VIR Vulnerability Intelligence Relay

Search

Found 20,922 results in 746ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-43793 unknown 9mo ago Liferay Portal has Improper Validation of Specified Quantity in Input
CVE-2025-43792 unknown 9mo ago Liferay Portal has External Control of System or Configuration Settings
CVE-2025-43791 unknown 9mo ago Liferay Portal vulnerable to Cross-site Scripting
CVE-2025-43794 unknown 9mo ago Liferay Portal has stored cross-site scripting (XSS) vulnerability
CVE-2025-43796 unknown 9mo ago Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack
CVE-2025-43795 unknown 9mo ago Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect
CVE-2025-43787 unknown 9mo ago Liferay Portal's selection modal is vulnerable to XSS
CVE-2025-43789 unknown 9mo ago Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution
CVE-2025-43788 unknown 9mo ago Liferay Portal's Organization Selector exposes organization data to remote authenticated users
CVE-2025-43790 unknown 9mo ago Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass
CVE-2025-43782 unknown 9mo ago Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name
CVE-2025-48041 unknown FIX debian debian sles 9mo ago Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/…
CVE-2025-48040 unknown FIX debian debian sles 9mo ago Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.e…
CVE-2025-48039 unknown FIX debian debian sles 9mo ago Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with prog…
CVE-2025-48038 unknown FIX debian debian sles 9mo ago Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with prog…
CVE-2025-5086 unknown 1.5 KEV 9mo ago Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution.
CVE-2025-43784 unknown 9mo ago Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data
CVE-2025-43783 unknown 9mo ago Liferay Portal is vulnerable to Reflected XSS attack through get_editor path
CVE-2025-10155 unknown 9mo ago Picklescan Bypass is Possible via File Extension Mismatch
CVE-2025-10156 unknown 9mo ago Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
CVE-2025-43785 unknown 9mo ago Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
CVE-2025-10157 unknown 9mo ago Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
CVE-2025-43786 unknown 9mo ago Liferay Portal exposes ERC which can lead to exploit the time response attack
CVE-2025-43781 unknown 9mo ago Liferay Portal is vulnerable to XSS attack through its search bar portlet
CVE-2025-43775 unknown 9mo ago Liferay Portal is vulnerable to XSS attacks via its remote app title field
CVE-2025-58757 unknown 9mo ago Monai: Unsafe use of Pickle deserialization may lead to RCE
CVE-2025-58756 unknown 9mo ago MONAI: Unsafe torch usage may lead to arbitrary code execution
CVE-2025-58755 unknown 9mo ago MONAI does not prevent path traversal, potentially leading to arbitrary file writes
CVE-2024-43115 unknown 9mo ago Apache DolphinScheduler vulnerable to Alert Script Attack
CVE-2025-43776 unknown 9mo ago Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting
CVE-2025-43778 unknown 9mo ago Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin
CVE-2025-43777 unknown 9mo ago Liferay Portal exposes 500 status when attempting login with a deleted client secret
CVE-2025-43774 unknown 9mo ago Liferay Portal is vulnerable to XSS attack through its Style Book theme
CVE-2025-43763 unknown 9mo ago Liferay Portal is vulnerable to SSRF through custom object attachment fields
CVE-2025-58365 unknown 9mo ago XWiki Blog Application: Privilege Escalation (PR) from account through blog content
CVE-2025-57833 unknown FIX slesdebian debian 9mo ago Django is subject to SQL injection through its column aliases
CVE-2025-58782 unknown debian debian 9mo ago Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data
CVE-2025-58369 unknown 9mo ago FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side
CVE-2025-57807 unknown FIX debian debian sles 9mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing …
CVE-2025-58056 unknown FIX debian debian 9mo ago Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
CVE-2025-9467 unknown 9mo ago Vaadin Framework possible file bypass via upload validation on the server-side
CVE-2025-43772 unknown 9mo ago Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin
CVE-2025-53690 unknown 1.5 KEV 9mo ago Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine …
CVE-2025-48543 unknown 1.5 KEV 9mo ago Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
CVE-2025-58057 unknown FIX slesdebian debian 9mo ago Netty's decoders vulnerable to DoS via zip bomb style attack
CVE-2025-55748 unknown 9mo ago XWiki configuration files can be accessed through jsx and sx endpoints
CVE-2025-58460 unknown 9mo ago Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials
CVE-2025-58459 unknown 9mo ago Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated
CVE-2025-58458 unknown 9mo ago Jenkins Git client Plugin file system information disclosure vulnerability
CVE-2024-43166 unknown 9mo ago Apache DolphinScheduler Incorrect Default Permissions Vulnerability
CVE-2025-9377 unknown 1.5 KEV 9mo ago TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-servi…
CVE-2023-50224 unknown 1.5 KEV 9mo ago TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The imp…
CVE-2025-9784 unknown FIX debian debian 9mo ago Undertow MadeYouReset HTTP/2 DDoS Vulnerability
CVE-2025-46047 unknown 9mo ago Silverpeas Core Username Enumeration Vulnerability
CVE-2025-55177 unknown 1.5 KEV 9mo ago Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated use…
CVE-2020-24363 unknown 2.5 KEVEXP 9mo ago TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST …
CVE-2025-43773 unknown 9mo ago Liferay Portal allows improper access through the expandoTableLocalService
CVE-2025-55202 unknown 9mo ago Opencast has a partial path traversal vulnerability in UI config
CVE-2025-57819 unknown 2.5 KEVEXP 9mo ago Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database…
CVE-2025-58059 unknown 9mo ago Valtimo scripting engine can be used to gain access to sensitive data or resources
CVE-2025-58049 unknown 9mo ago XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
CVE-2025-57803 unknown FIX debian debian sles 9mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the…
CVE-2025-55298 unknown FIX debian debian sles 9mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in Interpr…
CVE-2025-55212 unknown FIX debian debian sles 9mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to mont…
CVE-2025-7775 unknown 1.5 KEV 10mo ago Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
CVE-2025-55160 unknown FIX debian debian sles 10mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay t…
CVE-2025-55154 unknown FIX debian debian sles 10mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/p…
CVE-2025-55004 unknown FIX debian debian sles 10mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of …
CVE-2025-68469 unknown FIX debian debian sles 10mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fix…
CVE-2025-53019 unknown FIX debian debian sles 10mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multipl…
CVE-2025-53014 unknown FIX debian debian sles 10mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` func…
CVE-2025-53101 unknown FIX debian debian sles 10mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multip…
CVE-2025-26467 unknown 10mo ago Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
CVE-2024-8069 unknown 1.5 KEV 10mo ago Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an au…
CVE-2024-8068 unknown 1.5 KEV 10mo ago Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user …
CVE-2025-43766 unknown 10mo ago Liferay Portal allows unrestricted upload of file in the style books component
CVE-2025-43765 unknown 10mo ago Liferay Portal stored cross-site scripting in text field of the web content structure
CVE-2025-43767 unknown 10mo ago Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect
CVE-2025-43770 unknown 10mo ago Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter
CVE-2025-43769 unknown 10mo ago Liferay Portal vulnerable to Stored XSS in Components portlet
CVE-2025-43768 unknown 10mo ago Liferay Portal JSONWS API endpoint shares sensitive information
CVE-2025-43762 unknown 10mo ago Liferay Portal users can upload an unlimited amount of files
CVE-2025-43761 unknown 10mo ago Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint
CVE-2025-43759 unknown 10mo ago Liferay Portal users are able to add system admin portlets to pages
CVE-2025-43758 unknown 10mo ago Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry
CVE-2025-43760 unknown 10mo ago Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect
CVE-2025-43751 unknown 10mo ago Liferay Portal User Enumeration Vulnerability via the Create Account Page
CVE-2025-51825 unknown 10mo ago JeecgBoot SQL Injection Vulnerability
CVE-2025-9340 unknown 10mo ago Bouncy Castle for Java has Out-of-Bounds Write Vulnerability
CVE-2025-9341 unknown 10mo ago Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability
CVE-2025-43752 unknown 10mo ago Liferay Portal's Unlimited File Upload Could Result in DoS
CVE-2025-43753 unknown 10mo ago Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container
CVE-2025-51606 unknown 10mo ago hippo4j Includes Hard Coded Secret Key in JWT Creation
CVE-2025-43754 unknown 10mo ago Liferay Portal Username Enumeration Vulnerability
CVE-2025-43756 unknown 10mo ago Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter
CVE-2025-43755 unknown 10mo ago Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter
CVE-2025-55743 unknown 10mo ago UnoPim vulnerable to remote code execution through Arbitrary File upload
CVE-2025-43300 unknown 1.5 KEV 10mo ago Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
CVE-2025-54988 unknown FIX debian debian 10mo ago Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
CVE-2025-43757 unknown 10mo ago Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter