VIR Vulnerability Intelligence Relay

Search

Found 17,395 results in 751ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-4320 critical 10.0 10.0 4mo ago Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass…
CVE-2025-4319 critical 9.4 9.4 4mo ago Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute…
CVE-2026-24515 low 2.9 2.9 FIX debian debian sles libexpat_project 4mo ago In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVE-2026-22411 low 3.8 3.8 4mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: fro…
CVE-2026-22409 low 3.8 3.8 4mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: …
CVE-2026-22407 low 3.8 3.8 4mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a thr…
CVE-2026-22406 low 3.8 3.8 4mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: fro…
CVE-2026-22404 low 3.8 3.8 4mo ago Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: fro…
CVE-2025-49055 critical 9.3 9.3 4mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affect…
CVE-2026-21947 low 3.1 3.1 FIX slesdebian debian oracle 5mo ago Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with netwo…
CVE-2026-1202 critical 9.8 9.8 crmeb 5mo ago A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the…
CVE-2026-1197 low 3.1 3.1 mineadmin 5mo ago A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in…
CVE-2026-1179 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid …
CVE-2026-1178 critical 9.8 9.8 yonyou 5mo ago A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipu…
CVE-2026-1177 critical 9.8 9.8 yonyou 5mo ago A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler. Executing a…
CVE-2026-1176 critical 9.8 9.8 itsourcecode 5mo ago A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results …
CVE-2026-1161 low 3.5 3.5 5mo ago A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. Th…
CVE-2026-1160 critical 9.8 9.8 phpgurukul 5mo ago A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argum…
CVE-2026-1159 critical 9.8 9.8 adonesevangelista 5mo ago A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argum…
CVE-2026-1152 critical 9.8 9.8 technical-laohu 5mo ago A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument c…
CVE-2026-1136 low 3.5 3.5 5mo ago A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This…
CVE-2026-1133 critical 9.8 9.8 yonyou 5mo ago A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the…
CVE-2026-1132 critical 9.8 9.8 yonyou 5mo ago A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of th…
CVE-2026-1131 critical 9.8 9.8 yonyou 5mo ago A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument cat…
CVE-2026-1130 critical 9.8 9.8 yonyou 5mo ago A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the arg…
CVE-2026-1129 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argum…
CVE-2026-1125 critical 9.8 9.8 5mo ago A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enabl…
CVE-2026-1124 critical 9.8 9.8 yonyou 5mo ago A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. …
CVE-2026-1123 critical 9.8 9.8 yonyou 5mo ago A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument I…
CVE-2026-1122 critical 9.8 9.8 yonyou 5mo ago A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument…
CVE-2026-1121 critical 9.8 9.8 yonyou 5mo ago A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID…
CVE-2026-1120 critical 9.8 9.8 yonyou 5mo ago A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the…
CVE-2026-1119 critical 9.8 9.8 angeljudesuarez 5mo ago A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activ…
CVE-2026-1118 critical 9.8 9.8 angeljudesuarez 5mo ago A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title result…
CVE-2025-15535 low 3.3 3.3 5mo ago A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The at…
CVE-2026-1107 critical 9.8 9.8 eyoucms 5mo ago A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argu…
CVE-2026-1105 critical 9.8 9.8 easycms 5mo ago A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The at…
CVE-2026-1062 critical 9.8 9.8 xiweicheng 5mo ago A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes serv…
CVE-2026-1061 critical 9.8 9.8 xiweicheng 5mo ago A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation o…
CVE-2026-1059 critical 9.8 9.8 feminer 5mo ago A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The …
CVE-2025-62582 critical 9.8 9.8 deltaww 5mo ago Delta Electronics DIAView has multiple vulnerabilities.
CVE-2025-62581 critical 9.8 9.8 deltaww 5mo ago Delta Electronics DIAView has multiple vulnerabilities.
CVE-2026-0852 critical 9.8 9.8 fabian 5mo ago A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the arg…
CVE-2026-0851 critical 9.8 9.8 fabian 5mo ago A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument tx…
CVE-2025-15506 low 3.3 3.3 debian debian 5mo ago AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability
CVE-2025-15505 low 2.4 2.4 5mo ago A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wirel…
CVE-2026-0824 low 3.5 3.5 5mo ago QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting
CVE-2026-0821 critical 9.8 9.8 debian debian quickjs-ng 5mo ago A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-…
CVE-2025-15503 critical 9.8 9.8 sangfor 5mo ago A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. …
CVE-2025-15502 critical 9.8 9.8 sangfor 5mo ago A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session.…
CVE-2026-22597 low 2.7 2.7 ghost 5mo ago Ghost has SSRF via External Media Inliner
CVE-2025-15496 critical 9.8 9.8 guchengwuyue 5mo ago A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack m…
CVE-2025-15493 critical 9.8 9.8 docsys_project 5mo ago A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument…
CVE-2026-0732 critical 9.8 9.8 5mo ago A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The atta…
CVE-2026-0700 critical 9.8 9.8 carmelo 5mo ago A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the arg…
CVE-2026-22189 critical 9.8 9.8 cmu 5mo ago The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. W…
CVE-2025-47552 critical 9.8 9.8 5mo ago Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
CVE-2025-32303 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2026-0643 critical 9.8 9.8 projectworlds 5mo ago A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of th…
CVE-2025-30996 critical 9.9 9.9 5mo ago Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify…
CVE-2025-39477 critical 9.8 9.8 5mo ago Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
CVE-2026-0607 critical 9.8 9.8 fabian 5mo ago A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to s…
CVE-2026-0606 critical 9.8 9.8 fabian 5mo ago A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument I…
CVE-2026-0605 critical 9.8 9.8 fabian 5mo ago A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument…
CVE-2025-39484 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7.
CVE-2026-0597 critical 9.8 9.8 campcodes 5mo ago A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRe…
CVE-2026-0592 critical 9.8 9.8 fabian 5mo ago A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component U…
CVE-2026-0591 critical 9.8 9.8 fabian 5mo ago A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Ha…
CVE-2026-0590 critical 9.8 9.8 fabian 5mo ago A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter…
CVE-2025-68865 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global:…
CVE-2025-31048 critical 9.9 9.9 5mo ago Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4.
CVE-2025-30633 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Nat…
CVE-2026-0585 critical 9.8 9.8 fabian 5mo ago A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. …
CVE-2026-0584 critical 9.8 9.8 fabian 5mo ago A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argu…
CVE-2026-0583 critical 9.8 9.8 fabian 5mo ago A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The man…
CVE-2026-0582 critical 9.8 9.8 angeljudesuarez 5mo ago A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to …
CVE-2026-0581 critical 9.8 9.8 5mo ago A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipula…
CVE-2025-15458 critical 9.8 9.8 1234n 5mo ago A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to…
CVE-2025-15457 critical 9.8 9.8 1234n 5mo ago A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a man…
CVE-2025-15454 low 3.1 3.1 5mo ago A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The ma…
CVE-2026-0579 critical 9.8 9.8 fabian 5mo ago A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. …
CVE-2026-0578 critical 9.8 9.8 fabian 5mo ago A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manip…
CVE-2026-0577 critical 9.8 9.8 fabian 5mo ago A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing a ma…
CVE-2026-0576 critical 9.8 9.8 fabian 5mo ago A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler.…
CVE-2026-0575 critical 9.8 9.8 fabian 5mo ago A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the compone…
CVE-2026-0570 critical 9.8 9.8 fabian 5mo ago A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql i…
CVE-2026-0569 critical 9.8 9.8 fabian 5mo ago A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql in…
CVE-2026-0568 critical 9.8 9.8 fabian 5mo ago A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injectio…
CVE-2026-0567 critical 9.8 9.8 code-projects 5mo ago A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql inj…
CVE-2026-0566 critical 9.8 9.8 code-projects 5mo ago A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image le…
CVE-2026-0565 critical 9.8 9.8 code-projects 5mo ago A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del c…
CVE-2026-0546 critical 9.8 9.8 code-projects 5mo ago A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. T…
CVE-2025-15436 critical 9.8 9.8 yonyou 5mo ago A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql inj…
CVE-2025-15435 critical 9.8 9.8 yonyou 5mo ago A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql inject…
CVE-2025-15434 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to lau…
CVE-2025-15425 critical 9.8 9.8 yonyou 5mo ago A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulatio…
CVE-2025-15424 critical 9.8 9.8 yonyou 5mo ago A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulat…
CVE-2025-15421 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the…
CVE-2025-15420 critical 9.8 9.8 yonyou 5mo ago A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. T…
CVE-2025-15410 critical 9.8 9.8 anisha 5mo ago A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to…