VIR Vulnerability Intelligence Relay

Search

Found 18,313 results in 2656ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-25982 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/…
CVE-2026-25971 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs…
CVE-2026-25970 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL…
CVE-2026-25968 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribut…
CVE-2026-3950 low 3.3 3.3 FIX debian debian sles 3mo ago A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to o…
CVE-2026-3949 low 3.3 3.3 debian debian sles 3mo ago A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing…
CVE-2026-31853 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when…
CVE-2026-30883 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overfl…
CVE-2026-28692 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesi…
CVE-2026-28689 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/…
CVE-2026-23907 unknown debian debian sles 3mo ago Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function
CVE-2026-30930 critical 9.8 9.8 FIX debian debian nicolargo 3mo ago Glances has SQL Injection via Process Names in TimescaleDB Export
CVE-2026-23240 critical 9.8 9.8 FIX slesdebian debian linux-kernel 3mo ago In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync…
CVE-2026-24308 unknown FIX debian debian 3mo ago Apache ZooKeeper has improper handling of configuration values
CVE-2026-24281 unknown FIX debian debian 3mo ago Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
CVE-2026-27142 unknown FIX debian debian sles google 3mo ago Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG set…
CVE-2026-27139 unknown FIX debian debian sles google 3mo ago On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impac…
CVE-2026-27138 unknown FIX debian debian sles 3mo ago Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either di…
CVE-2025-11143 low 2.5 FIX debian debian sles 3mo ago org.eclipse.jetty:jetty-http has different parsing of invalid URIs
CVE-2026-1605 unknown FIX debian debian 3mo ago The Eclipse Jetty Server Artifact has a Gzip request memory leak
CVE-2026-27982 unknown FIX debian debian 3mo ago django-allauth has an open redirect vulnerability
CVE-2026-27820 critical 9.8 9.8 slesdebian debian ruby-lang 3mo ago Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
CVE-2026-29062 unknown FIX debian debian 3mo ago jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion
CVE-2026-28802 unknown FIX debian debian 3mo ago Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an emp…
CVE-2026-3351 unknown FIX debian debian 3mo ago Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd se…
CVE-2025-66168 unknown debian debian 3mo ago Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound
CVE-2026-0540 unknown FIX debian debian 3mo ago DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five …
CVE-2025-15599 unknown FIX debian debian 3mo ago DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext elemen…
CVE-2026-25674 unknown FIX slesdebian debian 3mo ago An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file s…
CVE-2026-25673 unknown FIX slesdebian debian 3mo ago An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows t…
CVE-2026-27932 unknown FIX debian debian 3mo ago joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows…
CVE-2026-21619 unknown FIX debian debian 3mo ago Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Obje…
CVE-2026-27141 unknown FIX debian debian sles 3mo ago Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
CVE-2026-27799 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image…
CVE-2026-27798 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing a…
CVE-2026-27830 unknown debian debian sles 3mo ago c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
CVE-2026-2786 critical 9.8 9.8 FIX rocky rheldebian debian mozilla 3mo ago Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-27571 unknown FIX debian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated comp…
CVE-2026-26983 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` …
CVE-2026-26283 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop i…
CVE-2026-26066 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infin…
CVE-2026-25989 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-on…
CVE-2026-25988 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image i…
CVE-2026-25987 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image …
CVE-2026-25985 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes Imag…
CVE-2026-25983 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The opera…
CVE-2026-25969 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a…
CVE-2026-25967 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A …
CVE-2026-25966 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard s…
CVE-2026-25965 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw file…
CVE-2026-25898 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index …
CVE-2026-25897 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. O…
CVE-2026-25799 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an inva…
CVE-2026-25798 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows…
CVE-2026-25797 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails…
CVE-2026-25796 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` …
CVE-2026-25795 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file crea…
CVE-2026-25794 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to ver…
CVE-2026-25638 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` f…
CVE-2026-25637 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust proces…
CVE-2026-25576 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw i…
CVE-2026-24485 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the Deco…
CVE-2026-24484 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions t…
CVE-2026-24481 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMag…
CVE-2026-26198 unknown FIX debian debian 3mo ago Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into `sq…
CVE-2026-2968 low 3.7 3.7 FIX debian debian cesanta 3mo ago A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handle…
CVE-2026-2967 low 3.7 3.7 FIX debian debian cesanta 3mo ago A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulat…
CVE-2026-2966 low 3.7 3.7 FIX debian debian cesanta 3mo ago A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipu…
CVE-2026-2903 low 3.3 3.3 FIX slesdebian debian 3mo ago A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack ca…
CVE-2026-2889 low 3.3 3.3 debian debian 3mo ago A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only…
CVE-2026-21620 unknown FIX debian debian sles 4mo ago Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file module…
CVE-2025-68461 unknown 1.5 KEVFIX debian debian 4mo ago RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.
CVE-2026-24122 unknown FIX debian debian sles 4mo ago Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be conside…
CVE-2026-26318 unknown FIX debian debian 4mo ago systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixe…
CVE-2026-26280 unknown FIX debian debian 4mo ago systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arb…
CVE-2026-24708 unknown FIX debian debian 4mo ago An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user ma…
CVE-2026-2641 low 3.3 3.3 debian debian 4mo ago A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Exe…
CVE-2026-24734 unknown FIX slesdebian debian google 4mo ago Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verific…
CVE-2026-24733 unknown FIX slesdebian debian 4mo ago Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny…
CVE-2025-66614 unknown FIX slesdebian debian 4mo ago Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were…
CVE-2026-25087 unknown FIX debian debian 4mo ago Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-…
CVE-2026-2441 unknown 2.5 KEVEXPFIX debian debian sles 4mo ago Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple…
CVE-2026-23112 critical 9.8 9.8 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU leng…
CVE-2025-47911 unknown FIX debian debian sles 4mo ago The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted H…
CVE-2026-23901 unknown debian debian 4mo ago Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
CVE-2026-25934 unknown FIX debian debian sles 4mo ago go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not …
CVE-2026-2245 low 3.3 3.3 debian debian 4mo ago A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation l…
CVE-2026-23903 unknown debian debian 4mo ago Apache Shiro has an Authentication Bypass
CVE-2026-2069 low 3.3 3.3 debian debian 4mo ago A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This…
CVE-2025-68458 unknown FIX debian debian 4mo ago Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out…
CVE-2025-68157 unknown FIX debian debian 4mo ago Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu…
CVE-2025-58190 unknown FIX debian debian sles 4mo ago The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML …
CVE-2025-22873 low 2.5 FIX arch archdebian debian sles 4mo ago It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape o…
CVE-2026-1312 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2026-1287 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2026-1285 unknown FIX slesdebian debian 4mo ago Django has Inefficient Algorithmic Complexity
CVE-2026-1207 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2025-14550 unknown FIX slesdebian debian 4mo ago Django has Inefficient Algorithmic Complexity
CVE-2025-13473 unknown FIX slesdebian debian 4mo ago Django has Observable Timing Discrepancy
CVE-2026-24051 unknown FIX debian debian google 4mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The re…