VIR Vulnerability Intelligence Relay

Search

Found 41,619 results in 2398ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-8414 high 8.8 8.8 concretecms 15d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 scor…
CVE-2026-8413 high 8.8 8.8 concretecms 15d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-8412 high 8.8 8.8 concretecms 15d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-8411 high 8.8 8.8 concretecms 15d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-8410 high 8.8 8.8 concretecms 15d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.…
CVE-2026-8409 high 8.8 8.8 concretecms 15d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-6960 critical 9.8 9.8 15d ago The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versio…
CVE-2026-46681 high 8.0 15d ago @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
CVE-2026-46680 high 8.0 15d ago containerd user ID handling bypass allows runAsNonRoot evasion
CVE-2026-46679 high 8.0 15d ago js-libp2p: Memory DoS via subscription flood of unique topics
CVE-2026-46625 high 8.0 15d ago JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
CVE-2026-8428 high 8.8 8.8 concretecms 15d ago Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashb…
CVE-2026-8426 high 8.8 8.8 concretecms 15d ago Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package ret…
CVE-2026-8421 high 8.8 8.8 concretecms 15d ago Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php.  An attacker who can cause an authenticate…
CVE-2026-8417 high 8.8 8.8 concretecms 15d ago Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() method in concrete/controllers/single_page/da…
CVE-2026-8350 high 8.8 8.8 concretecms 15d ago Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access …
CVE-2026-8135 high 7.2 7.2 concretecms 15d ago Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add …
CVE-2026-8134 high 7.2 7.2 concretecms 15d ago Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue a…
CVE-2026-47102 high 8.8 8.8 litellm 15d ago LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restri…
CVE-2026-47101 high 8.8 8.8 litellm 15d ago LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored with…
CVE-2026-46673 high 8.0 15d ago Unbounded 32-bit allocation
CVE-2026-46519 high 8.0 15d ago MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
CVE-2026-46654 high 8.0 15d ago Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
CVE-2026-46643 high 8.0 15d ago Snappy: Binary path is never shell-escaped due to an inverted is_executable check
CVE-2026-47114 high 8.8 8.8 15d ago IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the…
CVE-2026-46617 high 8.0 15d ago Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
CVE-2026-46614 critical 9.5 15d ago Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
CVE-2026-46612 high 8.0 15d ago Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
CVE-2026-46545 high 8.0 15d ago nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
CVE-2026-46517 high 8.0 15d ago lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
CVE-2026-46473 high 7.5 7.5 15d ago Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
CVE-2026-48242 high 8.1 8.1 15d ago Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code commi…
CVE-2026-48241 high 8.1 8.1 15d ago Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to th…
CVE-2026-48240 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements …
CVE-2026-48239 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents…
CVE-2026-48238 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-…
CVE-2026-48237 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE stat…
CVE-2026-48236 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into…
CVE-2026-48235 high 8.2 8.2 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki…
CVE-2026-48234 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT sta…
CVE-2026-48233 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without san…
CVE-2026-48232 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without…
CVE-2026-48231 high 7.1 7.1 15d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers i…
CVE-2026-46492 high 8.0 15d ago md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
CVE-2026-8596 high 7.2 7.2 aws 15d ago Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
CVE-2026-46432 high 8.0 15d ago LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
CVE-2026-48207 critical 9.8 9.8 apache 15d ago Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…
CVE-2026-46490 high 8.0 15d ago samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
CVE-2026-46481 high 8.0 15d ago OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
CVE-2026-9089 high 8.8 8.8 connectwise 15d ago The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
CVE-2026-39531 critical 9.3 9.3 15d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki…
CVE-2026-45208 high 7.8 7.8 trendmicro 15d ago A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abil…
CVE-2026-45207 high 7.8 7.8 trendmicro 15d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different…
CVE-2026-45206 high 7.8 7.8 trendmicro 15d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different…
CVE-2026-34930 high 7.8 7.8 trendmicro 15d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34929 high 7.8 7.8 trendmicro 15d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34928 high 7.8 7.8 trendmicro 15d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34927 high 7.8 7.8 trendmicro 15d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to …
CVE-2026-2740 high 8.4 8.4 15d ago Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mac…
CVE-2025-71217 high 7.8 7.8 trendmicro 15d ago An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please not…
CVE-2025-71216 high 7.8 7.8 trendmicro 15d ago A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an att…
CVE-2025-71215 high 7.0 7.0 trendmicro 15d ago A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. …
CVE-2025-71214 high 7.8 7.8 trendmicro 15d ago An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attack…
CVE-2025-71213 high 7.8 7.8 trendmicro 15d ago An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abili…
CVE-2025-71212 high 7.8 7.8 trendmicro 15d ago A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the…
CVE-2025-71211 critical 9.8 9.8 trendmicro 15d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in …
CVE-2025-71210 critical 9.8 9.8 trendmicro 15d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul…
CVE-2025-13479 high 7.5 7.5 15d ago Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: throug…
CVE-2025-13477 high 7.1 7.1 15d ago Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. Thi…
CVE-2026-5118 critical 9.8 9.8 15d ago The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from P…
CVE-2026-45760 high 8.1 8.1 15d ago (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can c…
CVE-2026-43502 high 7.8 7.8 FIX slesdebian debianwindows windows 15d ago In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but…
CVE-2026-43501 critical 9.8 9.8 FIX slesdebian debianwindows windows 15d ago In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header…
CVE-2026-43499 high 7.8 7.8 FIX slesdebian debianwindows windows google 15d ago In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also use…
CVE-2026-43498 high 7.8 7.8 FIX slesdebian debian 15d ago In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_hand…
CVE-2026-43497 high 7.3 7.3 FIX slesdebian debianwindows windows 15d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free dlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebu…
CVE-2026-43495 high 8.8 8.8 FIX slesdebian debianwindows windows 15d ago In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the m…
CVE-2026-43494 high 7.8 7.8 FIX slesdebian debianwindows windows 15d ago In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinne…
CVE-2026-45255 high 7.5 7.5 freebsd freebsd 16d ago When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us…
CVE-2026-45253 high 8.4 8.4 freebsd freebsd 16d ago ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code …
CVE-2026-45251 high 7.8 7.8 freebsd freebsd 16d ago A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, t…
CVE-2026-42002 high 7.5 7.5 FIX debian debian powerdns 16d ago Concurrency and locking defects in GSS-TSIG
CVE-2026-42001 high 7.5 7.5 FIX debian debian powerdns 16d ago Insufficient Validation of Autoprimary SOA Queries
CVE-2026-42000 high 8.6 8.6 FIX debian debian powerdns 16d ago Insufficient Validation of Names During AXFR
CVE-2026-39461 high 8.8 8.8 freebsd freebsd 16d ago libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript…
CVE-2026-28764 high 7.8 7.8 mediaarea 16d ago MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
CVE-2026-9157 high 8.4 8.4 16d ago Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.
CVE-2026-5434 high 7.5 7.5 16d ago Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-5433 critical 9.1 9.1 16d ago Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-4858 critical 9.9 9.9 mattermost 16d ago Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an…
CVE-2026-45250 high 7.8 7.8 freebsd freebsd 16d ago The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…
CVE-2026-44068 high 7.6 7.6 FIX slesdebian debian 16d ago Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via…
CVE-2026-44066 high 7.1 7.1 FIX slesdebian debian 16d ago Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor servic…
CVE-2026-44064 high 7.1 7.1 FIX slesdebian debian 16d ago An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.
CVE-2026-44062 high 7.5 7.5 FIX slesdebian debian 16d ago A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted …
CVE-2026-44060 high 7.5 7.5 FIX slesdebian debian 16d ago An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
CVE-2026-44058 high 7.2 7.2 FIX slesdebian debian 16d ago An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.
CVE-2026-44055 high 7.5 7.5 FIX slesdebian debian 16d ago A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
CVE-2026-44053 high 7.4 7.4 FIX slesdebian debian 16d ago Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic at…
CVE-2026-44052 high 7.5 7.5 FIX slesdebian debian 16d ago Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.