VIR Vulnerability Intelligence Relay

Search

Found 25,323 results in 1537ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-20793 low 3.3 3.3 intel 24d ago Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an a…
CVE-2026-43514 low 3.7 3.7 FIX slesdebian debian apache 24d ago Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M…
CVE-2026-32684 low 2.9 2.9 24d ago The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
CVE-2026-41530 low 3.3 3.3 24d ago The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe…
CVE-2026-40131 low 3.4 3.4 24d ago SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi…
CVE-2026-45362 low 3.2 3.2 24d ago Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
CVE-2026-42188 low 2.4 2.4 24d ago Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
CVE-2026-28910 low 3.3 3.3 FIX macos macos 24d ago macOS Tahoe 26.4
CVE-2026-42874 low 3.7 3.7 24d ago Microdot has HTTP response splitting in Response.set_cookie()
CVE-2026-43969 low 3.2 3.2 FIX debian debianwindows windows ninenines 25d ago cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
CVE-2026-44996 low 3.7 3.7 openclaw 25d ago OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag…
CVE-2026-44658 low 2.4 2.4 25d ago Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same r…
CVE-2026-34094 low 3.8 3.8 FIX debian debian mediawiki 25d ago Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-8276 low 3.7 3.7 debian debian sles 25d ago bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go
CVE-2026-8275 low 3.7 3.7 debian debian 25d ago bettercap Has an Integer Coercion Error in the ippReadChunkedBody Function
CVE-2026-8262 low 2.4 2.4 25d ago A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack ma…
CVE-2026-8256 low 2.4 2.4 25d ago A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scriptin…
CVE-2026-8255 low 2.4 2.4 25d ago A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack c…
CVE-2026-8254 low 2.4 2.4 25d ago A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross si…
CVE-2026-8253 low 2.4 2.4 25d ago A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross …
CVE-2026-28957 low 3.3 3.3 FIX iosmacos macos apple 25d ago visionOS 26.5
CVE-2026-28894 unknown iosmacos macos 25d ago macOS Sonoma 14.8.5
CVE-2026-1837 unknown FIX iosmacos macos tvos 25d ago visionOS 26.5
CVE-2026-8242 low 3.7 3.7 26d ago A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results…
CVE-2026-8232 low 3.5 3.5 26d ago A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The ma…
CVE-2026-8221 low 2.4 2.4 26d ago A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible t…
CVE-2026-8220 low 2.4 2.4 26d ago A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack…
CVE-2026-8219 low 2.4 2.4 26d ago A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross sit…
CVE-2026-8218 low 2.4 2.4 26d ago A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing a manipulation can lead to cro…
CVE-2026-45182 low 2.2 2.2 26d ago GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let syste…
CVE-2026-8196 low 3.7 3.7 26d ago A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginControlle…
CVE-2026-44987 low 3.8 3.8 27d ago SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th…
CVE-2026-42195 low 3.4 3.4 27d ago draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut…
CVE-2026-32803 low 3.3 3.3 28d ago Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileg…
CVE-2026-44916 low 3.0 3.0 FIX debian debian 28d ago In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
CVE-2026-8136 low 2.4 2.4 28d ago A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead…
CVE-2026-41498 low 3.3 3.3 kimai 28d ago Kimai has Missing Object-Level Authorization in the Team API
CVE-2026-27964 low 3.9 3.9 29d ago FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation
CVE-2026-8022 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
CVE-2026-8017 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-7968 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafte…
CVE-2026-7966 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
CVE-2026-7965 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
CVE-2026-7959 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…
CVE-2026-7954 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security…
CVE-2026-7949 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromi…
CVE-2026-7945 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT…
CVE-2026-7944 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …
CVE-2026-7937 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c…
CVE-2026-7909 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…
CVE-2026-8028 low 3.7 3.7 flowiseai 1mo ago A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Perf…
CVE-2025-31959 low 3.5 3.5 hcltech 1mo ago HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentio…
CVE-2026-6210 unknown FIX slesdebian debianwindows windows 1mo ago A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at…
CVE-2025-62345 low 2.7 2.7 1mo ago HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the …
CVE-2026-44405 low 3.4 3.4 slesdebian debian 1mo ago Paramiko rsakey.py allows the SHA-1 algorithm
CVE-2026-7847 low 2.6 2.6 1mo ago Langchain-Chatchat Uses Insufficiently Random Values
CVE-2026-7846 low 2.6 2.6 1mo ago Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
CVE-2026-7845 low 2.6 2.6 1mo ago Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
CVE-2026-43529 low 2.5 2.5 openclaw 1mo ago OpenClaw: TOCTOU read in exec script preflight
CVE-2026-7740 low 3.3 3.3 1mo ago A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id…
CVE-2026-7739 low 3.3 3.3 1mo ago A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation …
CVE-2026-43864 low 2.5 2.5 slesdebian debian 1mo ago mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
CVE-2026-43863 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
CVE-2026-43862 low 3.7 3.7 slesdebian debian 1mo ago In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
CVE-2026-43861 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 does not check for '\0' in url_pct_decode.
CVE-2026-43860 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
CVE-2026-43859 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
CVE-2026-7689 low 3.7 3.7 1mo ago Dolibarr has Insufficient Verification of Data Authenticity
CVE-2026-7677 low 3.5 3.5 1mo ago A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic…
CVE-2026-7671 low 3.7 3.7 1mo ago A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restr…
CVE-2026-7501 low 3.5 3.5 1mo ago A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument p…
CVE-2026-41263 low 3.7 3.7 traefik 1mo ago Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
CVE-2026-33448 low 3.3 3.3 macos macos absolute 1mo ago CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump t…
CVE-2026-3832 low 3.7 3.7 FIX debian debian rhel gnuredhat 1mo ago A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a lo…
CVE-2026-41663 low 3.5 3.5 1mo ago Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send
CVE-2026-41659 low 2.7 2.7 1mo ago Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment
CVE-2026-7390 low 3.5 3.5 1mo ago A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the arg…
CVE-2026-22741 low 3.1 3.1 debian debian vmware 1mo ago Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
CVE-2026-7360 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
CVE-2026-7351 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium se…
CVE-2026-7303 low 3.7 3.7 1mo ago xxl-job has a Resource Injection issue
CVE-2026-7297 low 2.4 2.4 1mo ago A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation…
CVE-2026-7296 low 2.4 2.4 1mo ago A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument…
CVE-2026-7295 low 2.4 2.4 1mo ago A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation of the …
CVE-2026-7294 low 2.4 2.4 1mo ago A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation o…
CVE-2026-41913 low 3.7 3.7 openclaw 1mo ago OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths
CVE-2026-7281 low 2.4 2.4 1mo ago A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation …
CVE-2026-7269 low 2.4 2.4 1mo ago A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID …
CVE-2026-7222 low 3.5 3.5 1mo ago A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the compo…
CVE-2026-7110 low 3.5 3.5 1mo ago A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cro…
CVE-2026-7103 low 3.7 3.7 1mo ago A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Passw…
CVE-2026-7090 low 2.4 2.4 1mo ago A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument m…
CVE-2026-7041 low 3.7 3.7 1mo ago A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation…
CVE-2026-7021 low 3.5 3.5 1mo ago A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the arg…
CVE-2026-7020 low 3.7 3.7 sles ollama 1mo ago Ollama is Vulnerable to Path Traversal
CVE-2026-7016 low 2.4 2.4 1mo ago A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site…
CVE-2026-7015 low 2.4 2.4 1mo ago A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_emai…
CVE-2026-7014 low 2.4 2.4 1mo ago A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scrip…
CVE-2026-7013 low 2.4 2.4 1mo ago A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subje…
CVE-2026-7012 low 2.4 2.4 1mo ago A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting…