VIR Vulnerability Intelligence Relay

Search

Found 17,294 results in 1504ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41415 critical 9.1 9.1 debian debian teluu 1mo ago PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod…
CVE-2026-41328 critical 9.1 9.1 dgraph 1mo ago Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field
CVE-2026-41327 critical 9.1 9.1 dgraph 1mo ago Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field
CVE-2026-42044 critical 9.1 9.1 FIX debian debian axios 1mo ago Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
CVE-2026-42043 critical 10.0 10.0 FIX debian debian sles axios 1mo ago Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
CVE-2026-42040 low 3.7 3.7 FIX debian debian axios 1mo ago Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
CVE-2026-41898 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callbac…
CVE-2026-41681 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller th…
CVE-2026-41678 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but t…
CVE-2026-41677 critical 9.1 9.1 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pa…
CVE-2026-41676 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out len…
CVE-2026-31669 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU…
CVE-2026-31668 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, s…
CVE-2026-31659 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a g…
CVE-2026-31657 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gate…
CVE-2026-31649 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementation unconditionally computes len = no…
CVE-2026-31637 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the …
CVE-2026-31636 critical 9.1 9.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and t…
CVE-2026-31633 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to roun…
CVE-2026-31609 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_fr…
CVE-2026-31608 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already…
CVE-2026-31589 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or …
CVE-2026-31536 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have reque…
CVE-2026-21515 critical 9.9 9.9 microsoft 1mo ago Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-1951 critical 9.8 9.8 1mo ago Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.
CVE-2026-1950 critical 9.8 9.8 1mo ago Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.
CVE-2026-1949 critical 9.8 9.8 1mo ago Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
CVE-2026-40630 critical 9.8 9.8 1mo ago A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network acc…
CVE-2026-40620 critical 9.8 9.8 1mo ago A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config appli…
CVE-2026-35503 critical 9.8 9.8 1mo ago A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rath…
CVE-2026-27843 critical 9.1 9.1 1mo ago A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By apply…
CVE-2026-41357 low 3.3 3.3 openclaw 1mo ago OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve…
CVE-2026-41333 low 3.7 3.7 openclaw 1mo ago OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
CVE-2026-41274 critical 9.8 9.8 flowiseai 1mo ago Flowise: Cypher Injection in GraphCypherQAChain
CVE-2026-35431 critical 10.0 10.0 microsoft 1mo ago Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33819 critical 10.0 10.0 microsoft 1mo ago Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-33102 critical 9.3 9.3 microsoft 1mo ago Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32210 critical 9.3 9.3 microsoft 1mo ago Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26210 critical 9.8 9.8 kvcache-ai 1mo ago KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authe…
CVE-2026-24303 critical 9.6 9.6 microsoft 1mo ago Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-29051 low 2.5 1mo ago melange has Path Traversal via .PKGINFO in --persist-lint-results
CVE-2026-25874 critical 9.8 9.8 huggingface 1mo ago LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels wit…
CVE-2026-6074 critical 9.8 9.8 1mo ago Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can …
CVE-2026-41247 critical 9.8 9.8 std42 1mo ago elFinder: Command injection in resize background color parameter when using ImageMagick CLI
CVE-2026-6920 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-6919 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-31533 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by c…
CVE-2026-39087 critical 9.8 9.8 1mo ago ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function
CVE-2025-62373 critical 9.8 9.8 pipecat 1mo ago Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer
CVE-2026-41460 critical 9.8 9.8 socialengine 1mo ago SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized befo…
CVE-2026-6887 critical 9.8 9.8 1mo ago Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod…
CVE-2026-6886 critical 9.8 9.8 1mo ago Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
CVE-2026-6885 critical 9.8 9.8 1mo ago Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back…
CVE-2026-3960 critical 9.8 9.8 h2o 1mo ago H2O-3 is Vulnerable to Code Injection
CVE-2026-41211 critical 10.0 10.0 voidzero 1mo ago Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME
CVE-2026-41196 critical 10.0 10.0 FIX debian debian minetest 1mo ago Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to…
CVE-2026-5935 critical 9.8 9.8 ibm 1mo ago IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due …
CVE-2026-41179 critical 9.8 9.8 debian debian rclone 1mo ago RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
CVE-2026-29198 critical 9.8 9.8 rocket.chat 1mo ago In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OA…
CVE-2026-42087 critical 9.6 9.6 openc3 1mo ago OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database
CVE-2026-41167 critical 9.1 9.1 1mo ago Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields direct…
CVE-2026-35381 low 2.5 FIX debian debian 1mo ago A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The im…
CVE-2026-35377 low 2.5 debian debian 1mo ago uutils coreutils has an Improper Input Validation Issue in its env Utility
CVE-2026-35367 low 2.5 FIX debian debian 1mo ago uutils coreutils has an Incorrect Permission Assignment for Critical Resource
CVE-2026-35362 low 2.5 FIX debian debian 1mo ago The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to…
CVE-2026-35361 low 2.5 FIX debian debian 1mo ago The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std…
CVE-2026-35353 low 2.5 FIX debian debian 1mo ago The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them …
CVE-2026-35346 low 2.5 FIX debian debian 1mo ago The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 b…
CVE-2026-35379 low 3.3 3.3 FIX debian debian uutils 1mo ago A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char…
CVE-2026-35378 low 3.3 3.3 FIX debian debian uutils 1mo ago A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw…
CVE-2026-35375 low 3.3 3.3 FIX debian debian uutils 1mo ago A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() wh…
CVE-2026-35371 low 3.3 3.3 debian debian uutils 1mo ago uutils coreutils's User Interface (UI) Misrepresents Critical Information
CVE-2026-35344 low 3.3 3.3 debian debian uutils 1mo ago uutils coreutils has an Unchecked Return Value Issue
CVE-2026-35343 low 3.3 3.3 FIX debian debian uutils 1mo ago The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fl…
CVE-2026-35342 low 3.3 3.3 FIX debian debian uutils 1mo ago The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementa…
CVE-2026-32885 critical 9.1 9.1 ddev 1mo ago DDEV has ZipSlip path traversal in tar and zip archive extraction
CVE-2018-25272 critical 9.8 9.8 1mo ago ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to …
CVE-2026-41176 critical 9.5 debian debian 1mo ago Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
CVE-2026-6356 critical 9.6 9.6 augmentt 1mo ago A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitiv…
CVE-2026-31501 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_psdata() returns a pointer into the CPPI …
CVE-2026-31478 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add supp…
CVE-2026-31463 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access…
CVE-2026-31448 critical 9.4 9.4 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if in…
CVE-2026-31444 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequen…
CVE-2026-31436 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal c…
CVE-2026-6023 critical 9.8 9.8 progress 1mo ago In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the c…
CVE-2026-22746 low 2.5 1mo ago Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
CVE-2026-6408 low 2.7 2.7 tanium 1mo ago Tanium addressed an information disclosure vulnerability in Tanium Server.
CVE-2026-6392 low 2.7 2.7 tanium 1mo ago Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2026-41144 critical 9.8 9.8 nasa 2mo ago F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize …
CVE-2026-40575 critical 9.1 9.1 oauth2_proxy_project 2mo ago OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing
CVE-2026-5845 critical 9.6 9.6 github 2mo ago An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the int…
CVE-2026-3307 low 2.7 2.7 github 2mo ago An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated b…
CVE-2026-6745 low 3.5 3.5 2mo ago Bagisto affected by Cross-site Scripting
CVE-2026-40910 critical 9.1 9.1 fatedier 2mo ago frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control
CVE-2026-33519 critical 9.8 9.8 linux-kernel esrikubernetes 2mo ago An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentia…
CVE-2026-40903 critical 9.1 9.1 goshs 2mo ago goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the…
CVE-2026-40372 critical 9.1 9.1 microsoft 2mo ago Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-6743 low 3.5 3.5 2mo ago A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated rem…
CVE-2026-5652 critical 9.0 9.0 craftycontrol 2mo ago An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permiss…