|
13 Feb 2026 | VULN167 | Traefik : TCP readTimeout bypass via STARTTLS on Postgres | Systems running Traefik versions prior to 2.6.1, 3.0.0-beta.3.
|
|
13 Feb 2026 | VULN166 | SPIP : Mise =?UTF-8?Q?=C3=A0?= jour de =?UTF-8?Q?s=C3=A9curit=C3=A9?= sortie de SPIP 4.4.8 | Systems running SPIP versions prior to 4.4.8.
|
|
13 Feb 2026 | VULN165 | SurrealDB : Denial of Service through scripting function memory edge case | Systems running SurrealDB (Rust) versions prior to 2.6.1, 3.0.0-beta.3.
|
|
13 Feb 2026 | VULN164 | Fortinet : Multiple vulnerabilities fixed in FortiOS | FortiOS versions prior to 7.6.5, 7.4.10.
|
|
13 Feb 2026 | VULN163 | Fortinet : Missing authorization on CSV user import | Systems running FortiAuthenticator versions prior to 6.6.7.
|
|
13 Feb 2026 | VULN162 | PostgreSQL : PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 Released! | Systems running PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, 14.21.
|
|
13 Feb 2026 | VULN161 | Apache : CVE-2025-33042 Apache Avro Java SDK Code injection on Java generated code | Systems running Apache Avro Java SDK versions prior to 1.12.1, 1.11.5.
|
|
12 Feb 2026 | VULN160 | Pillow : Out-of-bounds write when loading PSD images | Systems running Pillow versions prior to 12.1.1.
|
|
12 Feb 2026 | VULN159 | APPLE : APPLE-SA-02-11-2026-7 watchOS 26.3 | watchOS versions prior to 26.3.
|
|
12 Feb 2026 | VULN158 | APPLE : APPLE-SA-02-11-2026-6 tvOS 26.3 | tvOS versions prior to 26.3.
|
|
12 Feb 2026 | VULN157 | APPLE : iOS 26.3, 18.7.5 and iPadOS 26.3, 18.7.5 | iOS, iPadOS versions prior to 26.3, 18.7.5.
|
|
12 Feb 2026 | VULN156 | APPLE : macOS Tahoe 26.3, Sequoia 15.7.4 and Sonoma 14.8.4 | macOS versions prior to Tahoe 26.3, Sequoia 15.7.4, Sonoma 14.8.4.
|
|
12 Feb 2026 | VULN155 | BeyondTrust : RCE in Remote Support (RS) and Privileged Remote Access (PRA) | Systems running BeyondTrust Remote Support versions prior to Patch BT26-02-RS (v21.3 - 25.3.1), BeyondTrust Privileged Remote Access versions prior to Patch BT26-02-PRA (v22.1 - 24.X).
|
|
11 Feb 2026 | VULN154 | Ivanti : Security Advisory EPM February 2026 for EPM 2024 | Systems running Ivanti Endpoint Manager versions prior to 2024 SU5.
|
|
11 Feb 2026 | VULN153 | GitLab : GitLab Patch Release: 18.8.4, 18.7.4, 18.6.6 | Systems running GitLab versions prior to 18.8.4, 18.7.4, 18.6.6.
|
|
11 Feb 2026 | VULN152 | Adobe : Security Updates Available for Adobe Bridge APSB26-21 | Systems running Adobe Bridge versions prior to 15.1.4 (LTS), 16.0.2.
|
|
11 Feb 2026 | VULN151 | Adobe : Security Update Available for Adobe InDesign APSB26-17 | Systems running Adobe InDesign versions prior to ID21.2, ID20.5.2.
|
|
11 Feb 2026 | VULN149 | munge : Buffer overflow in message unpacking allows key leakage and credential forgery | Systems running munge versions prior to 0.5.18.
|
|
11 Feb 2026 | VULN148 | Adobe : Security Updates Available for Adobe After Effects APSB26-15 | Systems running Adobe After Effects versions prior to 25.6.4, 26.0.
|
|
11 Feb 2026 | VULN147 | Keycloak : Keycloak 26.5.3 fix multiple security vulnerabilities | Systems running Keycloak versions prior to 26.5.3.
|
|
11 Feb 2026 | VULN146 | Cryptography : PyCA cryptography 46.0.5 released | Systems running PyCA cryptography versions prior to 46.0.0.
|
|
10 Feb 2026 | VULN145 | Fortinet : SQLi in administrative interface | Systems running FortiClientEMS versions prior to 7.4.5.
|
|
10 Feb 2026 | VULN144 | SAP : SAP Security Patch Day - February 2026 | Systems running SAP products.
|
|
10 Feb 2026 | VULN143 | libpng : Heap buffer overflow in png_set_quantize | Systems running libpng versions prior to 1.6.55.
|
|
10 Feb 2026 | VULN142 | PowerDNS : PowerDNS Security Advisory 2026-01 Crafted zones can lead to increased resource usage in Recursor | Systems running PowerDNS Recursor versions prior to 5.1.10, 5.2.8, 5.3.5.
|
|
10 Feb 2026 | VULN141 | GNUTLS : gnutls 3.8.12 fix DoS and Stack write buffer overflow vulnerabilities | Systems running GNUTLS versions prior to 3.8.12.
|
|
10 Feb 2026 | VULN140 | Apache : CVE-2026-23906 Apache Druid Authentication Bypass via LDAP Anonymous Bind | Systems running Apache Druid versions prior to 36.0.0.
|
|
9 Feb 2026 | VULN139 | Broadcom : VMware Tanzu Greenplum 6.32.0 | Systems running VMware Tanzu Greenplum versions prior to 6.32.0.
|
|
9 Feb 2026 | VULN138 | Apache : CVE-2026-24343 Apache HertzBeat Uncontrolled Resource Consumption via Crafted XPath Expressions | Systems running Apache HertzBeat versions prior to 1.8.0.
|
|
9 Feb 2026 | VULN137 | Apache : Permission Bypass and permission leak vulnerabilities fixed in Apache Airflow | Systems running Apache Airflow versions prior to 3.1.7.
|
|
9 Feb 2026 | VULN136 | Gitlab : GitLab AI Gateway Critical Patch Release: 18.6.2, 18.7.1, and 18.8.1 | Systems running GitLab AI Gateway versions prior to 18.6.2, 18.7.1, 18.8.1.
|
|
9 Feb 2026 | VULN135 | Roundcube : Security updates 1.6.13 and 1.5.13 released | Systems running Roundcube Webmail prior to 1.6.13, 1.5.13.
|
|
6 Feb 2026 | VULN134 | Broadcom : Isolation Segmentation for VMware Tanzu Platform 10.2.7+LTS-T, 10.3.4 | Systems running VMware Tanzu Platform versions prior to 10.2.7+LTS-T.
|
|
6 Feb 2026 | VULN133 | ESET : Local privilege escalation vulnerability in ESET Management Agent for Windows fixed | Systems running ESET Management Agent for Windows versions prior to 13.0.1400.0.
|
|
6 Feb 2026 | VULN132 | web2py : web2py has an Open Redirect Vulnerability | Systems running web2py versions prior to 3.1.7.
|
|
6 Feb 2026 | VULN131 | pgAdmin : 2026-02-05 - pgAdmin 4 v9.12 Released | Systems running pgAdmin 4 versions prior to 9.12.
|
|
6 Feb 2026 | VULN130 | vim : buffer overflow in helpfile option handling affects Vim < 9.1.2132 | Systems running Vim versions prior to 9.1.2132.
|
|
5 Feb 2026 | VULN129 | Broadcom : Foundation Core for VMware Tanzu Platform 3.1.7 | Systems running Foundation Core for VMware Tanzu Platform versions prior to 3.1.7.
|
|
5 Feb 2026 | VULN128 | Splunk : Third-Party Package Updates in Splunk SOAR - February 2026 | Systems running Splunk SOAR versions prior to 7.1.0.
|
|
5 Feb 2026 | VULN127 | Cisco : Cisco Security Advisories Published on February 04, 2026 | Systems running Cisco Meeting Management, Cisco TelePresence Collaboration Endpoint Software and RoomOS Software, Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure, Cisco Secure Web Appliance.
|
|
5 Feb 2026 | VULN126 | Drupal : Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 | Systems running Login Disable for Drupal versions prior to 2.1.3.
|
|
5 Feb 2026 | VULN125 | NGINX : CVE-2026-1642 SSL upstream injection Vulnerability fixed | Systems running NGINX versions prior to 1.29.5+, 1.28.2+.
|
|
5 Feb 2026 | VULN124 | modelcontextprotocol.io : Sharing server/transport instances can leak cross-client response data | Systems running @modelcontextprotocol/sdk (npm) versions prior to 1.26.0.
|
|
5 Feb 2026 | VULN123 | openclaw : Local File Inclusion via MEDIA: Path Extraction | Systems running openclaw (npm) versions prior to 2026.1.30.
|
|
5 Feb 2026 | VULN122 | n8n : Multiple Critical Vulnerabilities fixed in n8n | Systems running n8n (npm) versions prior to 2.5.2, 1.123.17.
|
|
5 Feb 2026 | VULN121 | rancher : Vulnerable to path traversal via parameters.pathPattern | Systems running rancher/local-path-provisioner versions prior to 0.0.34.
|
|
4 Feb 2026 | VULN120 | Tenable : Tenable Identity Exposure Version 3.77.16 Fixes Multiple Vulnerabilities | Systems running Tenable Identity Exposure versions prior to 3.77.16.
|
|
4 Feb 2026 | VULN119 | Google : Chrome 144.0.7559.132/.133 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 144.0.7559.132/.133.
|
|
4 Feb 2026 | VULN118 | glpi : Multiple security vulnerabilities fixed in glpi | Systems running glpi versions prior to 10.0.23, 11.0.5.
|
|
4 Feb 2026 | VULN117 | wagtail : Improper permission handling on admin preview endpoints | Systems running wagtail versions prior to 6.3.6, 7.0.4, 7.1.3, 7.2.2, 7.3.
|
|
4 Feb 2026 | VULN116 | Claude Code : Multiple security vulnerabilities fixed in Claude | Systems running Claude Code versions prior to 2.0.74.
|
|
4 Feb 2026 | VULN115 | Django : Django security releases issued 6.0.2, 5.2.11, and 4.2.28 | Systems running Django versions prior to 6.0.2, 5.2.11, 4.2.28.
|
|
3 Feb 2026 | VULN114 | Broadcom : Platform Automation Toolkit 5.4.0 | Systems running Platform Automation Toolkit versions prior to 5.4.0.
|
|
3 Feb 2026 | VULN113 | Broadcom : Telemetry for VMware Tanzu Platform 2.4.0 | Systems running Tanzu Telemetry for VMware Tanzu versions prior to 2.4.0.
|
|
3 Feb 2026 | VULN112 | Broadcom : Tanzu Kubernetes Grid Integrated Edition (TKGi) Vulnerabilities | Systems running anzu Kubernetes Grid Integrated Edition (TKGi).
|
|
3 Feb 2026 | VULN111 | Node.js : OpenSSL Security Advisory Assessment, January 2026 | Systems running Node.js and OpenSSL versions 3.0, 3.5.
|
|
3 Feb 2026 | VULN110 | Plone : Plone Security Advisory 20260116 - Attempted code insertions into Github pull requests | Systems running plone ecosystem software.
|
|
3 Feb 2026 | VULN109 | clawdbot : command injection and 1-Click RCE vulnerabilities fixed | Systems running clawdbot (npm) versions prior to 2026.1.29.
|
|
3 Feb 2026 | VULN108 | kubernetes : Multiple issues in ingress-nginx | Systems running ingress-nginx versions prior to 1.13.7, 1.14.3.
|
|
2 Feb 2026 | VULN107 | Grafana : Unauthenticated DoS and Cross-dashboard privilege escalation | Systems running Grafana versions prior to 12.3.1+security-01, 12.2.3+security-01, 12.1.5+security-01, 12.0.8+security-01, 11.6.9+security-01.
|
|
2 Feb 2026 | VULN106 | geopandas : geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure | Systems running geopandas (pip) versions prior to 1.1.2.
|
|
2 Feb 2026 | VULN105 | PsySH : Local Privilege Escalation via CWD .psysh.php auto-load | Systems running PsySH versions prior to 0.12.19, 0.11.23.
|
|
2 Feb 2026 | VULN104 | Rancher : Rancher CLI skips TLS verification on Rancher CLI login command | Systems running Rancher versions prior to 2.13.2, 2.12.6, 2.11.10, 2.10.11.
|
|
2 Feb 2026 | VULN103 | Apache : Apache Syncope Console XXE and Reflected XSS vulnerabilities | Systems running Apache Syncope versions prior to 3.0.16, 4.0.4.
|
|
2 Feb 2026 | VULN102 | Notepad++ : Notepad++ Hijacked by State-Sponsored Hackers | Systems running Notepad++ versions prior to 8.9.2.
|
|
2 Feb 2026 | VULN101 | CISA : Critical Vulnerability in KiloView Encoder Series | Systems running KiloView Encoder Series.
|
|
30 Jan 2026 | VULN100 | Withsecure : Multiple security vulnerabilities fixed in Withsecure products | Systems running Withsecure products.
|
|
30 Jan 2026 | VULN099 | Ivanti : Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) | Systems running Ivanti Endpoint Manager Mobile versions prior to RPM 12.x.0.x, RPM 12.x.1.x.
|
|
30 Jan 2026 | VULN098 | Qnap : Vulnerability in legacy QTS with NFS service enabled | Systems running qnap QTS versions prior to 5.2.x.
|
|
29 Jan 2026 | VULN097 | HPE Aruba Networking : HPE Aruba Networking Fabric Composer Multiple Vulnerabilities | Systems running HPE Aruba Networking Fabric Composer versions prior to 7.3.0.
|
|
29 Jan 2026 | VULN096 | Tenable : Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities | Systems running Nessus Network Monitor versions prior to 6.5.3.
|
|
29 Jan 2026 | VULN095 | Google : Chrome 144.0.7559.109/.110 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 144.0.7559.109/.110.
|
|
29 Jan 2026 | VULN094 | SolarWinds : Multiple security vulnerabilities fixed in SolarWinds Web Help Desk | Systems running SolarWinds Web Help Desk versions prior to 2026.1.
|
|
29 Jan 2026 | VULN093 | AutoGPT : RCE via Disabled Block Execution | Systems running AutoGPT Platform versions prio to autogpt-platform-beta-v0.6.44.
|
|
28 Jan 2026 | VULN092 | Fortinet : Administrative FortiCloud SSO authentication bypass | Systems running FortiOS versions prior to 7.6.6, 7.4.11, 7.2.13, 7.0.19, FortiManager versions prior to 7.6.6, 7.4.10, 7.2.13, 7.0.16, FortiAnalyzer versions prior to 7.6.6, 7.4.10, 7.2.12, 7.0.16, FortiProxy versions prior to 7.6.6, 7.4.13, FortiWeb versions prior to 8.0.4, 7.6.7, 7.4.12.
|
|
28 Jan 2026 | VULN091 | Vllm : Server-Side Request Forgery (SSRF) in `MediaConnector` | Systems running vllm (pip) versions prior to 0.14.1.
|
|
28 Jan 2026 | VULN090 | Symfony : Incorrect argument escaping under MSYS2/Git Bash on Windows can lead to destructive file operations | Systems running symfony/process (Composer), symfony/symfony (Composer) versions prior to 5.4.51, 6.4.33, 7.3.11, 7.4.5, 8.0.5.
|
|
28 Jan 2026 | VULN089 | Suricata : Multiple Vulnerabilities fixed in suricata | Systems running Suricata versions prior to 7.0.14, 8.0.3.
|
|
28 Jan 2026 | VULN088 | node-tar : Multiple vulnerabilities fixed in node-tar | Systems running node-tar (npm) versions prior to 7.5.7.
|
|
28 Jan 2026 | VULN087 | Citrix : XenServer Security Update for CVE-2025-58151 and CVE-2026-23553 | Systems running XenServer versions 8.4.
|
|
28 Jan 2026 | VULN086 | GnuPG : GnuPG and Gpg4win Security Advisory (T8044) | Systems running GnuPG versions prior to 2.5.17.
|
|
28 Jan 2026 | VULN085 | OpenSSL : OpenSSL Security Advisory [27th January 2026] | Systems running OpenSSL versions prior to 3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze, 1.0.2zn.
|
|
28 Jan 2026 | VULN084 | Kyverno : Kyverno Cross-Namespace Privilege Escalation and Denial of Service Vulnerabilities | Systems running kyverno (Go) versions prior to 1.16.3, 1.15.3.
|
|
28 Jan 2026 | VULN083 | vm2 : Sandbox Escape | Systems running vm2 versions prior to 3.10.2.
|
|
27 Jan 2026 | VULN082 | Microsoft : =?UTF-8?Q?Vuln=C3=A9rabilit=C3=A9?= de contournement de la =?UTF-8?Q?fonctionnalit=C3=A9?= de =?UTF-8?Q?s?= =?UTF-8?Q?=C3=A9curit=C3=A9?= dans Microsoft Office | Systems running Microsoft Office 2016, Microsoft Office LTSC 2024, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Office 2019.
|
|
27 Jan 2026 | VULN081 | React : Denial of Service Vulnerabilities in React Server Components | Systems running react-server-dom-parcel (npm), react-server-dom-turbopack (npm), react-server-dom-webpack (npm) versions prior to 19.0.4, 19.1.5, 19.2.4.
|
|
27 Jan 2026 | VULN080 | next.js : Denial of Service Vulnerabilities fixed in next.js | Systems running next(npm) versions prior to 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5.
|
|
27 Jan 2026 | VULN079 | pytorch : Loading a malicious PyTorch checkpoint with weights_only=True can result in arbitrary code execution | Systems running PyTorch versions prior to 2.10.0.
|
|
27 Jan 2026 | VULN078 | Xen : Multiple vulnerabilities fixed in Xen | Systems running Xen.
|
|
26 Jan 2026 | VULN077 | CPython : email BytesGenerator header injection due to unquoted newlines | Systems running CPython.
|
|
26 Jan 2026 | VULN076 | protobuf : A potential Denial of Service issue in protobuf-python | Systems running protobuf (pip) versions prior to 4.25.8, 5.29.5, 6.31.1.
|
|
26 Jan 2026 | VULN075 | Apache : Apache Continuum Command injection leading to RCE | Systems running Apache Continuum.
|
|
26 Jan 2026 | VULN074 | Apache : Apache Karaf Decanter log-socket collector has deserialization vulnerability | Systems running Apache Karaf versions prior to 2.12.0.
|
|
26 Jan 2026 | VULN073 | Apache : HDFS native client Out of bounds write in URI parser of native HDFS client | Systems running Apache Hadoop HDFS native client versions prior to 3.4.2.
|
|
23 Jan 2026 | VULN072 | Broadcom : Web Security Services Agent Security Update | Systems running Cloud Secure Web Gateway versions prior to 9.8.5.
|
|
23 Jan 2026 | VULN071 | Python : CVE-2025-12781 base64.b64decode() always accepts \"+/\" characters, despite setting altchars | Systems running CPython.
|
|
23 Jan 2026 | VULN070 | Symantec : Symantec Endpoint Protection Security Update | Systems running Symantec Endpoint Protection versions prior to 14.3 RU10 (14.3.12167.10000), 14.3 RU9 (14.3.11237.9000), 14.3 RU8 (14.3.10178.8000).
|
|
23 Jan 2026 | VULN069 | Apache : Vulnerabilities fixed in Apache Solr | Systems running Apache Solr versions prior to 9.10.1.
|
|
23 Jan 2026 | VULN068 | TYPO3 : Insecure Deserialization in extension \"Mailqueue\" (mailqueue) | Systems running TYPO3 extension manager versions prior to 0.5.1, 0.4.3.
|
|
23 Jan 2026 | VULN067 | surrealdb : Confused Deputy Privilege Escalation through Future Fields and Functions | Systems running surrealdb (Rust) versions prior to 2.5.0, 3.0.0-beta.3.
|
|
23 Jan 2026 | VULN066 | GNU InetUtils : GNU InetUtils Security Advisory remote authentication by-pass in telnetd | Systems running GNU InetUtils telnetd.
|
|
23 Jan 2026 | VULN065 | incus : Arbitrary command execution vulnerabilities fixed in incus | Systems running incusd (Go) versions prior to 6.21.0, 6.0.6.
|
|
22 Jan 2026 | VULN064 | vllm : RCE via auto_map dynamic module loading during model initialization | Systems running vllm versions prior to 0.14.0.
|
|
22 Jan 2026 | VULN063 | Argo Workflows : Stored XSS in the artifact directory listing | Systems running argo-workflows (Go) versions prior to 3.6.17, 3.7.8.
|
|
22 Jan 2026 | VULN062 | GLIBC : DoS and stack contents leak vulnerabilities | Systems running GNU C Library versions 2.30 up to and including 2.42.
|
|
22 Jan 2026 | VULN061 | Ceph : Incorrect usage of certificate checking via Pybind use | Systems running pybind (ceph) versions prior to 20.2.1, 19.2.4, 18.2.9.
|
|
21 Jan 2026 | VULN060 | CPython : CPython Multiple vulnerabilities | Systems running CPython.
|
|
21 Jan 2026 | VULN059 | Bind : CVE-2025-13878 Malformed BRID/HHIT records can cause named to terminate unexpectedly | Systems running BIND versions prior to 9.18.44, 9.20.18, 9.21.17.
|
|
21 Jan 2026 | VULN058 | Oracle : January 2026 Critical Patch Update Released | Systems running Oracle products.
|
|
21 Jan 2026 | VULN057 | GitLab : GitLab Patch Release 18.8.2, 18.7.2, 18.6.4 | Systems running GitLab versions prior to 18.8.2, 18.7.2, 18.6.4.
|
|
21 Jan 2026 | VULN056 | Cisco : Cisco Security Advisories Published on January 21, 2026 | Cisco Unified Communications Products, Cisco Intersight Virtual Appliance, Cisco IEC6400 Wireless Backhaul Edge Compute Software, Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise.
|
|
20 Jan 2026 | VULN055 | urllib3 : Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) | Systems running urllib3 versions prior to 2.6.3.
|
|
20 Jan 2026 | VULN054 | Wireshark : Wireshark file parser and dissector crashes | Systems running Wireshark versions prior to 4.6.3, 4.4.13.
|
|
20 Jan 2026 | VULN053 | Traefik : ACME TLS-ALPN fast path lacks timeouts and close on handshake stall | Systems running traefik versions prior to 2.11.35, 3.6.7.
|
|
19 Jan 2026 | VULN052 | Svelte : XSS with textarea bind:value | Systems running svelte (npm) versions prior to 3.59.2.
|
|
19 Jan 2026 | VULN051 | Mattermost : Multiple security vulnerabilities fixed in Mattermost | Systems running Mattermost.
|
|
19 Jan 2026 | VULN050 | Deno : fix for `node:crypto` vulnerability and Incomplete fix for command-injection prevention on Windows | Systems running Deno versions prior to 2.6.0.
|
|
19 Jan 2026 | VULN049 | GLIBC : Integer overflow in memalign leads to heap corruption | Systems running GNU C Library versions 2.30 up to and including 2.42.
|
|
16 Jan 2026 | VULN048 | Centreon : CVE-2025-43865, CVE-2025-43864 - Centreon 25.10 IT & Business Editions | Systems running Centreon 25.10 IT & Business Editions.
|
|
16 Jan 2026 | VULN047 | GLPI : Unauthorized access to documents and Unauthenticated SQL injection fixed | Systems running glpi versions prior to 10.0.21, 11.0.3.
|
|
16 Jan 2026 | VULN046 | Pimcore : Multiple vulnerabilities fixed in Pimcore | Systems running pimcore (Composer) versions prior to 12.3.1 11.5.14.
|
|
16 Jan 2026 | VULN045 | Go : Go 1.25.6 and Go 1.24.12 include 6 security fixes | Systems running Go versions prior to 1.25.6, 1.24.12.
|
|
16 Jan 2026 | VULN044 | Apache : Apache Airflow sensitive data exposure vulnerabilities fixed | Systems running Apache Airflow versions prior to 3.1.6.
|
|
16 Jan 2026 | VULN043 | Apache : CVE-2025-60021 Apache bRPC Remote command injection vulnerability in heap builtin service | Systems running Apache bRPC versions prior to 1.15.0.
|
|
15 Jan 2026 | VULN042 | Adobe : =?UTF-8?Q?Se?= =?UTF-8?Q?curity=E2=80=AFupdate_available=E2=80=AFfor?= Adobe Dreamweaver APSB26-01 | Systems running Adobe Dreamweaver versions prior to 21.7.
|
|
15 Jan 2026 | VULN041 | Cisco : Cisco Security Advisories Published on January 15, 2026 | Systems running Cisco Secure Email Gateway And Cisco Secure Email and Web Manager, Cisco Identity Services Engine, Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure.
|
|
15 Jan 2026 | VULN040 | Adobe : Security Updates Available for Adobe Illustrator APSB26-03 | Systems running Adobe Illustrator versions prior to 2025 29.8.4, 2026 30.1.
|
|
15 Jan 2026 | VULN039 | Adobe : Security updates available for Adobe ColdFusion APSB26-12 | Systems running Adobe ColdFusion versions prior to 2025 Update 6, 2023 Update 18.
|
|
15 Jan 2026 | VULN038 | Mozilla : Security Vulnerabilities fixed in Thunderbird 147, 140.7 | Systems running Thunderbird versions prior to 147, 140.7.
|
|
15 Jan 2026 | VULN037 | Mozilla : Security Vulnerabilities fixed in Firefox 147, ESR 115.32, ESR 140.7 | Systems running Firefox versions prior to 147, ESR 115.32, ESR 140.7.
|
|
15 Jan 2026 | VULN036 | Google: Chrome 144.0.7559.59/60 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 144.0.7559.59/60.
|
|
14 Jan 2026 | VULN035 | Misp : Stored/Reflected XSS via Unsanitized Parameters in URL Generation and JavaScript Context | Systems running misp versions prior to 2.5.31.
|
|
14 Jan 2026 | VULN034 | Spring : CVE-2026-22718 Command injection on user machine using VSCode extension for Spring CLI | Systems running Spring CLI VSCode Extension.
|
|
14 Jan 2026 | VULN033 | Fortinet : Heap-based buffer overflow in cw_acd daemon | Systems running FortiOS versions prior to 7.6.4, 7.4.9, 7.2.12, 7.0.18, 6.4.17, FortiSASE versions prior to 25.2.c, FortiSwitchManager versions prior to 7.2.7, 7.0.6.
|
|
14 Jan 2026 | VULN032 | Fortinet : Unauthenticated remote command injection in FortiSIEM | Systems running FortiSIEM versions prior to 7.4.1, 7.3.5, 7.2.7, 7.1.9.
|
|
14 Jan 2026 | VULN031 | Fortinet : Unauthenticated access to local configuration | Systems running FortiFone versions prior to 7.0.2, 3.0.24.
|
|
14 Jan 2026 | VULN030 | TYPO3 : Broken Access Control and Insecure Deserialization Vulnerabilities fixed in TYPO3 | Systems running TYPO3 CMS versions prior to 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2.
|
|
14 Jan 2026 | VULN029 | AdonisJS : Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM | Systems running @adonisjs/lucid versions prior to 21.8.2, 22.0.0-next.6.
|
|
14 Jan 2026 | VULN028 | opencode : Malicious website can execute commands on the local system through XSS in the OpenCode web UI | Systems running opencode versions prior to 1.1.10.
|
|
14 Jan 2026 | VULN027 | Apache : Apache Camel security advisory CVE-2025-66169 | Systems running Apache Camel versions prior to 4.10.8, 4.14.3, 4.17.0.
|
|
14 Jan 2026 | VULN026 | Node.js : Tuesday, January 13, 2026 Security Releases | Systems running Node.js versions prior to 20.20.0, 22.22.0, 24.13.0, 25.3.0.
|
|
13 Jan 2026 | VULN025 | VMware : Vulnerabilities fixed in VMware Tanzu GemFire 10.1.6 and 10.2.1 | Systems running VMware Tanzu Data Intelligence, VMware Tanzu Data Services Pack, VMware Tanzu Data Suite, VMware Tanzu Gemfire.
|
|
13 Jan 2026 | VULN024 | SAP : SAP Security Patch Day - January 2026 | Systems running SAP products.
|
|
13 Jan 2026 | VULN023 | react-router : Multiple vulnerabilities fixed in react-router ecosystem | Systems running @react-router/node (npm) versions prior to 7.9.4, react-router (npm) versions prior to 7.12.0, @remix-run/react (npm) versions prior to 2.17.1, @remix-run/router (npm) versions prior to 1.23.2, @remix-run/deno (npm), @remix-run/node (npm), @remix-run/server-runtime (npm) versions prior to 2.17.3.
|
|
13 Jan 2026 | VULN022 | Libpng : Heap buffer over-read vulnerabilities fixed in libpng | Systems running Libpng versions prior to 1.6.54.
|
|
12 Jan 2026 | VULN021 | Angular : XSS Vulnerability via Unsanitized SVG Script Attributes | Systems running @angular/compiler (npm), @angular/core (npm) versions prior to 21.1.0-rc.0, 21.0.7, 20.3.16, 19.2.18.
|
|
12 Jan 2026 | VULN020 | Apache : CVE-2025-68493 Apache Struts XXE vulnerability in outdated XWork component | Systems running Apache Struts versions prior to 25.10.2, 24.10.3, 24.04.3.
|
|
12 Jan 2026 | VULN019 | Centreon : Centreon Open Tickets - Vulnerabilities, one High Severity | Systems running Centreon Open Tickets versions prior to 25.10.0, 24.10.5, 24.04.5, 23.10.4.
|
|
12 Jan 2026 | VULN018 | Joomla! : Core - XSS vectors in Joomla! CMS | Systems running Joomla! CMS versions prior to 5.4.2, 6.0.2.
|
|
9 Jan 2026 | VULN017 | Centreon : Centreon AWIE - Critical Severity Vulnerabilities | Systems running Centreon AWIE versions prior to 25.10.2, 24.10.3, 24.04.3.
|
|
9 Jan 2026 | VULN016 | Apache : Multiple Vulnerabilities fixed in Apache NimBLE 1.9.0 | Systems Apache NimBLE versions prior to 1.9.0.
|
|
9 Jan 2026 | VULN015 | Tenable : Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability | Systems running Nessus Agent versions prior to 11.0.3, 10.9.3.
|
|
9 Jan 2026 | VULN014 | Trend Micro : Trend Micro Apex Central (on-premise) January 2026 Multiple Vulnerabilities | Systems Apex Central (on-premise) versions prior to Critical Patch Build 7190.
|
|
9 Jan 2026 | VULN013 | Cisco : Cisco Security Advisories Published on January 07, 2026 | Systems running Cisco Products running Snort, Cisco Identity Services Engine.
|
|
9 Jan 2026 | VULN012 | RustFS : Multiple Vulnerabilities Resolved in RustFS, one Critical | Systems running RustFS versions prior to alpha.79.
|
|
8 Jan 2026 | VULN011 | Veeam : Vulnerabilities Resolved in Veeam Backup & Replication, one Critical | Systems running Veeam Backup & Replication versions prior to 13.0.1.1071.
|
|
8 Jan 2026 | VULN010 | Vega : Vega Cross-Site Scripting (XSS) vulnerabilities | Systems running vega-selections (npm) versions prior to 6.1.2, 5.6.3, vega-functions (npm) versions prior to 6.1.1.
|
|
8 Jan 2026 | VULN009 | Google : Chrome 143.0.7499.192/.193 fixes high-severity security vulnerability | Systems running Google Chrome versions prior to 143.0.7499.192/.193.
|
|
8 Jan 2026 | VULN008 | GitLab : GitLab Patch Release 18.7.1, 18.6.3, 18.5.5 | Systems running GitLab versions prior to 18.7.1, 18.6.3, 18.5.5.
|
|
7 Jan 2026 | VULN007 | Opencti : GraphQL IDOR allows authenticated user to delete workspace content of other users | Systems running OpenCTI versions prior to 6.8.1.
|
|
7 Jan 2026 | VULN006 | Apache : CVE-2025-68280 Apache SIS XML External Entity (XXE) vulnerability | Systems running Apache SIS versions prior to 1.6.
|
|
7 Jan 2026 | VULN005 | AIOHTTP : Multiple Security Vulnerabilities fixed in AIOHTTP | Systems running AIOHTTP versions prior to 3.13.3.
|
|
7 Jan 2026 | VULN004 | curl : Multiple vulnerabilities fixed in curl 8.18.0 | Systems running curl versions prior to 8.18.0.
|
|
7 Jan 2026 | VULN003 | GNU Wget : Critical file overwrite issue with metalink in GNU Wget2 CVE-2025-69194 | Systems running GNU Wget2 versions prior to 2.2.1.
|
|
7 Jan 2026 | VULN002 | Langflow : Missing Authentication on Critical API Endpoints | Systems running Langflow versions prior to 1.7.1.
|
|
7 Jan 2026 | VULN001 | n8n : Critical RCE via Arbitrary File Write | Systems running n8n versions prior to 1.121.3.
|