VIR Vulnerability Intelligence Relay

Search

Found 58,587 results in 5562ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45568 critical 9.5 18d ago rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
CVE-2026-46395 critical 9.5 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat…
CVE-2026-46496 medium 5.5 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p…
CVE-2026-45409 medium 5.5 slesdebian debian 18d ago Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prio…
CVE-2026-8971 medium 6.5 6.5 FIX debian debian sles mozilla 18d ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8951 medium 6.5 6.5 FIX debian debian sles mozilla 18d ago Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-8948 critical 9.1 9.1 FIX debian debian sles mozilla 18d ago Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-47323 critical 9.8 9.8 apache 18d ago Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
CVE-2026-43633 critical 10.0 10.0 18d ago HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…
CVE-2026-23557 medium 6.5 6.5 slesdebian debian 18d ago Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap…
CVE-2025-40904 medium 5.4 5.4 nozominetworks 18d ago A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malici…
CVE-2025-40903 medium 4.8 4.8 nozominetworks 18d ago A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileg…
CVE-2025-40902 medium 4.8 4.8 nozominetworks 18d ago A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a mal…
CVE-2025-40901 medium 4.8 4.8 nozominetworks 18d ago A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges ca…
CVE-2025-40900 medium 4.6 4.6 nozominetworks 18d ago An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal…
CVE-2026-4883 critical 9.8 9.8 18d ago The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including…
CVE-2026-4630 medium 6.8 6.8 redhat 18d ago A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtai…
CVE-2026-45442 medium 4.3 4.3 18d ago Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.…
CVE-2026-43493 critical 9.8 9.8 FIX slesdebian debianwindows windows 18d ago In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that va…
CVE-2026-37982 medium 6.8 6.8 redhat 18d ago Keycloak: Unauthorized account takeover via WebAuthn token replay
CVE-2026-37981 medium 4.3 4.3 redhat 18d ago A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) r…
CVE-2026-37979 medium 6.5 6.5 redhat 18d ago Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass
CVE-2026-37978 medium 4.9 4.9 redhat 18d ago Keycloak: Information Disclosure via evaluate-scopes Admin API
CVE-2026-45434 critical 9.8 9.8 apache 18d ago Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgr…
CVE-2026-45187 medium 6.5 6.5 apache 18d ago Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-41919 critical 9.1 9.1 apache 18d ago Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrad…
CVE-2026-35086 medium 6.5 6.5 apache 18d ago Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to vers…
CVE-2026-31986 critical 9.1 9.1 apache 18d ago Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31906 medium 6.1 6.1 apache 18d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrad…
CVE-2026-31388 medium 5.3 5.3 apache 18d ago Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixe…
CVE-2026-31387 medium 5.3 5.3 apache 18d ago Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31380 medium 6.5 6.5 apache 18d ago Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06…
CVE-2026-31379 medium 6.1 6.1 apache 18d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of…
CVE-2026-31378 medium 6.5 6.5 apache 18d ago Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-2611 critical 9.6 9.6 lfprojects 18d ago MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
CVE-2026-29220 medium 6.5 6.5 apache 18d ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v…
CVE-2026-29207 medium 6.5 6.5 apache 18d ago Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24…
CVE-2026-44408 medium 6.3 6.3 18d ago There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can  modify configuration through the interface.
CVE-2026-8922 medium 5.4 5.4 redhat 19d ago Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured
CVE-2026-4885 critical 9.8 9.8 19d ago The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an…
CVE-2026-47314 critical 9.8 9.8 samsung 19d ago Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-8830 medium 4.3 4.3 redhat 19d ago Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation
CVE-2026-8814 medium 5.3 5.3 19d ago ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
CVE-2026-47311 critical 9.8 9.8 samsung 19d ago Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47310 critical 9.8 9.8 samsung 19d ago Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-32994 medium 5.3 5.3 19d ago The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any…
CVE-2026-33565 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28751 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28733 medium 6.5 6.5 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
CVE-2026-27781 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-27766 medium 5.5 5.5 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
CVE-2026-25850 medium 5.5 5.5 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
CVE-2026-25110 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-33514 medium 4.3 4.3 discourse 19d ago Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…
CVE-2026-33234 medium 5.0 5.0 19d ago AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen…
CVE-2026-32312 medium 4.3 4.3 glpi-project 19d ago GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue…
CVE-2026-32244 medium 5.3 5.3 discourse 19d ago Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…
CVE-2026-7321 critical 9.6 9.6 FIX rheldebian debianalmalinux almalinux mozilla 19d ago RHSA-2026:20586: thunderbird security update (Important)
CVE-2026-4893 medium 5.3 5.3 FIX rheldebian debian sles 19d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4891 medium 5.3 5.3 FIX rheldebian debian sles 19d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-40356 medium 5.9 5.9 FIX rheldebian debian sles 19d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-40355 medium 5.9 5.9 FIX rheldebian debian sles 19d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-39373 low 2.5 FIX rhel slesdebian debian 19d ago JWCrypto: JWE ZIP decompression bomb
CVE-2026-34000 medium 6.1 6.1 FIX rhel slesdebian debian x.org 19d ago A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
CVE-2026-32710 medium 5.5 FIX rhel slesdebian debian 19d ago MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un…
CVE-2026-31677 medium 5.5 5.5 FIX rhel slesdebian debian google 19d ago Important: kernel security update
CVE-2026-30892 medium 5.5 FIX rheldebian debian rocky 19d ago Moderate: crun security update
CVE-2026-23868 medium 5.1 5.1 FIX rheldebian debian sles giflib_project 19d ago Important: giflib security update
CVE-2026-23040 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an…
CVE-2026-0968 low 3.1 3.1 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2026-0967 medium 5.5 5.5 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2026-0965 low 3.3 3.3 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2026-0964 medium 6.3 6.3 FIX rheldebian debian sles libsshredhat 19d ago Moderate: libssh security update
CVE-2026-0865 medium 5.5 FIX rocky rheldebian debian 19d ago User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2025-9615 low 3.3 3.3 FIX rhel slesdebian debian 19d ago Low: NetworkManager security update
CVE-2025-8277 low 3.1 3.1 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-8114 medium 4.7 4.7 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2025-68121 critical 10.0 10.0 FIX rocky rheldebian debian golanggoogle 19d ago Unexpected session resumption in crypto/tls
CVE-2025-55754 critical 9.6 9.6 FIX rhel slesdebian debian apache 19d ago Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Win…
CVE-2025-5351 medium 6.5 6.5 FIX rheldebian debian sles libsshredhat 19d ago Moderate: libssh security update
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-4877 medium 4.5 4.5 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-40134 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le…
CVE-2025-38470 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on…
CVE-2025-38441 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_…
CVE-2025-38405 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128…
CVE-2025-38400 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio…
CVE-2025-38279 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w…
CVE-2025-38166 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:…
CVE-2025-38097 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen…
CVE-2025-38015 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d…
CVE-2025-37980 medium 5.5 FIX rhel slesdebian debian google 19d ago In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe…
CVE-2025-22105 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec…
CVE-2025-13465 medium 5.3 5.3 FIX rhel sles rocky lodash 19d ago Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pr…
CVE-2025-12748 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago Moderate: libvirt security update
CVE-2025-11568 medium 4.4 4.4 FIX rocky rheldebian debian 19d ago RHSA-2025:23086: luksmeta security update (Moderate)
CVE-2025-11411 medium 5.5 FIX rhel slesdebian debian 19d ago Moderate: unbound security update
CVE-2024-33655 medium 5.5 FIX rhel slesdebian debian 19d ago Moderate: unbound security update
CVE-2024-12086 medium 6.8 6.8 FIX arch arch rhel sles sambaredhat 19d ago Important: rsync security update
CVE-2026-27737 medium 6.5 6.5 19d ago BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio…