VIR Vulnerability Intelligence Relay

Search

Found 32,841 results in 1568ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46085 high 7.5 7.5 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM er…
CVE-2026-46081 high 7.8 7.8 FIX slesdebian debian 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_re…
CVE-2026-46078 high 7.1 7.1 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but th…
CVE-2026-46076 high 7.9 7.9 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 doe…
CVE-2026-46070 high 7.1 7.1 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_…
CVE-2026-46065 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_sta…
CVE-2026-46062 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` …
CVE-2026-46058 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_releas…
CVE-2026-46056 high 8.8 8.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in …
CVE-2026-46055 high 7.1 7.1 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdra…
CVE-2026-46054 high 7.1 7.1 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access i…
CVE-2026-46053 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error __rds_rdma_map() hands sg/pages ownership to the transport after get_mr() succeeds. If cop…
CVE-2026-46052 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are unhashed Ceph can call d_add(dentry, NULL) on a negative dentry that is alread…
CVE-2026-5065 high 8.8 8.8 ibm 9d ago IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to…
CVE-2026-46037 high 8.2 8.2 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmp_pointers Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply typ…
CVE-2026-46036 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex vfio_cdx_set_msi_trigger() reads vdev->config_msi and operates o…
CVE-2026-46031 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851_irq() AND a TX packet has been sent, the…
CVE-2026-46029 high 7.0 7.0 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that uncondi…
CVE-2026-46027 high 7.5 7.5 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage,…
CVE-2026-46024 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero va…
CVE-2026-46015 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: tcp: call sk_data_ready() after listener migration When inet_csk_listen_stop() migrates an established child socket from a closin…
CVE-2026-46011 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk_jpeg_release() function frees the context str…
CVE-2026-46010 high 8.1 8.1 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that …
CVE-2026-46006 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveau_gem_pushbuf_reloc_apply() validates each relocation with …
CVE-2026-9704 high 8.8 8.8 redhat 9d ago A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token …
CVE-2026-45999 high 7.1 7.1 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() Some crafted images can have illegal (!partial_decoding && m_llen <…
CVE-2026-45991 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a h…
CVE-2026-4410 high 7.5 7.5 ibm 9d ago IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, …
CVE-2026-3623 high 7.8 7.8 ibm 9d ago IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker c…
CVE-2026-3366 high 7.5 7.5 ibm 9d ago IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An…
CVE-2026-42791 low 3.7 3.7 FIX slesdebian debian erlang 9d ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP re…
CVE-2026-45984 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2…
CVE-2026-1718 high 7.5 7.5 linux-kernel ibm 9d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
CVE-2026-45980 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2_release_resource() Running jobs on a hardware context while it is in the process o…
CVE-2026-45970 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv during bond up/down The ALB RX path may access rx_hashtbl concurrently with bond teardown. …
CVE-2026-45959 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned wit…
CVE-2026-45958 high 7.1 7.1 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidi_connection_ioctl(), vidi->edid(user pointer) is direct…
CVE-2026-45951 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pse…
CVE-2026-45945 high 8.8 8.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits (64 bytes). When repla…
CVE-2026-45944 high 7.5 7.5 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zer…
CVE-2026-45942 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page wo…
CVE-2026-45935 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot In the 'DeleteIndexEntryRoot' case of the 'do_action' function, the…
CVE-2026-45933 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in sync_linked_regs() sync_linked_regs() copies the id of known_reg to reg when propagating bounds o…
CVE-2026-45932 high 7.3 7.3 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPF_PROG_DETACH on tcx o…
CVE-2026-45931 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommu_sva_unbind_device() Some tests trigger a crash in iommu_sva_unbind_device() due to …
CVE-2026-45929 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpn_net_xmit When building the skb_list in ovpn_net_xmit, skb_share_check will free the ori…
CVE-2026-45910 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxe_tas…
CVE-2026-45909 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop __initconst from gates Since commit 8ceff24a754a ("clk: mediatek: clk-gate: Refactor mtk_clk_register_gate to…
CVE-2025-3633 high 8.2 8.2 ibm 9d ago IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to …
CVE-2026-45894 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits…
CVE-2026-45878 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 The address watch clear code receives watch_id as an unsigned …
CVE-2026-45862 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID ta…
CVE-2026-45861 high 7.8 7.8 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qd_put Commit a475c5dd16e5 ("gfs2: Free quota data objects synchronously") started freeing quota…
CVE-2026-45860 high 7.5 7.5 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: increase the connection clean up limit to 64 After the optimization to only perform one GC per jiffy, a …
CVE-2026-45859 high 7.5 7.5 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an appl…
CVE-2026-45856 high 7.1 7.1 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send ib_uverbs_post_send() uses cmd.wqe_size from userspace with…
CVE-2026-45852 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_init In rxe_srq_from_init(), the queue pointer 'q' is assigned to 'srq->rq.queue' befor…
CVE-2026-3012 high 8.0 8.0 FIX slesdebian debian rhel 9d ago Important: samba security update
CVE-2026-42762 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects…
CVE-2026-42760 high 7.5 7.5 9d ago Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup…
CVE-2026-42759 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate S…
CVE-2026-42754 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon…
CVE-2026-42753 high 7.3 7.3 9d ago Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: …
CVE-2026-42749 high 7.1 7.1 9d ago Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issu…
CVE-2026-42746 high 7.3 7.3 9d ago Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online O…
CVE-2026-42745 high 7.3 7.3 9d ago Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order…
CVE-2026-42739 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced …
CVE-2026-42738 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects S…
CVE-2026-42737 high 8.6 8.6 9d ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikB…
CVE-2026-42736 high 7.5 7.5 9d ago Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…
CVE-2026-42735 high 8.2 8.2 9d ago Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: f…
CVE-2026-42728 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form …
CVE-2026-42730 high 8.5 8.5 9d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.Th…
CVE-2026-42733 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through …
CVE-2026-42729 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: fro…
CVE-2026-42734 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a t…
CVE-2026-45843 high 8.2 8.2 FIX slesdebian debianwindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing …
CVE-2026-48906 high 8.1 8.1 tassos 9d ago The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
CVE-2025-30028 high 8.6 8.6 synology 9d ago A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
CVE-2025-52747 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox …
CVE-2025-14713 high 7.5 7.5 synology 9d ago An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
CVE-2025-22741 high 7.1 7.1 9d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a thr…
CVE-2024-47272 low 2.7 2.7 synology 9d ago Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to …
CVE-2024-47270 low 2.7 2.7 synology 9d ago Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra…
CVE-2024-47267 low 2.7 2.7 synology 9d ago Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows …
CVE-2023-52945 high 7.8 7.8 synology 9d ago Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
CVE-2026-40852 high 7.2 7.2 9d ago A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it …
CVE-2026-40851 high 8.4 8.4 9d ago A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity …
CVE-2026-40850 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command…
CVE-2026-40836 high 7.1 7.1 9d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing…
CVE-2026-40834 high 7.1 7.1 9d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elemen…
CVE-2026-40833 high 7.1 7.1 9d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a…
CVE-2026-40819 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This …
CVE-2026-40818 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT c…
CVE-2026-40817 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT comma…
CVE-2026-40816 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elem…
CVE-2026-40815 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELEC…
CVE-2026-40814 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elemen…
CVE-2026-3375 high 7.2 7.2 9d ago The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints in all version…
CVE-2026-40813 high 7.5 7.5 9d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQ…