VIR Vulnerability Intelligence Relay

Search

Found 25,320 results in 2376ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-68201 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace.
CVE-2025-40347 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetc_mdio_lock After applying the workaround for err050089, the LS1028A platform experiences RCU…
CVE-2025-68113 unknown 6mo ago ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
CVE-2025-59718 unknown 1.5 KEV 6mo ago Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiC…
CVE-2025-67748 unknown 6mo ago Fickling has Code Injection vulnerability via pty.spawn()
CVE-2025-67735 unknown FIX slesdebian debian 6mo ago Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
CVE-2025-14722 low 2.4 2.4 6mo ago A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the componen…
CVE-2025-65431 unknown FIX debian debian 6mo ago django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions
CVE-2025-65430 unknown FIX debian debian 6mo ago django-allauth does not reject access tokens for inactive users
CVE-2025-66388 unknown 6mo ago Apache Airflow exposes secret values to authenticated UI users via rendered templates
CVE-2025-37731 unknown 6mo ago Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
CVE-2025-14697 low 3.7 3.7 6mo ago A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles…
CVE-2025-14611 unknown 2.5 KEVEXP 6mo ago Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoin…
CVE-2025-14674 unknown 6mo ago snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function
CVE-2025-14651 low 3.7 3.7 6mo ago A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use…
CVE-2025-14636 low 3.7 3.7 6mo ago A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the …
CVE-2025-67721 unknown 6mo ago aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
CVE-2025-3586 unknown 6mo ago Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations
CVE-2025-53960 unknown 6mo ago Apache StreamPark: Use the user’s password as the secret key Vulnerability
CVE-2025-40345 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes …
CVE-2025-54981 unknown 6mo ago Apache StreamPark uses a Weak Encryption Algorithm
CVE-2025-54947 unknown 6mo ago Apache StreamPark has a hard-coded encryption key
CVE-2025-26866 unknown 6mo ago Apache HugeGraph-Server: RAFT and deserialization vulnerability
CVE-2018-4063 unknown 1.5 KEV 6mo ago Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploade…
CVE-2025-14538 low 3.5 3.5 6mo ago A security vulnerability has been detected in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument …
CVE-2025-67505 unknown 6mo ago Race condition in the Okta Java SDK
CVE-2025-66033 unknown 6mo ago Improper Memory Cleanup in the Okta Java SDK
CVE-2025-67643 unknown 6mo ago Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability
CVE-2025-67642 unknown 6mo ago Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials
CVE-2025-67641 unknown 6mo ago Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
CVE-2025-67640 unknown 6mo ago Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin
CVE-2025-67639 unknown 6mo ago Jenkins has a CSRF vulnerability on the login form
CVE-2025-67638 unknown 6mo ago Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67637 unknown 6mo ago Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67636 unknown 6mo ago Jenkins is missing a permission check on password fields
CVE-2025-67635 unknown 6mo ago Jenkins has a Denial of service vulnerability in HTTP-based CLI
CVE-2025-67713 unknown FIX debian debian 6mo ago Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like /…
CVE-2025-66628 unknown FIX debian debian sles 6mo ago ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in…
CVE-2025-66474 unknown 6mo ago XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
CVE-2025-66473 unknown 6mo ago XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis
CVE-2025-66472 unknown 6mo ago XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
CVE-2025-8110 unknown 1.5 KEV 6mo ago Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
CVE-2025-13127 low 3.5 3.5 6mo ago Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scr…
CVE-2025-66675 unknown 6mo ago Apache Struts has a Denial of Service vulnerability
CVE-2025-14082 unknown 6mo ago Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
CVE-2025-13955 unknown 6mo ago Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default pa…
CVE-2025-13954 unknown 6mo ago Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI
CVE-2025-64787 low 3.3 3.3 macos macos adobe 6mo ago Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could r…
CVE-2025-64786 low 3.3 3.3 macos macos adobe 6mo ago Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could r…
CVE-2025-14307 unknown debian debian 6mo ago An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attacke…
CVE-2025-14306 unknown debian debian 6mo ago A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to travers…
CVE-2025-64254 low 2.7 2.7 6mo ago Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through …
CVE-2025-62221 unknown 1.5 KEV 6mo ago Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
CVE-2025-6218 unknown 1.5 KEVFIX debian debian 6mo ago RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
CVE-2025-14228 low 3.5 3.5 6mo ago A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible …
CVE-2025-66644 unknown 1.5 KEV 6mo ago Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
CVE-2022-37055 unknown 1.5 KEV 6mo ago D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service …
CVE-2025-14186 low 3.5 3.5 6mo ago A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing m…
CVE-2025-40281 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto syzbot reported a possible shift-out-of-bounds [1] Blame…
CVE-2025-40280 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reini…
CVE-2025-40278 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . …
CVE-2025-66623 unknown 6mo ago Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
CVE-2025-66564 unknown FIX debian debian 6mo ago Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (whi…
CVE-2025-66506 unknown FIX debian debian 6mo ago Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to str…
CVE-2025-66573 unknown 6mo ago Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display n…
CVE-2025-66516 unknown FIX debian debian 6mo ago Apache Tika has XXE vulnerability
CVE-2025-40264 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrb_params in case of OS2BMC be_insert_vlan_in_pkt() is called with the wrb_params argument being NULL at be_send_pk…
CVE-2025-40263 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`…
CVE-2025-40262 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an ad…
CVE-2025-40261 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending I/O to com…
CVE-2025-40257 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcp_pm_del_add_timer() mptcp_pm_del_add_timer() can call sk_stop_timer_sync(sk, &entry->add_timer) while a…
CVE-2025-40254 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the set(nsh(...)) action is completely wr…
CVE-2025-40250 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rma…
CVE-2025-40214 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of …
CVE-2024-3884 unknown debian debian 6mo ago Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
CVE-2025-55182 unknown 2.5 KEVEXP aws 6mo ago Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Ser…
CVE-2025-66453 unknown slesdebian debian 6mo ago Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
CVE-2025-65955 unknown FIX debian debian sles 6mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests …
CVE-2025-13472 unknown 6mo ago BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources
CVE-2021-26828 unknown 1.5 KEV 6mo ago OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
CVE-2025-61727 unknown FIX debian debian sles 6mo ago An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com doe…
CVE-2025-64460 unknown FIX slesdebian debian 6mo ago Django is vulnerable to DoS via XML serializer text extraction
CVE-2025-13372 unknown FIX slesdebian debian 6mo ago Django is vulnerable to SQL injection in column aliases
CVE-2025-10939 unknown 6mo ago Keycloak unable to restrict access to the admin console
CVE-2025-11538 unknown 6mo ago Keycloak has debug default bind address
CVE-2025-48633 unknown 1.5 KEV 6mo ago Android Framework contains an unspecified vulnerability that allows for information disclosure.
CVE-2025-48572 unknown 1.5 KEV 6mo ago Android Framework contains an unspecified vulnerability that allows for privilege escalation.
CVE-2025-55749 unknown 6mo ago XWiki Jetty Package (XJetty) allows accessing any application file through URL
CVE-2025-64775 unknown 6mo ago Apache Struts is Vulnerable to DoS via File Leak
CVE-2025-13805 low 3.7 3.7 6mo ago NutzBoot vulnerable to deserialization
CVE-2025-13795 low 2.4 2.4 6mo ago A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the compone…
CVE-2025-6666 low 2.0 2.0 6mo ago A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can …
CVE-2025-12183 unknown debian debian 6mo ago LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS
CVE-2025-66382 low 2.9 2.9 debian debian sles libexpat_project 6mo ago In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
CVE-2025-66372 unknown 6mo ago Mustangproject allows exfiltrating files via XXE attacks
CVE-2021-26829 unknown 1.5 KEV 6mo ago OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm.
CVE-2025-3261 unknown 6mo ago ThingsBoard allows an authenticated user to upload malicious SVG images
CVE-2025-54057 unknown 6mo ago Apache SkyWalking has a stored XSS vulnerability
CVE-2025-66035 unknown FIX debian debian 6mo ago Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF tok…
CVE-2025-62728 unknown 6mo ago Hive Metastore Server is vulnerable to SQL Injection