VIR Vulnerability Intelligence Relay

Search

Found 20,858 results in 679ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2009-0556 unknown 1.5 KEV 5mo ago Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index…
CVE-2026-21892 unknown FIX debian debian 5mo ago Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsaf…
CVE-2025-69230 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is…
CVE-2025-69229 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a …
CVE-2025-69228 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontro…
CVE-2025-69227 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS a…
CVE-2025-69226 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path no…
CVE-2025-69225 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There…
CVE-2025-69224 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII…
CVE-2025-69223 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be a…
CVE-2025-61916 unknown 5mo ago Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
CVE-2025-68280 unknown 5mo ago Apache SIS has Improper Restriction of XML External Entity Reference vulnerability
CVE-2026-21452 unknown debian debian 5mo ago MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
CVE-2025-66518 unknown 5mo ago Apache Kyuubi Server vulnerable to Path Traversal
CVE-2025-15022 unknown 5mo ago Vaadin vulnerable to Cross-site Scripting
CVE-2025-47411 unknown 5mo ago Apache StreamPipes has Improper Privilege Management issue
CVE-2025-68131 unknown FIX debian debian sles 5mo ago CBORDecoder reuse can leak shareable values across decode calls
CVE-2025-68950 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a …
CVE-2025-68618 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7…
CVE-2025-67746 unknown FIX debian debian sles 5mo ago Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI cont…
CVE-2023-54164 unknown FIX slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operat…
CVE-2026-0810 unknown debian debian 5mo ago A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `T…
CVE-2025-14847 unknown 2.5 KEVEXP 5mo ago MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by a…
CVE-2023-54130 unknown FIX slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit…
CVE-2025-68351 unknown FIX slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get…
CVE-2025-68613 unknown 2.5 KEVEXP 6mo ago n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.
CVE-2023-52163 unknown 1.5 KEV 6mo ago Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
CVE-2025-68478 unknown 6mo ago External Control of File Name or Path in Langflow
CVE-2025-13467 unknown 6mo ago Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
CVE-2025-66524 unknown 6mo ago Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization
CVE-2025-68390 unknown 6mo ago Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation
CVE-2025-68384 unknown 6mo ago Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data
CVE-2025-14733 unknown 1.5 KEV 6mo ago WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and …
CVE-2025-68161 unknown FIX debian debian sles 6mo ago Apache Log4j does not verify the TLS hostname in its Socket Appender
CVE-2025-14763 unknown aws 6mo ago Amazon S3 Encryption Client for Java has a Key Commitment Issue
CVE-2024-29371 unknown FIX slesdebian debian 6mo ago jose4j is vulnerable to DoS via compressed JWE content
CVE-2025-67895 unknown 6mo ago Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
CVE-2025-59374 unknown 1.5 KEV 6mo ago ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could caus…
CVE-2025-40602 unknown 1.5 KEV 6mo ago SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
CVE-2025-20393 unknown 1.5 KEV 6mo ago Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with…
CVE-2025-68154 unknown FIX debian debian 6mo ago systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows syste…
CVE-2025-68146 unknown FIX slesdebian debian 6mo ago filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user …
CVE-2025-68142 unknown FIX debian debian 6mo ago PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension (`pymdownx.blocks.caption`).…
CVE-2025-68315 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-o…
CVE-2025-68307 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of …
CVE-2025-68251 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted ima…
CVE-2025-68239 unknown FIX slesdebian debian google 6mo ago In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using o…
CVE-2025-68201 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace.
CVE-2025-40347 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetc_mdio_lock After applying the workaround for err050089, the LS1028A platform experiences RCU…
CVE-2025-68113 unknown 6mo ago ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
CVE-2025-59718 unknown 1.5 KEV 6mo ago Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiC…
CVE-2025-67748 unknown 6mo ago Fickling has Code Injection vulnerability via pty.spawn()
CVE-2025-67735 unknown FIX slesdebian debian 6mo ago Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
CVE-2025-65431 unknown FIX debian debian 6mo ago django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions
CVE-2025-65430 unknown FIX debian debian 6mo ago django-allauth does not reject access tokens for inactive users
CVE-2025-66388 unknown 6mo ago Apache Airflow exposes secret values to authenticated UI users via rendered templates
CVE-2025-37731 unknown 6mo ago Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
CVE-2025-14611 unknown 2.5 KEVEXP 6mo ago Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoin…
CVE-2025-14674 unknown 6mo ago snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
CVE-2025-67721 unknown 6mo ago aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
CVE-2025-3586 unknown 6mo ago Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations
CVE-2025-53960 unknown 6mo ago Apache StreamPark: Use the user’s password as the secret key Vulnerability
CVE-2025-40345 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes …
CVE-2025-54981 unknown 6mo ago Apache StreamPark uses a Weak Encryption Algorithm
CVE-2025-54947 unknown 6mo ago Apache StreamPark has a hard-coded encryption key
CVE-2025-26866 unknown 6mo ago Apache HugeGraph-Server: RAFT and deserialization vulnerability
CVE-2018-4063 unknown 1.5 KEV 6mo ago Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploade…
CVE-2025-67505 unknown 6mo ago Race condition in the Okta Java SDK
CVE-2025-66033 unknown 6mo ago Improper Memory Cleanup in the Okta Java SDK
CVE-2025-67643 unknown 6mo ago Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability
CVE-2025-67642 unknown 6mo ago Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials
CVE-2025-67641 unknown 6mo ago Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
CVE-2025-67640 unknown 6mo ago Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin
CVE-2025-67639 unknown 6mo ago Jenkins has a CSRF vulnerability on the login form
CVE-2025-67638 unknown 6mo ago Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67637 unknown 6mo ago Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67636 unknown 6mo ago Jenkins is missing a permission check on password fields
CVE-2025-67635 unknown 6mo ago Jenkins has a Denial of service vulnerability in HTTP-based CLI
CVE-2025-67713 unknown FIX debian debian 6mo ago Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like /…
CVE-2025-66628 unknown FIX debian debian sles 6mo ago ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in…
CVE-2025-66474 unknown 6mo ago XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
CVE-2025-66473 unknown 6mo ago XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis
CVE-2025-66472 unknown 6mo ago XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
CVE-2025-8110 unknown 1.5 KEV 6mo ago Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
CVE-2025-66675 unknown 6mo ago Apache Struts has a Denial of Service vulnerability
CVE-2025-14082 unknown 6mo ago Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
CVE-2025-13955 unknown 6mo ago Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default pa…
CVE-2025-13954 unknown 6mo ago Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI
CVE-2025-14307 unknown debian debian 6mo ago An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attacke…
CVE-2025-14306 unknown debian debian 6mo ago A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to travers…
CVE-2025-62221 unknown 1.5 KEV 6mo ago Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
CVE-2025-6218 unknown 1.5 KEVFIX debian debian 6mo ago RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
CVE-2025-66644 unknown 1.5 KEV 6mo ago Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
CVE-2022-37055 unknown 1.5 KEV 6mo ago D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service …
CVE-2025-40281 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto syzbot reported a possible shift-out-of-bounds [1] Blame…
CVE-2025-40280 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reini…
CVE-2025-40278 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . …
CVE-2025-66623 unknown 6mo ago Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
CVE-2025-66564 unknown FIX debian debian 6mo ago Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (whi…
CVE-2025-66506 unknown FIX debian debian 6mo ago Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to str…