VIR Vulnerability Intelligence Relay

Search

Found 28,409 results in 1338ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-8514 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-8513 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
CVE-2026-8512 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…
CVE-2026-8511 critical 9.6 9.6 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8510 high 7.5 7.5 FIX debian debianwindows windows google 24d ago Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted …
CVE-2026-8509 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti…
CVE-2026-44638 low 2.5 2.5 FIX debian debian sles saitoha 24d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointe…
CVE-2026-44637 high 7.1 7.1 FIX debian debian sles saitoha 24d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-boun…
CVE-2026-44636 high 7.8 7.8 FIX debian debian sles saitoha 24d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…
CVE-2026-43909 high 8.8 8.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
CVE-2026-43908 high 8.8 8.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
CVE-2026-43907 high 8.3 8.3 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGB…
CVE-2026-43906 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the H…
CVE-2026-43905 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer…
CVE-2026-43904 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…
CVE-2026-43903 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT…
CVE-2026-44973 high 8.1 8.1 debian debian 24d ago Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem…
CVE-2026-46470 critical 9.1 9.1 FIX debian debian slesubuntu ubuntu freedesktop 24d ago GStreamer Good Plugins vulnerabilities
CVE-2026-44348 low 2.5 2.5 FIX debian debian sles 24d ago PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…
CVE-2026-45076 low 2.7 2.7 FIX debian debian element 24d ago Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h…
CVE-2026-24712 high 7.3 7.3 debian debian northern.tech 24d ago Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
CVE-2026-6638 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 24d ago PostgreSQL vulnerabilities
CVE-2026-6637 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 24d ago PostgreSQL vulnerabilities
CVE-2026-6479 high 7.5 7.5 FIX slesdebian debianwindows windows postgresql 24d ago PostgreSQL vulnerabilities
CVE-2026-6477 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 24d ago PostgreSQL vulnerabilities
CVE-2026-6476 high 7.2 7.2 FIX slesdebian debianubuntu ubuntu postgresql 24d ago PostgreSQL vulnerabilities
CVE-2026-6475 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 24d ago PostgreSQL vulnerabilities
CVE-2026-6473 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 24d ago PostgreSQL vulnerabilities
CVE-2026-46446 high 7.1 7.1 FIX debian debian 25d ago SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
CVE-2026-46445 high 7.1 7.1 FIX debian debian 25d ago SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-44471 high 7.8 7.8 FIX debian debian gitoxidelabs 25d ago gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int…
CVE-2026-8328 unknown slesdebian debianwindows windows 25d ago The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpee…
CVE-2026-42561 high 7.5 7.5 slesdebian debian 25d ago Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data…
CVE-2026-42304 high 7.5 7.5 FIX slesdebian debianwindows windows twisted 25d ago Twisted vulnerability
CVE-2026-8466 high 8.0 debian debianwindows windows 25d ago Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
CVE-2026-44248 high 7.5 7.5 slesdebian debian netty 25d ago Netty MQTT: Resource exhaustion in MqttDecoder
CVE-2026-43970 high 8.0 debian debianwindows windows 25d ago Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib…
CVE-2026-42587 high 7.5 7.5 slesdebian debian nettygoogle 25d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
CVE-2026-42586 high 7.1 7.1 slesdebian debian netty 25d ago Netty Redis Codec Encoder has a CRLF Injection Issue
CVE-2026-42585 high 7.5 7.5 slesdebian debian netty 25d ago Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
CVE-2026-42584 critical 9.1 9.1 slesdebian debian netty 25d ago Netty has HttpClientCodec response desynchronization
CVE-2026-42583 high 7.5 7.5 slesdebian debian netty 25d ago Netty Lz4FrameDecoder is vulnerable to resource exhaustion
CVE-2026-42582 high 7.5 7.5 slesdebian debian netty 25d ago Netty HTTP/3 QPACK literal unbounded allocation
CVE-2026-42581 critical 9.8 9.8 slesdebian debian netty 25d ago Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
CVE-2026-42579 critical 9.1 9.1 slesdebian debian netty 25d ago Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
CVE-2026-42578 high 7.5 7.5 slesdebian debian netty 25d ago Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
CVE-2026-42577 high 7.5 7.5 debian debian netty 25d ago Netty epoll transport denial of service via RST on half-closed TCP connection
CVE-2026-44432 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu python 25d ago urllib3 vulnerabilities
CVE-2026-43489 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av…
CVE-2026-43488 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA…
CVE-2026-43487 unknown FIX slesdebian debian google 25d ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau…
CVE-2026-43486 unknown FIX slesdebian debian google 25d ago In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep…
CVE-2026-43485 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j…
CVE-2026-43484 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre…
CVE-2026-43483 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d…
CVE-2026-43482 unknown FIX slesdebian debian google 25d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which …
CVE-2026-43481 high 7.8 7.8 FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() con…
CVE-2026-43480 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r…
CVE-2026-43479 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.…
CVE-2026-43478 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put…
CVE-2026-43477 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_V…
CVE-2026-43476 high 7.8 7.8 FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) in…
CVE-2026-42557 critical 9.6 9.6 debian debian jupyter 25d ago jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlink…
CVE-2026-44724 high 7.8 7.8 FIX debian debian 25d ago systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active Netwo…
CVE-2026-6276 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 25d ago curl vulnerabilities
CVE-2026-5773 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 25d ago curl vulnerabilities
CVE-2026-45793 high 8.0 FIX debian debian 26d ago Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
CVE-2026-40164 high 7.5 7.5 FIX rheldebian debian sles 26d ago jq regression
CVE-2026-39979 high 8.0 FIX rheldebian debian sles 26d ago Important: jq security update
CVE-2026-44660 high 7.5 7.5 debian debian ultrajson_project 26d ago UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an excepti…
CVE-2026-44301 high 8.1 8.1 FIX debian debian gohugo 26d ago Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with…
CVE-2026-44296 high 7.5 7.5 FIX debian debian 26d ago Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). Whe…
CVE-2026-42268 high 7.5 7.5 FIX slesdebian debian owasp 26d ago ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused …
CVE-2026-44240 high 7.5 7.5 FIX debian debian 26d ago basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
CVE-2026-45185 critical 9.8 9.8 FIX debian debian slesubuntu ubuntu exim 26d ago Exim vulnerabilities
CVE-2026-8430 high 8.1 8.1 FIX debian debian 26d ago SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co…
CVE-2026-8429 high 8.8 8.8 FIX debian debian 26d ago SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi…
CVE-2026-31236 critical 9.8 9.8 debian debian 26d ago llm CLI tool contains a code injection vulnerability via `--functions` command-line argument
CVE-2026-5089 high 7.3 7.3 FIX debian debian 26d ago YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. Whe…
CVE-2026-43515 critical 9.1 9.1 FIX slesdebian debianubuntu ubuntu apache 26d ago Tomcat vulnerabilities
CVE-2026-43514 low 3.7 3.7 FIX slesdebian debian apache 26d ago Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M…
CVE-2026-43513 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu apache 26d ago Tomcat vulnerabilities
CVE-2026-43512 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu apache 26d ago Tomcat vulnerabilities
CVE-2026-42498 high 7.3 7.3 FIX slesdebian debian apache 26d ago Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1…
CVE-2026-41293 critical 9.8 9.8 FIX slesdebian debian apache 26d ago Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0…
CVE-2026-41284 high 7.5 7.5 FIX slesdebian debian apache 26d ago Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 t…
CVE-2026-34933 unknown debian debian slesubuntu ubuntu 26d ago Avahi vulnerabilities
CVE-2026-24401 unknown FIX debian debian slesubuntu ubuntu 26d ago Avahi vulnerabilities
CVE-2026-8390 high 7.3 7.3 FIX debian debian mozilla 26d ago Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8389 high 8.8 8.8 FIX debian debian mozilla 26d ago JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-27851 critical 9.1 9.1 FIX debian debian slesubuntu ubuntu dovecotopen-xchange 26d ago Dovecot vulnerabilities
CVE-2026-8162 high 7.5 7.5 FIX debian debian pillarjs 26d ago multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
CVE-2026-8161 high 7.5 7.5 FIX debian debian pillarjs 26d ago multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
CVE-2026-8159 high 7.5 7.5 FIX debian debian pillarjs 26d ago multiparty vulnerable to ReDoS via filename parsing
CVE-2026-4887 high 7.1 7.1 FIX rheldebian debian sles gimp 27d ago Important: gimp security update
CVE-2026-43284 high 8.8 9.8 EXPFIX rhel slesdebian debian awsgoogle 27d ago Linux kernel vulnerabilities
CVE-2026-4154 high 8.0 FIX rheldebian debian sles 27d ago Important: gimp security update
CVE-2026-4153 high 8.0 FIX rheldebian debian sles 27d ago Important: gimp security update
CVE-2026-4152 high 8.0 FIX rheldebian debian sles 27d ago Important: gimp security update
CVE-2026-4151 high 8.0 FIX rheldebian debian sles 27d ago Important: gimp security update