VIR Vulnerability Intelligence Relay

Search

Found 45,534 results in 4598ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-7881 medium 4.3 4.3 concretecms 15d ago Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express…
CVE-2026-7879 medium 5.3 5.3 concretecms 15d ago In Concrete CMS 9.5.0 and below,  the submit_password() method in concrete/controllers/single_page/download_file.php allows unauthorized file access since downloading permission-restricted files bypa…
CVE-2026-5091 medium 5.1 5.1 FIX debian debian 15d ago Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess…
CVE-2026-4929 medium 5.4 5.4 simple_hierarchical_select_project 15d ago Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_fie…
CVE-2026-4093 medium 5.4 5.4 taxonomy_term_reference_tree_widget_project 15d ago In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A (token display templates): When the Token module is enabled and token di…
CVE-2026-22678 medium 5.4 5.4 webmin 15d ago Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attack…
CVE-2026-46678 medium 5.5 15d ago Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)
CVE-2026-46671 medium 5.5 15d ago Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
CVE-2026-46645 medium 5.5 15d ago SQLAdmin: Authorization Bypass on `ajax_lookup`
CVE-2026-8205 medium 5.3 5.3 concretecms 15d ago Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being…
CVE-2026-8204 medium 5.3 5.3 concretecms 15d ago Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot…
CVE-2026-8203 medium 5.4 5.4 concretecms 15d ago Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that execute…
CVE-2026-8197 medium 4.8 4.8 concretecms 15d ago Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name (admin-controlled) through Concrete's t() translation he…
CVE-2026-8140 medium 6.5 6.5 concretecms 15d ago Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download() method in concrete/controllers/single_page/dash…
CVE-2026-6826 medium 5.3 5.3 concretecms 15d ago Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs…
CVE-2026-46609 medium 5.5 15d ago Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
CVE-2026-46556 medium 5.5 15d ago FlaskBB: SSRF in get_image_info() via unrestricted avatar URL
CVE-2026-46554 low 2.5 15d ago NocoDB: Stale Auth Cache After API Token Deletion
CVE-2026-46553 low 2.5 15d ago NocoDB: Attachment Size Limit Bypass via Upload-by-URL
CVE-2026-46552 medium 5.5 15d ago NocoDB: Shared-base link access can invite arbitrary users as persistent base members
CVE-2026-46551 medium 5.5 15d ago NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
CVE-2026-46550 medium 5.5 15d ago NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
CVE-2026-46549 low 2.5 15d ago NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
CVE-2026-46548 medium 5.5 15d ago NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
CVE-2026-46547 medium 5.5 15d ago NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
CVE-2026-46668 low 2.5 15d ago SpiceDB: Caveat structures with nested lists can result in improper cache reuse
CVE-2026-46683 medium 5.5 15d ago Snappy : SSRF and local file read via the xsl-style-sheet option
CVE-2026-46618 medium 5.5 15d ago Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
CVE-2026-4843 medium 4.3 4.3 15d ago The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and …
CVE-2026-46616 medium 5.5 15d ago Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
CVE-2026-46561 medium 5.0 5.0 15d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An…
CVE-2026-46543 medium 5.5 15d ago nimiq-blockchain: Genesis batch set request
CVE-2026-46542 medium 5.5 15d ago nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
CVE-2026-46539 medium 5.5 15d ago nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
CVE-2026-46497 low 2.5 15d ago Crawlee for Python: SSRF via sitemap-derived URLs
CVE-2026-48249 medium 5.9 5.9 16d ago Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing …
CVE-2026-48248 medium 5.9 5.9 16d ago Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H…
CVE-2026-48247 medium 5.9 5.9 16d ago Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbou…
CVE-2026-48246 medium 5.9 5.9 16d ago Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTT…
CVE-2026-48245 medium 5.3 5.3 16d ago Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the sour…
CVE-2026-48244 medium 5.3 5.3 16d ago Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to th…
CVE-2026-48243 medium 5.3 5.3 16d ago Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can ext…
CVE-2026-48230 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan…
CVE-2026-48229 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
CVE-2026-48228 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
CVE-2026-48227 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…
CVE-2026-48226 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
CVE-2026-48225 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value…
CVE-2026-48224 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48223 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
CVE-2026-48222 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48221 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…
CVE-2026-48220 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48219 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48218 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an uns…
CVE-2026-48217 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitiz…
CVE-2026-48216 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
CVE-2026-48215 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-48214 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
CVE-2026-39593 medium 6.5 6.5 16d ago Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10.
CVE-2026-48213 medium 5.4 5.4 16d ago Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value t…
CVE-2026-46486 medium 5.5 16d ago Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing
CVE-2026-46403 medium 5.5 16d ago Klever-Go KVM read-only execution can commit contract delete and upgrade side effects
CVE-2026-36189 medium 6.2 6.2 16d ago Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial…
CVE-2026-1816 medium 6.3 6.3 16d ago Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Appli…
CVE-2026-1815 medium 5.7 5.7 16d ago Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 b…
CVE-2026-34926 medium 6.7 8.2 KEV trendmicro 16d ago Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl…
CVE-2026-6841 medium 6.1 6.1 FIX debian debian bestpractical 16d ago Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary Jav…
CVE-2026-0393 medium 6.5 6.5 codesys 16d ago The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerabil…
CVE-2026-45254 medium 6.5 6.5 freebsd freebsd 16d ago In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an…
CVE-2026-45252 medium 5.5 5.5 freebsd freebsd 16d ago When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE …
CVE-2026-42396 medium 6.5 6.5 FIX debian debian powerdns 16d ago Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
CVE-2026-41999 medium 4.8 4.8 FIX debian debian powerdns 16d ago Incorrect Behaviour of Views with TCP PROXY Requests
CVE-2026-7837 low 3.7 3.7 FIX slesdebian debian 16d ago A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited da…
CVE-2026-44075 low 3.7 3.7 FIX slesdebian debian 16d ago A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session op…
CVE-2026-44074 low 3.7 3.7 FIX slesdebian debian 16d ago Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker…
CVE-2026-44071 low 3.7 3.7 FIX slesdebian debian 16d ago Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of servic…
CVE-2026-44057 low 3.1 3.1 FIX slesdebian debian 16d ago A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen…
CVE-2026-27393 medium 5.3 5.3 16d ago Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.
CVE-2026-27349 medium 4.3 4.3 16d ago Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a t…
CVE-2026-22880 medium 6.1 6.1 16d ago Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Ma…
CVE-2026-7836 low 3.1 3.1 FIX slesdebian debian 16d ago An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification v…
CVE-2026-7835 low 3.1 3.1 FIX slesdebian debian 16d ago A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro…
CVE-2026-4055 medium 4.3 4.3 mattermost 16d ago Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in…
CVE-2026-44076 medium 6.7 6.7 FIX slesdebian debian 16d ago Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.
CVE-2026-44073 medium 5.0 5.0 FIX slesdebian debian 16d ago Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error condition…
CVE-2026-44072 low 3.0 3.0 FIX slesdebian debian 16d ago Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor …
CVE-2026-44070 low 3.1 3.1 FIX slesdebian debian 16d ago An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers…
CVE-2026-44069 low 3.9 3.9 FIX slesdebian debian 16d ago An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption vi…
CVE-2026-44067 medium 4.2 4.2 FIX slesdebian debian 16d ago A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via…
CVE-2026-44065 medium 4.2 4.2 FIX slesdebian debian 16d ago An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.
CVE-2026-44063 medium 4.2 4.2 FIX slesdebian debian 16d ago An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted fil…
CVE-2026-44061 medium 5.9 5.9 FIX slesdebian debian 16d ago Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.
CVE-2026-44059 medium 4.5 4.5 FIX slesdebian debian 16d ago A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.
CVE-2026-44056 medium 6.4 6.4 FIX slesdebian debian 16d ago A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.
CVE-2026-44054 medium 6.5 6.5 FIX slesdebian debian 16d ago Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m…
CVE-2026-2734 medium 6.5 6.5 lfprojects 16d ago In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati…
CVE-2026-1543 medium 6.4 6.4 16d ago The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitizatio…
CVE-2026-4811 medium 4.9 4.9 16d ago The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all version…
CVE-2026-1881 medium 4.3 4.3 16d ago The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta AJAX action due to missing validation on…