VIR Vulnerability Intelligence Relay

Search

Found 25,264 results in 884ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-24051 unknown FIX debian debian google 4mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The re…
CVE-2026-1770 unknown 4mo ago Crafter CMS has Improper Control of Dynamically-Managed Code Resources
CVE-2026-1703 unknown FIX slesdebian debian 4mo ago When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation dir…
CVE-2024-5986 unknown 4mo ago H2O has an External Control of File Name or Path vulnerability
CVE-2026-1518 unknown 4mo ago Keycloak Server-Side Request Forgery (SSRF) vulnerability
CVE-2025-13881 unknown 4mo ago Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes
CVE-2026-1743 low 3.1 3.1 4mo ago A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The mani…
CVE-2026-23038 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versi…
CVE-2026-23037 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of …
CVE-2026-23033 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dm…
CVE-2026-23032 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, t…
CVE-2026-23031 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, a…
CVE-2026-23030 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_…
CVE-2026-1705 low 2.4 2.4 4mo ago A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argu…
CVE-2025-69662 unknown FIX debian debian 4mo ago geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure
CVE-2024-4027 unknown debian debian 4mo ago Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
CVE-2026-1588 low 2.7 2.7 jishenghua 4mo ago A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.o…
CVE-2026-1281 unknown 2.5 KEVEXP 4mo ago Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
CVE-2026-24739 unknown FIX debian debian 4mo ago Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not cor…
CVE-2025-61730 unknown FIX debian debian sles 4mo ago During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages …
CVE-2025-68119 unknown FIX debian debian sles google 4mo ago Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom d…
CVE-2026-1520 low 2.4 2.4 4mo ago A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting…
CVE-2026-24765 unknown FIX debian debian 4mo ago PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in…
CVE-2026-24747 unknown FIX debian debian 4mo ago PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`…
CVE-2026-24819 unknown 4mo ago weixin4j has Improperly Controlled Sequential Memory Allocation
CVE-2026-24802 unknown 4mo ago jsonrpc4j has Infinite Loop in RPC Stream Writer
CVE-2026-24806 unknown 4mo ago Quick-Media Batik Codec FIX package has Code Injection vulnerability
CVE-2026-24686 unknown FIX debian debian sles 4mo ago go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the lo…
CVE-2026-24486 unknown 1.0 EXPFIX slesdebian debian 4mo ago Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_…
CVE-2026-1444 low 2.4 2.4 4mo ago A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such m…
CVE-2026-24400 unknown debian debian sles 4mo ago AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
CVE-2026-1190 unknown 4mo ago Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
CVE-2025-14969 unknown 4mo ago Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion
CVE-2026-24656 unknown 4mo ago Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
CVE-2016-15057 unknown 1.0 EXP 4mo ago Apache Continuum vulnerable to Command Injection through Installations REST API
CVE-2025-27821 unknown 4mo ago Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability
CVE-2026-1417 low 3.3 3.3 debian debian gpac 4mo ago A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference.…
CVE-2026-1416 low 3.3 3.3 debian debian gpac 4mo ago A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null poin…
CVE-2026-1415 low 3.3 3.3 debian debian gpac 4mo ago A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to…
CVE-2026-24061 unknown 2.5 KEVEXPFIX debian debian 4mo ago GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
CVE-2026-23760 unknown 1.5 KEV 4mo ago SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and…
CVE-2026-21509 unknown 1.5 KEV 4mo ago Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a sec…
CVE-2025-52691 unknown 2.5 KEVEXP 4mo ago SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail s…
CVE-2018-14634 unknown 2.5 KEVEXPFIX slesdebian debian 4mo ago Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escala…
CVE-2026-1406 low 3.5 3.5 4mo ago A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of…
CVE-2025-66719 unknown 4mo ago Free5gc NRF is vulnerable to scope validation bypass via maliciously crafted targetNF value
CVE-2026-24128 unknown 4mo ago XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
CVE-2026-0603 unknown 4mo ago Hibernate vulnerable to SQL Injection
CVE-2026-24515 low 2.9 2.9 FIX debian debian sles libexpat_project 4mo ago In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVE-2026-0775 unknown slesdebian debian 4mo ago npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker mu…
CVE-2024-37079 unknown 1.5 KEV 5mo ago Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to …
CVE-2025-22234 unknown 5mo ago Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
CVE-2026-24137 unknown FIX debian debian sles 5mo ago sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. I…
CVE-2026-23954 unknown FIX debian debian 5mo ago Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use d…
CVE-2026-23953 unknown FIX debian debian 5mo ago Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ grou…
CVE-2026-24117 unknown FIX slesdebian debian 5mo ago Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public k…
CVE-2026-23831 unknown FIX slesdebian debian 5mo ago Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec…
CVE-2026-22411 low 3.8 3.8 5mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: fro…
CVE-2026-22409 low 3.8 3.8 5mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: …
CVE-2026-22407 low 3.8 3.8 5mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a thr…
CVE-2026-22406 low 3.8 3.8 5mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: fro…
CVE-2026-22404 low 3.8 3.8 5mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: fro…
CVE-2026-1225 unknown slesdebian debian 5mo ago Logback allows an attacker to instantiate classes already present on the class path
CVE-2025-68645 unknown 1.5 KEV 5mo ago Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal reque…
CVE-2025-34026 unknown 1.5 KEV 5mo ago Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The…
CVE-2026-23992 unknown FIX debian debian sles 5mo ago go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signa…
CVE-2026-23991 unknown FIX debian debian sles 5mo ago go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (val…
CVE-2026-22444 unknown FIX debian debian 5mo ago Apache Solr: Insufficient file-access checking in standalone core-creation requests
CVE-2026-22022 unknown FIX debian debian 5mo ago Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
CVE-2025-14083 unknown 5mo ago Keycloak Admin REST API exposes backend schema and rules
CVE-2025-14559 unknown 5mo ago Keycloak services allows the issuance of access and refresh tokens for disabled users
CVE-2026-1035 unknown 5mo ago Keycloak does not validate and update refresh token usage atomically
CVE-2026-23952 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting La…
CVE-2026-23874 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Languag…
CVE-2026-20045 unknown 1.5 KEV 5mo ago Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unifie…
CVE-2026-21947 low 3.1 3.1 FIX slesdebian debian oracle 5mo ago Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with netwo…
CVE-2025-65482 unknown 5mo ago XDocReport affected by an XML External Entity (XXE) vulnerability
CVE-2025-64087 unknown 5mo ago XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability
CVE-2026-22770 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in …
CVE-2026-1180 unknown 5mo ago Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)
CVE-2026-1197 low 3.1 3.1 mineadmin 5mo ago A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in…
CVE-2026-1161 low 3.5 3.5 5mo ago A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. Th…
CVE-2025-59355 unknown 5mo ago Apache Linkis: Password Exposure
CVE-2025-29847 unknown 5mo ago Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
CVE-2026-1136 low 3.5 3.5 5mo ago A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This…
CVE-2025-15535 low 3.3 3.3 5mo ago A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The at…
CVE-2026-26216 unknown 5mo ago Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
CVE-2026-26217 unknown 5mo ago Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
CVE-2026-23528 unknown debian debian 5mo ago Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which wi…
CVE-2025-15104 unknown debian debian 5mo ago Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services.…
CVE-2025-68675 unknown 5mo ago Apache Airflow proxy credentials for various providers might leak in task logs
CVE-2025-68438 unknown 5mo ago Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated
CVE-2026-1002 unknown 5mo ago Vert.x Web static handler component cache can be manipulated to deny the access to static files
CVE-2026-0976 unknown 5mo ago Keycloak has an improper input validation vulnerability
CVE-2025-69725 unknown FIX debian debian sles 5mo ago An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.
CVE-2026-22036 unknown FIX slesdebian debian 5mo ago Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert tho…
CVE-2025-71140 unknown FIX slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and de…
CVE-2025-66169 unknown 5mo ago Apache Camel camel-neo4j component is vulnerable to cypher injection
CVE-2026-22772 unknown FIX debian debian sles 5mo ago Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers …
CVE-2026-22702 unknown FIX slesdebian debian 5mo ago virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform sym…