VIR Vulnerability Intelligence Relay

Search

Found 41,683 results in 5109ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-47100 high 7.5 7.5 18d ago Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal metho…
CVE-2026-44159 critical 9.8 9.8 18d ago Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 202…
CVE-2026-43634 high 7.5 7.5 18d ago HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address…
CVE-2026-2587 critical 9.6 9.6 eclipse 18d ago GlassFish's gadget handler is vulnerable to RCE
CVE-2026-2586 critical 9.1 9.1 eclipse 18d ago GlassFish's Administration Console is Vulnerable to RCE
CVE-2025-70950 high 7.3 7.3 18d ago gohttp is vulnerable to directory traversal via a crafted request
CVE-2025-51427 high 7.3 7.3 18d ago ModelScope is vulnerable to arbitrary code injection via a crafted module
CVE-2026-45568 critical 9.5 18d ago rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
CVE-2026-46511 high 8.0 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSetti…
CVE-2026-46396 high 8.0 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el…
CVE-2026-46395 critical 9.5 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat…
CVE-2026-46391 high 8.0 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching …
CVE-2026-46393 high 8.0 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch …
CVE-2026-8973 high 8.8 8.8 FIX debian debian sles mozilla 18d ago Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code…
CVE-2026-8972 high 8.8 8.8 FIX debian debian sles mozilla 18d ago Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8969 high 8.1 8.1 FIX debian debian sles mozilla 18d ago Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8967 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8966 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8965 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8964 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8963 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8960 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8952 high 8.8 8.8 FIX debian debian sles mozilla 18d ago Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8949 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8948 critical 9.1 9.1 FIX debian debian sles mozilla 18d ago Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8945 high 7.5 7.5 FIX debian debian sles mozilla 18d ago Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-47323 critical 9.8 9.8 apache 18d ago Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
CVE-2026-43633 critical 10.0 10.0 18d ago HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…
CVE-2026-42100 high 7.5 7.5 sparxsystems 18d ago Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…
CVE-2026-42099 high 7.5 7.5 sparxsystems 18d ago Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves…
CVE-2026-42097 high 8.8 8.8 sparxsystems 18d ago Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL qu…
CVE-2026-42096 high 8.8 8.8 sparxsystems 18d ago Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within da…
CVE-2026-23558 high 7.8 7.8 slesdebian debian 18d ago The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapp…
CVE-2026-8912 high 7.5 7.5 18d ago The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user suppl…
CVE-2026-4883 critical 9.8 9.8 18d ago The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including…
CVE-2026-7571 high 7.1 7.1 redhat 18d ago Keycloak: Access token disclosure and implicit flow bypass via forged client data
CVE-2026-7507 high 7.5 7.5 redhat 18d ago Keycloak: Session fixation in OIDC login flow that can lead to account takeover
CVE-2026-7504 high 8.1 8.1 redhat 18d ago Keycloak: Open redirect when using wildcard valid redirect URIs in Keycloak
CVE-2026-7307 high 7.5 7.5 redhat 18d ago Keycloak: Denial of Service via specially crafted SAML input
CVE-2026-43493 critical 9.8 9.8 FIX slesdebian debianwindows windows 18d ago In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that va…
CVE-2026-46586 high 8.8 8.8 apache 18d ago Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Ap…
CVE-2026-45434 critical 9.8 9.8 apache 18d ago Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgr…
CVE-2026-41919 critical 9.1 9.1 apache 18d ago Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrad…
CVE-2026-31986 critical 9.1 9.1 apache 18d ago Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31910 high 7.5 7.5 apache 18d ago Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31909 high 7.5 7.5 apache 18d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, whi…
CVE-2026-2611 critical 9.6 9.6 lfprojects 18d ago MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
CVE-2026-29226 high 7.3 7.3 apache 18d ago Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.0…
CVE-2026-4885 critical 9.8 9.8 18d ago The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an…
CVE-2026-47317 high 7.5 7.5 samsung 18d ago Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47316 high 7.5 7.5 samsung 18d ago Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2…
CVE-2026-47315 high 7.5 7.5 samsung 18d ago Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2…
CVE-2026-47314 critical 9.8 9.8 samsung 18d ago Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47313 high 7.5 7.5 samsung 18d ago Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47312 high 7.5 7.5 samsung 18d ago Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-8813 high 7.5 7.5 18d ago ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
CVE-2026-47311 critical 9.8 9.8 samsung 18d ago Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47310 critical 9.8 9.8 samsung 18d ago Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47309 high 7.5 7.5 samsung 18d ago Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2025-15609 high 7.5 7.5 18d ago The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…
CVE-2026-47308 high 7.5 7.5 samsung 18d ago NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
CVE-2026-47307 high 7.5 7.5 samsung 18d ago NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issu…
CVE-2026-27648 high 8.8 8.8 18d ago in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
CVE-2026-25781 high 8.4 8.4 18d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
CVE-2026-24792 high 8.1 8.1 18d ago in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
CVE-2026-22069 high 7.3 7.3 18d ago A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.
CVE-2026-33233 high 7.6 7.6 18d ago AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache byte…
CVE-2026-33232 high 7.5 7.5 18d ago AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of…
CVE-2026-32323 high 7.8 7.8 mullvad 18d ago Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer…
CVE-2026-7323 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 18d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7322 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 18d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7321 critical 9.6 9.6 FIX rheldebian debianalmalinux almalinux mozilla 18d ago RHSA-2026:20586: thunderbird security update (Important)
CVE-2026-7320 high 7.5 7.5 FIX rheldebian debianalmalinux almalinux mozilla 18d ago Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.…
CVE-2026-5713 high 8.0 FIX rhel slesdebian debian 18d ago Important: python3.14 security update
CVE-2026-4892 high 8.4 8.4 FIX rheldebian debian sles 18d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4890 high 7.5 7.5 FIX rheldebian debian sles 18d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4519 high 8.0 FIX rocky rheldebian debian 18d ago Important: python3.12 security update
CVE-2026-4224 high 7.5 7.5 FIX rhel slesdebian debian python 18d ago Important: python3.12 security update
CVE-2026-41035 high 7.8 7.8 FIX rhel slesdebian debian samba 18d ago Important: rsync security update
CVE-2026-3644 high 7.5 7.5 FIX rhel slesdebian debian python 18d ago Important: python3.12 security update
CVE-2026-33984 high 8.0 FIX rheldebian debian sles 18d ago RHSA-2026:8945: freerdp security update (Important)
CVE-2026-33983 high 8.0 FIX rheldebian debian sles 18d ago RHSA-2026:8945: freerdp security update (Important)
CVE-2026-33810 high 8.0 FIX rheldebian debian sles 18d ago When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affe…
CVE-2026-32281 high 8.0 FIX rheldebian debian sles google 18d ago RHSA-2026:10219: golang security update (Important)
CVE-2026-31790 high 7.5 7.5 FIX rhel slesdebian debian opensslgoogle 18d ago Moderate: openssl security update
CVE-2026-3085 high 8.0 FIX rheldebian debian rocky 18d ago GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Int…
CVE-2026-3083 high 8.0 FIX rheldebian debian rocky 18d ago GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interactio…
CVE-2026-3082 high 8.0 FIX rheldebian debian rocky 18d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2923 high 8.0 FIX rheldebian debian rocky 18d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2922 high 8.0 FIX rheldebian debian rocky 18d ago Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update
CVE-2026-2921 high 8.0 FIX rheldebian debian rocky 18d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2920 high 8.0 FIX rheldebian debian rocky 18d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-28871 high 8.0 FIX rhel slesdebian debian 18d ago A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website …
CVE-2026-28859 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may …
CVE-2026-28857 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may le…
CVE-2026-27137 high 8.0 FIX rheldebian debian sles 18d ago Incorrect enforcement of email constraints in crypto/x509
CVE-2026-24842 high 8.0 FIX rhel slesdebian debian 18d ago Important: linux-sgx security update
CVE-2026-23950 high 8.0 FIX rheldebian debian 18d ago Important: linux-sgx security update
CVE-2026-23745 high 8.0 FIX rhel slesdebian debian 18d ago Important: linux-sgx security update
CVE-2026-23243 high 7.8 7.8 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD heade…