities | 2025-05-27T09:00:00.000Z | 2025-08-27T10:00:00.000Z |
| vde-2025-052 | Weidmueller: Security routers IE-SR-2TX are affected by multiple vulnerabilities | 2025-06-11T10:00:00.000Z | 2025-07-23T10:00:00.000Z |
| vde-2023-032 | Weidmueller: WIBU Vulnerability in multiple Products | 2023-11-09T07:42:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2019-018 | Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches | 2019-12-05T12:03:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-041 | Weidmueller: ResMa is affected by a Vulnerability for ASP.NET AJAX | 2025-05-19T09:00:00.000Z | 2025-05-19T09:00:00.000Z |
| vde-2025-021 | Weidmueller: Authentication Vulnerability in PROCON-WIN 5 | 2025-03-05T09:00:00.000Z | 2025-05-14T13:26:53.000Z |
| vde-2021-026 | Weidmueller: Multiple vulnerabilities in Industrial WLAN devices | 2021-06-23T11:04:00.000Z | 2025-05-14T13:00:15.000Z |
| vde-2021-042 | Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities | 2021-10-18T08:24:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2021-016 | Weidmueller: Accidentally open network port in u-controls and IoT-Gateways | 2021-05-04T08:17:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2021-002 | Weidmueller: WI Manager affected by fdtContainer vulnerability | 2021-01-20T13:32:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2020-041 | Weidmueller: u-create studio < 1.20.2 affected by WIBU-SYSTEMS CodeMeter vulnerabilities | 2020-10-12T09:14:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2025-023 | Weidmueller: OpenSSL vulnerability in industrial ethernet switches | 2025-03-05T08:00:00.000Z | 2025-03-05T11:00:00.000Z |
| vde-2022-056 | Weidmueller: Multiple IoT and control products affected by JavaScript injection vulnerability | 2022-12-14T07:00:00.000Z | 2022-12-14T07:00:00.000Z |
| vde-2021-004 | Weidmueller: EtherNet/IP Fieldbus Coupler out-of-bounds write | 2022-06-21T08:00:00.000Z | 2022-06-21T08:00:00.000Z |
| vde-2022-008 | WEIDMUELLER: Multiple vulnerabilities in Modbus TCP/RTU Gateways | 2022-04-07T06:00:00.000Z | 2022-04-07T06:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-066 | SMA: Directory Traversal in Sunny Boy | 2025-08-27T08:00:00.000Z | 2025-08-27T08:00:00.000Z |
| vde-2025-050 | SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user | 2025-08-19T10:00:00.000Z | 2025-08-19T10:00:00.000Z |
| vde-2024-075 | SMA: Sunny Webbox clickjacking vulnerability | 2025-01-27T13:00:00.000Z | 2025-06-17T06:00:00.000Z |
| vde-2025-012 | SMA: Sunny Portal Remote Code Execution | 2025-02-26T11:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-010 | SMA: Sunny Portal demo system privilege escalation | 2025-05-13T11:00:00.000Z | 2025-05-14T13:00:14.000Z |
| vde-2024-074 | SMA: SQL injection in Sunny Central UP | 2024-11-27T09:00:00.000Z | 2025-05-14T12:28:19.000Z |
| vde-2024-020 | SMA: Cluster Controller CSRF vulnerability | 2025-01-27T13:00:00.000Z | 2025-02-12T16:48:47.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-013 | HIMA: Multiple products affected by DoS and Port-Based-VLAN Crossing | 2024-02-13T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2022-059 | HIMA: unquoted path vulnerabilities in X-OPC and X-OTS | 2023-01-16T09:00:00.000Z | 2025-05-22T13:03:10.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-091 | Murrelektronik: Cleartext Transmission of Sensitive Information in IMPACT67 Pro | 2025-10-14T10:00:00.000Z | 2025-10-14T10:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2020-016 | SWARCO: Critical Vulnerability in CPU LS4000 | 2020-05-28T13:00:00.000Z | 2020-05-28T13:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2024-016 | ADS-TEC Industrial IT: Docker vulnerability affects multiple products | 2024-02-19T07:00:00.000Z | 2025-05-22T13:03:10.000Z |
| vde-2025-033 | ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products | 2025-04-14T10:00:00.000Z | 2025-04-14T10:00:00.000Z |
| vde-2023-009 | ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000 | 2023-05-08T13:37:00.000Z | 2023-05-08T13:37:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2022-061 | VARTA: Multiple devices prone to hard-coded credentials | 2023-03-15T09:00:00.000Z | 2023-03-15T09:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-060 | Sauter: Multiple vulnerabilities in SAUTER modulo 6 | 2025-10-21T10:00:00.000Z | 2025-10-27T11:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2025-079 | Janitza: Multiple vulnerabilities in UMG 96RM-E | 2026-03-10T07:00:00.000Z | 2026-03-10T07:00:00.000Z |
| vde-2025-094 | Janitza: Vulnerability in Modbus interface of UMG 96-PA and UMG 96-PA-MID+ | 2025-11-24T12:00:00.000Z | 2025-11-24T12:00:00.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| vde-2026-001 | METTLER TOLEDO: ASP.NET core vulnerability in LabX | 2026-03-04T07:00:00.000Z | 2026-03-04T07:00:00.000Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| GCVE-1-2026-0025 |
6.9 (4.0)
|
RansomLook - Improper Filtering of Private Location En… |
ransomlook |
ransomlook |
2026-04-12T15:22:00.000Z | 2026-04-15T20:29:51.794609Z |
| GCVE-1-2026-0024 |
8.8 (4.0)
|
LDAP injection in MISP ApacheAuthenticate when using a… |
misp |
misp |
2026-04-08T08:28:00.000Z | 2026-04-09T04:44:04.936665Z |
| GCVE-1-2026-0023 |
8.5 (4.0)
|
Stored XSS in modal item preview for long item content… |
ail-project |
ail-framework |
2026-04-07T06:29:00.000Z | 2026-04-08T04:22:15.084342Z |
| GCVE-1-2026-0022 |
6.4 (4.0)
|
MISP - Beta Overmind UI Stored Cross-Site Scripting in… |
misp |
misp |
2026-03-30T09:48:36.968649Z | 2026-03-30T09:48:36.968649Z |
| GCVE-1-2026-0021 |
10 (4.0)
|
Critical RCE Vulnerability reported in Windchill |
windchill |
FlexPLM |
2026-03-23T12:30:40.249187Z | 2026-03-23T12:30:40.249187Z |
| GCVE-1-2026-0020 |
10 (4.0)
|
Remote Code Execution Attack Against Eircom D1000 Router |
Eir |
D1000 |
2026-03-11T14:12:00.000Z | 2026-03-11T14:23:24.609831Z |
| GCVE-1-2026-0019 |
6.4 (4.0)
|
Improper URL validation in MISP dashboard button widge… |
misp |
misp |
2026-02-27T14:55:00.000Z | 2026-02-27T15:44:29.998063Z |
| GCVE-1-2026-0018 |
6.5 (4.0)
|
Improper access control in MISP user contact form allo… |
misp |
misp |
2026-02-27T13:25:32.632362Z | 2026-02-27T13:25:32.632362Z |
| GCVE-1-2026-0017 |
7.2 (4.0)
|
Improper Neutralization of Raw HTML in MISP modules Ma… |
misp |
misp-modules |
2026-02-27T13:10:24.641948Z | 2026-02-27T13:10:24.641948Z |
| GCVE-1-2026-0016 |
7 (4.0)
|
Server-Side Request Forgery via Event Report Import Fr… |
misp |
misp |
2026-02-27T10:56:32.745676Z | 2026-02-27T10:56:32.745676Z |
| GCVE-1-2026-0015 |
7.2 (4.0)
|
Threat actors use FortiCloud SSO bypass to collect LDA… |
fortinet |
fortios |
2026-02-09T09:09:00.000Z | 2026-02-09T09:14:59.004089Z |
| GCVE-1-2026-0013 |
2.1 (4.0)
|
Flask Application Username Route Collision Allows Rese… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:27:00.000Z | 2026-02-04T19:32:49.787763Z |
| GCVE-1-2026-0014 |
7.4 (4.0)
|
Missing Authorization Check Allows Unauthorized Modifi… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:32:14.341383Z | 2026-02-04T19:32:14.341383Z |
| GCVE-1-2026-0012 |
2.1 (4.0)
|
Authentication Error Message Allows Email Address Enum… |
vulnerability-lookup |
vulnerability-lookup |
2026-02-04T19:21:34.411344Z | 2026-02-04T19:21:34.411344Z |
| GCVE-1-2026-0011 |
8.7 (4.0)
|
Out-of-bounds memory write in the network packet … |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:37:00.000Z | 2026-01-29T14:39:17.728822Z |
| GCVE-1-2026-0010 |
9.3 (4.0)
|
Improper input validation in the file transfer ha… |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:33:18.822829Z | 2026-01-29T14:33:18.822829Z |
| GCVE-1-2026-0009 |
9.3 (4.0)
|
Stack-based buffer overflow in the multiplayer ne… |
EA Games |
Command & Conquer: Generals |
2026-01-29T14:30:38.596928Z | 2026-01-29T14:30:38.596928Z |
| GCVE-1-2026-0008 |
10 (4.0)
|
gpg-agent stack buffer overflow in pkdecrypt using KEM |
gnupg |
gpg-agent |
2026-01-28T13:48:12.350509Z | 2026-01-28T13:48:12.350509Z |
| GCVE-1-2026-0007 |
10 (4.0)
|
GNU InetUtils Security Advisory: remote authentication… |
gnu |
InetUtils |
2026-01-20T20:57:00.000Z | 2026-01-26T16:32:40.831364Z |
| GCVE-1-2026-0004 |
8.5 (4.0)
|
Authorization Bypass in Cerebrate IndividualsControlle… |
cerebrate |
cerebrate |
2026-01-13T15:28:00.000Z | 2026-01-13T15:38:37.744618Z |
| GCVE-1-2026-0005 |
8.5 (4.0)
|
Improper Access Control in Cerebrate Alignment Model A… |
cerebrate |
cerebrate |
2026-01-13T15:31:00.000Z | 2026-01-13T15:38:02.888546Z |
| GCVE-1-2026-0006 |
8.5 (4.0)
|
Improper Access Control in Cerebrate AuthKey and Encry… |
cerebrate |
cerebrate |
2026-01-13T15:37:17.337254Z | 2026-01-13T15:37:17.337254Z |
| GCVE-1-2026-0003 |
6.3 (4.0)
|
Stored/Reflected XSS via Unsanitized Parameters in URL… |
misp |
misp |
2026-01-13T10:50:00.000Z | 2026-01-13T10:54:13.659223Z |
| GCVE-1-2026-0002 |
10 (4.0)
|
Heap-buffer-overflow in EXIF writer for extra IFD tags |
ffmpeg |
ffmpeg |
2026-01-02T19:50:00.000Z | 2026-01-02T20:05:27.269877Z |
| GCVE-1-2026-0001 |
N/A
|
Bundle reference to gpg.fail |
gnupg |
gnupg |
2026-01-02T10:20:00.000Z | 2026-01-02T13:31:14.359346Z |
| GCVE-1-2025-0041 |
6.4 (4.0)
|
[online services] Reflected Cross-Site Scripting (XSS)… |
typo3 |
typo3 |
2025-12-19T14:25:00.000Z | 2025-12-19T14:54:51.594645Z |
| GCVE-1-2025-0032 |
10 (4.0)
|
The default configuration of WatchGuard Firebox device… |
watchguard |
firebox |
2025-12-03T16:25:00.000Z | 2025-12-19T13:48:34.570799Z |
| GCVE-1-2025-0031 |
7.1 (4.0)
|
A cross-site scripting (XSS) vulnerability was identif… |
misp |
misp |
2025-12-03T10:58:00.000Z | 2025-12-16T09:36:09.594750Z |
| GCVE-1-2025-0040 |
7.2 (4.0)
|
A cross-site scripting (XSS) vulnerability was id… |
misp |
misp |
2025-12-13T08:44:32.378924Z | 2025-12-13T08:44:32.378924Z |
| GCVE-1-2025-0039 |
8.5 (4.0)
|
XSS Reintroduced in MISP Dashboard World Map Widget Du… |
misp |
misp |
2025-12-10T14:33:52.856734Z | 2025-12-10T14:33:52.856734Z |