VIR Vulnerability Intelligence Relay

Search

Found 29,623 results in 2210ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-28687 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decod…
CVE-2026-28686 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode …
CVE-2026-28494 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology ker…
CVE-2026-28493 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerabil…
CVE-2026-26284 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huf…
CVE-2026-25986 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVIm…
CVE-2026-25982 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/…
CVE-2026-25971 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs…
CVE-2026-25970 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL…
CVE-2026-25968 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribut…
CVE-2026-4016 medium 5.3 5.3 debian debian 3mo ago A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipula…
CVE-2026-4015 medium 5.3 5.3 debian debian 3mo ago A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lea…
CVE-2026-3994 medium 5.3 5.3 debian debian 3mo ago A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File…
CVE-2026-3979 medium 5.3 5.3 FIX debian debian 3mo ago A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local…
CVE-2026-3784 medium 6.5 6.5 FIX debian debian sles haxx 3mo ago curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a …
CVE-2026-3884 medium 6.1 6.1 debian debian spin.js 3mo ago Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker wo…
CVE-2026-31853 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when…
CVE-2026-30883 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overfl…
CVE-2026-28692 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesi…
CVE-2026-28689 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/…
CVE-2026-23907 unknown debian debian sles 3mo ago Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function
CVE-2026-30930 critical 9.8 9.8 FIX debian debian nicolargo 3mo ago Glances has SQL Injection via Process Names in TimescaleDB Export
CVE-2026-23240 critical 9.8 9.8 FIX slesdebian debian linux-kernel 3mo ago In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync…
CVE-2026-1299 medium 5.5 FIX rocky rhel sles 3mo ago The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is seriali…
CVE-2025-9820 medium 4.0 4.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5585: gnutls security update (Moderate)
CVE-2025-15367 medium 5.5 FIX rocky rheldebian debian 3mo ago The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15366 medium 5.5 FIX rocky rheldebian debian 3mo ago The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-14831 medium 5.3 5.3 FIX rocky rheldebian debian 3mo ago RHSA-2026:5585: gnutls security update (Moderate)
CVE-2026-23001 medium 5.5 FIX rocky rhel sles 3mo ago Moderate: kernel security update
CVE-2025-68800 medium 5.5 FIX rhel sles rocky 3mo ago Moderate: kernel security update
CVE-2025-38106 medium 5.5 FIX rhel slesdebian debian 3mo ago Moderate: kernel security update
CVE-2026-3713 medium 5.3 5.3 debian debian sles 3mo ago A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of …
CVE-2026-24308 unknown FIX debian debian 3mo ago Apache ZooKeeper has improper handling of configuration values
CVE-2026-24281 unknown FIX debian debian 3mo ago Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
CVE-2026-27142 unknown FIX debian debian sles google 3mo ago Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG set…
CVE-2026-27139 unknown FIX debian debian sles google 3mo ago On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impac…
CVE-2026-27138 unknown FIX debian debian sles 3mo ago Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either di…
CVE-2025-69653 medium 6.5 6.5 debian debian quickjs_project 3mo ago A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in q…
CVE-2026-3606 medium 5.5 5.5 FIX debian debian ettercap-project 3mo ago A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component ette…
CVE-2026-1605 unknown FIX debian debian 3mo ago The Eclipse Jetty Server Artifact has a Gzip request memory leak
CVE-2026-27982 unknown FIX debian debian 3mo ago django-allauth has an open redirect vulnerability
CVE-2026-27820 critical 9.8 9.8 slesdebian debian ruby-lang 3mo ago Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
CVE-2025-12801 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:3938: nfs-utils security update (Moderate)
CVE-2021-30952 medium 7.0 KEVFIX sles rockydebian debian 3mo ago Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code executio…
CVE-2026-29062 unknown FIX debian debian 3mo ago jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion
CVE-2026-28802 unknown FIX debian debian 3mo ago Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an emp…
CVE-2026-3351 unknown FIX debian debian 3mo ago Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd se…
CVE-2026-23238 medium 5.5 5.5 FIX slesdebian debian linux-kernel 3mo ago In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if…
CVE-2025-66168 unknown debian debian 3mo ago Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound
CVE-2026-27601 medium 5.9 5.9 FIX slesdebian debian underscorejs 3mo ago Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
CVE-2026-0540 unknown FIX debian debian 3mo ago DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five …
CVE-2025-15599 unknown FIX debian debian 3mo ago DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext elemen…
CVE-2026-25674 unknown FIX slesdebian debian 3mo ago An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file s…
CVE-2026-25673 unknown FIX slesdebian debian 3mo ago An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows t…
CVE-2026-1642 medium 5.5 FIX rocky rhel sles 3mo ago Moderate: nginx security update
CVE-2026-27932 unknown FIX debian debian 3mo ago joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows…
CVE-2026-3408 medium 6.5 6.5 debian debian openbabel 3mo ago A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads t…
CVE-2026-23097 medium 5.5 FIX rocky rhel sles 3mo ago Moderate: kernel security update
CVE-2025-71085 medium 5.5 FIX rocky rhel sles 3mo ago Moderate: kernel security update
CVE-2025-40168 medium 5.5 FIX rocky rhel sles 3mo ago Moderate: kernel security update
CVE-2026-3389 medium 5.5 5.5 debian debian squirrel-lang 3mo ago A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer…
CVE-2026-3388 medium 5.5 5.5 debian debian squirrel-lang 3mo ago A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolle…
CVE-2026-21619 unknown FIX debian debian 3mo ago Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Obje…
CVE-2026-3284 medium 5.5 5.5 FIX debian debian libvips 3mo ago A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in intege…
CVE-2026-27141 unknown FIX debian debian sles 3mo ago Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
CVE-2026-27799 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image…
CVE-2026-27798 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing a…
CVE-2026-27830 unknown debian debian sles 3mo ago c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
CVE-2026-2786 critical 9.8 9.8 FIX rocky rheldebian debian mozilla 3mo ago Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-27571 unknown FIX debian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated comp…
CVE-2026-26983 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` …
CVE-2026-26283 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop i…
CVE-2026-26066 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infin…
CVE-2026-25989 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-on…
CVE-2026-25988 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image i…
CVE-2026-25987 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image …
CVE-2026-25985 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes Imag…
CVE-2026-25983 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The opera…
CVE-2026-25969 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a…
CVE-2026-25967 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A …
CVE-2026-25966 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard s…
CVE-2026-25965 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw file…
CVE-2026-25898 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index …
CVE-2026-25897 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. O…
CVE-2026-25799 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an inva…
CVE-2026-25798 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows…
CVE-2026-25797 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails…
CVE-2026-25796 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` …
CVE-2026-25795 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file crea…
CVE-2026-25794 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to ver…
CVE-2026-25638 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` f…
CVE-2026-25637 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust proces…
CVE-2026-25576 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw i…
CVE-2026-24485 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the Deco…
CVE-2026-24484 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions t…
CVE-2026-24481 unknown FIX debian debian sles 3mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMag…
CVE-2026-3054 medium 6.1 6.1 FIX debian debian alinto 3mo ago A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotel…
CVE-2025-14905 medium 5.5 FIX debian debian rocky rhel 3mo ago RHSA-2026:5513: 389-ds:1.4 security update (Moderate)
CVE-2026-26198 unknown FIX debian debian 3mo ago Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into `sq…
CVE-2025-38206 medium 5.5 FIX rhel slesdebian debian 3mo ago Moderate: kernel security update