VIR Vulnerability Intelligence Relay

Search

Found 1,283 results in 72ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-58707 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: fr…
CVE-2019-25719 high 8.6 8.6 2d ago Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow netwo…
CVE-2019-25717 medium 4.3 4.3 2d ago Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection…
CVE-2026-8993 medium 6.5 6.5 2d ago D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate fu…
CVE-2026-39551 high 8.1 8.1 2d ago Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
CVE-2026-39550 high 8.1 8.1 2d ago Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
CVE-2026-42685 high 7.1 7.1 2d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5…
CVE-2026-42684 critical 9.3 9.3 2d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a throu…
CVE-2026-42670 high 7.5 7.5 2d ago Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Fi…
CVE-2026-42669 high 7.5 7.5 2d ago Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.
CVE-2025-58705 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti…
CVE-2025-58024 high 7.5 7.5 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affec…
CVE-2026-5422 high 8.1 8.1 debian debian jupyter 2d ago A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.…
CVE-2026-5191 medium 5.4 5.4 2d ago The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insu…
CVE-2026-46718 medium 6.5 6.5 apache 2d ago Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended …
CVE-2026-41115 medium 4.3 4.3 apache 2d ago An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead…
CVE-2025-53346 medium 4.3 4.3 2d ago Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3.
CVE-2025-53345 high 8.8 8.8 2d ago Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.
CVE-2025-53302 medium 5.3 5.3 2d ago Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5.
CVE-2025-53209 critical 9.8 9.8 2d ago Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.
CVE-2025-52766 medium 6.5 6.5 2d ago Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a t…
CVE-2025-52759 high 7.1 7.1 2d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a thr…
CVE-2025-53440 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Con…
CVE-2026-9730 medium 4.3 4.3 2d ago The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on t…
CVE-2026-9723 medium 4.3 4.3 2d ago The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the go…
CVE-2026-9722 medium 4.3 4.3 2d ago The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPage…
CVE-2026-9599 medium 4.3 4.3 2d ago The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin_init fu…
CVE-2026-9234 medium 4.3 4.3 2d ago The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification …
CVE-2026-8885 medium 6.4 6.4 2d ago The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insuf…
CVE-2026-8422 medium 4.3 4.3 2d ago The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation o…
CVE-2026-4081 medium 6.4 6.4 2d ago The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and ou…
CVE-2026-4080 medium 6.4 6.4 2d ago The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization…
CVE-2026-4071 medium 4.3 4.3 2d ago The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page…
CVE-2026-3620 medium 4.4 4.4 2d ago The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input saniti…
CVE-2026-3514 high 7.5 7.5 prefect 2d ago In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication mid…
CVE-2026-2425 medium 6.1 6.1 2d ago The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input …
CVE-2026-2382 medium 6.4 6.4 2d ago The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions up to, and including, 1.9.5. …
CVE-2026-1784 high 8.8 8.8 2d ago The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was…
CVE-2026-1451 medium 6.1 6.1 2d ago The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escapi…
CVE-2026-1450 medium 6.1 6.1 2d ago The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output esc…
CVE-2025-5085 medium 5.5 5.5 2d ago The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization an…
CVE-2026-8293 high 7.5 7.5 2d ago The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user…
CVE-2026-8206 critical 9.8 9.8 2d ago The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plug…
CVE-2026-3198 medium 6.5 6.5 lfprojects 2d ago MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlfl…
CVE-2026-10583 medium 4.7 4.7 2d ago A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configur…
CVE-2026-10581 medium 6.3 6.3 2d ago A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side …
CVE-2026-3871 medium 6.5 6.5 2d ago A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial…
CVE-2026-3870 medium 6.5 6.5 2d ago A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of…
CVE-2026-3722 medium 6.4 6.4 2d ago The Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in al…
CVE-2026-10568 medium 6.3 6.3 2d ago A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection.…
CVE-2026-10567 low 3.5 3.5 2d ago A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the com…
CVE-2026-10566 medium 5.3 5.3 2d ago A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argumen…
CVE-2026-10565 low 3.1 3.1 2d ago A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a mani…
CVE-2026-10510 medium 6.1 6.1 2d ago Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute ar…
CVE-2026-10100 medium 4.4 4.4 2d ago The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up …
CVE-2026-10559 medium 6.3 6.3 2d ago A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to fil…
CVE-2026-10558 medium 6.3 6.3 2d ago A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in fi…
CVE-2026-10550 medium 6.3 6.3 2d ago A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argum…
CVE-2026-10548 medium 5.3 5.3 2d ago A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the com…
CVE-2026-10529 low 2.4 2.4 2d ago A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJo…
CVE-2026-9050 medium 4.3 4.3 2d ago The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user i…
CVE-2026-9048 medium 4.3 4.3 2d ago The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated …
CVE-2026-10528 low 3.3 3.3 debian debian 2d ago A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the c…
CVE-2026-10514 low 2.4 2.4 2d ago A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The mani…
CVE-2026-10302 medium 6.3 6.3 2d ago A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql …
CVE-2026-10301 medium 4.3 4.3 2d ago A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in c…
CVE-2026-28511 medium 4.3 4.3 elabftw 2d ago eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …
CVE-2026-25277 high 8.8 8.8 qualcomm 2d ago Memory corruption while using Strongbox due to buffer overflow.
CVE-2026-25276 high 8.8 8.8 qualcomm 2d ago Memory corruption while using Strongbox due to missing bounds check.
CVE-2026-25260 high 7.8 7.8 qualcomm 2d ago Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
CVE-2026-25259 high 7.8 7.8 qualcomm 2d ago Memory corruption while processing multiple IOCTL command for escape operations.
CVE-2026-25258 high 7.8 7.8 qualcomm 2d ago Memory corruption while processing IOCTL calls for escape operations.
CVE-2026-24782 high 8.8 8.8 accellion 2d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBui…
CVE-2026-24761 medium 4.3 4.3 accellion 2d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metad…
CVE-2026-24756 medium 4.3 4.3 accellion 2d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…
CVE-2026-24755 medium 5.4 5.4 accellion 2d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permi…
CVE-2026-24754 medium 5.4 5.4 accellion 2d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code…
CVE-2026-24753 medium 6.5 6.5 accellion 2d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…
CVE-2026-24752 high 8.2 8.2 accellion 2d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra…
CVE-2026-24092 high 7.2 7.2 qualcomm 2d ago Memory Corruption when processing fastboot commands to set display mode.
CVE-2026-24091 high 7.2 7.2 qualcomm 2d ago Memory corruption while processing fastboot commands with improperly formatted input.
CVE-2026-24090 high 7.1 7.1 qualcomm 2d ago Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
CVE-2026-24089 high 7.2 7.2 qualcomm 2d ago Memory corruption while processing fastboot commands with invalid input.
CVE-2026-24088 high 8.2 8.2 qualcomm 2d ago Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2026-24087 high 7.2 7.2 qualcomm 2d ago Memory corruption while processing fastboot OEM commands.
CVE-2026-24085 high 7.2 7.2 qualcomm 2d ago Memory Corruption when processing display command line information due to improper initialization of a variable.
CVE-2026-10300 low 3.7 3.7 2d ago A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such ma…
CVE-2026-10299 low 3.8 3.8 2d ago A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument …
CVE-2026-10298 low 3.3 3.3 debian debian 2d ago A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null point…
CVE-2026-10297 medium 6.3 6.3 2d ago A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It …
CVE-2026-10296 medium 6.3 6.3 2d ago A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Usernam…
CVE-2026-10295 low 3.3 3.3 2d ago A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a mani…
CVE-2025-59614 medium 6.7 6.7 qualcomm 2d ago Memory Corruption when sending random number generator command with insufficient output buffer size.
CVE-2025-59613 medium 6.7 6.7 qualcomm 2d ago Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
CVE-2025-59612 medium 6.7 6.7 qualcomm 2d ago Memory corruption in windows drivers while sending incorrect trusted application request
CVE-2025-59611 medium 6.7 6.7 qualcomm 2d ago Memory corruption in diagnostic services due to absence of input validation
CVE-2025-59610 medium 6.4 6.4 qualcomm 2d ago Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2025-59609 medium 5.5 5.5 qualcomm 2d ago Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2025-59606 high 7.8 7.8 qualcomm 2d ago Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2025-59605 high 7.8 7.8 qualcomm 2d ago Memory Corruption when processing device identifier strings that exceed the expected maximum length.