VIR Vulnerability Intelligence Relay

Search

Found 24,485 results in 2504ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-14009 unknown FIX debian debian 4mo ago NLTK has a Zip Slip Vulnerability
CVE-2026-2659 high 7.8 7.8 debian debian squirrel-lang 4mo ago A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation…
CVE-2026-23230 high 8.8 8.8 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitf…
CVE-2026-23222 high 7.8 7.8 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy…
CVE-2026-2653 high 7.8 7.8 debian debian admesh_project 4mo ago A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer o…
CVE-2026-2644 high 7.8 7.8 debian debian minisat 4mo ago A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation …
CVE-2026-24734 unknown FIX slesdebian debian google 4mo ago Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verific…
CVE-2026-24733 unknown FIX slesdebian debian 4mo ago Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny…
CVE-2025-66614 unknown FIX slesdebian debian 4mo ago Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were…
CVE-2026-25087 unknown FIX debian debian 4mo ago Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-…
CVE-2026-2441 unknown 2.5 KEVEXPFIX debian debian sles 4mo ago Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-21637 high 8.0 FIX rocky rhel sles 4mo ago Important: nodejs:24 security update
CVE-2025-59466 high 8.0 FIX rocky rhel sles 4mo ago Important: nodejs:24 security update
CVE-2025-59465 high 8.0 FIX rocky rhel sles 4mo ago Important: nodejs:24 security update
CVE-2025-55132 high 8.0 FIX rocky rhel sles 4mo ago Important: nodejs:24 security update
CVE-2025-55131 high 8.0 FIX rocky rhel sles 4mo ago Important: nodejs:24 security update
CVE-2025-55130 high 8.0 FIX rocky rhel sles 4mo ago Important: nodejs:24 security update
CVE-2025-61732 high 8.0 FIX rocky rheldebian debian google 4mo ago A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
CVE-2025-61728 high 8.0 FIX rocky rheldebian debian google 4mo ago archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously construct…
CVE-2025-15059 high 8.0 FIX rheldebian debian sles 4mo ago Important: gimp security update
CVE-2025-71221 high 7.0 7.0 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free …
CVE-2025-47911 unknown FIX debian debian sles 4mo ago The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted H…
CVE-2026-26158 high 7.0 7.0 FIX debian debian sles 4mo ago A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or …
CVE-2026-26157 high 7.0 8.0 EXPFIX debian debian sles 4mo ago A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wr…
CVE-2026-25990 high 7.5 7.5 FIX slesdebian debian python 4mo ago Pillow affected by out-of-bounds write when loading PSD images
CVE-2025-15570 high 7.8 7.8 FIX debian debian ckolivas 4mo ago A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is …
CVE-2026-23901 unknown debian debian 4mo ago Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
CVE-2026-25934 unknown FIX debian debian sles 4mo ago go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not …
CVE-2026-25639 high 7.5 7.5 FIX debian debian axios 4mo ago Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
CVE-2026-23903 unknown debian debian 4mo ago Apache Shiro has an Authentication Bypass
CVE-2026-1761 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2215: libsoup security update (Important)
CVE-2026-0719 high 8.0 rocky rheldebian debian 4mo ago RHSA-2026:2215: libsoup security update (Important)
CVE-2025-39760 high 7.1 7.1 FIX rocky rhel sles 4mo ago Moderate: kernel security update
CVE-2025-68458 unknown FIX debian debian 4mo ago Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts out…
CVE-2025-68157 unknown FIX debian debian 4mo ago Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, bu…
CVE-2025-58190 unknown FIX debian debian sles 4mo ago The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML …
CVE-2026-23884 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2081: freerdp security update (Important)
CVE-2026-23883 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2081: freerdp security update (Important)
CVE-2026-23534 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2081: freerdp security update (Important)
CVE-2026-23533 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2081: freerdp security update (Important)
CVE-2026-23532 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2081: freerdp security update (Important)
CVE-2026-23531 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2081: freerdp security update (Important)
CVE-2026-23530 high 8.0 FIX rocky rheldebian debian 4mo ago RHSA-2026:2081: freerdp security update (Important)
CVE-2025-15279 high 8.0 rheldebian debian sles 4mo ago RHSA-2026:7677: fontforge security update (Important)
CVE-2025-15275 high 8.0 rheldebian debian sles 4mo ago RHSA-2026:7677: fontforge security update (Important)
CVE-2025-15269 high 8.0 rheldebian debian sles 4mo ago RHSA-2026:7677: fontforge security update (Important)
CVE-2026-23066 high 7.8 7.8 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at the front …
CVE-2026-24049 high 8.0 FIX rocky rhel sles 4mo ago RHSA-2026:2090: python3.12-wheel security update (Important)
CVE-2026-1312 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2026-1287 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2026-1285 unknown FIX slesdebian debian 4mo ago Django has Inefficient Algorithmic Complexity
CVE-2026-1207 unknown FIX slesdebian debian 4mo ago Django has an SQL Injection issue
CVE-2025-14550 unknown FIX slesdebian debian 4mo ago Django has Inefficient Algorithmic Complexity
CVE-2025-13473 unknown FIX slesdebian debian 4mo ago Django has Observable Timing Discrepancy
CVE-2026-24051 unknown FIX debian debian google 4mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The re…
CVE-2026-1703 unknown FIX slesdebian debian 4mo ago When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation dir…
CVE-2026-23038 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versi…
CVE-2026-23037 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of …
CVE-2026-23033 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dm…
CVE-2026-23032 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, t…
CVE-2026-23031 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, a…
CVE-2026-23030 unknown FIX slesdebian debian 4mo ago In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_…
CVE-2026-23025 high 7.8 7.8 FIX slesdebian debian linux-kernel 4mo ago In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: prevent pcp corruption with SMP=n The kernel test robot has reported: BUG: spinlock trylock failure on UP on CPU…
CVE-2025-69662 unknown FIX debian debian 4mo ago geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure
CVE-2024-4027 unknown debian debian 4mo ago Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
CVE-2026-24739 unknown FIX debian debian 4mo ago Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not cor…
CVE-2025-61730 unknown FIX debian debian sles 4mo ago During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages …
CVE-2025-68119 unknown FIX debian debian sles google 4mo ago Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom d…
CVE-2025-69421 high 7.5 7.5 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-69420 high 7.5 7.5 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-69419 high 7.4 7.4 FIX rhel sles rocky openssl 4mo ago RHSA-2026:3042: openssl security update (Moderate)
CVE-2025-66199 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2025-15469 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2025-15468 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2025-15467 high 8.8 8.8 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-11187 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2026-24765 unknown FIX debian debian 4mo ago PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in…
CVE-2026-24747 unknown FIX debian debian 4mo ago PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`…
CVE-2025-9086 high 7.5 7.5 FIX rocky rheldebian debian haxx 4mo ago 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the …
CVE-2025-14180 high 8.0 FIX rocky rhelalmalinux almalinux 4mo ago In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an…
CVE-2025-13836 high 7.5 7.5 FIX rocky rhel sles python 4mo ago Moderate: python3.12 security update
CVE-2026-24686 unknown FIX debian debian sles 4mo ago go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the lo…
CVE-2026-24486 unknown 1.0 EXPFIX slesdebian debian 4mo ago Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_…
CVE-2026-24400 unknown debian debian sles 4mo ago AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
CVE-2026-1418 high 7.8 7.8 debian debian gpac 4mo ago A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Su…
CVE-2026-24061 unknown 2.5 KEVEXPFIX debian debian 4mo ago GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
CVE-2025-68305 high 8.0 FIX rhel sles rocky 4mo ago Important: kernel security update
CVE-2025-68301 high 8.0 FIX rocky rhel sles 4mo ago Important: kernel security update
CVE-2025-66418 high 8.0 FIX rocky rhel sles 4mo ago Important: fence-agents security update
CVE-2025-40294 high 8.0 FIX rhel sles rocky 4mo ago Important: kernel security update
CVE-2025-40258 high 8.0 FIX rocky rhel sles 4mo ago Important: kernel security update
CVE-2025-40248 high 8.0 FIX rocky rhel sles 4mo ago Important: kernel security update
CVE-2025-38731 high 8.0 FIX rhel sles rocky 4mo ago Important: kernel security update
CVE-2025-38349 high 8.0 FIX rhel sles rocky 4mo ago Important: kernel security update
CVE-2025-38141 high 8.0 FIX rhel sles rocky 4mo ago Important: kernel security update
CVE-2018-14634 unknown 2.5 KEVEXPFIX slesdebian debian 4mo ago Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escala…
CVE-2026-0994 high 8.0 rhel sles rocky google 5mo ago Important: protobuf security update
CVE-2026-0775 unknown slesdebian debian 5mo ago npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker mu…
CVE-2026-24137 unknown FIX debian debian sles 5mo ago sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. I…
CVE-2026-23954 unknown FIX debian debian 5mo ago Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use d…