VIR Vulnerability Intelligence Relay

Search

Found 1,119 results in 94ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-25393 medium 6.5 6.5 7d ago Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can se…
CVE-2018-25387 medium 5.3 5.3 7d ago HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft…
CVE-2018-25384 medium 5.4 5.4 7d ago Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can pos…
CVE-2026-44495 unknown 7d ago axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
CVE-2026-44494 unknown 7d ago axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
CVE-2026-44492 unknown 7d ago axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
CVE-2026-44490 unknown 7d ago axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
CVE-2026-44489 unknown 7d ago Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
CVE-2026-41237 unknown 7d ago Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0`…
CVE-2026-41235 unknown 7d ago Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However…
CVE-2026-49325 medium 4.6 4.6 7d ago Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Modul…
CVE-2026-49318 low 2.4 2.4 7d ago Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. T…
CVE-2026-49317 low 2.4 2.4 7d ago Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. T…
CVE-2026-49316 medium 4.6 4.6 7d ago Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown b…
CVE-2026-47696 medium 4.3 4.3 wwbn 7d ago WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
CVE-2026-47694 medium 5.4 5.4 wwbn 7d ago WWBN AVideo: Stored XSS via unescaped Gallery category description
CVE-2026-40510 medium 6.8 6.8 sleswindows windows opensc_project 7d ago OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trig…
CVE-2026-10075 medium 5.3 5.3 7d ago DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulner…
CVE-2026-10074 medium 4.9 4.9 7d ago DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.