VIR Vulnerability Intelligence Relay

Search

Found 28,624 results in 1526ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-40850 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command…
CVE-2026-40836 high 7.1 7.1 10d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing…
CVE-2026-40834 high 7.1 7.1 10d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elemen…
CVE-2026-40833 high 7.1 7.1 10d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a…
CVE-2026-40819 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This …
CVE-2026-40818 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT c…
CVE-2026-40817 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT comma…
CVE-2026-40816 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elem…
CVE-2026-40815 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELEC…
CVE-2026-40814 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elemen…
CVE-2026-3375 high 7.2 7.2 10d ago The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints in all version…
CVE-2026-40813 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQ…
CVE-2026-40812 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL S…
CVE-2026-40811 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. Thi…
CVE-2026-40810 high 7.5 7.5 10d ago An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This…
CVE-2025-41669 high 8.8 8.8 10d ago The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, …
CVE-2025-41670 high 7.8 7.8 10d ago A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the …
CVE-2026-8143 high 7.2 7.2 10d ago The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb_country_iso', 'hb_usa_state_iso', and 'hb_canada_province_iso' parameters in all versions up to, and including,…
CVE-2026-6169 high 7.2 7.2 10d ago The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runStri…
CVE-2026-8832 high 8.8 8.8 10d ago The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due…
CVE-2026-6268 high 7.1 7.1 10d ago The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before outputting it back in the response, al…
CVE-2026-8994 high 8.1 8.1 10d ago The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` acti…
CVE-2026-8787 high 8.8 8.8 10d ago The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authentica…
CVE-2026-9200 high 7.5 7.5 10d ago The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attacke…
CVE-2026-49000 high 7.0 7.0 10d ago An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakag…
CVE-2026-48962 high 7.3 7.3 FIX debian debianwindows windows 10d ago IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in …
CVE-2026-2253 high 7.7 7.7 10d ago Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
CVE-2026-48961 high 7.3 7.3 FIX debian debian 10d ago IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decode_ux() in bin/…
CVE-2026-48959 high 7.5 7.5 FIX debian debian 10d ago IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward() compares length $offset (the digit count of the offset, 1 to 19) agains…
CVE-2026-49014 high 7.8 7.8 slesdebian debian osgeo 10d ago In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer with…
CVE-2026-9632 high 8.8 8.8 10d ago A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Execu…
CVE-2026-9207 high 8.8 8.8 tanium 10d ago Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-9156 high 7.5 7.5 tanium 10d ago Tanium addressed a denial of service vulnerability in Tanium Server.
CVE-2026-9631 high 8.8 8.8 10d ago A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Man…
CVE-2026-9628 high 8.8 8.8 10d ago A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipul…
CVE-2026-9627 high 8.8 8.8 10d ago A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation …
CVE-2026-44974 high 8.0 10d ago @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
CVE-2026-44741 high 8.0 10d ago Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
CVE-2026-44739 high 8.0 10d ago Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
CVE-2026-44705 high 8.0 10d ago tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape
CVE-2026-9605 high 7.3 7.3 10d ago A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer ove…
CVE-2026-9312 high 8.2 8.2 github 10d ago A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insu…
CVE-2026-8975 high 8.8 8.8 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8974 high 8.8 8.8 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8970 high 8.8 8.8 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8968 high 7.5 7.5 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8962 high 8.1 8.1 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8958 high 8.6 8.6 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8957 high 8.8 8.8 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8955 high 8.8 8.8 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8954 high 7.5 7.5 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8947 high 7.3 7.3 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-8946 high 7.5 7.5 FIX rheldebian debian sles mozilla 10d ago Important: thunderbird security update
CVE-2026-42899 high 7.5 7.5 FIX rhelmacos macos linux-kernel microsoft 10d ago Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-38945 high 7.8 7.8 10d ago Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of …
CVE-2026-38807 high 8.8 8.8 10d ago Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component
CVE-2026-38427 high 7.3 7.3 10d ago An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t varia…
CVE-2026-38426 high 7.3 7.3 10d ago Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() fu…
CVE-2026-38422 high 7.3 7.3 10d ago Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino, fetch_jpg() functio…
CVE-2026-37713 high 7.3 7.3 10d ago An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php.
CVE-2026-37712 high 7.3 7.3 10d ago An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in fun…
CVE-2026-37711 high 7.3 7.3 10d ago An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php
CVE-2026-36540 high 7.3 7.3 10d ago Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to …
CVE-2026-36539 high 7.3 7.3 10d ago Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the L…
CVE-2026-36538 high 7.3 7.3 10d ago Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacke…
CVE-2026-36045 high 7.3 7.3 10d ago picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a d…
CVE-2026-36044 high 8.8 8.8 10d ago @pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenati…
CVE-2026-34043 high 8.0 FIX rheldebian debianalmalinux almalinux 10d ago RHSA-2026:21291: .NET 8.0 security update (Important)
CVE-2026-31266 high 7.3 7.3 10d ago Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).
CVE-2025-70103 high 7.3 7.3 slesdebian debian 10d ago Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.
CVE-2025-69600 high 7.8 7.8 10d ago Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options.
CVE-2026-44177 high 8.0 10d ago Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup
CVE-2026-44175 high 8.0 10d ago Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend
CVE-2026-44174 high 8.0 10d ago Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints
CVE-2026-43947 high 8.0 10d ago FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass
CVE-2026-43946 high 8.0 10d ago FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue
CVE-2026-43945 high 8.0 10d ago FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection
CVE-2026-42462 high 8.0 10d ago Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring
CVE-2026-9606 high 7.3 7.3 10d ago A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection…
CVE-2026-42089 high 8.0 10d ago yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
CVE-2026-44900 high 8.1 8.1 10d ago epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45…
CVE-2026-45298 high 8.6 8.6 amirraminfar 10d ago Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is re…
CVE-2026-44983 high 7.3 7.3 FIX debian debian 10d ago smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocati…
CVE-2025-46284 high 7.0 7.0 FIX macos macos 10d ago A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges.
CVE-2025-43306 high 7.8 7.8 FIX macos macos 10d ago A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
CVE-2026-42013 high 8.2 8.2 FIX debian debian sles rhel 10d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-42012 high 7.1 7.1 FIX debian debian rhelwindows windows 10d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-5260 high 8.2 8.2 FIX debian debian sles rhel 10d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-44905 high 7.5 7.5 10d ago Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza…
CVE-2026-43988 high 7.5 7.5 10d ago Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pr…
CVE-2026-8676 high 8.8 8.8 10d ago An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.
CVE-2026-45575 high 7.4 7.4 10d ago epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI netwo…
CVE-2026-44847 high 7.5 7.5 10d ago MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth clas…
CVE-2026-44209 high 7.5 7.5 10d ago Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass use…
CVE-2026-9584 high 7.3 7.3 10d ago A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql in…
CVE-2026-44895 high 8.0 10d ago GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin…
CVE-2026-45574 high 8.1 8.1 10d ago epa4all-client: TLS Certificate Validation Disabled in Production
CVE-2025-14361 high 7.1 7.1 10d ago Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n…
CVE-2026-48048 high 8.0 10d ago XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
CVE-2026-9580 high 7.3 7.3 10d ago A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access cont…