VIR Vulnerability Intelligence Relay

Search

Found 4,378 results in 260ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44459 low 3.8 3.8 hono 21d ago Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
CVE-2026-44242 low 3.7 3.7 22d ago Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
CVE-2026-44220 low 3.2 3.2 22d ago ciguard: discover_pipeline_files follows symlinks out of scan root
CVE-2026-44219 low 3.7 3.7 22d ago ciguard: SCA HTTP client reads response body without size cap
CVE-2026-44218 low 3.0 3.0 22d ago ciguard: Container image runs as root (no USER directive)
CVE-2026-34685 low 3.4 3.4 adobe 22d ago Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec…
CVE-2026-20793 low 3.3 3.3 intel 22d ago Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an a…
CVE-2026-43514 low 3.7 3.7 FIX slesdebian debian apache 22d ago Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M…
CVE-2026-32684 low 2.9 2.9 23d ago The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
CVE-2026-41530 low 3.3 3.3 23d ago The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe…
CVE-2026-40131 low 3.4 3.4 23d ago SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi…
CVE-2026-45362 low 3.2 3.2 23d ago Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
CVE-2026-42188 low 2.4 2.4 23d ago Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
CVE-2026-28910 low 3.3 3.3 FIX macos macos 23d ago macOS Tahoe 26.4
CVE-2026-42874 low 3.7 3.7 23d ago Microdot has HTTP response splitting in Response.set_cookie()
CVE-2026-43969 low 3.2 3.2 FIX debian debianwindows windows ninenines 23d ago cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
CVE-2026-44996 low 3.7 3.7 openclaw 23d ago OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag…
CVE-2026-44658 low 2.4 2.4 23d ago Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same r…
CVE-2026-34094 low 3.8 3.8 FIX debian debian mediawiki 23d ago Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-8276 low 3.7 3.7 debian debian sles 24d ago bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go
CVE-2026-8275 low 3.7 3.7 debian debian 24d ago bettercap Has an Integer Coercion Error in the ippReadChunkedBody Function
CVE-2026-8262 low 2.4 2.4 24d ago A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack ma…
CVE-2026-8256 low 2.4 2.4 24d ago A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scriptin…
CVE-2026-8255 low 2.4 2.4 24d ago A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack c…
CVE-2026-8254 low 2.4 2.4 24d ago A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross si…
CVE-2026-8253 low 2.4 2.4 24d ago A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross …
CVE-2026-28957 low 3.3 3.3 FIX iosmacos macos apple 24d ago visionOS 26.5
CVE-2026-8242 low 3.7 3.7 25d ago A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results…
CVE-2026-8232 low 3.5 3.5 25d ago A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The ma…
CVE-2026-8221 low 2.4 2.4 25d ago A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible t…
CVE-2026-8220 low 2.4 2.4 25d ago A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack…
CVE-2026-8219 low 2.4 2.4 25d ago A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross sit…
CVE-2026-8218 low 2.4 2.4 25d ago A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing a manipulation can lead to cro…
CVE-2026-45182 low 2.2 2.2 25d ago GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let syste…
CVE-2026-8196 low 3.7 3.7 25d ago A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginControlle…
CVE-2026-44987 low 3.8 3.8 26d ago SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th…
CVE-2026-42195 low 3.4 3.4 26d ago draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut…
CVE-2026-32803 low 3.3 3.3 27d ago Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileg…
CVE-2026-44916 low 3.0 3.0 FIX debian debian 27d ago In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
CVE-2026-8136 low 2.4 2.4 27d ago A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead…
CVE-2026-41498 low 3.3 3.3 kimai 27d ago Kimai has Missing Object-Level Authorization in the Team API
CVE-2026-27964 low 3.9 3.9 27d ago FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation
CVE-2026-8022 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
CVE-2026-8017 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-7968 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafte…
CVE-2026-7966 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
CVE-2026-7965 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
CVE-2026-7959 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…
CVE-2026-7954 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security…
CVE-2026-7949 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromi…
CVE-2026-7945 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT…
CVE-2026-7944 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …
CVE-2026-7937 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c…
CVE-2026-7909 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 28d ago Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…
CVE-2026-8028 low 3.7 3.7 flowiseai 29d ago A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Perf…
CVE-2025-31959 low 3.5 3.5 hcltech 29d ago HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentio…
CVE-2025-62345 low 2.7 2.7 29d ago HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the …
CVE-2026-44405 low 3.4 3.4 slesdebian debian 29d ago Paramiko rsakey.py allows the SHA-1 algorithm
CVE-2026-7847 low 2.6 2.6 29d ago Langchain-Chatchat Uses Insufficiently Random Values
CVE-2026-7846 low 2.6 2.6 29d ago Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
CVE-2026-7845 low 2.6 2.6 29d ago Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
CVE-2026-43529 low 2.5 2.5 openclaw 1mo ago OpenClaw: TOCTOU read in exec script preflight
CVE-2026-7740 low 3.3 3.3 1mo ago A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id…
CVE-2026-7739 low 3.3 3.3 1mo ago A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation …
CVE-2026-43864 low 2.5 2.5 slesdebian debian 1mo ago mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
CVE-2026-43863 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
CVE-2026-43862 low 3.7 3.7 slesdebian debian 1mo ago In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
CVE-2026-43861 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 does not check for '\0' in url_pct_decode.
CVE-2026-43860 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
CVE-2026-43859 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
CVE-2026-7689 low 3.7 3.7 1mo ago Dolibarr has Insufficient Verification of Data Authenticity
CVE-2026-7677 low 3.5 3.5 1mo ago A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic…
CVE-2026-7671 low 3.7 3.7 1mo ago A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restr…
CVE-2026-7501 low 3.5 3.5 1mo ago A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument p…
CVE-2026-41263 low 3.7 3.7 traefik 1mo ago Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
CVE-2026-33448 low 3.3 3.3 macos macos absolute 1mo ago CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump t…
CVE-2026-3832 low 3.7 3.7 FIX debian debian rhel gnuredhat 1mo ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-41663 low 3.5 3.5 1mo ago Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send
CVE-2026-41659 low 2.7 2.7 1mo ago Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment
CVE-2026-7390 low 3.5 3.5 1mo ago A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the arg…
CVE-2026-22741 low 3.1 3.1 debian debian vmware 1mo ago Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
CVE-2026-7360 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
CVE-2026-7351 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium se…
CVE-2026-7303 low 3.7 3.7 1mo ago xxl-job has a Resource Injection issue
CVE-2026-7297 low 2.4 2.4 1mo ago A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation…
CVE-2026-7296 low 2.4 2.4 1mo ago A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument…
CVE-2026-7295 low 2.4 2.4 1mo ago A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation of the …
CVE-2026-7294 low 2.4 2.4 1mo ago A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation o…
CVE-2026-41913 low 3.7 3.7 openclaw 1mo ago OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths
CVE-2026-7281 low 2.4 2.4 1mo ago A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation …
CVE-2026-7269 low 2.4 2.4 1mo ago A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID …
CVE-2026-7222 low 3.5 3.5 1mo ago A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the compo…
CVE-2026-7110 low 3.5 3.5 1mo ago A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cro…
CVE-2026-7103 low 3.7 3.7 1mo ago A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Passw…
CVE-2026-7090 low 2.4 2.4 1mo ago A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument m…
CVE-2026-7041 low 3.7 3.7 1mo ago A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation…
CVE-2026-7021 low 3.5 3.5 1mo ago A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the arg…
CVE-2026-7020 low 3.7 3.7 sles ollama 1mo ago Ollama is Vulnerable to Path Traversal
CVE-2026-7016 low 2.4 2.4 1mo ago A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site…
CVE-2026-7015 low 2.4 2.4 1mo ago A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_emai…