VIR Vulnerability Intelligence Relay

Search

Found 53,828 results in 2668ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-20240 medium 6.5 6.5 splunk 16d ago In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, …
CVE-2026-20239 medium 6.5 6.5 splunk 16d ago In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_…
CVE-2026-20238 medium 6.5 6.5 splunk 16d ago In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…
CVE-2026-9100 medium 5.9 5.9 FIX slesdebian debian 16d ago The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t…
CVE-2026-44924 medium 5.4 5.4 veritas 16d ago InfoScale VIOM 9.1.3 allows XSS.
CVE-2026-44923 medium 6.5 6.5 veritas 16d ago SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
CVE-2026-20223 critical 10.0 10.0 16d ago A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the S…
CVE-2026-20206 medium 6.3 6.3 16d ago A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the Browse…
CVE-2026-20199 medium 4.7 4.7 16d ago A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the roo…
CVE-2026-20171 medium 6.8 6.8 16d ago A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow a…
CVE-2026-9101 medium 4.3 4.3 16d ago Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execu…
CVE-2026-8598 critical 9.1 9.1 16d ago An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as op…
CVE-2026-4293 medium 5.3 5.3 16d ago The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the brow…
CVE-2023-7346 medium 4.0 4.0 16d ago Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…
CVE-2026-46421 critical 9.5 16d ago Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)
CVE-2026-46420 medium 5.5 16d ago Setup PHP: Command Injection in Repository-Derived PHP Version Resolution
CVE-2026-45792 medium 5.5 16d ago RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM
CVE-2026-21836 medium 6.5 6.5 16d ago The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability.  Under certain circumstances, document level access restrictions will be ignored when determining what data to retur…
CVE-2026-5950 medium 5.3 5.3 FIX debian debian sleswindows windows isc 16d ago An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sendin…
CVE-2026-5947 medium 5.9 5.9 FIX debian debian sleswindows windows isc 16d ago Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. …
CVE-2026-45443 medium 5.0 5.0 16d ago Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affect…
CVE-2026-3593 critical 9.8 9.8 FIX debian debian sleswindows windows isc 16d ago A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BI…
CVE-2026-3592 medium 5.3 5.3 FIX debian debian sleswindows windows isc 16d ago BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resou…
CVE-2026-27424 medium 4.3 4.3 16d ago Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery F…
CVE-2026-27405 medium 6.5 6.5 16d ago Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.
CVE-2026-24573 medium 6.5 6.5 16d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0.
CVE-2026-45498 medium 4.0 5.5 KEV windows windows microsoft 16d ago Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2025-31985 medium 6.5 6.5 hcltech 16d ago HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, p…
CVE-2025-31973 critical 9.8 9.8 hcltech 16d ago HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially i…
CVE-2026-25602 medium 4.4 4.4 16d ago Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This i…
CVE-2026-22314 critical 9.0 9.0 16d ago Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This…
CVE-2026-0857 medium 6.0 6.0 16d ago Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: thr…
CVE-2026-6728 medium 5.3 5.3 16d ago The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for una…
CVE-2026-44608 medium 5.9 5.9 FIX slesdebian debianwindows windows nlnetlabs 16d ago NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'…
CVE-2026-44390 medium 5.3 5.3 FIX slesdebian debianwindows windows nlnetlabs 16d ago NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses…
CVE-2026-42960 critical 10.0 10.0 FIX slesdebian debianwindows windows nlnetlabs 16d ago NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority sec…
CVE-2026-42923 medium 5.3 5.3 FIX slesdebian debianwindows windows nlnetlabs 16d ago NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit…
CVE-2026-42534 medium 5.3 5.3 FIX slesdebian debianwindows windows nlnetlabs 16d ago NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could ren…
CVE-2026-35070 medium 6.7 6.7 dell 16d ago Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w…
CVE-2026-33278 critical 9.8 9.8 FIX slesdebian debianwindows windows nlnetlabs 16d ago NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying …
CVE-2026-32792 medium 5.3 5.3 FIX slesdebian debianwindows windows nlnetlabs 16d ago NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbou…
CVE-2026-6405 medium 4.3 4.3 16d ago The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in versions up to and including 0.…
CVE-2026-46638 medium 5.5 FIX debian debian 16d ago Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
CVE-2026-46634 medium 5.5 FIX debian debian 16d ago Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
CVE-2026-46633 critical 9.5 FIX debian debian 16d ago Twig: PHP code injection via `{% use %}` template name
CVE-2026-45075 medium 5.5 FIX debian debian 16d ago Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
CVE-2026-45074 medium 5.5 FIX debian debian 16d ago Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
CVE-2026-45073 medium 5.5 FIX debian debian 16d ago Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
CVE-2026-45070 medium 5.5 FIX debian debian 16d ago Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
CVE-2026-45069 medium 5.5 FIX debian debian 16d ago Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
CVE-2026-45068 medium 5.5 FIX debian debian 16d ago Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
CVE-2026-45066 medium 5.5 FIX debian debian 16d ago Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
CVE-2026-45065 medium 5.5 FIX debian debian 16d ago Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
CVE-2026-45064 medium 5.5 FIX debian debian 16d ago Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
CVE-2026-24425 critical 9.9 9.9 FIX debian debian symfony 16d ago Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH…
CVE-2026-7385 medium 5.8 5.8 16d ago The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attack…
CVE-2026-6566 medium 4.3 4.3 16d ago The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insuffic…
CVE-2026-5776 medium 6.1 6.1 16d ago The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks
CVE-2026-44392 medium 4.3 4.3 16d ago Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be execute…
CVE-2026-2955 medium 6.4 6.4 16d ago The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insuffi…
CVE-2026-9056 medium 5.4 5.4 16d ago A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a differ…
CVE-2026-5075 medium 4.3 4.3 16d ago The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal o…
CVE-2026-7637 critical 9.8 9.8 16d ago The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This mak…
CVE-2026-24214 critical 9.8 9.8 nvidia 16d ago NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution,…
CVE-2026-24213 critical 9.8 9.8 nvidia 16d ago NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code executio…
CVE-2026-24207 critical 9.8 9.8 linux-kernel nvidia 16d ago NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of …
CVE-2026-24206 critical 9.8 9.8 linux-kernel nvidia 16d ago NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, deni…
CVE-2026-24163 critical 9.8 9.8 nvidia 16d ago NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execut…
CVE-2026-24142 critical 9.8 9.8 nvidia 16d ago NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and i…
CVE-2025-33255 critical 9.8 9.8 nvidia 16d ago NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code executio…
CVE-2025-15369 medium 5.3 5.3 16d ago The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor function in all versio…
CVE-2026-8685 medium 6.5 6.5 17d ago The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on…
CVE-2026-8627 medium 6.1 6.1 17d ago The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is due to the correct_prices_pa…
CVE-2026-8626 medium 6.1 6.1 17d ago The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output…
CVE-2026-8624 medium 6.1 6.1 17d ago The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input san…
CVE-2026-8610 medium 4.3 4.3 17d ago The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user…
CVE-2026-8424 medium 4.3 4.3 17d ago The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_a…
CVE-2026-8423 medium 4.3 4.3 17d ago The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on th…
CVE-2026-8420 medium 6.1 6.1 17d ago The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a func…
CVE-2026-8419 medium 4.3 4.3 17d ago The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This…
CVE-2026-8418 medium 4.3 4.3 17d ago The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() funct…
CVE-2026-8038 medium 6.4 6.4 17d ago The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 …
CVE-2026-7472 medium 4.9 4.9 17d ago The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_s…
CVE-2026-7462 medium 6.1 6.1 17d ago The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitiz…
CVE-2026-7284 critical 9.8 9.8 17d ago The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due …
CVE-2026-6555 critical 9.8 9.8 17d ago The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in…
CVE-2026-6549 medium 6.4 6.4 17d ago The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the `vc_enamad_namad`, `vc_enamad_shamed`, and `vc_enamad_custom` shortcodes…
CVE-2026-6452 medium 4.3 4.3 17d ago The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigf…
CVE-2026-6404 medium 4.4 4.4 17d ago The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is du…
CVE-2026-6401 medium 4.3 4.3 17d ago The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update fo…
CVE-2026-6400 medium 4.3 4.3 17d ago The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the opti…
CVE-2026-6399 medium 4.4 4.4 17d ago The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitize_text_field() for output escaping in the…
CVE-2026-6397 medium 6.4 6.4 17d ago The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cvmh-sticky` shortcode `readmoretext` attribute in versions up to and including 2.5.6. This is due to insufficien…
CVE-2026-6395 medium 6.1 6.1 17d ago The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of n…
CVE-2026-6394 medium 5.4 5.4 17d ago The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to and including 1.1.1. This is due…
CVE-2026-6391 medium 6.1 6.1 17d ago The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect no…
CVE-2026-6072 medium 6.5 6.5 17d ago The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin prote…
CVE-2026-5293 medium 6.4 6.4 17d ago The 診断ジェネレータ作成プラグイン (Diagnosis Generator) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing autho…
CVE-2026-43620 medium 5.5 5.5 FIX slesdebian debianwindows windows samba 17d ago Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta…
CVE-2026-43619 medium 6.3 6.3 FIX slesdebian debianwindows windows samba 17d ago Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat …