VIR Vulnerability Intelligence Relay

Search

Found 41,691 results in 2722ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46408 high 7.6 7.6 23d ago Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter …
CVE-2026-46407 high 8.1 8.1 23d ago Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator t…
CVE-2026-46366 high 7.5 7.5 23d ago phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted …
CVE-2026-46364 critical 9.8 9.8 23d ago phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent h…
CVE-2026-46359 high 7.5 7.5 23d ago phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attac…
CVE-2026-45010 critical 9.1 9.1 23d ago phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session bind…
CVE-2026-44826 high 7.5 7.5 23d ago Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-ad…
CVE-2021-47966 high 8.2 8.2 23d ago PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database conte…
CVE-2021-47965 critical 9.8 9.8 23d ago WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation.…
CVE-2021-47964 high 8.8 8.8 23d ago Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager…
CVE-2021-47963 high 7.2 7.2 23d ago Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A…
CVE-2021-47959 high 7.5 7.5 23d ago WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields…
CVE-2026-45578 high 8.8 8.8 wwbn 23d ago WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsyn…
CVE-2026-46474 high 7.5 7.5 23d ago Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
CVE-2026-46491 high 8.0 23d ago SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
CVE-2026-44692 high 8.0 23d ago Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
CVE-2026-45364 high 7.3 7.3 23d ago Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it rece…
CVE-2026-8695 critical 9.8 9.8 FIX debian debian radare 23d ago radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b…
CVE-2026-45539 high 7.4 7.4 23d ago Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
CVE-2026-45038 high 7.8 7.8 tabby 23d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code …
CVE-2026-45037 high 7.1 7.1 tabby 23d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without …
CVE-2026-45036 high 7.0 7.0 tabby 23d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us…
CVE-2026-45035 high 8.8 8.8 tabby 23d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp…
CVE-2026-44774 critical 9.9 9.9 traefik 23d ago Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false
CVE-2026-44717 critical 9.8 9.8 23d ago MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz…
CVE-2026-44714 high 7.5 7.5 23d ago bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass
CVE-2026-44641 high 7.1 7.1 23d ago Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install
CVE-2026-41258 critical 9.1 9.1 23d ago OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
CVE-2026-45062 high 8.0 23d ago FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
CVE-2026-44716 high 8.0 23d ago Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
CVE-2026-41147 high 8.7 8.7 23d ago NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class
CVE-2026-46508 high 7.8 7.8 vercel 23d ago Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr…
CVE-2026-45772 critical 9.8 9.8 vercel 23d ago Turbo: Unexpected local code execution during Yarn Berry detection
CVE-2026-35194 high 8.1 8.1 apache 23d ago Apache Flink: Remote code execution via SQL injection in code generation
CVE-2026-46483 high 7.0 7.0 FIX slesdebian debianwindows windows vim 23d ago Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik…
CVE-2026-45736 high 7.5 7.5 FIX debian debianwindows windows ws_project 23d ago ws: Uninitialized memory disclosure
CVE-2026-39054 high 7.3 7.3 23d ago Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
CVE-2026-38728 high 7.5 7.5 23d ago An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
CVE-2026-34253 high 8.2 8.2 slesdebian debian 23d ago A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu…
CVE-2026-41553 critical 10.0 10.0 dhtmlx 23d ago PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicio…
CVE-2026-41552 high 7.5 7.5 dhtmlx 23d ago PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could incl…
CVE-2026-41964 high 8.4 8.4 23d ago Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-6403 high 7.5 7.5 23d ago The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which …
CVE-2026-6228 high 8.8 8.8 23d ago The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field…
CVE-2026-5229 critical 9.8 9.8 23d ago The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which W…
CVE-2026-8398 critical 9.8 10.0 KEV disc-soft 23d ago Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
CVE-2026-4094 high 8.1 8.1 23d ago The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up…
CVE-2026-41702 high 7.0 7.0 vmware 23d ago VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges…
CVE-2026-43490 high 8.8 8.8 FIX slesdebian debianwindows windows 23d ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x…
CVE-2026-28761 high 8.1 8.1 23d ago Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr…
CVE-2024-36333 high 7.8 7.8 amd 23d ago A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2026-2652 high 8.6 8.6 lfprojects 24d ago MLflow: unauthenticated access to certain FastAPI routes
CVE-2026-44671 high 7.5 7.5 zitadel 24d ago ZITADEL has LDAP Filter Injection in Login Flow
CVE-2026-44700 high 8.0 24d ago ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
CVE-2026-44673 high 7.5 7.5 debian debian sleswindows windows 24d ago libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciou…
CVE-2026-42327 high 8.0 FIX debian debian 24d ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as Open…
CVE-2026-45370 high 7.7 7.7 24d ago python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
CVE-2026-45369 high 8.3 8.3 24d ago utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
CVE-2026-46509 high 8.2 8.2 24d ago deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b…
CVE-2026-45288 critical 9.8 9.8 24d ago Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generate…
CVE-2026-45787 critical 9.1 9.1 electerm_project 24d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid…
CVE-2026-45353 high 7.8 7.8 electerm_project 24d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
CVE-2026-45374 critical 9.6 9.6 24d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:14…
CVE-2026-45373 high 7.4 7.4 24d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as htt…
CVE-2026-45311 critical 9.6 9.6 24d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user…
CVE-2026-45310 high 7.4 7.4 24d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to …
CVE-2026-45672 high 8.8 8.8 openwebui 24d ago Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
CVE-2026-45671 high 8.0 8.0 openwebui 24d ago Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
CVE-2026-45398 high 7.5 7.5 openwebui 24d ago Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
CVE-2026-45350 high 7.1 7.1 openwebui 24d ago Open WebUI's chat completion API allows tool restrictions to be bypassed
CVE-2026-45348 high 8.7 8.7 24d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates …
CVE-2026-42570 high 8.0 24d ago Svelte devalue: DoS via sparse array deserialization
CVE-2026-45338 high 7.7 7.7 openwebui 24d ago Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)
CVE-2026-45331 high 8.5 8.5 openwebui 24d ago Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
CVE-2026-8634 critical 9.1 9.1 24d ago Crabbox: environment variable exposure vulnerability
CVE-2026-8629 high 8.1 8.1 24d ago Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t…
CVE-2026-8597 high 7.2 7.2 aws 24d ago Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler
CVE-2026-8587 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 24d ago Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E…
CVE-2026-8585 high 7.5 7.5 FIX debian debianmacos macoswindows windows google 24d ago Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …
CVE-2026-8581 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8580 critical 9.6 9.6 FIX debian debianwindows windows google 24d ago Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8577 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8575 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-8574 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8573 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…
CVE-2026-8571 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8569 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 24d ago Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: …
CVE-2026-8558 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8557 high 7.5 7.5 FIX debian debianwindows windows google 24d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (C…
CVE-2026-8555 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8551 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page…
CVE-2026-8549 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8548 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-8547 high 7.5 7.5 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…
CVE-2026-8544 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8542 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8540 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8534 high 8.3 8.3 FIX debian debian linux-kernelwindows windows google 24d ago Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
CVE-2026-8533 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2026-8532 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)