VIR Vulnerability Intelligence Relay

Search

Found 54,093 results in 2302ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-31387 medium 5.3 5.3 apache 18d ago Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31380 medium 6.5 6.5 apache 18d ago Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06…
CVE-2026-31379 medium 6.1 6.1 apache 18d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of…
CVE-2026-31378 medium 6.5 6.5 apache 18d ago Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-2611 critical 9.6 9.6 lfprojects 18d ago MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
CVE-2026-29220 medium 6.5 6.5 apache 18d ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v…
CVE-2026-29207 medium 6.5 6.5 apache 18d ago Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24…
CVE-2026-44408 medium 6.3 6.3 18d ago There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can  modify configuration through the interface.
CVE-2026-8922 medium 5.4 5.4 redhat 18d ago Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured
CVE-2026-4885 critical 9.8 9.8 18d ago The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an…
CVE-2026-47314 critical 9.8 9.8 samsung 18d ago Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-8830 medium 4.3 4.3 redhat 18d ago Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation
CVE-2026-8814 medium 5.3 5.3 18d ago ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
CVE-2026-47311 critical 9.8 9.8 samsung 18d ago Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47310 critical 9.8 9.8 samsung 18d ago Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-32994 medium 5.3 5.3 18d ago The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any…
CVE-2026-28733 medium 6.5 6.5 18d ago in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
CVE-2026-27766 medium 5.5 5.5 18d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
CVE-2026-25850 medium 5.5 5.5 18d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
CVE-2026-33514 medium 4.3 4.3 discourse 18d ago Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…
CVE-2026-33234 medium 5.0 5.0 18d ago AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen…
CVE-2026-32312 medium 4.3 4.3 glpi-project 18d ago GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue…
CVE-2026-32244 medium 5.3 5.3 discourse 18d ago Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…
CVE-2026-7321 critical 9.6 9.6 FIX rheldebian debianalmalinux almalinux mozilla 18d ago RHSA-2026:20586: thunderbird security update (Important)
CVE-2026-4893 medium 5.3 5.3 FIX rheldebian debian sles 18d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4891 medium 5.3 5.3 FIX rheldebian debian sles 18d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-40356 medium 5.9 5.9 FIX rheldebian debian sles 18d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-40355 medium 5.9 5.9 FIX rheldebian debian sles 18d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-34000 medium 6.1 6.1 FIX rhel slesdebian debian x.org 18d ago A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
CVE-2026-32710 medium 5.5 FIX rhel slesdebian debian 18d ago MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un…
CVE-2026-31677 medium 5.5 5.5 FIX rhel slesdebian debian google 18d ago Important: kernel security update
CVE-2026-30892 medium 5.5 FIX rheldebian debian rocky 18d ago Moderate: crun security update
CVE-2026-23868 medium 5.1 5.1 FIX rheldebian debian sles giflib_project 18d ago Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult b…
CVE-2026-23040 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an…
CVE-2026-0967 medium 5.5 5.5 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2026-0964 medium 6.3 6.3 FIX rheldebian debian sles libsshredhat 18d ago Moderate: libssh security update
CVE-2026-0865 medium 5.5 FIX rocky rheldebian debian 18d ago User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2025-8114 medium 4.7 4.7 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2025-68121 critical 10.0 10.0 FIX rocky rheldebian debian golanggoogle 18d ago Unexpected session resumption in crypto/tls
CVE-2025-55754 critical 9.6 9.6 FIX rhel slesdebian debian apache 18d ago Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Win…
CVE-2025-5351 medium 6.5 6.5 FIX rheldebian debian sles libsshredhat 18d ago Moderate: libssh security update
CVE-2025-4877 medium 4.5 4.5 FIX rheldebian debian sles 18d ago Moderate: libssh security update
CVE-2025-40134 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le…
CVE-2025-38470 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on…
CVE-2025-38441 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_…
CVE-2025-38405 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128…
CVE-2025-38400 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio…
CVE-2025-38279 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w…
CVE-2025-38166 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:…
CVE-2025-38097 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen…
CVE-2025-38015 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d…
CVE-2025-37980 medium 5.5 FIX rhel slesdebian debian google 18d ago In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe…
CVE-2025-22105 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec…
CVE-2025-13465 medium 5.3 5.3 FIX rhel sles rocky lodash 18d ago Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pr…
CVE-2025-12748 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago Moderate: libvirt security update
CVE-2025-11568 medium 4.4 4.4 FIX rocky rheldebian debian 18d ago RHSA-2025:23086: luksmeta security update (Moderate)
CVE-2025-11411 medium 5.5 FIX rhel slesdebian debian 18d ago Moderate: unbound security update
CVE-2024-33655 medium 5.5 FIX rhel slesdebian debian 18d ago Moderate: unbound security update
CVE-2024-12086 medium 6.8 6.8 FIX arch arch rhel sles sambaredhat 18d ago Important: rsync security update
CVE-2026-27737 medium 6.5 6.5 18d ago BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio…
CVE-2026-8838 critical 9.8 9.8 aws 18d ago amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
CVE-2026-27130 critical 9.9 9.9 18d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input…
CVE-2026-25244 critical 9.8 9.8 openjsf 18d ago WebdriverIO BrowserStack Service has a Command Injection issue
CVE-2026-46559 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.
CVE-2026-46557 medium 5.5 FIX debian debian 18d ago ImageMagick: Stack overflow in fx operation
CVE-2026-46523 medium 5.5 FIX debian debian 18d ago ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46521 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
CVE-2026-45664 medium 5.5 FIX debian debian 18d ago ImageMagick: Policy Bypass in MNG coder could
CVE-2026-45624 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
CVE-2026-45554 medium 5.3 5.3 18d ago NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rathe…
CVE-2026-45684 medium 5.3 5.3 sles opentelemetry 18d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by readi…
CVE-2026-45682 medium 5.5 5.5 sles opentelemetry 18d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking…
CVE-2026-47090 medium 4.6 4.6 jarrodwatts 18d ago Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded…
CVE-2026-45246 medium 5.5 5.5 steipete 18d ago Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default…
CVE-2026-45244 medium 5.4 5.4 steipete 18d ago Summarize contains a missing authorization vulnerability
CVE-2026-21789 medium 4.6 4.6 18d ago HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
CVE-2026-45681 medium 5.9 5.9 sles opentelemetry 18d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer bu…
CVE-2026-8836 critical 9.8 9.8 FIX debian debian 18d ago A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of…
CVE-2026-45243 medium 6.1 6.1 steipete 18d ago Summarize contains a missing authorization vulnerability
CVE-2026-45231 medium 6.1 6.1 18d ago DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side san…
CVE-2026-45731 medium 4.9 4.9 wwbn 18d ago WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line executi…
CVE-2026-45494 medium 5.4 5.4 windows windows microsoft 18d ago Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-45492 medium 5.4 5.4 windows windows microsoft 18d ago Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-45230 critical 9.1 9.1 18d ago DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary fi…
CVE-2026-42822 critical 10.0 10.0 windows windows microsoft 18d ago Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32849 medium 5.5 5.5 18d ago NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i…
CVE-2026-32848 medium 4.7 4.7 18d ago NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently…
CVE-2026-29965 medium 6.1 6.1 hsclabs 18d ago HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate…
CVE-2026-29964 medium 6.1 6.1 hsclabs 18d ago HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS…
CVE-2023-24215 critical 9.1 9.1 18d ago Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
CVE-2026-45679 medium 6.5 6.5 sles opentelemetry 18d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redi…
CVE-2026-45676 medium 5.5 5.5 sles opentelemetry 18d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string o…
CVE-2026-45031 medium 5.5 FIX debian debian 18d ago ImageMagick: Policy Bypass in PSD decoder
CVE-2026-41568 medium 5.5 18d ago Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
CVE-2026-45358 medium 5.5 FIX debian debian 18d ago ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
CVE-2026-45359 medium 5.5 FIX debian debian 18d ago ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
CVE-2026-45701 medium 5.5 18d ago Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical has…
CVE-2026-45697 critical 9.8 9.8 18d ago Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as …
CVE-2026-8843 medium 6.5 6.5 18d ago Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi…
CVE-2026-38719 medium 6.2 6.2 18d ago OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c…