VIR Vulnerability Intelligence Relay

Search

Found 41,685 results in 2180ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45578 high 8.8 8.8 wwbn 22d ago WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsyn…
CVE-2026-46474 high 7.5 7.5 22d ago Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
CVE-2026-46491 high 8.0 22d ago SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
CVE-2026-44692 high 8.0 22d ago Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
CVE-2026-45364 high 7.3 7.3 22d ago Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it rece…
CVE-2026-8695 critical 9.8 9.8 FIX debian debian radare 22d ago radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b…
CVE-2026-45539 high 7.4 7.4 22d ago Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
CVE-2026-45038 high 7.8 7.8 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code …
CVE-2026-45037 high 7.1 7.1 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without …
CVE-2026-45036 high 7.0 7.0 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us…
CVE-2026-45035 high 8.8 8.8 tabby 22d ago Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp…
CVE-2026-44774 critical 9.9 9.9 traefik 22d ago Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false
CVE-2026-44717 critical 9.8 9.8 22d ago MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz…
CVE-2026-44714 high 7.5 7.5 22d ago bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass
CVE-2026-44641 high 7.1 7.1 22d ago Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install
CVE-2026-41258 critical 9.1 9.1 22d ago OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
CVE-2026-45062 high 8.0 22d ago FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
CVE-2026-44716 high 8.0 22d ago Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
CVE-2026-41147 high 8.7 8.7 22d ago NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class
CVE-2026-46508 high 7.8 7.8 vercel 22d ago Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr…
CVE-2026-45772 critical 9.8 9.8 vercel 22d ago Turbo: Unexpected local code execution during Yarn Berry detection
CVE-2026-35194 high 8.1 8.1 apache 22d ago Apache Flink: Remote code execution via SQL injection in code generation
CVE-2026-46483 high 7.0 7.0 FIX slesdebian debianwindows windows vim 22d ago Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik…
CVE-2026-45736 high 7.5 7.5 FIX debian debianwindows windows ws_project 22d ago ws: Uninitialized memory disclosure
CVE-2026-39054 high 7.3 7.3 22d ago Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
CVE-2026-38728 high 7.5 7.5 22d ago An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
CVE-2026-34253 high 8.2 8.2 slesdebian debian 22d ago A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu…
CVE-2026-41553 critical 10.0 10.0 dhtmlx 22d ago PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicio…
CVE-2026-41552 high 7.5 7.5 dhtmlx 22d ago PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could incl…
CVE-2026-41964 high 8.4 8.4 22d ago Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-6403 high 7.5 7.5 22d ago The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which …
CVE-2026-6228 high 8.8 8.8 22d ago The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field…
CVE-2026-5229 critical 9.8 9.8 22d ago The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which W…
CVE-2026-8398 critical 9.8 10.0 KEV disc-soft 22d ago Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
CVE-2026-4094 high 8.1 8.1 22d ago The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up…
CVE-2026-41702 high 7.0 7.0 vmware 22d ago VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges…
CVE-2026-43490 high 8.8 8.8 FIX slesdebian debianwindows windows 22d ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x…
CVE-2026-28761 high 8.1 8.1 22d ago Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr…
CVE-2024-36333 high 7.8 7.8 amd 22d ago A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2026-2652 high 8.6 8.6 lfprojects 22d ago MLflow: unauthenticated access to certain FastAPI routes
CVE-2026-44671 high 7.5 7.5 zitadel 23d ago ZITADEL has LDAP Filter Injection in Login Flow
CVE-2026-44700 high 8.0 23d ago ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
CVE-2026-44673 high 7.5 7.5 debian debian sleswindows windows 23d ago libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciou…
CVE-2026-42327 high 8.0 FIX debian debian 23d ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as Open…
CVE-2026-45370 high 7.7 7.7 23d ago python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
CVE-2026-45369 high 8.3 8.3 23d ago utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
CVE-2026-46509 high 8.2 8.2 23d ago deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b…
CVE-2026-45288 critical 9.8 9.8 23d ago Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generate…
CVE-2026-45787 critical 9.1 9.1 electerm_project 23d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid…
CVE-2026-45353 high 7.8 7.8 electerm_project 23d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
CVE-2026-45374 critical 9.6 9.6 23d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:14…
CVE-2026-45373 high 7.4 7.4 23d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as htt…
CVE-2026-45311 critical 9.6 9.6 23d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user…
CVE-2026-45310 high 7.4 7.4 23d ago CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to …
CVE-2026-45672 high 8.8 8.8 openwebui 23d ago Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
CVE-2026-45671 high 8.0 8.0 openwebui 23d ago Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
CVE-2026-45398 high 7.5 7.5 openwebui 23d ago Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
CVE-2026-45350 high 7.1 7.1 openwebui 23d ago Open WebUI's chat completion API allows tool restrictions to be bypassed
CVE-2026-45348 high 8.7 8.7 23d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates …
CVE-2026-42570 high 8.0 23d ago Svelte devalue: DoS via sparse array deserialization
CVE-2026-45338 high 7.7 7.7 openwebui 23d ago Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)
CVE-2026-45331 high 8.5 8.5 openwebui 23d ago Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
CVE-2026-8634 critical 9.1 9.1 23d ago Crabbox: environment variable exposure vulnerability
CVE-2026-8629 high 8.1 8.1 23d ago Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t…
CVE-2026-8597 high 7.2 7.2 aws 23d ago Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler
CVE-2026-8587 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 23d ago Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E…
CVE-2026-8585 high 7.5 7.5 FIX debian debianmacos macoswindows windows google 23d ago Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …
CVE-2026-8581 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8580 critical 9.6 9.6 FIX debian debianwindows windows google 23d ago Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8577 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8575 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-8574 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8573 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…
CVE-2026-8571 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8569 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 23d ago Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: …
CVE-2026-8558 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8557 high 7.5 7.5 FIX debian debianwindows windows google 23d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (C…
CVE-2026-8555 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8551 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page…
CVE-2026-8549 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8548 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-8547 high 7.5 7.5 FIX debian debianwindows windows google 23d ago Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…
CVE-2026-8544 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 23d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8542 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8540 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8534 high 8.3 8.3 FIX debian debian linux-kernelwindows windows google 23d ago Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
CVE-2026-8533 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2026-8532 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8531 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity…
CVE-2026-8530 high 8.3 8.3 FIX debian debianwindows windows google 23d ago Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-8529 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 23d ago Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig…
CVE-2026-8527 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 23d ago Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi…
CVE-2026-8526 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 23d ago Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8525 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 23d ago Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H…
CVE-2026-8524 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 23d ago Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig…
CVE-2026-8523 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 23d ago Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-8522 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 23d ago Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8521 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 23d ago Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CVE-2026-8520 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 23d ago Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8519 high 8.8 8.8 FIX debian debianwindows windows google 23d ago Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …