VIR Vulnerability Intelligence Relay

Search

Found 25,454 results in 4346ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42587 high 7.5 7.5 slesdebian debian nettygoogle 23d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
CVE-2026-42586 high 7.1 7.1 slesdebian debian netty 23d ago Netty Redis Codec Encoder has a CRLF Injection Issue
CVE-2026-42585 high 7.5 7.5 slesdebian debian netty 23d ago Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
CVE-2026-42583 high 7.5 7.5 slesdebian debian netty 23d ago Netty Lz4FrameDecoder is vulnerable to resource exhaustion
CVE-2026-42582 high 7.5 7.5 slesdebian debian netty 23d ago Netty HTTP/3 QPACK literal unbounded allocation
CVE-2026-42578 high 7.5 7.5 slesdebian debian netty 23d ago Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
CVE-2026-42577 high 7.5 7.5 debian debian netty 23d ago Netty epoll transport denial of service via RST on half-closed TCP connection
CVE-2026-44432 high 7.5 7.5 FIX slesdebian debian python 23d ago urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
CVE-2026-43489 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av…
CVE-2026-43488 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA…
CVE-2026-43487 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau…
CVE-2026-43486 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep…
CVE-2026-43485 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j…
CVE-2026-43484 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre…
CVE-2026-43483 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d…
CVE-2026-43482 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which …
CVE-2026-43481 high 7.8 7.8 FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() con…
CVE-2026-43480 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r…
CVE-2026-43479 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.…
CVE-2026-43478 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put…
CVE-2026-43477 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_V…
CVE-2026-43476 high 7.8 7.8 FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) in…
CVE-2026-44724 high 7.8 7.8 FIX debian debian 23d ago Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
CVE-2026-6276 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 23d ago Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the seco…
CVE-2026-5773 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 23d ago libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avo…
CVE-2026-45793 high 8.0 FIX debian debian 24d ago Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
CVE-2026-40164 high 7.5 7.5 FIX rheldebian debian sles 24d ago Important: jq security update
CVE-2026-39979 high 8.0 FIX rheldebian debian sles 24d ago Important: jq security update
CVE-2026-44660 high 7.5 7.5 debian debian ultrajson_project 24d ago UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an excepti…
CVE-2026-44301 high 8.1 8.1 FIX debian debian gohugo 24d ago Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with…
CVE-2026-44296 high 7.5 7.5 FIX debian debian 24d ago Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). Whe…
CVE-2026-42268 high 7.5 7.5 FIX slesdebian debian owasp 24d ago ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused …
CVE-2026-44240 high 7.5 7.5 FIX debian debian 24d ago basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
CVE-2026-8430 high 8.1 8.1 FIX debian debian 24d ago SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co…
CVE-2026-8429 high 8.8 8.8 FIX debian debian 24d ago SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi…
CVE-2026-5089 high 7.3 7.3 FIX debian debian 24d ago YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. Whe…
CVE-2026-43514 low 3.7 3.7 FIX slesdebian debian apache 24d ago Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M…
CVE-2026-43513 high 7.5 7.5 FIX slesdebian debian apache 24d ago Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 …
CVE-2026-42498 high 7.3 7.3 FIX slesdebian debian apache 24d ago Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1…
CVE-2026-41284 high 7.5 7.5 FIX slesdebian debian apache 24d ago Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 t…
CVE-2026-8390 high 7.3 7.3 FIX debian debian mozilla 24d ago Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8389 high 8.8 8.8 FIX debian debian mozilla 24d ago JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8162 high 7.5 7.5 FIX debian debian pillarjs 24d ago multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
CVE-2026-8161 high 7.5 7.5 FIX debian debian pillarjs 24d ago multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
CVE-2026-8159 high 7.5 7.5 FIX debian debian pillarjs 24d ago multiparty vulnerable to ReDoS via filename parsing
CVE-2026-4887 high 7.1 7.1 FIX rheldebian debian sles gimp 25d ago Important: gimp security update
CVE-2026-43284 high 8.8 9.8 EXPFIX rhel slesdebian debian awsgoogle 25d ago Important: kernel security update
CVE-2026-4154 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4153 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4152 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4151 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4150 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-42046 high 7.8 7.8 FIX debian debian sles 25d ago libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-boun…
CVE-2026-37630 high 7.3 7.3 FIX debian debian 25d ago An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function
CVE-2026-7790 high 7.5 7.5 debian debianwindows windows ninenines 25d ago Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …
CVE-2026-43969 low 3.2 3.2 FIX debian debianwindows windows ninenines 25d ago cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
CVE-2026-5172 high 7.3 7.3 FIX debian debian sleswindows windows 25d ago A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
CVE-2026-34094 low 3.8 3.8 FIX debian debian mediawiki 25d ago Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-34092 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue…
CVE-2026-34091 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-34090 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2.
CVE-2026-34088 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-34087 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-4802 high 8.0 8.0 FIX debian debian rhel sles 25d ago A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links i…
CVE-2026-43500 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 25d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and th…
CVE-2026-8276 low 3.7 3.7 debian debian sles 26d ago bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go
CVE-2026-8275 low 3.7 3.7 debian debian 26d ago bettercap Has an Integer Coercion Error in the ippReadChunkedBody Function
CVE-2026-1837 unknown FIX iosmacos macos tvos 26d ago visionOS 26.5
CVE-2026-8177 high 7.5 7.5 FIX debian debian sleswindows windows 26d ago XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UT…
CVE-2026-45186 high 7.5 7.5 FIX debian debian sleswindows windows libexpat_project 27d ago RHSA-2026:23230: expat security update (Important)
CVE-2026-7263 high 7.5 7.5 FIX slesdebian debian php 27d ago In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML docu…
CVE-2026-7568 high 7.5 7.5 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-7262 high 7.5 7.5 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-7258 high 7.5 7.5 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-42311 high 7.8 7.8 FIX debian debian python 28d ago Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
CVE-2026-6666 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 28d ago A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVE-2026-6664 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 28d ago An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
CVE-2023-49316 high 8.0 FIX debian debian 28d ago Phpseclib needs guardrails on large binaryfield integers
CVE-2024-27355 high 8.0 FIX debian debian 28d ago phpseclib guardrails needed on OID length
CVE-2026-6659 high 7.5 7.5 debian debian 28d ago Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography.
CVE-2026-43469 high 7.5 7.5 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (d…
CVE-2026-43466 high 8.2 8.2 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5e_reset_txqs…
CVE-2026-43464 high 7.5 7.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when …
CVE-2026-43462 high 7.5 7.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emac_tx_mem_map() The DMA mappings were leaked on mapping error. Free them with the existing…
CVE-2026-43461 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary g…
CVE-2026-43460 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which au…
CVE-2026-43459 high 7.3 7.3 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a us…
CVE-2026-43458 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link reference in ldisc_open and ser_release A reproducer triggers a KASAN slab-use-after-free in pty_wri…
CVE-2026-43456 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KA…
CVE-2026-43454 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix for duplicate device in netdev hooks When handling NETDEV_REGISTER notification, duplicate device regis…
CVE-2026-43453 high 7.1 7.1 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() pipapo_drop() passes rulemap[i + 1].n to pipapo_unmap() …
CVE-2026-43452 high 8.2 8.2 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kin…
CVE-2026-43450 high 7.1 7.1 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() nfnl_cthelper_dump_table() has a 'goto restart' that ju…
CVE-2026-43449 high 7.1 7.1 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set dev->online_queues is a count incremented in nvme_init_queue. Thus, valid indi…
CVE-2026-43447 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cach…
CVE-2026-43442 high 7.1 7.1 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops When IORING_SETUP_SQE_MIXED is used without IORING_SETUP_NO_SQ…
CVE-2026-43441 high 7.5 7.5 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is n…
CVE-2026-43440 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL afte…
CVE-2026-43438 high 7.8 7.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy …
CVE-2026-43437 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reas…