|
18 Mar 2026 | VULN315 | Google Chrome : Chrome 146.0.7680.80 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 146.0.7680.80.
|
|
18 Mar 2026 | VULN314 | Ubuntu : Snapd - Local Privilege Escalation (CVE-2026-3888) | Systems running Snapd.
|
|
18 Mar 2026 | VULN313 | Next.js : Multiple security vulnerabities fixed in Next.js | Systems running Next.js versions prior to 16.1.7, 15.5.13.
|
|
18 Mar 2026 | VULN312 | Apache : CVE-2025-54920 Apache Spark Spark History Server Code Execution Vulnerability | Systems running Spark versions prior to 3.5.7, 4.0.1.
|
|
18 Mar 2026 | VULN311 | libexpat : libexpat 2.7.5 fixes multiple security vulnerabilities | Systems running libexpat versions prior to 2.7.5.
|
|
18 Mar 2026 | VULN310 | Apache : Multiple vulnerabilities fixed in Apache Airflow | Systems running Apache Airflow versions prior to 3.1.8.
|
|
18 Mar 2026 | VULN309 | Kubernetes : CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories | Systems running CSI Driver for NFS versions prior to 4.13.1.
|
|
17 Mar 2026 | VULN308 | OpenSSL : OpenSSL TLS 1.3 server may choose unexpected key agreement group (CVE-2026-2673) | Systems running OpenSSL versions prior to 3.6.2, 3.5.6.
|
|
17 Mar 2026 | VULN307 | Python : Stack overflow and Incomplete control character validation vulnerabilities | Systems running CPython.
|
|
17 Mar 2026 | VULN306 | Spring : JSONPath Injection and SQL Injection in Spring AI | Systems running Spring AI versions prior to 1.0.4, 1.1.3.
|
|
17 Mar 2026 | VULN305 | Xen : Use after free and Xenstored DoS vulnerabities | Systems running Xen.
|
|
16 Mar 2026 | VULN304 | Fabrik : Fabrik 4.6.3 Security Release | Systems running Fabrik versions prior to 4.6.3.
|
|
13 Mar 2026 | VULN303 | Vim : NFA regex engine NULL pointer dereference affects Vim < 9.2.0137 | Systems running Vim versions prior to 9.2.0137.
|
|
13 Mar 2026 | VULN302 | Apache : Apache Livy Unauthorized directory access and Restrict file access vulnerabilities | Systems running Apache Livy versions prior to 0.9.0.
|
|
13 Mar 2026 | VULN301 | Broadcom : Multiple security vulnerabilities fixed in VMware Tanzu for Valkey | Systems running VMware Tanzu for Valkey products.
|
|
13 Mar 2026 | VULN300 | Splunk : Multiple security vulnerabilities fixed in Splunk products | Systems running Splunk AppDynamics products, Splunk Enterprise versions prior to 10.2.1, 10.0.4, 9.4.9, 9.3.10, Splunk Cloud Platform versions prior to 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, 9.3.2411.124, Splunk Observability Cloud app for Splunk Enterprise versions prior to 10.2.2510.5, 10.1.2507.16, 10.0.2503.12.
|
|
12 Mar 2026 | VULN299 | Cisco : Cisco Security Advisories Published on March 11, 2026 | Cisco IOS XR, Systems running Cisco Contact Center Products.
|
|
12 Mar 2026 | VULN298 | Veeam : Critical Security vulnerabilities fixed in Veeam Backup & Replication | Systems running Veeam Backup & Replication versions prior to 12.3.2.4465, 13.0.1.2067.
|
|
12 Mar 2026 | VULN297 | glpi : Remote Code Execution via malicious upload | Systems running glpi (glpi) versions prior to 11.0.5.
|
|
12 Mar 2026 | VULN296 | GitLab : GitLab Patch Release 18.9.2, 18.8.6, 18.7.6 | Systems running GitLab versions prior to 18.9.2, 18.8.6, 18.7.6.
|
|
12 Mar 2026 | VULN295 | Adobe : Security Updates Available for Adobe Illustrator APSB26-18 | Systems running Adobe Illustrator versions prior to 29.8.5, 30.2.
|
|
12 Mar 2026 | VULN294 | Adobe : Security update available for Adobe Acrobat Reader APSB26-26 | Systems running Adobe Acrobat, Acrobat Reader versions prior to 25.001.21288, Acrobat versions prior to 24.001.30356.
|
|
12 Mar 2026 | VULN293 | Ivanti : Security Advisory Ivanti DSM (CVE-2026-3483) | Systems running Ivanti Desktop and Server Management (DSM) versions prior to 2026.1.1.
|
|
12 Mar 2026 | VULN292 | Argo Workflows : WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode | Systems running argo-workflows (Go) versions prior to 4.0.2, 3.7.11.
|
|
12 Mar 2026 | VULN291 | GLIBC : nscd client crash on x86_64 under high nscd load | Systems running GNU C Library versions prior to 2.36.
|
|
12 Mar 2026 | VULN290 | Fortinet : Buffer overflow via fgtupdates service | Systems running FortiManager versions prior to 7.4.3, 7.2.11.
|
|
11 Mar 2026 | VULN289 | Fortinet : Security Vulnerabilities fixed in FortiSwitchAXFixed | Systems running FortiSwitchAXFixed versions prior to 1.0.2.
|
|
11 Mar 2026 | VULN288 | HPE : HPE Aruba Networking AOS-CX, Multiple Vulnerabilities | HPE Aruba Networking AOS-CX Software versions prior to 10.17.1001, 10.16.1030, 10.13.1161, 10.10.1180.
|
|
11 Mar 2026 | VULN287 | WordPress : WordPress 6.9.2 fixes multiple security vulnerabilities | Systems running WordPress versions prior to 6.9.2.
|
|
11 Mar 2026 | VULN286 | Traefik : Multiple Security Vulnerabilities fixed in Traefik | Systems running Traefik (Go) versions prior to 2.11.40, 3.6.10.
|
|
11 Mar 2026 | VULN285 | curl : Multiple Security Vulnerabilities fixed in curl 8.19.0 | Systems running curl versions prior to 8.19.0.
|
|
10 Mar 2026 | VULN284 | Mozilla : Security Vulnerabilities fixed in Focus for iOS 148.2 | Systems running Mozilla Focus for iOS versions prior to 148.2.
|
|
10 Mar 2026 | VULN283 | SAP : SAP Security Patch Day - March 2026 | Systems running SAP products.
|
|
10 Mar 2026 | VULN282 | Apache : CVE-2026-23907 Path Traversal in PDFBox ExtractEmbeddedFiles Example Code | Systems running Apache PDFBox versions 2.0.24, 3.0.0 up to and including 2.0.36, 3.0.7.
|
|
10 Mar 2026 | VULN281 | Apache : CVE-2026-25604 Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass | Systems running Apache Airflow AWS Auth Manager versions prior to 9.22.0.
|
|
10 Mar 2026 | VULN280 | Kubernetes : CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection | Systems running ingress-nginx versions prior to 1.13.8, 1.14.4, 1.15.0.
|
|
10 Mar 2026 | VULN279 | Apereo CAS : CAS JWT Authentication Vulnerability Disclosure | Systems running Apereo CAS versions prior to 7.2.7.1, 7.3.5.
|
|
10 Mar 2026 | VULN278 | Rocket.Chat : Critical and high severity vulnerabilities fixed in Rocket.Chat | Systems running Rocket.Chat versions prior to 8.0.0, 7.13.3, 7.12.4, 7.11.4, 7.10.7, 7.9.8, 7.8.6.
|
|
10 Mar 2026 | VULN277 | pac4j : Security advisory for pac4j-jwt (JwtAuthenticator) CVE-2026-29000 critical Authentication Bypass | Systems running pac4j-jwt versions prior to 4.5.9, 5.7.9, 6.3.3.
|
|
10 Mar 2026 | VULN276 | ZITADEL : 1-Click Account Takeover via XSS in /saml-post Endpoint | Systems running ZITADEL versions prior to 4.12.0.
|
|
10 Mar 2026 | VULN275 | vLLM : SSRF Protection Bypass in vLLM | Systems running vllm (pip) versions prior to 0.17.0.
|
|
9 Mar 2026 | VULN274 | Flowise : Multiple high severity vulnerabilities fixed in Flowise | Systems running Flowise (npm) versions prior to 3.0.13.
|
|
9 Mar 2026 | VULN273 | GitHub Copilot : GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution | Systems running GitHub Copilot versions prior to 0.0.423.
|
|
9 Mar 2026 | VULN272 | GnuPG : New versions of GnuPG, Gpg4win fix critical security bug | Systems running GnuPG versions prior to 2.5.17, Gpg4win versions prior to 5.0.1.
|
|
9 Mar 2026 | VULN271 | Apache : Multiple vulnerabilities fixed in Apache IoTDB | Systems running Apache IoTDB versions prior to 1.3.6, 2.0.6.
|
|
9 Mar 2026 | VULN270 | Apache : Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator | Systems running Apache Airflow Providers Http versions prior to 6.0.0.
|
|
9 Mar 2026 | VULN269 | Apache : Apache ZooKeeper Sensitive information disclosure and server impersonation vulnerabilities | Systems running Apache ZooKeeper versions prior to 3.8.6, 3.9.5.
|
|
6 Mar 2026 | VULN268 | Nextcloud : Remote code execution in Nextcloud Flow via vulnerable Windmill version | Systems running Flow (Nextcloud) versions prior to 1.3.0.
|
|
6 Mar 2026 | VULN267 | Zabbix : Unauthorized host creation via configuration.import API (CVE-2026-23925) | Systems running Zabbix versions prior to 6.0.41, 7.0.18, 7.4.2.
|
|
6 Mar 2026 | VULN266 | SPIP : Mise à jour de sécurité sortie de SPIP 4.4.13 | Systems running SPIP versions prior to 4.4.13.
|
|
6 Mar 2026 | VULN265 | PJSIP : Heap use-after-free in PJSIP presence subscription termination handler | Systems running pjsip presence versions prior to 2.17.
|
|
6 Mar 2026 | VULN264 | PJSIP : Stack buffer overflow in in pjmedia-codec framework | Systems running pjmedia-codec versions prior to 2.17.
|
|
6 Mar 2026 | VULN263 | CPAN Security Group : Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id | Systems running Apache::Session::Generate::MD5 versions prior to 1.94.
|
|
6 Mar 2026 | VULN262 | CPAN Security Group : Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib | Systems running Compress::Raw::Zlib versions prior to 2.220.
|
|
6 Mar 2026 | VULN261 | Go : Go 1.26.1 and Go 1.25.8 are released | Systems running Go versions prior to 1.26.1, 1.25.8.
|
|
5 Mar 2026 | VULN260 | Google Chrome : Chrome 145.0.7632.159/160 fixes Critical and high-severity security vulnerabilities | Systems running Chrome versions prior to 145.0.7632.159/160.
|
|
5 Mar 2026 | VULN259 | node-tar : Hardlink Path Traversal via Drive-Relative Linkpath | Systems running tar (npm) versions prior to 7.5.10.
|
|
5 Mar 2026 | VULN258 | pyload-ng : Arbitrary File Write via Path Traversal in edit_package() | Systems running pyload-ng (pip) versions prior to 0.5.0b3.dev97.
|
|
5 Mar 2026 | VULN257 | Docker : CLI plugins uncontrolled search path element local privilege escalation on Windows | Systems running Docker CLI versions prior to 29.2.0.
|
|
4 Mar 2026 | VULN256 | Cisco : Cisco Security Advisories Published on March 04, 2026 | Systems running Cisco products.
|
|
4 Mar 2026 | VULN255 | HPE : Multiple Vulnerabilities in HPE Aruba Networking Wireless Operating Systems (AOS-8 and AOS-10) for Mobility Conductors, Controllers, Gateways, and Access Points | AOS-10 versions prior to 10.8.0.1, 10.7.2.3, 10.4.1.11, AOS-8 versions prior to 8.13.1.2, 8.12.0.7, 8.10.0.22.
|
|
4 Mar 2026 | VULN254 | IBM : Vulnerabilities in MongoDB Server might affect IBM Storage Defender Copy Data Management | Systems running IBM Storage Defender Copy Data Management versions 2.2.0.0 up to and including 2.2.28.0.
|
|
4 Mar 2026 | VULN253 | IBM : Multiple Vulnerabilities in IBM DevOps Build | Systems running IBM DevOps Build versions prior to 7.1.0.2.
|
|
4 Mar 2026 | VULN252 | AWS : Issue with AWS-LC an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338) | Systems running AWS-LC versions prior to 1.69.0, aws-lc-sys versions prior to 0.38.0, AWS-LC-FIPS versions prior to 3.2.0, aws-lc-sys-fips versions prior to 0.13.12.
|
|
4 Mar 2026 | VULN251 | HPE : HPE AutoPass License Server (APLS), Remote Authentication Bypass Vulnerability | Systems running HPE AutoPass License Server versions prior to 9.19.
|
|
4 Mar 2026 | VULN250 | Apache : Apache Artemis, Apache ActiveMQ Artemis Auth bypass for Core downstream federation | Systems running Apache Artemis versions prior to 2.52.0, Apache ActiveMQ Artemis.
|
|
4 Mar 2026 | VULN249 | Apache : Apache ActiveMQ MQTT control packet remaining length field is not properly validated | Systems running Apache ActiveMQ versions prior to 5.19.2, 6.1.9, 6.2.1.
|
|
4 Mar 2026 | VULN248 | Openstack : Remote code execution through Vitrage query parser | Systems running Openstack Vitrage versions <12.0.1, ==13.0.0, ==14.0.0, ==15.0.0.
|
|
3 Mar 2026 | VULN247 | Django : Django security releases issued 6.0.3, 5.2.12, and 4.2.29 | Systems running Django versions prior to 6.0.3, 5.2.12, and 4.2.29.
|
|
3 Mar 2026 | VULN246 | OpenSSF : Active Exploitation of Weak GitHub Actions Configurations | Systems running GitHub Actions.
|
|
3 Mar 2026 | VULN245 | qwik : Unauthenticated RCE via server$ Deserialization | Systems running qwik (npm) versions prior to 1.19.1.
|
|
2 Mar 2026 | VULN243 | jackson-core : Number Length Constraint Bypass in Async Parser Leads to Potential Denial-of-Service (DoS) Condition | Systems running jackson-core (Maven) versions prior to 2.18.6, 2.21.1, 3.1.0.
|
|
2 Mar 2026 | VULN242 | phpmyfaq : Unauthenticated Account Creation via WebAuthn Prepare Endpoint | Systems running phpmyfaq (Composer) versions prior to 4.0.18.
|
|
2 Mar 2026 | VULN241 | Vitess : Critical and high severity Security vulnerabilities fixed in Vitess | Systems running vitess (Go) versions prior to 22.0.4, 23.0.3.
|
|
2 Mar 2026 | VULN240 | langflow : Critical Remote Code Execution in CSV Agent | Systems running langflow (pypi) versions prior to 1.8.0.
|
|
27 Feb 2026 | VULN239 | elastic : Multiple Security vulnerabilities fixed in Kibana | Systems running Kibana versions prior to 9.3.1, 8.19.12, 9.2.6.
|
|
27 Feb 2026 | VULN238 | IBM : IBM QRadar SIEM is vulnerable to using components with known vulnerabilities | Systems running IBM QRadar SIEM versions prior to 7.5.0 UP14 IF05.
|
|
27 Feb 2026 | VULN237 | Drupal : UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010 | Systems running UI Icons for Drupal versions prior to 1.0.1, 1.1.1.
|
|
27 Feb 2026 | VULN236 | Drupal : SAML SSO - Service Provider - Critical - Cross-site scripting | Systems running SAML SSO - Service Provider for Drupal versions prior to 3.1.3.
|
|
27 Feb 2026 | VULN235 | Elastic : Synthetics Recorder 1.4.15 Security Update (ESA-2026-16) - CVE-2025-6554 and CVE-2025-7657 | Systems running Elastic Synthetics Recorder versions prior to 1.4.15.
|
|
27 Feb 2026 | VULN234 | Google ChromeOS : Multiple security vulnerabilities fixed in Google ChromeOS | Systems running ChromeOS / ChromeOS Flex versions prior to 16552.47.0.
|
|
27 Feb 2026 | VULN233 | koa : Host Header Injection via `ctx.hostname` | Systems running koa (npm) versions prior to 3.1.2, 2.16.4.
|
|
27 Feb 2026 | VULN232 | Juniper : Junos OS Evolved: PTX Series : A vulnerability allows a unauthenticated, network-based attacker to execute code as root (CVE-2026-21902) | Junos OS Evolved on PTX Series versions prior to 25.4R1-S1-EVO, 25.4R2-EVO*, 26.2R1-EVO*.
|
|
27 Feb 2026 | VULN231 | ImageMagick : ImageMagick Multiple security vulnerabilities | Systems running ImageMagick (C/C++) versions prior to 7.1.2-15, 6.9.13-40, 7.1.2-15.
|
|
27 Feb 2026 | VULN230 | modelcontextprotocol.io : Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk | Systems running modelcontextprotocol/go-sdk (Go) versions prior to 1.3.1.
|
|
27 Feb 2026 | VULN229 | Freescout : Predictable Authentication Token Enables Account Takeover | Systems running freescout (Composer) versions prior to 1.8.206.
|
|
27 Feb 2026 | VULN228 | n8n : Multiple vulnerabilities, some critical fixed | Systems running n8n (npm) versions prior to 2.10.1, 2.9.3, 1.123.22.
|
|
26 Feb 2026 | VULN227 | rustfs : Critical Stored XSS and Missing Post Policy Validation vulnerabilities | Systems running rustfs (Rust) versions prior to 1.0.0-alpha.83.
|
|
26 Feb 2026 | VULN226 | Angular : SSRF and Header Injection and Open Redirect in Angular SSR | Systems running @angular/ssr (npm) versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, 19.2.21, @nguniversal/common (npm), @nguniversal/express-engine (npm).
|
|
26 Feb 2026 | VULN225 | Centreon : CVE-2026-2749 - Centreon Open Tickets - CRITICAL Severity | Systems running Centreon Open Tickets versions prior to 25.10.3, 24.10.8, 24.04.7.
|
|
26 Feb 2026 | VULN224 | Centreon : vulnerability | Systems running centreon-web versions prior to 25.10.9, 24.10.21, 24.04.25.
|
|
26 Feb 2026 | VULN223 | (SPIP : SPIP 4.4.10 corrige trois failles de sécurité | Systems running SPIP versions prior to 4.4.10.
|
|
26 Feb 2026 | VULN222 | Postgresql : pgvector 0.8.2 fixes a buffer overflow vulnerability | Systems running pgvector versions prior to 0.8.2.
|
|
26 Feb 2026 | VULN221 | terraform-provider-linode : Sensitive Information Exposure in Terraform Provider for Linode Debug Logs | Systems running terraform-provider-linode versions prior to 3.9.0.
|
|
25 Feb 2026 | VULN220 | Docker : Docker Desktop 4.62.0 fix out of bounds read vulnerability | Systems running Docker Desktop versions prior to 4.62.0.
|
|
25 Feb 2026 | VULN219 | Cisco : Cisco Security Advisories Published on February 25, 2026 | Systems running Cisco Catalyst, Cisco Nexus 9000 Series Fabric Switches software, Cisco Nexus 3600 and 9500-R Series Switching Platforms, Cisco NX-OS Software, Cisco FXOS and UCS Manager Software, Cisco UCS Manager Software, Cisco Application Policy Infrastructure Controller.
|
|
25 Feb 2026 | VULN218 | Mozilla : Security Vulnerabilities fixed in Thunderbird 140.8, 148 | Systems running Thunderbird versions prior to 140.8, 148.
|
|
25 Feb 2026 | VULN217 | Mozilla : Security Vulnerabilities fixed in Firefox ESR 140.8, ESR 115.33, 148 | Systems running Firefox versions prior to ESR 140.8, ESR 115.33, 148.
|
|
25 Feb 2026 | VULN216 | Synology : Synology-SA-26:02 Synology Presto Client | Systems running Synology versions prior to 2.1.3-0672.
|
|
25 Feb 2026 | VULN215 | GitLab : GitLab Patch Release 18.9.1, 18.8.5, 18.7.5 | Systems running GitLab versions prior to 18.9.1, 18.8.5, 18.7.5.
|
|
25 Feb 2026 | VULN214 | Trendmicro : SECURITY BULLETIN Apex One and Apex One (Mac) - February 2026 | Systems running Apex One version prior to CP Build 14136, Apex One as a Service, Trend Vision One Endpoint - Standard Endpoint Protection versions prior to Security Agent Build 14.0.20315.
|
|
25 Feb 2026 | VULN213 | Pimcore : SQL injection via unsanitized filter value in Dependency Dao RLIKE clause | Systems running pimcore (Composer) versions prior to 11.5.15 12.3.3.
|
|
25 Feb 2026 | VULN212 | Google Chrome : Chrome 145.0.7632.116/117 fixes high-severity security vulnerabilities | Systems running Chrome versions prior to 145.0.7632.116/117.
|
|
25 Feb 2026 | VULN211 | Solarwinds : Serv-U 15.5.4 release notes fix critical vulnerabilities | Systems running Serv-U versions prior to 15.5.4.
|
|
24 Feb 2026 | VULN210 | Sonicwall : SonicOS multiple post-authentication vulnerabilities | SonicOS.
|
|
24 Feb 2026 | VULN209 | Valkey : Multiple vulnerabilities fixed in valkey-server | Systems running valkey-server (valkey-io) versions prior to 9.0.3, 8.1.6, 8.0.7, 7.2.12.
|
|
24 Feb 2026 | VULN208 | MindsDB : Path Traversal in /api/files Leading to Remote Code Execution | Systems running MindsDB versions prior to 25.9.1.1.
|
|
24 Feb 2026 | VULN207 | Broadcom : VMware Aria Operations updates address multiple vulnerabilities (CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721) | Systems running VMware Cloud Foundation, VMware vSphere Foundation versions prior to 9.0.2.0, VMware Aria Operations versions prior to 8.18.6, VMware Cloud Foundation versions prior to KB92148, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure versions prior to KB428241.
|
|
23 Feb 2026 | VULN206 | Apache : Apache Airflow Connection Secrets not masked in UI when Connection are added via Airflow cli | Systems running Apache Airflow versions prior to 2.11.1.
|
|
23 Feb 2026 | VULN205 | Microsoft : Vulnérabilité d’élévation de privilèges dans Windows Admin Center New CVE-2026-26119 | Systems running Windows Admin Center versions prior to 2.6.4.
|
|
23 Feb 2026 | VULN204 | IceWarp : IceWarp Security Update | Systems running IceWarp Epos versions prior to Update 2 14.2.0.12, Update 1 14.1.0.20, 14.0.0.18, Deep Castle versions prior to 13.0.3.13.
|
|
23 Feb 2026 | VULN203 | Google : Vulnerabilities fixed in Google Vertex AI and SDK Vertex AI | Systems running Google Vertex AI Experiments versions prior to 1.133.0, Google google-cloud-aiplatform (SDK Vertex AI pour Python) versions prior to 1.131.0.
|
|
20 Feb 2026 | VULN202 | Splunk : Multiple Vulnerabilities fixed in Splunk Enterprise for Windows | Systems running Splunk Enterprise for Windows versions prior to 10.2.0, 10.0.3, 9.4.8, 9.3.9, 9.2.12.
|
|
20 Feb 2026 | VULN201 | Splunk : Third-Party Package Updates in Splunk Enterprise - February 2026 | Systems running Third Party Packages in Splunk Enterprise versions prior to 10.0.3, 9.4.8, 9.3.9, 9.2.12.
|
|
20 Feb 2026 | VULN200 | Traefik : Critical TLS ClientAuth Bypass on HTTP/3 | Systems running Traefik (Go) versions prior to 2.11.37, 3.6.8.
|
|
20 Feb 2026 | VULN199 | deno : Command Injection via Incomplete shell metacharacter blocklist in `node:child_process` | Systems running deno versions prior to 2.6.8.
|
|
20 Feb 2026 | VULN198 | bigbluebutton : Exposed ClamAV port allowing denial of service | Systems running clamav (bigbluebutton) versions prior to 3.0.22.
|
|
19 Feb 2026 | VULN197 | Tenable : Security Center Version 6.8.0 Fixes Multiple Vulnerabilities | Systems running Tenable Security Center versions prior to 6.8.0.
|
|
19 Feb 2026 | VULN196 | Google Chrome : Chrome 145.0.7632.109/110 fixes high-severity security vulnerabilities | Systems running Google Chrome versions prior to 145.0.7632.109/110.
|
|
19 Feb 2026 | VULN195 | jspdf : Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions | Systems running jspdf (npm) versions prior to 4.2.0.
|
|
19 Feb 2026 | VULN194 | Jsonpath : jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions | Systems running jsonpath (npm).
|
|
19 Feb 2026 | VULN193 | brace-expansion : Uncontrolled Resource Consumption in @isaacs/brace-expansion | Systems running brace-expansion (npm) versions prior to 5.0.1.
|
|
18 Feb 2026 | VULN192 | SPIP : Mise à jour de sécurité sortie de SPIP 4.4.9 | Systems running SPIP versions prior to 4.4.9.
|
|
18 Feb 2026 | VULN191 | Tenable : Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2 | Systems running Tenable Security Center versions 6.7.2 and earlier.
|
|
18 Feb 2026 | VULN190 | Apache : Apache Arrow Potential use-after-free when reading IPC file with pre-buffering | Systems running Apache Arrow versions prior to 23.0.1.
|
|
18 Feb 2026 | VULN189 | node-tar : Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction | Systems running node-tar versions prior to 7.5.8.
|
|
18 Feb 2026 | VULN188 | Apache : Apache Camel Deserialization of Untrusted Data and Cross-Realm Token Acceptance Bypass | Systems running Apache Camel versions prior to 4.18.0, 4.10.9, 4.14.5.
|
|
18 Feb 2026 | VULN187 | Apache : Multiple vulnerabilities fixed in Apache Tomcat | Systems running Apache Tomcat Native versions prior to 2.0.12, 1.3.5, Apache Tomcat versions prior to 11.0.18, 10.1.52, 9.0.115.
|
|
18 Feb 2026 | VULN186 | Openstack : Nova calls qemu-img without format restrictions for resize | Systems running Nova versions <30.2.2, >=31.0.0 <31.2.1, >=32.0.0 <32.1.1.
|
|
18 Feb 2026 | VULN185 | vaultwarden : Multiple vulnerabilities fixed in vaultwarden | Systems running vaultwarden versions prior to 1.35.3.
|
|
18 Feb 2026 | VULN184 | Dell : Security Update for RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability | Systems running RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1.
|
|
18 Feb 2026 | VULN183 | Indico : Server-Side Request Forgery (SSRF) and Cross-Site-Scripting fixed | Systems running Indico versions prior to 3.3.10.
|
|
18 Feb 2026 | VULN182 | Jenkins : Jenkins Security Advisory 2026-02-18 | Systems running Jenkins (core) versions prior to weekly 2.551, LTS 2.541.2.
|
|
17 Feb 2026 | VULN181 | Palo Alto : PAN-SA-2026-0002 Chromium Monthly Vulnerability Update (February 2026) | Systems running Prisma Browser versions prior to 144.27.7.133.
|
|
17 Feb 2026 | VULN180 | Rack : Directory Traversal and XSS injection via malicious filename via Rack:Directory | Systems running rack (RubyGems) versions prior to 2.2.22, 3.1.20, 3.2.5.
|
|
17 Feb 2026 | VULN179 | HAProxy : February 2026 — CVE-2026-26080 and CVE-2026-26081 QUIC denial of service | Systems running HAProxy versions prior to 3.0.16, 3.1.14, 3.2.12, 3.3.3.
|
|
17 Feb 2026 | VULN178 | Mozilla : Security Vulnerabilities fixed in Thunderbird 147.0.2 and 140.7.2 | Systems running Thunderbird versions prior to 147.0.2, 140.7.2.
|
|
17 Feb 2026 | VULN177 | Mozilla : Security Vulnerabilities fixed in 147.0.4, ESR 140.7.1, and ESR 115.32.1 | Systems running Firefox versions prior to 147.0.4, ESR 140.7.1, ESR 115.32.1.
|
|
17 Feb 2026 | VULN176 | Apache : Apache NiFi Missing Authorization of Restricted Permissions for Component Updates | Systems running Apache NiFi versions prior to 2.8.0.
|
|
16 Feb 2026 | VULN175 | lakeFS : lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access | Systems running lakefs (Go) versions prior to 1.77.0.
|
|
16 Feb 2026 | VULN174 | Google Chrome : Chrome 145.0.7632.75/76 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 145.0.7632.75/76.
|
|
16 Feb 2026 | VULN173 | CPAN Security Group : CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function | Systems running Traefik versions prior to 2.6.1, 3.0.0-beta.3.
|
|
16 Feb 2026 | VULN172 | Vim : TCP readTimeout bypass via STARTTLS on Postgres | Systems running Vim versions prior to 9.1.2148.
|
|
16 Feb 2026 | VULN171 | Unstructured : Path Traversal via Malicious MSG Attachment Allows Arbitrary File Write | Systems running Unstructured versions prior to 0.18.18.
|
|
16 Feb 2026 | VULN170 | Hashicorp : Arbitrary code execution in React server-side rendering of untrusted MDX content | Systems running next-mdx-remote versions prior to 6.0.0.
|
|
16 Feb 2026 | VULN169 | Qnap : Multiple Vulnerabilities in File Station 5 | Systems running File Station 5 versions prior to 5.5.6.5190.
|
|
16 Feb 2026 | VULN168 | Qnap : Multiple Vulnerabilities in QTS and QuTS hero | Systems running QTS versions prior to 5.2.8.3350 build 20251216, QuTS hero versions prior to 5.2.8.3350 build 20251216, 5.3.2.3354 build 20251225.
|
|
13 Feb 2026 | VULN167 | Traefik : TCP readTimeout bypass via STARTTLS on Postgres | Systems running Traefik versions prior to 2.6.1, 3.0.0-beta.3.
|
|
13 Feb 2026 | VULN166 | SPIP : Mise à jour de sécurité sortie de SPIP 4.4.8 | Systems running SPIP versions prior to 4.4.8.
|
|
13 Feb 2026 | VULN165 | SurrealDB : Denial of Service through scripting function memory edge case | Systems running SurrealDB (Rust) versions prior to 2.6.1, 3.0.0-beta.3.
|
|
13 Feb 2026 | VULN164 | Fortinet : Multiple vulnerabilities fixed in FortiOS | FortiOS versions prior to 7.6.5, 7.4.10.
|
|
13 Feb 2026 | VULN163 | Fortinet : Missing authorization on CSV user import | Systems running FortiAuthenticator versions prior to 6.6.7.
|
|
13 Feb 2026 | VULN162 | PostgreSQL : PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 Released! | Systems running PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, 14.21.
|
|
13 Feb 2026 | VULN161 | Apache : CVE-2025-33042 Apache Avro Java SDK Code injection on Java generated code | Systems running Apache Avro Java SDK versions prior to 1.12.1, 1.11.5.
|
|
12 Feb 2026 | VULN160 | Pillow : Out-of-bounds write when loading PSD images | Systems running Pillow versions prior to 12.1.1.
|
|
12 Feb 2026 | VULN159 | APPLE : APPLE-SA-02-11-2026-7 watchOS 26.3 | watchOS versions prior to 26.3.
|
|
12 Feb 2026 | VULN158 | APPLE : APPLE-SA-02-11-2026-6 tvOS 26.3 | tvOS versions prior to 26.3.
|
|
12 Feb 2026 | VULN157 | APPLE : iOS 26.3, 18.7.5 and iPadOS 26.3, 18.7.5 | iOS, iPadOS versions prior to 26.3, 18.7.5.
|
|
12 Feb 2026 | VULN156 | APPLE : macOS Tahoe 26.3, Sequoia 15.7.4 and Sonoma 14.8.4 | macOS versions prior to Tahoe 26.3, Sequoia 15.7.4, Sonoma 14.8.4.
|
|
12 Feb 2026 | VULN155 | BeyondTrust : RCE in Remote Support (RS) and Privileged Remote Access (PRA) | Systems running BeyondTrust Remote Support versions prior to Patch BT26-02-RS (v21.3 - 25.3.1), BeyondTrust Privileged Remote Access versions prior to Patch BT26-02-PRA (v22.1 - 24.X).
|
|
11 Feb 2026 | VULN154 | Ivanti : Security Advisory EPM February 2026 for EPM 2024 | Systems running Ivanti Endpoint Manager versions prior to 2024 SU5.
|
|
11 Feb 2026 | VULN153 | GitLab : GitLab Patch Release: 18.8.4, 18.7.4, 18.6.6 | Systems running GitLab versions prior to 18.8.4, 18.7.4, 18.6.6.
|
|
11 Feb 2026 | VULN152 | Adobe : Security Updates Available for Adobe Bridge APSB26-21 | Systems running Adobe Bridge versions prior to 15.1.4 (LTS), 16.0.2.
|
|
11 Feb 2026 | VULN151 | Adobe : Security Update Available for Adobe InDesign APSB26-17 | Systems running Adobe InDesign versions prior to ID21.2, ID20.5.2.
|
|
11 Feb 2026 | VULN150 | (N'existe pas a priori) | -
|
|
11 Feb 2026 | VULN149 | munge : Buffer overflow in message unpacking allows key leakage and credential forgery | Systems running munge versions prior to 0.5.18.
|
|
11 Feb 2026 | VULN148 | Adobe : Security Updates Available for Adobe After Effects APSB26-15 | Systems running Adobe After Effects versions prior to 25.6.4, 26.0.
|
|
11 Feb 2026 | VULN147 | Keycloak : Keycloak 26.5.3 fix multiple security vulnerabilities | Systems running Keycloak versions prior to 26.5.3.
|
|
11 Feb 2026 | VULN146 | Cryptography : PyCA cryptography 46.0.5 released | Systems running PyCA cryptography versions prior to 46.0.0.
|
|
10 Feb 2026 | VULN145 | Fortinet : SQLi in administrative interface | Systems running FortiClientEMS versions prior to 7.4.5.
|
|
10 Feb 2026 | VULN144 | SAP : SAP Security Patch Day - February 2026 | Systems running SAP products.
|
|
10 Feb 2026 | VULN143 | libpng : Heap buffer overflow in png_set_quantize | Systems running libpng versions prior to 1.6.55.
|
|
10 Feb 2026 | VULN142 | PowerDNS : PowerDNS Security Advisory 2026-01 Crafted zones can lead to increased resource usage in Recursor | Systems running PowerDNS Recursor versions prior to 5.1.10, 5.2.8, 5.3.5.
|
|
10 Feb 2026 | VULN141 | GNUTLS : gnutls 3.8.12 fix DoS and Stack write buffer overflow vulnerabilities | Systems running GNUTLS versions prior to 3.8.12.
|
|
10 Feb 2026 | VULN140 | Apache : CVE-2026-23906 Apache Druid Authentication Bypass via LDAP Anonymous Bind | Systems running Apache Druid versions prior to 36.0.0.
|
|
9 Feb 2026 | VULN139 | Broadcom : VMware Tanzu Greenplum 6.32.0 | Systems running VMware Tanzu Greenplum versions prior to 6.32.0.
|
|
9 Feb 2026 | VULN138 | Apache : CVE-2026-24343 Apache HertzBeat Uncontrolled Resource Consumption via Crafted XPath Expressions | Systems running Apache HertzBeat versions prior to 1.8.0.
|
|
9 Feb 2026 | VULN137 | Apache : Permission Bypass and permission leak vulnerabilities fixed in Apache Airflow | Systems running Apache Airflow versions prior to 3.1.7.
|
|
9 Feb 2026 | VULN136 | Gitlab : GitLab AI Gateway Critical Patch Release: 18.6.2, 18.7.1, and 18.8.1 | Systems running GitLab AI Gateway versions prior to 18.6.2, 18.7.1, 18.8.1.
|
|
9 Feb 2026 | VULN135 | Roundcube : Security updates 1.6.13 and 1.5.13 released | Systems running Roundcube Webmail prior to 1.6.13, 1.5.13.
|
|
6 Feb 2026 | VULN134 | Broadcom : Isolation Segmentation for VMware Tanzu Platform 10.2.7+LTS-T, 10.3.4 | Systems running VMware Tanzu Platform versions prior to 10.2.7+LTS-T.
|
|
6 Feb 2026 | VULN133 | ESET : Local privilege escalation vulnerability in ESET Management Agent for Windows fixed | Systems running ESET Management Agent for Windows versions prior to 13.0.1400.0.
|
|
6 Feb 2026 | VULN132 | web2py : web2py has an Open Redirect Vulnerability | Systems running web2py versions prior to 3.1.7.
|
|
6 Feb 2026 | VULN131 | pgAdmin : 2026-02-05 - pgAdmin 4 v9.12 Released | Systems running pgAdmin 4 versions prior to 9.12.
|
|
6 Feb 2026 | VULN130 | vim : buffer overflow in helpfile option handling affects Vim < 9.1.2132 | Systems running Vim versions prior to 9.1.2132.
|
|
5 Feb 2026 | VULN129 | Broadcom : Foundation Core for VMware Tanzu Platform 3.1.7 | Systems running Foundation Core for VMware Tanzu Platform versions prior to 3.1.7.
|
|
5 Feb 2026 | VULN128 | Splunk : Third-Party Package Updates in Splunk SOAR - February 2026 | Systems running Splunk SOAR versions prior to 7.1.0.
|
|
5 Feb 2026 | VULN127 | Cisco : Cisco Security Advisories Published on February 04, 2026 | Systems running Cisco Meeting Management, Cisco TelePresence Collaboration Endpoint Software and RoomOS Software, Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure, Cisco Secure Web Appliance.
|
|
5 Feb 2026 | VULN126 | Drupal : Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 | Systems running Login Disable for Drupal versions prior to 2.1.3.
|
|
5 Feb 2026 | VULN125 | NGINX : CVE-2026-1642 SSL upstream injection Vulnerability fixed | Systems running NGINX versions prior to 1.29.5+, 1.28.2+.
|
|
5 Feb 2026 | VULN124 | modelcontextprotocol.io : Sharing server/transport instances can leak cross-client response data | Systems running @modelcontextprotocol/sdk (npm) versions prior to 1.26.0.
|
|
5 Feb 2026 | VULN123 | openclaw : Local File Inclusion via MEDIA: Path Extraction | Systems running openclaw (npm) versions prior to 2026.1.30.
|
|
5 Feb 2026 | VULN122 | n8n : Multiple Critical Vulnerabilities fixed in n8n | Systems running n8n (npm) versions prior to 2.5.2, 1.123.17.
|
|
5 Feb 2026 | VULN121 | rancher : Vulnerable to path traversal via parameters.pathPattern | Systems running rancher/local-path-provisioner versions prior to 0.0.34.
|
|
4 Feb 2026 | VULN120 | Tenable : Tenable Identity Exposure Version 3.77.16 Fixes Multiple Vulnerabilities | Systems running Tenable Identity Exposure versions prior to 3.77.16.
|
|
4 Feb 2026 | VULN119 | Google : Chrome 144.0.7559.132/.133 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 144.0.7559.132/.133.
|
|
4 Feb 2026 | VULN118 | glpi : Multiple security vulnerabilities fixed in glpi | Systems running glpi versions prior to 10.0.23, 11.0.5.
|
|
4 Feb 2026 | VULN117 | wagtail : Improper permission handling on admin preview endpoints | Systems running wagtail versions prior to 6.3.6, 7.0.4, 7.1.3, 7.2.2, 7.3.
|
|
4 Feb 2026 | VULN116 | Claude Code : Multiple security vulnerabilities fixed in Claude | Systems running Claude Code versions prior to 2.0.74.
|
|
4 Feb 2026 | VULN115 | Django : Django security releases issued 6.0.2, 5.2.11, and 4.2.28 | Systems running Django versions prior to 6.0.2, 5.2.11, 4.2.28.
|
|
3 Feb 2026 | VULN114 | Broadcom : Platform Automation Toolkit 5.4.0 | Systems running Platform Automation Toolkit versions prior to 5.4.0.
|
|
3 Feb 2026 | VULN113 | Broadcom : Telemetry for VMware Tanzu Platform 2.4.0 | Systems running Tanzu Telemetry for VMware Tanzu versions prior to 2.4.0.
|
|
3 Feb 2026 | VULN112 | Broadcom : Tanzu Kubernetes Grid Integrated Edition (TKGi) Vulnerabilities | Systems running anzu Kubernetes Grid Integrated Edition (TKGi).
|
|
3 Feb 2026 | VULN111 | Node.js : OpenSSL Security Advisory Assessment, January 2026 | Systems running Node.js and OpenSSL versions 3.0, 3.5.
|
|
3 Feb 2026 | VULN110 | Plone : Plone Security Advisory 20260116 - Attempted code insertions into Github pull requests | Systems running plone ecosystem software.
|
|
3 Feb 2026 | VULN109 | clawdbot : command injection and 1-Click RCE vulnerabilities fixed | Systems running clawdbot (npm) versions prior to 2026.1.29.
|
|
3 Feb 2026 | VULN108 | kubernetes : Multiple issues in ingress-nginx | Systems running ingress-nginx versions prior to 1.13.7, 1.14.3.
|
|
2 Feb 2026 | VULN107 | Grafana : Unauthenticated DoS and Cross-dashboard privilege escalation | Systems running Grafana versions prior to 12.3.1+security-01, 12.2.3+security-01, 12.1.5+security-01, 12.0.8+security-01, 11.6.9+security-01.
|
|
2 Feb 2026 | VULN106 | geopandas : geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure | Systems running geopandas (pip) versions prior to 1.1.2.
|
|
2 Feb 2026 | VULN105 | PsySH : Local Privilege Escalation via CWD .psysh.php auto-load | Systems running PsySH versions prior to 0.12.19, 0.11.23.
|
|
2 Feb 2026 | VULN104 | Rancher : Rancher CLI skips TLS verification on Rancher CLI login command | Systems running Rancher versions prior to 2.13.2, 2.12.6, 2.11.10, 2.10.11.
|
|
2 Feb 2026 | VULN103 | Apache : Apache Syncope Console XXE and Reflected XSS vulnerabilities | Systems running Apache Syncope versions prior to 3.0.16, 4.0.4.
|
|
2 Feb 2026 | VULN102 | Notepad++ : Notepad++ Hijacked by State-Sponsored Hackers | Systems running Notepad++ versions prior to 8.9.2.
|
|
2 Feb 2026 | VULN101 | CISA : Critical Vulnerability in KiloView Encoder Series | Systems running KiloView Encoder Series.
|
|
30 Jan 2026 | VULN100 | Withsecure : Multiple security vulnerabilities fixed in Withsecure products | Systems running Withsecure products.
|
|
30 Jan 2026 | VULN099 | Ivanti : Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) | Systems running Ivanti Endpoint Manager Mobile versions prior to RPM 12.x.0.x, RPM 12.x.1.x.
|
|
30 Jan 2026 | VULN098 | Qnap : Vulnerability in legacy QTS with NFS service enabled | Systems running qnap QTS versions prior to 5.2.x.
|
|
29 Jan 2026 | VULN097 | HPE Aruba Networking : HPE Aruba Networking Fabric Composer Multiple Vulnerabilities | Systems running HPE Aruba Networking Fabric Composer versions prior to 7.3.0.
|
|
29 Jan 2026 | VULN096 | Tenable : Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities | Systems running Nessus Network Monitor versions prior to 6.5.3.
|
|
29 Jan 2026 | VULN095 | Google : Chrome 144.0.7559.109/.110 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 144.0.7559.109/.110.
|
|
29 Jan 2026 | VULN094 | SolarWinds : Multiple security vulnerabilities fixed in SolarWinds Web Help Desk | Systems running SolarWinds Web Help Desk versions prior to 2026.1.
|
|
29 Jan 2026 | VULN093 | AutoGPT : RCE via Disabled Block Execution | Systems running AutoGPT Platform versions prio to autogpt-platform-beta-v0.6.44.
|
|
28 Jan 2026 | VULN092 | Fortinet : Administrative FortiCloud SSO authentication bypass | Systems running FortiOS versions prior to 7.6.6, 7.4.11, 7.2.13, 7.0.19, FortiManager versions prior to 7.6.6, 7.4.10, 7.2.13, 7.0.16, FortiAnalyzer versions prior to 7.6.6, 7.4.10, 7.2.12, 7.0.16, FortiProxy versions prior to 7.6.6, 7.4.13, FortiWeb versions prior to 8.0.4, 7.6.7, 7.4.12.
|
|
28 Jan 2026 | VULN091 | Vllm : Server-Side Request Forgery (SSRF) in `MediaConnector` | Systems running vllm (pip) versions prior to 0.14.1.
|
|
28 Jan 2026 | VULN090 | Symfony : Incorrect argument escaping under MSYS2/Git Bash on Windows can lead to destructive file operations | Systems running symfony/process (Composer), symfony/symfony (Composer) versions prior to 5.4.51, 6.4.33, 7.3.11, 7.4.5, 8.0.5.
|
|
28 Jan 2026 | VULN089 | Suricata : Multiple Vulnerabilities fixed in suricata | Systems running Suricata versions prior to 7.0.14, 8.0.3.
|
|
28 Jan 2026 | VULN088 | node-tar : Multiple vulnerabilities fixed in node-tar | Systems running node-tar (npm) versions prior to 7.5.7.
|
|
28 Jan 2026 | VULN087 | Citrix : XenServer Security Update for CVE-2025-58151 and CVE-2026-23553 | Systems running XenServer versions 8.4.
|
|
28 Jan 2026 | VULN086 | GnuPG : GnuPG and Gpg4win Security Advisory (T8044) | Systems running GnuPG versions prior to 2.5.17.
|
|
28 Jan 2026 | VULN085 | OpenSSL : OpenSSL Security Advisory [27th January 2026] | Systems running OpenSSL versions prior to 3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze, 1.0.2zn.
|
|
28 Jan 2026 | VULN084 | Kyverno : Kyverno Cross-Namespace Privilege Escalation and Denial of Service Vulnerabilities | Systems running kyverno (Go) versions prior to 1.16.3, 1.15.3.
|
|
28 Jan 2026 | VULN083 | vm2 : Sandbox Escape | Systems running vm2 versions prior to 3.10.2.
|
|
27 Jan 2026 | VULN082 | Microsoft : Vulnérabilit=é de contournement de la fonctionnalité de sécurité dans Microsoft Office | Systems running Microsoft Office 2016, Microsoft Office LTSC 2024, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Office 2019.
|
|
27 Jan 2026 | VULN081 | React : Denial of Service Vulnerabilities in React Server Components | Systems running react-server-dom-parcel (npm), react-server-dom-turbopack (npm), react-server-dom-webpack (npm) versions prior to 19.0.4, 19.1.5, 19.2.4.
|
|
27 Jan 2026 | VULN080 | next.js : Denial of Service Vulnerabilities fixed in next.js | Systems running next(npm) versions prior to 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5.
|
|
27 Jan 2026 | VULN079 | pytorch : Loading a malicious PyTorch checkpoint with weights_only=True can result in arbitrary code execution | Systems running PyTorch versions prior to 2.10.0.
|
|
27 Jan 2026 | VULN078 | Xen : Multiple vulnerabilities fixed in Xen | Systems running Xen.
|
|
26 Jan 2026 | VULN077 | CPython : email BytesGenerator header injection due to unquoted newlines | Systems running CPython.
|
|
26 Jan 2026 | VULN076 | protobuf : A potential Denial of Service issue in protobuf-python | Systems running protobuf (pip) versions prior to 4.25.8, 5.29.5, 6.31.1.
|
|
26 Jan 2026 | VULN075 | Apache : Apache Continuum Command injection leading to RCE | Systems running Apache Continuum.
|
|
26 Jan 2026 | VULN074 | Apache : Apache Karaf Decanter log-socket collector has deserialization vulnerability | Systems running Apache Karaf versions prior to 2.12.0.
|
|
26 Jan 2026 | VULN073 | Apache : HDFS native client Out of bounds write in URI parser of native HDFS client | Systems running Apache Hadoop HDFS native client versions prior to 3.4.2.
|
|
23 Jan 2026 | VULN072 | Broadcom : Web Security Services Agent Security Update | Systems running Cloud Secure Web Gateway versions prior to 9.8.5.
|
|
23 Jan 2026 | VULN071 | Python : CVE-2025-12781 base64.b64decode() always accepts \"+/\" characters, despite setting altchars | Systems running CPython.
|
|
23 Jan 2026 | VULN070 | Symantec : Symantec Endpoint Protection Security Update | Systems running Symantec Endpoint Protection versions prior to 14.3 RU10 (14.3.12167.10000), 14.3 RU9 (14.3.11237.9000), 14.3 RU8 (14.3.10178.8000).
|
|
23 Jan 2026 | VULN069 | Apache : Vulnerabilities fixed in Apache Solr | Systems running Apache Solr versions prior to 9.10.1.
|
|
23 Jan 2026 | VULN068 | TYPO3 : Insecure Deserialization in extension \"Mailqueue\" (mailqueue) | Systems running TYPO3 extension manager versions prior to 0.5.1, 0.4.3.
|
|
23 Jan 2026 | VULN067 | surrealdb : Confused Deputy Privilege Escalation through Future Fields and Functions | Systems running surrealdb (Rust) versions prior to 2.5.0, 3.0.0-beta.3.
|
|
23 Jan 2026 | VULN066 | GNU InetUtils : GNU InetUtils Security Advisory remote authentication by-pass in telnetd | Systems running GNU InetUtils telnetd.
|
|
23 Jan 2026 | VULN065 | incus : Arbitrary command execution vulnerabilities fixed in incus | Systems running incusd (Go) versions prior to 6.21.0, 6.0.6.
|
|
22 Jan 2026 | VULN064 | vllm : RCE via auto_map dynamic module loading during model initialization | Systems running vllm versions prior to 0.14.0.
|
|
22 Jan 2026 | VULN063 | Argo Workflows : Stored XSS in the artifact directory listing | Systems running argo-workflows (Go) versions prior to 3.6.17, 3.7.8.
|
|
22 Jan 2026 | VULN062 | GLIBC : DoS and stack contents leak vulnerabilities | Systems running GNU C Library versions 2.30 up to and including 2.42.
|
|
22 Jan 2026 | VULN061 | Ceph : Incorrect usage of certificate checking via Pybind use | Systems running pybind (ceph) versions prior to 20.2.1, 19.2.4, 18.2.9.
|
|
21 Jan 2026 | VULN060 | CPython : CPython Multiple vulnerabilities | Systems running CPython.
|
|
21 Jan 2026 | VULN059 | Bind : CVE-2025-13878 Malformed BRID/HHIT records can cause named to terminate unexpectedly | Systems running BIND versions prior to 9.18.44, 9.20.18, 9.21.17.
|
|
21 Jan 2026 | VULN058 | Oracle : January 2026 Critical Patch Update Released | Systems running Oracle products.
|
|
21 Jan 2026 | VULN057 | GitLab : GitLab Patch Release 18.8.2, 18.7.2, 18.6.4 | Systems running GitLab versions prior to 18.8.2, 18.7.2, 18.6.4.
|
|
21 Jan 2026 | VULN056 | Cisco : Cisco Security Advisories Published on January 21, 2026 | Cisco Unified Communications Products, Cisco Intersight Virtual Appliance, Cisco IEC6400 Wireless Backhaul Edge Compute Software, Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise.
|
|
20 Jan 2026 | VULN055 | urllib3 : Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) | Systems running urllib3 versions prior to 2.6.3.
|
|
20 Jan 2026 | VULN054 | Wireshark : Wireshark file parser and dissector crashes | Systems running Wireshark versions prior to 4.6.3, 4.4.13.
|
|
20 Jan 2026 | VULN053 | Traefik : ACME TLS-ALPN fast path lacks timeouts and close on handshake stall | Systems running traefik versions prior to 2.11.35, 3.6.7.
|
|
19 Jan 2026 | VULN052 | Svelte : XSS with textarea bind:value | Systems running svelte (npm) versions prior to 3.59.2.
|
|
19 Jan 2026 | VULN051 | Mattermost : Multiple security vulnerabilities fixed in Mattermost | Systems running Mattermost.
|
|
19 Jan 2026 | VULN050 | Deno : fix for `node:crypto` vulnerability and Incomplete fix for command-injection prevention on Windows | Systems running Deno versions prior to 2.6.0.
|
|
19 Jan 2026 | VULN049 | GLIBC : Integer overflow in memalign leads to heap corruption | Systems running GNU C Library versions 2.30 up to and including 2.42.
|
|
16 Jan 2026 | VULN048 | Centreon : CVE-2025-43865, CVE-2025-43864 - Centreon 25.10 IT & Business Editions | Systems running Centreon 25.10 IT & Business Editions.
|
|
16 Jan 2026 | VULN047 | GLPI : Unauthorized access to documents and Unauthenticated SQL injection fixed | Systems running glpi versions prior to 10.0.21, 11.0.3.
|
|
16 Jan 2026 | VULN046 | Pimcore : Multiple vulnerabilities fixed in Pimcore | Systems running pimcore (Composer) versions prior to 12.3.1 11.5.14.
|
|
16 Jan 2026 | VULN045 | Go : Go 1.25.6 and Go 1.24.12 include 6 security fixes | Systems running Go versions prior to 1.25.6, 1.24.12.
|
|
16 Jan 2026 | VULN044 | Apache : Apache Airflow sensitive data exposure vulnerabilities fixed | Systems running Apache Airflow versions prior to 3.1.6.
|
|
16 Jan 2026 | VULN043 | Apache : CVE-2025-60021 Apache bRPC Remote command injection vulnerability in heap builtin service | Systems running Apache bRPC versions prior to 1.15.0.
|
|
15 Jan 2026 | VULN042 | Adobe : Security update available for Adobe Dreamweaver APSB26-01 | Systems running Adobe Dreamweaver versions prior to 21.7.
|
|
15 Jan 2026 | VULN041 | Cisco : Cisco Security Advisories Published on January 15, 2026 | Systems running Cisco Secure Email Gateway And Cisco Secure Email and Web Manager, Cisco Identity Services Engine, Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure.
|
|
15 Jan 2026 | VULN040 | Adobe : Security Updates Available for Adobe Illustrator APSB26-03 | Systems running Adobe Illustrator versions prior to 2025 29.8.4, 2026 30.1.
|
|
15 Jan 2026 | VULN039 | Adobe : Security updates available for Adobe ColdFusion APSB26-12 | Systems running Adobe ColdFusion versions prior to 2025 Update 6, 2023 Update 18.
|
|
15 Jan 2026 | VULN038 | Mozilla : Security Vulnerabilities fixed in Thunderbird 147, 140.7 | Systems running Thunderbird versions prior to 147, 140.7.
|
|
15 Jan 2026 | VULN037 | Mozilla : Security Vulnerabilities fixed in Firefox 147, ESR 115.32, ESR 140.7 | Systems running Firefox versions prior to 147, ESR 115.32, ESR 140.7.
|
|
15 Jan 2026 | VULN036 | Google: Chrome 144.0.7559.59/60 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 144.0.7559.59/60.
|
|
14 Jan 2026 | VULN035 | Misp : Stored/Reflected XSS via Unsanitized Parameters in URL Generation and JavaScript Context | Systems running misp versions prior to 2.5.31.
|
|
14 Jan 2026 | VULN034 | Spring : CVE-2026-22718 Command injection on user machine using VSCode extension for Spring CLI | Systems running Spring CLI VSCode Extension.
|
|
14 Jan 2026 | VULN033 | Fortinet : Heap-based buffer overflow in cw_acd daemon | Systems running FortiOS versions prior to 7.6.4, 7.4.9, 7.2.12, 7.0.18, 6.4.17, FortiSASE versions prior to 25.2.c, FortiSwitchManager versions prior to 7.2.7, 7.0.6.
|
|
14 Jan 2026 | VULN032 | Fortinet : Unauthenticated remote command injection in FortiSIEM | Systems running FortiSIEM versions prior to 7.4.1, 7.3.5, 7.2.7, 7.1.9.
|
|
14 Jan 2026 | VULN031 | Fortinet : Unauthenticated access to local configuration | Systems running FortiFone versions prior to 7.0.2, 3.0.24.
|
|
14 Jan 2026 | VULN030 | TYPO3 : Broken Access Control and Insecure Deserialization Vulnerabilities fixed in TYPO3 | Systems running TYPO3 CMS versions prior to 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2.
|
|
14 Jan 2026 | VULN029 | AdonisJS : Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM | Systems running @adonisjs/lucid versions prior to 21.8.2, 22.0.0-next.6.
|
|
14 Jan 2026 | VULN028 | opencode : Malicious website can execute commands on the local system through XSS in the OpenCode web UI | Systems running opencode versions prior to 1.1.10.
|
|
14 Jan 2026 | VULN027 | Apache : Apache Camel security advisory CVE-2025-66169 | Systems running Apache Camel versions prior to 4.10.8, 4.14.3, 4.17.0.
|
|
14 Jan 2026 | VULN026 | Node.js : Tuesday, January 13, 2026 Security Releases | Systems running Node.js versions prior to 20.20.0, 22.22.0, 24.13.0, 25.3.0.
|
|
13 Jan 2026 | VULN025 | VMware : Vulnerabilities fixed in VMware Tanzu GemFire 10.1.6 and 10.2.1 | Systems running VMware Tanzu Data Intelligence, VMware Tanzu Data Services Pack, VMware Tanzu Data Suite, VMware Tanzu Gemfire.
|
|
13 Jan 2026 | VULN024 | SAP : SAP Security Patch Day - January 2026 | Systems running SAP products.
|
|
13 Jan 2026 | VULN023 | react-router : Multiple vulnerabilities fixed in react-router ecosystem | Systems running @react-router/node (npm) versions prior to 7.9.4, react-router (npm) versions prior to 7.12.0, @remix-run/react (npm) versions prior to 2.17.1, @remix-run/router (npm) versions prior to 1.23.2, @remix-run/deno (npm), @remix-run/node (npm), @remix-run/server-runtime (npm) versions prior to 2.17.3.
|
|
13 Jan 2026 | VULN022 | Libpng : Heap buffer over-read vulnerabilities fixed in libpng | Systems running Libpng versions prior to 1.6.54.
|
|
12 Jan 2026 | VULN021 | Angular : XSS Vulnerability via Unsanitized SVG Script Attributes | Systems running @angular/compiler (npm), @angular/core (npm) versions prior to 21.1.0-rc.0, 21.0.7, 20.3.16, 19.2.18.
|
|
12 Jan 2026 | VULN020 | Apache : CVE-2025-68493 Apache Struts XXE vulnerability in outdated XWork component | Systems running Apache Struts versions prior to 25.10.2, 24.10.3, 24.04.3.
|
|
12 Jan 2026 | VULN019 | Centreon : Centreon Open Tickets - Vulnerabilities, one High Severity | Systems running Centreon Open Tickets versions prior to 25.10.0, 24.10.5, 24.04.5, 23.10.4.
|
|
12 Jan 2026 | VULN018 | Joomla! : Core - XSS vectors in Joomla! CMS | Systems running Joomla! CMS versions prior to 5.4.2, 6.0.2.
|
|
9 Jan 2026 | VULN017 | Centreon : Centreon AWIE - Critical Severity Vulnerabilities | Systems running Centreon AWIE versions prior to 25.10.2, 24.10.3, 24.04.3.
|
|
9 Jan 2026 | VULN016 | Apache : Multiple Vulnerabilities fixed in Apache NimBLE 1.9.0 | Systems Apache NimBLE versions prior to 1.9.0.
|
|
9 Jan 2026 | VULN015 | Tenable : Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability | Systems running Nessus Agent versions prior to 11.0.3, 10.9.3.
|
|
9 Jan 2026 | VULN014 | Trend Micro : Trend Micro Apex Central (on-premise) January 2026 Multiple Vulnerabilities | Systems Apex Central (on-premise) versions prior to Critical Patch Build 7190.
|
|
9 Jan 2026 | VULN013 | Cisco : Cisco Security Advisories Published on January 07, 2026 | Systems running Cisco Products running Snort, Cisco Identity Services Engine.
|
|
9 Jan 2026 | VULN012 | RustFS : Multiple Vulnerabilities Resolved in RustFS, one Critical | Systems running RustFS versions prior to alpha.79.
|
|
8 Jan 2026 | VULN011 | Veeam : Vulnerabilities Resolved in Veeam Backup & Replication, one Critical | Systems running Veeam Backup & Replication versions prior to 13.0.1.1071.
|
|
8 Jan 2026 | VULN010 | Vega : Vega Cross-Site Scripting (XSS) vulnerabilities | Systems running vega-selections (npm) versions prior to 6.1.2, 5.6.3, vega-functions (npm) versions prior to 6.1.1.
|
|
8 Jan 2026 | VULN009 | Google : Chrome 143.0.7499.192/.193 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 143.0.7499.192/.193.
|
|
8 Jan 2026 | VULN008 | GitLab : GitLab Patch Release 18.7.1, 18.6.3, 18.5.5 | Systems running GitLab versions prior to 18.7.1, 18.6.3, 18.5.5.
|
|
7 Jan 2026 | VULN007 | Opencti : GraphQL IDOR allows authenticated user to delete workspace content of other users | Systems running OpenCTI versions prior to 6.8.1.
|
|
7 Jan 2026 | VULN006 | Apache : CVE-2025-68280 Apache SIS XML External Entity (XXE) vulnerability | Systems running Apache SIS versions prior to 1.6.
|
|
7 Jan 2026 | VULN005 | AIOHTTP : Multiple Security Vulnerabilities fixed in AIOHTTP | Systems running AIOHTTP versions prior to 3.13.3.
|
|
7 Jan 2026 | VULN004 | curl : Multiple vulnerabilities fixed in curl 8.18.0 | Systems running curl versions prior to 8.18.0.
|
|
7 Jan 2026 | VULN003 | GNU Wget : Critical file overwrite issue with metalink in GNU Wget2 CVE-2025-69194 | Systems running GNU Wget2 versions prior to 2.2.1.
|
|
7 Jan 2026 | VULN002 | Langflow : Missing Authentication on Critical API Endpoints | Systems running Langflow versions prior to 1.7.1.
|
|
7 Jan 2026 | VULN001 | n8n : Critical RCE via Arbitrary File Write | Systems running n8n versions prior to 1.121.3.
|