VIR Vulnerability Intelligence Relay

Search

Found 49,539 results in 5054ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9011 high 7.5 7.5 15d ago The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly…
CVE-2026-8679 high 7.5 7.5 15d ago The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to temp…
CVE-2026-9018 high 8.8 8.8 15d ago The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` …
CVE-2026-44409 high 7.5 7.5 zte 15d ago There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the r…
CVE-2026-4834 high 7.5 7.5 15d ago The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplie…
CVE-2026-46597 high 7.5 7.5 FIX debian debian sleswindows windows golang 15d ago An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
CVE-2026-39829 high 7.5 7.5 FIX debian debian sleswindows windows golang 15d ago The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumptio…
CVE-2026-34911 high 7.7 7.7 16d ago A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulat…
CVE-2026-46701 high 8.0 16d ago Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret
CVE-2026-8434 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4…
CVE-2026-8433 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score…
CVE-2026-8432 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o…
CVE-2026-8427 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a…
CVE-2026-8416 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a CV…
CVE-2026-8415 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVS…
CVE-2026-8414 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 scor…
CVE-2026-8413 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-8412 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-8411 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-8410 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.…
CVE-2026-8409 high 8.8 8.8 concretecms 16d ago Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
CVE-2026-46681 high 8.0 16d ago @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
CVE-2026-46680 high 8.0 16d ago containerd user ID handling bypass allows runAsNonRoot evasion
CVE-2026-46679 high 8.0 16d ago js-libp2p: Memory DoS via subscription flood of unique topics
CVE-2026-46625 high 8.0 16d ago JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
CVE-2026-8428 high 8.8 8.8 concretecms 16d ago Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashb…
CVE-2026-8426 high 8.8 8.8 concretecms 16d ago Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package ret…
CVE-2026-8421 high 8.8 8.8 concretecms 16d ago Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php.  An attacker who can cause an authenticate…
CVE-2026-8417 high 8.8 8.8 concretecms 16d ago Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() method in concrete/controllers/single_page/da…
CVE-2026-8350 high 8.8 8.8 concretecms 16d ago Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access …
CVE-2026-8135 high 7.2 7.2 concretecms 16d ago Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add …
CVE-2026-8134 high 7.2 7.2 concretecms 16d ago Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue a…
CVE-2026-47102 high 8.8 8.8 litellm 16d ago LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restri…
CVE-2026-47101 high 8.8 8.8 litellm 16d ago LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored with…
CVE-2026-46673 high 8.0 16d ago Unbounded 32-bit allocation
CVE-2026-46519 high 8.0 16d ago MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
CVE-2026-46654 high 8.0 16d ago Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
CVE-2026-46643 high 8.0 16d ago Snappy: Binary path is never shell-escaped due to an inverted is_executable check
CVE-2026-47114 high 8.8 8.8 16d ago IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the…
CVE-2026-46617 high 8.0 16d ago Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
CVE-2026-46612 high 8.0 16d ago Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
CVE-2026-46545 high 8.0 16d ago nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
CVE-2026-46517 high 8.0 16d ago lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
CVE-2026-46473 high 7.5 7.5 16d ago Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
CVE-2026-48242 high 8.1 8.1 16d ago Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code commi…
CVE-2026-48241 high 8.1 8.1 16d ago Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to th…
CVE-2026-48240 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements …
CVE-2026-48239 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents…
CVE-2026-48238 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-…
CVE-2026-48237 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE stat…
CVE-2026-48236 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into…
CVE-2026-48235 high 8.2 8.2 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki…
CVE-2026-48234 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT sta…
CVE-2026-48233 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without san…
CVE-2026-48232 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without…
CVE-2026-48231 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers i…
CVE-2026-46492 high 8.0 16d ago md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
CVE-2026-8596 high 7.2 7.2 aws 16d ago Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
CVE-2026-46432 high 8.0 16d ago LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
CVE-2026-46490 high 8.0 16d ago samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
CVE-2026-46481 high 8.0 16d ago OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
CVE-2026-9089 high 8.8 8.8 connectwise 16d ago The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
CVE-2026-45208 high 7.8 7.8 trendmicro 16d ago A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abil…
CVE-2026-45207 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different…
CVE-2026-45206 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different…
CVE-2026-34930 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34929 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34928 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34927 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to …
CVE-2026-2740 high 8.4 8.4 16d ago Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mac…
CVE-2025-71217 high 7.8 7.8 trendmicro 16d ago An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please not…
CVE-2025-71216 high 7.8 7.8 trendmicro 16d ago A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an att…
CVE-2025-71215 high 7.0 7.0 trendmicro 16d ago A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. …
CVE-2025-71214 high 7.8 7.8 trendmicro 16d ago An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attack…
CVE-2025-71213 high 7.8 7.8 trendmicro 16d ago An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abili…
CVE-2025-71212 high 7.8 7.8 trendmicro 16d ago A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the…
CVE-2025-13479 high 7.5 7.5 16d ago Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: throug…
CVE-2025-13477 high 7.1 7.1 16d ago Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. Thi…
CVE-2026-45760 high 8.1 8.1 16d ago (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can c…
CVE-2026-43502 high 7.8 7.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but…
CVE-2026-43499 high 7.8 7.8 FIX slesdebian debianwindows windows google 16d ago In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also use…
CVE-2026-43498 high 7.8 7.8 FIX slesdebian debian 16d ago In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_hand…
CVE-2026-43497 high 7.3 7.3 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free dlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebu…
CVE-2026-43496 unknown FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children (eg qfq qdisc) who…
CVE-2026-43495 high 8.8 8.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the m…
CVE-2026-43494 high 7.8 7.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinne…
CVE-2026-45255 high 7.5 7.5 freebsd freebsd 16d ago When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us…
CVE-2026-45253 high 8.4 8.4 freebsd freebsd 16d ago ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code …
CVE-2026-45251 high 7.8 7.8 freebsd freebsd 16d ago A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, t…
CVE-2026-42002 high 7.5 7.5 FIX debian debian powerdns 16d ago Concurrency and locking defects in GSS-TSIG
CVE-2026-42001 high 7.5 7.5 FIX debian debian powerdns 16d ago Insufficient Validation of Autoprimary SOA Queries
CVE-2026-42000 high 8.6 8.6 FIX debian debian powerdns 16d ago Insufficient Validation of Names During AXFR
CVE-2026-39461 high 8.8 8.8 freebsd freebsd 16d ago libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript…
CVE-2026-28764 high 7.8 7.8 mediaarea 16d ago MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
CVE-2026-9157 high 8.4 8.4 16d ago Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.
CVE-2026-5434 high 7.5 7.5 16d ago Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-45250 high 7.8 7.8 freebsd freebsd 16d ago The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…
CVE-2026-44068 high 7.6 7.6 FIX slesdebian debian 16d ago Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via…
CVE-2026-44066 high 7.1 7.1 FIX slesdebian debian 16d ago Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor servic…
CVE-2026-44064 high 7.1 7.1 FIX slesdebian debian 16d ago An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.