VIR Vulnerability Intelligence Relay

Search

Found 28,403 results in 3250ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46633 critical 9.5 FIX debian debian 18d ago Twig: PHP code injection via `{% use %}` template name
CVE-2026-46629 low 2.5 FIX debian debian 18d ago twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments
CVE-2026-46628 low 2.5 FIX debian debian 18d ago Twig: The `spaceless` filter implicitly marks its output as safe
CVE-2026-46627 unknown FIX debian debian 18d ago Sandbox does not protect against resource exhaustion
CVE-2026-46626 unknown FIX debian debian 18d ago CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
CVE-2026-45756 unknown FIX debian debian 18d ago Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
CVE-2026-45755 unknown FIX debian debian 18d ago Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
CVE-2026-45754 unknown FIX debian debian 18d ago Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
CVE-2026-45753 unknown FIX debian debian 18d ago Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
CVE-2026-45305 low 2.5 FIX debian debian 18d ago Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
CVE-2026-45304 low 2.5 FIX debian debian 18d ago Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
CVE-2026-45133 low 2.5 FIX debian debian 18d ago Symfony hardened the parser when handling untrusted input
CVE-2026-45077 high 8.0 FIX debian debian 18d ago Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
CVE-2026-45072 low 2.5 FIX debian debian 18d ago Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering
CVE-2026-45071 low 2.5 FIX debian debian 18d ago Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
CVE-2026-45067 high 8.0 FIX debian debian 18d ago Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
CVE-2026-45063 high 8.0 FIX debian debian 18d ago Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator
CVE-2026-24425 critical 9.9 9.9 FIX debian debian symfony 18d ago Twig: Possible sandbox bypass when using a source policy
CVE-2026-47784 high 8.1 8.1 FIX slesdebian debianwindows windows memcached 18d ago Memcached vulnerabilities
CVE-2026-47783 high 8.1 8.1 FIX slesdebian debianwindows windows memcached 18d ago Memcached vulnerabilities
CVE-2026-45232 low 3.7 3.7 FIX slesdebian debianwindows windows samba 19d ago rsync vulnerabilities
CVE-2026-43618 high 8.1 8.1 FIX slesdebian debianwindows windows samba 19d ago rsync vulnerabilities
CVE-2026-46333 high 7.1 7.1 FIX rhel slesdebian debian google 19d ago Linux kernel vulnerabilities
CVE-2026-46300 high 7.8 8.8 EXPFIX rhel slesdebian debian awsgoogle 19d ago Linux kernel vulnerabilities
CVE-2026-43128 high 7.8 7.8 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dma_buf_unpin in failure path In ib_umem_dmabuf_get_pinned_with_dma_device(), the call to ib_umem_dmabuf_ma…
CVE-2026-37555 high 7.5 7.5 FIX rheldebian debian sles libsndfile_project 19d ago RHSA-2026:19559: libsndfile security update (Important)
CVE-2026-31607 critical 9.8 9.8 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_…
CVE-2026-31532 high 7.8 7.8 FIX rhel slesdebian debian google 19d ago In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but…
CVE-2026-23401 high 8.0 FIX rhel slesdebian debian google 19d ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after*…
CVE-2026-23204 high 7.1 7.1 FIX rocky rhel sles 19d ago Linux kernel vulnerabilities
CVE-2026-22990 high 8.0 FIX rhel slesdebian debian 19d ago Linux kernel (Azure) vulnerabilities
CVE-2026-22984 high 8.0 FIX rhel slesdebian debian 19d ago Linux kernel (Azure) vulnerabilities
CVE-2025-71116 high 8.0 FIX rhel slesdebian debian 19d ago Linux kernel (Low Latency NVIDIA) vulnerabilities
CVE-2025-68741 high 8.0 FIX rhel slesdebian debian 19d ago Linux kernel (Low Latency NVIDIA) vulnerabilities
CVE-2025-39766 high 7.8 7.8 FIX rhel slesdebian debian 19d ago Important: kernel security update
CVE-2026-32882 high 7.1 7.1 debian debian sles 19d ago libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overla…
CVE-2026-32741 high 7.1 7.1 debian debian sles 19d ago libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mas…
CVE-2026-32740 high 8.8 8.8 debian debian sles struktur 19d ago libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write …
CVE-2026-33642 critical 9.8 9.8 FIX debian debian kovidgoyal 19d ago Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned …
CVE-2026-33633 high 8.8 8.8 FIX debian debian kovidgoyal 19d ago Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash ki…
CVE-2026-48019 unknown debian debian 19d ago Laravel CRLF injection in default email rule
CVE-2026-31072 critical 9.8 9.8 debian debian sles 19d ago APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
CVE-2026-8711 high 8.1 8.1 FIX debian debianwindows windows 19d ago NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoki…
CVE-2026-8973 high 8.8 8.8 FIX debian debian sles mozilla 19d ago Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code…
CVE-2026-8972 high 8.8 8.8 FIX debian debian sles mozilla 19d ago Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8969 high 8.1 8.1 FIX debian debian sles mozilla 19d ago Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8967 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8966 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8965 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8964 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8963 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8960 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8952 high 8.8 8.8 FIX debian debian sles mozilla 19d ago Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8949 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8948 critical 9.1 9.1 FIX debian debian sles mozilla 19d ago Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8945 high 7.5 7.5 FIX debian debian sles mozilla 19d ago Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-23558 high 7.8 7.8 slesdebian debian 19d ago The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapp…
CVE-2026-43493 critical 9.8 9.8 FIX slesdebian debianwindows windows 19d ago In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that va…
CVE-2026-43492 unknown FIX slesdebian debianwindows windows 19d ago In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() …
CVE-2026-43491 unknown FIX slesdebian debianwindows windows 19d ago In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added …
CVE-2022-49033 unknown FIX slesdebian debianubuntu ubuntu 19d ago Linux kernel vulnerabilities
CVE-2026-7323 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 20d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7322 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 20d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7321 critical 9.6 9.6 FIX rheldebian debianalmalinux almalinux mozilla 20d ago RHSA-2026:20586: thunderbird security update (Important)
CVE-2026-7320 high 7.5 7.5 FIX rheldebian debianalmalinux almalinux mozilla 20d ago Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.…
CVE-2026-5713 high 8.0 FIX rhel slesdebian debian 20d ago Important: python3.14 security update
CVE-2026-4892 high 8.4 8.4 FIX rheldebian debian sles 20d ago Dnsmasq vulnerabilities
CVE-2026-4890 high 7.5 7.5 FIX rheldebian debian sles 20d ago Dnsmasq vulnerabilities
CVE-2026-4519 high 8.0 FIX rocky rheldebian debian 20d ago Important: python3.12 security update
CVE-2026-4224 high 7.5 7.5 FIX rhel slesdebian debian python 20d ago Important: python3.12 security update
CVE-2026-41035 high 7.8 7.8 FIX rhel slesdebian debian samba 20d ago rsync vulnerabilities
CVE-2026-39373 low 2.5 FIX rhel slesdebian debian 20d ago JWCrypto: JWE ZIP decompression bomb
CVE-2026-3644 high 7.5 7.5 FIX rhel slesdebian debian python 20d ago Important: python3.12 security update
CVE-2026-33984 high 8.0 FIX rheldebian debian sles 20d ago Important: freerdp security update
CVE-2026-33983 high 8.0 FIX rheldebian debian sles 20d ago Important: freerdp security update
CVE-2026-33810 high 8.0 FIX rheldebian debian sles 20d ago When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affe…
CVE-2026-32281 high 8.0 FIX rheldebian debian sles google 20d ago Inefficient policy validation in crypto/x509
CVE-2026-31790 high 7.5 7.5 FIX rhel slesdebian debian opensslgoogle 20d ago Moderate: openssl security update
CVE-2026-3085 high 8.0 FIX rheldebian debian rocky 20d ago GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Int…
CVE-2026-3083 high 8.0 FIX rheldebian debian rocky 20d ago GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interactio…
CVE-2026-3082 high 8.0 FIX rheldebian debian rocky 20d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2923 high 8.0 FIX rheldebian debian rocky 20d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2922 high 8.0 FIX rheldebian debian rocky 20d ago Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update
CVE-2026-2921 high 8.0 FIX rheldebian debian rocky 20d ago GStreamer Base Plugins vulnerability
CVE-2026-2920 high 8.0 FIX rheldebian debian rocky 20d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-28871 high 8.0 FIX rhel slesdebian debian 20d ago WebKitGTK vulnerabilities
CVE-2026-28859 high 8.0 FIX rhel slesdebian debian 20d ago WebKitGTK vulnerabilities
CVE-2026-28857 high 8.0 FIX rhel slesdebian debian 20d ago WebKitGTK vulnerabilities
CVE-2026-27137 high 8.0 FIX rheldebian debian sles 20d ago Incorrect enforcement of email constraints in crypto/x509
CVE-2026-24842 high 8.0 FIX rhel slesdebian debian 20d ago Important: linux-sgx security update
CVE-2026-23950 high 8.0 FIX rheldebian debian 20d ago Important: linux-sgx security update
CVE-2026-23745 high 8.0 FIX rhel slesdebian debian 20d ago Important: linux-sgx security update
CVE-2026-23243 high 7.8 7.8 FIX rhel slesdebian debian 20d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD heade…
CVE-2026-23060 high 8.0 FIX rhel slesdebian debian 20d ago Linux kernel (BlueField) vulnerabilities
CVE-2026-2297 high 8.0 FIX rhel slesdebian debian 20d ago Important: python3.12 security update
CVE-2026-2291 high 7.3 7.3 FIX rheldebian debian sles 20d ago Dnsmasq vulnerabilities
CVE-2026-20691 high 8.0 FIX rhel slesdebian debian 20d ago WebKitGTK vulnerabilities
CVE-2026-20676 high 8.0 FIX rhel slesdebian debian 20d ago WebKitGTK vulnerabilities
CVE-2026-20665 high 8.0 FIX rhel slesdebian debian 20d ago WebKitGTK vulnerabilities
CVE-2026-20664 high 8.0 FIX rhel slesdebian debian 20d ago WebKitGTK vulnerabilities