VIR Vulnerability Intelligence Relay

Search

Found 29,624 results in 7755ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-38129 medium 5.5 FIX rhel slesdebian debian 3mo ago Moderate: kernel security update
CVE-2026-21620 unknown FIX debian debian sles 4mo ago Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file module…
CVE-2025-68461 unknown 1.5 KEVFIX debian debian 4mo ago RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.
CVE-2026-24122 unknown FIX debian debian sles 4mo ago Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be conside…
CVE-2026-2704 medium 4.3 4.3 debian debian openbabel 4mo ago A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the compone…
CVE-2026-26318 unknown FIX debian debian 4mo ago systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixe…
CVE-2026-26280 unknown FIX debian debian 4mo ago systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arb…
CVE-2026-24708 unknown FIX debian debian 4mo ago An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user ma…
CVE-2025-14009 unknown FIX debian debian 4mo ago NLTK has a Zip Slip Vulnerability
CVE-2026-23229 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin …
CVE-2026-23228 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), th…
CVE-2026-23220 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2…
CVE-2026-24734 unknown FIX slesdebian debian google 4mo ago Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verific…
CVE-2026-24733 unknown FIX slesdebian debian 4mo ago Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny…
CVE-2025-66614 unknown FIX slesdebian debian 4mo ago Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were…
CVE-2026-25087 unknown FIX debian debian 4mo ago Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-…
CVE-2026-2441 unknown 2.5 KEVEXPFIX debian debian sles 4mo ago Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-0915 medium 5.5 FIX rocky rheldebian debian google 4mo ago RHSA-2026:4772: glibc security update (Moderate)
CVE-2026-0861 medium 5.5 FIX rheldebian debian sles google 4mo ago Moderate: glibc security update
CVE-2025-15281 medium 5.5 FIX rocky rheldebian debian google 4mo ago RHSA-2026:4772: glibc security update (Moderate)
CVE-2026-22998 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-68811 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2025-68349 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-40322 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-40304 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-40064 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2023-53034 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2026-23157 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 4mo ago In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 …
CVE-2026-23151 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are …
CVE-2026-23141 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item w…
CVE-2026-23112 critical 9.8 9.8 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU leng…
CVE-2025-47911 unknown FIX debian debian sles 4mo ago The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted H…
CVE-2025-15571 medium 5.5 5.5 FIX debian debian ckolivas 4mo ago A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference…
CVE-2026-23901 unknown debian debian 4mo ago Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
CVE-2026-25934 unknown FIX debian debian sles 4mo ago go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not …
CVE-2026-23903 unknown debian debian 4mo ago Apache Shiro has an Authentication Bypass
CVE-2025-40318 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2025-40271 medium 6.5 EXPFIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-40269 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-40170 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-40158 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-40141 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2025-40135 medium 5.5 FIX rocky rhel sles google 4mo ago Moderate: kernel security update
CVE-2025-38730 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2025-38459 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-38415 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-38403 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-38024 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-38022 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-37819 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2025-37789 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2025-15564 medium 5.5 5.5 FIX debian debian mapnik 4mo ago A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. T…
CVE-2026-1998 medium 5.5 5.5 debian debian micropython 4mo ago A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be l…
CVE-2026-1991 medium 5.5 5.5 debian debian libuvc 4mo ago A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null poin…
CVE-2026-1979 medium 5.5 5.5 debian debian mruby 4mo ago A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fr…
CVE-2025-68458 unknown FIX debian debian 4mo ago Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out…
CVE-2025-68157 unknown FIX debian debian 4mo ago Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu…
CVE-2025-58190 unknown FIX debian debian sles 4mo ago The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML …
CVE-2026-23110 medium 4.7 4.7 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking command…
CVE-2025-14104 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: util-linux security update
CVE-2026-1312 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2026-1287 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2026-1285 unknown FIX slesdebian debian 4mo ago Django has Inefficient Algorithmic Complexity
CVE-2026-1207 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2025-14550 unknown FIX slesdebian debian 4mo ago Django has Inefficient Algorithmic Complexity
CVE-2025-13473 unknown FIX slesdebian debian 4mo ago Django has Observable Timing Discrepancy
CVE-2026-24051 unknown FIX debian debian google 4mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The re…
CVE-2026-1703 unknown FIX slesdebian debian 4mo ago When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation dir…
CVE-2025-40251 medium 5.5 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2025-40154 medium 5.5 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-38568 medium 5.5 FIX rhel sles rocky 4mo ago Moderate: kernel security update
CVE-2024-26766 medium 5.5 FIX rocky slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `…
CVE-2026-23038 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versi…
CVE-2026-23037 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of …
CVE-2026-23033 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dm…
CVE-2026-23032 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, t…
CVE-2026-23031 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, a…
CVE-2026-23030 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_…
CVE-2026-23026 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original …
CVE-2025-71191 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform dev…
CVE-2025-71190 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during…
CVE-2025-71189 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF no…
CVE-2025-71188 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux …
CVE-2025-71186 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux p…
CVE-2025-71185 medium 5.5 5.5 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the…
CVE-2025-69662 unknown FIX debian debian 4mo ago geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure
CVE-2024-4027 unknown debian debian 4mo ago Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
CVE-2026-25210 medium 6.9 6.9 FIX debian debian sles libexpat_project 4mo ago In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
CVE-2025-54349 medium 5.5 FIX rocky rheldebian debian 4mo ago RHSA-2026:1592: iperf3 security update (Moderate)
CVE-2026-24739 unknown FIX debian debian 4mo ago Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not cor…
CVE-2025-61730 unknown FIX debian debian sles 4mo ago During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages …
CVE-2025-68119 unknown FIX debian debian sles google 4mo ago Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom d…
CVE-2026-22796 medium 5.3 5.3 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2026-22795 medium 5.5 5.5 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-69418 medium 4.0 4.0 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-68160 medium 4.7 4.7 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2026-24765 unknown FIX debian debian 4mo ago PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in…
CVE-2026-24747 unknown FIX debian debian 4mo ago PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`…
CVE-2026-1489 medium 5.4 5.4 FIX debian debian sles 4mo ago A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode st…
CVE-2026-1484 medium 4.2 4.2 FIX debian debian sles 4mo ago A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer bounda…