VIR Vulnerability Intelligence Relay

Search

Found 41,180 results in 1879ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45306 medium 6.5 6.5 24d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect…
CVE-2026-8586 medium 5.5 5.5 FIX debian debianwindows windows google 24d ago Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
CVE-2026-8584 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 24d ago Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…
CVE-2026-8583 medium 5.3 5.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa…
CVE-2026-8582 medium 5.3 5.3 FIX debian debianwindows windows google 24d ago Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se…
CVE-2026-8576 medium 4.3 4.3 FIX debian debian linux-kernelwindows windows google 24d ago Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security sev…
CVE-2026-8570 medium 6.5 6.5 FIX debian debianwindows windows google 24d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev…
CVE-2026-8567 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …
CVE-2026-8566 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec…
CVE-2026-8565 medium 4.7 4.7 FIX debian debianmacos macoswindows windows google 24d ago Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafte…
CVE-2026-8564 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 24d ago Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: M…
CVE-2026-8563 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium se…
CVE-2026-8562 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 24d ago Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
CVE-2026-8561 medium 5.4 5.4 FIX debian debianmacos macos linux-kernel google 24d ago Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8560 medium 4.3 4.3 FIX debian debianmacos macoswindows windows google 24d ago Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium securi…
CVE-2026-8559 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secu…
CVE-2026-8552 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity…
CVE-2026-8550 medium 6.5 6.5 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo…
CVE-2026-8546 medium 5.3 5.3 FIX debian debianmacos macoswindows windows google 24d ago Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information fr…
CVE-2026-8543 medium 5.3 5.3 FIX debian debianmacos macoswindows windows google 24d ago Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive infor…
CVE-2026-8541 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 24d ago Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…
CVE-2026-8539 medium 5.4 5.4 FIX debian debianwindows windows google 24d ago Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security s…
CVE-2026-8538 medium 5.3 5.3 FIX debian debianwindows windows google 24d ago Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a craf…
CVE-2026-8537 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: H…
CVE-2026-8535 medium 5.3 5.3 FIX debian debian linux-kernelwindows windows google 24d ago Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informati…
CVE-2026-8528 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 24d ago Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a …
CVE-2026-8516 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 24d ago Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentia…
CVE-2026-43996 medium 5.5 5.5 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_…
CVE-2026-26062 medium 6.5 6.5 fleetdm 24d ago Fleet server may terminate unexpectedly when handling certain gRPC requests
CVE-2026-24000 medium 5.3 5.3 fleetdm 24d ago Fleet has a rate limiting bypass via untrusted client IP headers
CVE-2026-45299 medium 5.4 5.4 openwebui 24d ago Open WebUI has Stored Cross-Site Scripting In Profile Picture
CVE-2026-45021 medium 5.5 24d ago Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin…
CVE-2026-45148 medium 4.3 4.3 24d ago SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode
CVE-2026-45147 medium 4.3 4.3 24d ago SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk
CVE-2026-38740 medium 5.3 5.3 24d ago Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol (SDP), including ICE creden…
CVE-2026-27680 medium 4.3 4.3 sap 24d ago Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the appl…
CVE-2026-22707 medium 5.4 5.4 strapi 24d ago Strapi Upload Plugin MIME Validation Bypass via Content API
CVE-2026-22706 medium 6.5 6.5 strapi 24d ago Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
CVE-2025-64526 medium 5.3 5.3 strapi 24d ago Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
CVE-2026-44968 medium 5.5 24d ago dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
CVE-2026-46469 medium 5.5 5.5 FIX debian debian sles freedesktop 24d ago An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per…
CVE-2026-44544 medium 5.5 debian debian 24d ago gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted …
CVE-2026-44520 medium 5.7 5.7 24d ago docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler
CVE-2026-44283 medium 4.3 4.3 FIX debian debian sleswindows windows etcd 24d ago etcd RBAC bypass allows unauthorized data access via PrevKv/lease attachment in nested transaction Put requests
CVE-2026-42572 medium 6.5 6.5 hatchet 24d ago Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`
CVE-2026-41888 medium 6.5 6.5 debian debian sles distribution 24d ago Distribution's tag deletion bypasses `storage.delete.enabled` configuration
CVE-2026-45448 medium 4.3 4.3 24d ago CWE-601 URL redirection to untrusted site ('open redirect')
CVE-2026-44514 medium 6.5 6.5 24d ago Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users
CVE-2026-20210 medium 5.4 5.4 24d ago A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform …
CVE-2026-20209 medium 5.4 5.4 24d ago A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low …
CVE-2025-62313 medium 5.4 5.4 24d ago HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized …
CVE-2025-62311 medium 4.3 4.3 24d ago HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized a…
CVE-2025-62310 medium 5.4 5.4 24d ago HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized …
CVE-2025-62308 medium 5.1 5.1 24d ago HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details,…
CVE-2025-62305 medium 5.1 5.1 24d ago HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allo…
CVE-2026-44898 medium 6.1 6.1 slesdebian debianwindows windows mistune_project 24d ago Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used a…
CVE-2026-45292 medium 5.3 5.3 24d ago opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggag…
CVE-2026-44884 medium 6.5 6.5 portainer 24d ago Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
CVE-2026-44885 medium 5.5 5.5 portainer 24d ago Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
CVE-2026-45078 medium 5.5 5.5 FIX debian debian element 24d ago Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing o…
CVE-2026-44722 medium 5.5 24d ago pyzipper has an encryption bypass for small files encrypted using it
CVE-2026-42597 medium 5.9 5.9 thecodingmachine 24d ago Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme
CVE-2026-42593 medium 5.3 5.3 thecodingmachine 24d ago Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes
CVE-2026-42592 medium 5.3 5.3 thecodingmachine 24d ago Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes
CVE-2026-42159 medium 5.4 5.4 flowsint 24d ago Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, whic…
CVE-2026-42853 medium 5.5 24d ago @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input
CVE-2026-44374 medium 4.3 4.3 linuxfoundation 24d ago Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi…
CVE-2026-44308 medium 5.5 24d ago Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications
CVE-2026-41933 medium 5.3 5.3 24d ago Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking pro…
CVE-2026-41932 medium 6.1 6.1 24d ago Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser() controller copies raw POST username values into the display_name fiel…
CVE-2026-24711 medium 5.3 5.3 northern.tech 24d ago Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
CVE-2026-24710 medium 6.1 6.1 northern.tech 24d ago Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
CVE-2026-21730 medium 6.1 6.1 verint 24d ago Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and p…
CVE-2025-69443 medium 6.3 6.3 24d ago Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all …
CVE-2026-6575 medium 4.3 4.3 FIX slesdebian debian postgresql 24d ago Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain…
CVE-2026-6478 medium 6.5 6.5 FIX slesdebian debianwindows windows postgresql 24d ago Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 …
CVE-2026-6474 medium 4.3 4.3 FIX slesdebian debianwindows windows postgresql 24d ago Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1…
CVE-2026-6472 medium 5.4 5.4 FIX slesdebian debianwindows windows postgresql 24d ago Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, t…
CVE-2026-6008 medium 6.8 6.8 24d ago Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. …
CVE-2026-43644 medium 6.1 6.1 stefanprodan 24d ago podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without …
CVE-2026-45205 medium 5.3 5.3 FIX debian debian sles apache 24d ago Apache Commons Configuration: StackOverflowError for YAML input with cycles
CVE-2026-6504 medium 6.4 6.4 24d ago The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insuffic…
CVE-2026-6206 medium 5.3 5.3 24d ago The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restri…
CVE-2026-6174 medium 6.4 6.4 24d ago The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and ou…
CVE-2026-6145 medium 5.3 5.3 24d ago The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relyi…
CVE-2026-6670 medium 6.5 6.5 24d ago The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation …
CVE-2026-6252 medium 6.4 6.4 24d ago The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitiza…
CVE-2026-6225 medium 6.5 6.5 24d ago The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u…
CVE-2026-5365 medium 4.3 4.3 24d ago The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() funct…
CVE-2026-5193 medium 6.5 6.5 24d ago The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu…
CVE-2026-3694 medium 6.4 6.4 24d ago The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions up to, and including, 5.6.8. This is due…
CVE-2026-8280 medium 6.5 6.5 gitlab 24d ago GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den…
CVE-2026-8144 medium 4.3 4.3 gitlab 24d ago GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with projec…
CVE-2026-7481 medium 5.4 5.4 gitlab 24d ago GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer…
CVE-2026-7377 medium 5.4 5.4 gitlab 24d ago GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allow…
CVE-2026-6883 medium 4.3 4.3 gitlab 24d ago GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg…
CVE-2026-6417 medium 6.1 6.1 24d ago The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient…
CVE-2026-6335 medium 5.4 5.4 gitlab 24d ago GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in ano…
CVE-2026-6073 medium 5.4 5.4 gitlab 24d ago GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arb…
CVE-2026-6063 medium 4.3 4.3 gitlab 24d ago GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authent…