VIR Vulnerability Intelligence Relay

Search

Found 66,165 results in 8431ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45343 unknown 8d ago LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScrip…
CVE-2026-47718 unknown 8d ago FUXA provides guest and invalid-token access to protected read APIs in secure mode
CVE-2026-9646 medium 6.1 6.1 8d ago A reflected cross-site scripting issue exists in URL handling.
CVE-2026-46843 medium 5.3 5.3 oracle 8d ago Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac…
CVE-2026-46842 medium 5.3 5.3 oracle 8d ago Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac…
CVE-2026-46841 medium 5.3 5.3 oracle 8d ago Vulnerability in Oracle REST Data Services (component: General). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network…
CVE-2026-46830 medium 5.3 5.3 oracle 8d ago Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with networ…
CVE-2026-9039 unknown 8d ago A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The se…
CVE-2026-9038 unknown 8d ago A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed…
CVE-2026-9037 unknown 8d ago A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic sign…
CVE-2026-49130 medium 5.3 5.3 FIX debian debian 8d ago Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF by…
CVE-2026-49129 medium 5.8 5.8 FIX debian debian 8d ago Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allow…
CVE-2026-42401 medium 5.4 5.4 elastic 8d ago Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which…
CVE-2026-33590 unknown 8d ago Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with end…
CVE-2026-33464 medium 6.5 6.5 elastic 8d ago Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially …
CVE-2026-33463 medium 5.3 5.3 elastic 8d ago Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-b…
CVE-2026-47144 unknown 8d ago Shamefile has an arbitrary file read via shamefile.yaml in shame next
CVE-2026-47128 unknown 8d ago nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
CVE-2026-49094 medium 6.5 6.5 elastic 8d ago Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containin…
CVE-2026-49095 medium 6.5 6.5 elastic 8d ago Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent po…
CVE-2026-42399 medium 6.5 6.5 elastic 8d ago Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentiall…
CVE-2026-42400 medium 6.5 6.5 elastic 8d ago Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload…
CVE-2026-47337 low 3.3 3.3 FIX ubuntu ubuntudebian debian 8d ago Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local u…
CVE-2026-47336 low 3.3 3.3 FIX ubuntu ubuntudebian debian 8d ago Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and…
CVE-2026-47335 medium 5.5 5.5 FIX ubuntu ubuntudebian debian 8d ago Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a …
CVE-2026-47334 medium 5.5 5.5 FIX debian debian 8d ago Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user an…
CVE-2026-47332 medium 5.5 5.5 FIX debian debian 8d ago Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can…
CVE-2026-47330 low 3.3 3.3 FIX debian debian 8d ago Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unpri…
CVE-2026-47329 low 3.3 3.3 FIX debian debian 8d ago Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a…
CVE-2026-47328 medium 6.1 6.1 FIX debian debian 8d ago Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug…
CVE-2026-47327 low 3.3 3.3 FIX debian debian 8d ago Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c…
CVE-2026-47326 medium 5.5 5.5 FIX debian debian 8d ago Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory …
CVE-2026-47136 unknown 8d ago RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentic…
CVE-2026-46685 unknown 8d ago RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origi…
CVE-2026-46526 medium 5.0 5.0 8d ago Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attac…
CVE-2026-45044 unknown 8d ago RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any…
CVE-2026-45042 unknown 8d ago RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing dest…
CVE-2026-45041 unknown 8d ago RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses i…
CVE-2026-45040 unknown 8d ago RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensit…
CVE-2026-46439 unknown 8d ago compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)
CVE-2026-46405 unknown 8d ago OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
CVE-2026-46380 unknown 8d ago compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
CVE-2026-45307 medium 6.1 6.1 8d ago Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is_safe_url() helper used to validate post-login redirect targets applied urlj…
CVE-2026-45297 unknown 8d ago OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS…
CVE-2026-46358 unknown 8d ago OpenBao's Inline Auth Incorrectly Redacted Headers
CVE-2026-46345 unknown 8d ago compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
CVE-2026-45808 unknown 8d ago OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL
CVE-2026-45774 unknown 8d ago compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal
CVE-2026-45287 unknown debian debian 8d ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…
CVE-2026-9091 medium 5.3 5.3 8d ago Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go c…
CVE-2026-6720 unknown 8d ago When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embe…
CVE-2026-47676 medium 5.3 5.3 hono 8d ago Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
CVE-2026-47675 medium 5.3 5.3 hono 8d ago Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection
CVE-2026-47674 medium 5.3 5.3 hono 8d ago Hono: IP Restriction bypasses static deny rules for non-canonical IPv6
CVE-2026-47673 medium 6.5 6.5 hono 8d ago Hono: JWT middleware accepts any Authorization scheme, not only Bearer
CVE-2026-45261 unknown 8d ago GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An a…
CVE-2026-41185 unknown 8d ago When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, t…
CVE-2026-41184 unknown windows windows 8d ago In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico d…
CVE-2026-41160 medium 4.3 4.3 8d ago EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw (Broken Access Control) in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary not…
CVE-2026-41141 medium 6.5 6.5 8d ago EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning e…
CVE-2026-41178 medium 5.3 5.3 debian debian 8d ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log …
CVE-2026-30963 low 2.7 2.7 projectcapsule 8d ago Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate …
CVE-2026-48735 medium 5.5 5.5 debian debian pypdf_project 8d ago pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP me…
CVE-2026-48525 medium 5.3 5.3 slesdebian debian pyjwt_project 8d ago PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL deco…
CVE-2026-48524 low 3.7 3.7 slesdebian debian pyjwt_project 8d ago PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no ra…
CVE-2026-48523 medium 5.4 5.4 slesdebian debian pyjwt_project 8d ago PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. …
CVE-2026-48522 medium 4.2 4.2 slesdebian debian pyjwt_project 8d ago PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registe…
CVE-2026-48156 low 3.3 3.3 debian debian pypdf_project 8d ago pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams w…
CVE-2026-48155 medium 5.5 5.5 debian debian pypdf_project 8d ago pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in l…
CVE-2026-47761 medium 5.4 5.4 tiny 8d ago TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* a…
CVE-2026-47759 medium 5.4 5.4 tiny 8d ago TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).…
CVE-2026-9828 unknown debian debian 8d ago Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted. More precise…
CVE-2026-8990 unknown 8d ago A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with applicat…
CVE-2026-8980 unknown 8d ago The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer a…
CVE-2026-8979 unknown 8d ago The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST re…
CVE-2026-42250 unknown slesdebian debianwindows windows 8d ago bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corru…
CVE-2026-9818 medium 4.7 4.7 8d ago Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-40914 medium 4.3 4.3 apache 8d ago A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routi…
CVE-2026-4377 unknown 8d ago Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the defaul…
CVE-2026-47074 unknown 8d ago Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation. This vulnerability is associated wi…
CVE-2026-46241 unknown FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registra…
CVE-2026-46239 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly …
CVE-2026-46236 unknown FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: media: rc: xbox_remote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates th…
CVE-2026-46235 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164_dev_setup(). If ioremap fo…
CVE-2026-46234 unknown FIX debian debian sleswindows windows google 8d ago In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and …
CVE-2026-46233 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadv_bla_purge_claims() goes through the list of claims, it is only traver…
CVE-2026-46231 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadv_bla_add_claim() fails to insert a new claim into …
CVE-2026-46229 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEA…
CVE-2026-46228 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime ti…
CVE-2026-46226 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: spi: fsl: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA dur…
CVE-2026-46225 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: spi: rspi: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA du…
CVE-2026-46224 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure When drm_gpuvm_resv_object_alloc() fails, the pre-allocated st…
CVE-2026-46223 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpu_ref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to sa…
CVE-2026-46222 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null deref…
CVE-2026-46221 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_nam…
CVE-2026-46220 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) asser…
CVE-2026-46219 unknown FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be…
CVE-2026-46217 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. …
CVE-2026-46216 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status() When media GT is disabled via configfs, there is no all…
CVE-2026-46214 unknown FIX debian debianwindows windows sles google 8d ago In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vs…