VIR Vulnerability Intelligence Relay

Search

Found 33,863 results in 1544ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-31685 critical 9.4 9.4 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source…
CVE-2026-31682 critical 9.1 9.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and as…
CVE-2026-6951 critical 9.8 9.8 simple-git_project 1mo ago simple-git is vulnerable to Remote Code Execution
CVE-2026-41478 critical 9.9 9.9 saltcorn 1mo ago Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
CVE-2026-41473 critical 9.1 9.1 cyberpanel 1mo ago CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the da…
CVE-2026-41248 critical 9.1 9.1 1mo ago Official Clerk JavaScript SDKs: Middleware-based route protection bypass
CVE-2026-41475 critical 9.1 9.1 bacnetstack 1mo ago BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows …
CVE-2026-41428 critical 9.1 9.1 budibase 1mo ago Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
CVE-2026-41492 critical 9.8 9.8 dgraph 1mo ago Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars
CVE-2026-41415 critical 9.1 9.1 debian debian teluu 1mo ago PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod…
CVE-2026-41328 critical 9.1 9.1 dgraph 1mo ago Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field
CVE-2026-41327 critical 9.1 9.1 dgraph 1mo ago Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field
CVE-2026-42044 critical 9.1 9.1 FIX debian debian axios 1mo ago Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
CVE-2026-42043 critical 10.0 10.0 FIX debian debian sles axios 1mo ago Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
CVE-2026-41898 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callbac…
CVE-2026-41681 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller th…
CVE-2026-41678 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but t…
CVE-2026-41677 critical 9.1 9.1 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pa…
CVE-2026-41676 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out len…
CVE-2026-41305 unknown FIX debian debian 1mo ago PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when s…
CVE-2026-31669 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU…
CVE-2026-31668 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, s…
CVE-2026-31659 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a g…
CVE-2026-31657 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gate…
CVE-2026-31649 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementation unconditionally computes len = no…
CVE-2026-31637 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the …
CVE-2026-31636 critical 9.1 9.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and t…
CVE-2026-31633 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to roun…
CVE-2026-31609 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_fr…
CVE-2026-31608 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already…
CVE-2026-31589 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or …
CVE-2026-31536 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have reque…
CVE-2026-21515 critical 9.9 9.9 microsoft 1mo ago Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.
CVE-2026-1951 critical 9.8 9.8 1mo ago Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.
CVE-2026-1950 critical 9.8 9.8 1mo ago Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.
CVE-2026-1949 critical 9.8 9.8 1mo ago Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
CVE-2026-40630 critical 9.8 9.8 1mo ago A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network acc…
CVE-2026-40620 critical 9.8 9.8 1mo ago A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config appli…
CVE-2026-35503 critical 9.8 9.8 1mo ago A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rath…
CVE-2026-27843 critical 9.1 9.1 1mo ago A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By apply…
CVE-2025-29635 unknown 1.5 KEV 1mo ago D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via …
CVE-2024-7399 unknown 2.5 KEVEXP 1mo ago Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
CVE-2024-57728 unknown 1.5 KEV 1mo ago SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited…
CVE-2024-57726 unknown 1.5 KEV 1mo ago SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges …
CVE-2026-41274 critical 9.8 9.8 flowiseai 1mo ago Flowise: Cypher Injection in GraphCypherQAChain
CVE-2026-35431 critical 10.0 10.0 microsoft 1mo ago Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33819 critical 10.0 10.0 microsoft 1mo ago Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVE-2026-33102 critical 9.3 9.3 microsoft 1mo ago Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32210 critical 9.3 9.3 microsoft 1mo ago Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26210 critical 9.8 9.8 kvcache-ai 1mo ago KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authe…
CVE-2026-24303 critical 9.6 9.6 microsoft 1mo ago Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-39973 unknown FIX debian debian 1mo ago Apktool: Path Traversal to Arbitrary File Write
CVE-2026-25874 critical 9.8 9.8 huggingface 1mo ago LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels wit…
CVE-2026-6074 critical 9.8 9.8 1mo ago Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can …
CVE-2026-41247 critical 9.8 9.8 std42 1mo ago elFinder: Command injection in resize background color parameter when using ImageMagick CLI
CVE-2026-6920 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-6919 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-31533 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by c…
CVE-2026-39087 critical 9.8 9.8 1mo ago ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function
CVE-2025-62373 critical 9.8 9.8 pipecat 1mo ago Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer
CVE-2026-41460 critical 9.8 9.8 socialengine 1mo ago SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized befo…
CVE-2026-6887 critical 9.8 9.8 1mo ago Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, mod…
CVE-2026-6886 critical 9.8 9.8 1mo ago Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
CVE-2026-6885 critical 9.8 9.8 1mo ago Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell back…
CVE-2026-3960 critical 9.8 9.8 h2o 1mo ago H2O-3 is Vulnerable to Code Injection
CVE-2026-41211 critical 10.0 10.0 voidzero 1mo ago Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME
CVE-2026-41196 critical 10.0 10.0 FIX debian debian minetest 1mo ago Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to…
CVE-2026-5935 critical 9.8 9.8 ibm 1mo ago IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due …
CVE-2026-41179 critical 9.8 9.8 debian debian rclone 1mo ago RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
CVE-2026-29198 critical 9.8 9.8 rocket.chat 1mo ago In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OA…
CVE-2026-42087 critical 9.6 9.6 openc3 1mo ago OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database
CVE-2026-41167 critical 9.1 9.1 1mo ago Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields direct…
CVE-2026-41239 unknown FIX debian debian 2mo ago DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrust…
CVE-2026-41238 unknown FIX debian debian 2mo ago DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMP…
CVE-2026-32885 critical 9.1 9.1 ddev 2mo ago DDEV has ZipSlip path traversal in tar and zip archive extraction
CVE-2018-25272 critical 9.8 9.8 2mo ago ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to …
CVE-2026-41176 critical 9.5 debian debian 2mo ago Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
CVE-2026-41166 unknown 2mo ago OpenRemote has Improper Access Control via updateUserRealmRoles function
CVE-2026-6356 critical 9.6 9.6 augmentt 2mo ago A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitiv…
CVE-2026-31501 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_psdata() returns a pointer into the CPPI …
CVE-2026-31478 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add supp…
CVE-2026-31463 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access…
CVE-2026-31448 critical 9.4 9.4 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if in…
CVE-2026-31444 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequen…
CVE-2026-31436 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal c…
CVE-2026-6023 critical 9.8 9.8 progress 2mo ago In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the c…
CVE-2026-41144 critical 9.8 9.8 nasa 2mo ago F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize …
CVE-2026-40575 critical 9.1 9.1 oauth2_proxy_project 2mo ago OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing
CVE-2026-5845 critical 9.6 9.6 github 2mo ago An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the int…
CVE-2026-40942 unknown 2mo ago Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache
CVE-2026-40939 unknown 2mo ago Data Sharing Framework is Missing Session Timeout for OIDC Sessions
CVE-2026-40910 critical 9.1 9.1 fatedier 2mo ago frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control
CVE-2026-33519 critical 9.8 9.8 linux-kernel esrikubernetes 2mo ago An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentia…
CVE-2026-41066 unknown FIX slesdebian debian 2mo ago lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
CVE-2026-40903 critical 9.1 9.1 goshs 2mo ago goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the…
CVE-2026-40372 critical 9.1 9.1 microsoft 2mo ago Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-39386 unknown 2mo ago Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server
CVE-2026-5652 critical 9.0 9.0 craftycontrol 2mo ago An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permiss…
CVE-2026-32613 unknown 2mo ago Spinnaker: RCE via expression parsing due to unrestricted context handling
CVE-2026-32604 unknown 2mo ago Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths