VIR Vulnerability Intelligence Relay

Search

Found 129 results in 8ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-5241 high 8.0 8.0 14h ago A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The…
CVE-2026-48587 low 3.1 3.1 FIX debian debian sles 14h ago An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va…
CVE-2026-47325 unknown 14h ago ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The a…
CVE-2026-47324 unknown 14h ago ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attacker (e.g., a teacher or adm…
CVE-2026-44546 low 3.7 3.7 debian debian 14h ago daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or …
CVE-2026-37460 unknown sles 14h ago Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UP…
CVE-2026-35193 low 3.1 3.1 FIX debian debian sles 14h ago An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requ…
CVE-2026-10729 unknown 14h ago An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross…
CVE-2022-49042 high 7.8 7.8 14h ago An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u…
CVE-2022-49036 high 7.8 7.8 14h ago An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t…
CVE-2026-35085 high 8.8 8.8 15h ago A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
CVE-2026-35084 high 8.8 8.8 15h ago A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
CVE-2026-35083 high 8.8 8.8 15h ago A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
CVE-2026-35082 high 8.8 8.8 15h ago The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
CVE-2026-35081 high 8.1 8.1 15h ago The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
CVE-2026-35080 high 8.1 8.1 15h ago The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35079 high 8.1 8.1 15h ago The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35078 high 8.1 8.1 15h ago The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35077 high 8.1 8.1 15h ago The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35076 high 8.1 8.1 15h ago The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-10722 low 3.3 3.3 15h ago A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipul…
CVE-2025-41259 unknown 15h ago SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using …
CVE-2026-41032 high 7.5 7.5 17h ago It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
CVE-2025-15656 high 8.8 8.8 17h ago Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
CVE-2025-15655 high 7.6 7.6 17h ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a …
CVE-2025-14774 high 7.4 7.4 17h ago Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2025-14773 high 8.0 8.0 17h ago Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2025-14772 high 8.8 8.8 17h ago Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2025-15654 high 7.1 7.1 19h ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.