VIR Vulnerability Intelligence Relay

Search

Found 41,180 results in 6070ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-50948 medium 6.4 6.4 28d ago Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fi…
CVE-2022-50947 medium 6.4 6.4 28d ago WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the po…
CVE-2022-50946 medium 6.4 6.4 28d ago WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title …
CVE-2022-50945 medium 6.4 6.4 28d ago WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input …
CVE-2022-50943 medium 6.1 6.1 moodle 28d ago Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…
CVE-2021-47953 medium 4.3 4.3 28d ago OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick a…
CVE-2021-47951 medium 6.4 6.4 28d ago WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access C…
CVE-2021-47950 medium 6.4 6.4 28d ago Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulati…
CVE-2021-47948 medium 5.4 5.4 28d ago WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers…
CVE-2021-47947 medium 6.4 6.4 28d ago Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edi…
CVE-2021-47946 medium 5.3 5.3 28d ago OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiti…
CVE-2021-47931 medium 6.4 6.4 28d ago Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing e…
CVE-2021-47929 medium 6.4 6.4 28d ago Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…
CVE-2021-47927 medium 6.4 6.4 28d ago WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …
CVE-2021-47926 medium 6.4 6.4 28d ago Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…
CVE-2021-47925 medium 6.4 6.4 28d ago CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file uplo…
CVE-2021-47924 medium 6.4 6.4 28d ago Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit…
CVE-2021-47922 medium 6.4 6.4 28d ago Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScrip…
CVE-2021-47910 medium 6.4 6.4 28d ago AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon titl…
CVE-2021-47907 medium 6.4 6.4 28d ago Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attac…
CVE-2026-8244 medium 5.3 5.3 28d ago A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVe…
CVE-2026-8243 medium 5.3 5.3 28d ago A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to…
CVE-2026-8241 medium 5.3 5.3 28d ago A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation lea…
CVE-2026-8235 medium 5.5 5.5 29d ago A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio…
CVE-2026-8233 medium 4.6 4.6 29d ago A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of com…
CVE-2026-8231 medium 6.3 6.3 29d ago A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject…
CVE-2026-7259 medium 6.5 6.5 FIX slesdebian debianwindows windows php 29d ago PHP vulnerabilities
CVE-2026-6735 medium 6.1 6.1 FIX slesdebian debianwindows windows php 29d ago PHP vulnerabilities
CVE-2026-8217 medium 6.3 6.3 29d ago A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation …
CVE-2026-8215 medium 5.3 5.3 29d ago A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of…
CVE-2026-8214 medium 5.3 5.3 29d ago A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results…
CVE-2026-8213 medium 5.5 5.5 FIX debian debian osgeo 29d ago A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manip…
CVE-2026-8212 medium 5.5 5.5 FIX debian debian osgeo 29d ago A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-bas…
CVE-2026-8211 medium 4.7 4.7 29d ago A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JS…
CVE-2026-45184 medium 6.5 6.5 FIX debian debian 29d ago Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.
CVE-2026-45181 medium 6.5 6.5 29d ago Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim …
CVE-2026-8210 medium 5.3 5.3 29d ago A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update H…
CVE-2026-8195 medium 4.3 4.3 29d ago A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/C…
CVE-2026-8194 medium 4.3 4.3 29d ago A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argu…
CVE-2026-42576 medium 6.5 6.5 29d ago apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery
CVE-2026-42333 medium 5.5 29d ago quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations
CVE-2026-8193 medium 6.3 6.3 29d ago A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead …
CVE-2026-8198 medium 5.3 5.3 29d ago The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including…
CVE-2026-8185 medium 6.3 6.3 29d ago A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authe…
CVE-2026-32683 medium 5.3 5.3 29d ago Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to…
CVE-2026-1749 medium 6.8 6.8 29d ago There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
CVE-2026-42310 medium 5.5 5.5 FIX slesdebian debian python 1mo ago Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
CVE-2026-42308 medium 5.5 5.5 FIX slesdebian debian python 1mo ago Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer…
CVE-2025-15634 medium 4.3 4.3 hcltech 1mo ago A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized…
CVE-2025-15633 medium 6.5 6.5 hcltech 1mo ago An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables)…
CVE-2026-42295 medium 4.9 4.9 argoproj 1mo ago Argo vulnerable to exposure of artifact repository credentials
CVE-2026-42183 medium 6.5 6.5 argoproj 1mo ago Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
CVE-2026-41311 medium 6.5 6.5 liquidjs 1mo ago liquidjs has a Denial of Service via circular block reference in layout
CVE-2026-7652 medium 5.3 5.3 1mo ago The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due…
CVE-2026-6667 medium 4.3 4.3 FIX debian debianwindows windows pgbouncer 1mo ago PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)…
CVE-2026-45130 medium 5.5 5.5 FIX slesdebian debianwindows windows vim 1mo ago Vim vulnerabilities
CVE-2026-44656 medium 5.3 5.3 FIX slesdebian debianwindows windows vim 1mo ago Vim vulnerabilities
CVE-2026-44284 medium 6.3 6.3 1mo ago FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int…
CVE-2026-42456 medium 4.3 4.3 mintplexlabs 1mo ago AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLL…
CVE-2026-42451 medium 6.3 6.3 1mo ago Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java…
CVE-2026-42346 medium 6.5 6.5 1mo ago Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner…
CVE-2026-42344 medium 6.3 6.3 1mo ago FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim…
CVE-2026-42307 medium 4.4 4.4 FIX debian debianubuntu ubuntu vim 1mo ago Vim vulnerabilities
CVE-2026-42291 medium 6.8 6.8 1mo ago SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au…
CVE-2026-41520 medium 4.4 4.4 cilium 1mo ago Cillium exposes sensitive information included in the cilium-bugtool debug archive
CVE-2026-44831 medium 5.4 5.4 snipeitapp 1mo ago Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
CVE-2026-44298 medium 4.9 4.9 kimai 1mo ago Kimai has an arbitrary file read in its invoice PDF renderer (admin)
CVE-2026-42209 medium 6.5 6.5 1mo ago FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes…
CVE-2026-42199 medium 6.2 6.2 1mo ago Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
CVE-2026-42192 medium 5.4 5.4 1mo ago Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaign management feature, where the email bo…
CVE-2026-44200 medium 6.5 6.5 torchbox 1mo ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of …
CVE-2026-42282 medium 4.3 4.3 n8n-mcp 1mo ago n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode
CVE-2026-42190 medium 5.3 5.3 redwoodjs 1mo ago RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions
CVE-2026-42185 medium 5.5 5.5 1mo ago People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted in…
CVE-2026-42181 medium 6.5 6.5 1mo ago Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image
CVE-2026-42180 medium 6.3 6.3 1mo ago Lemmy has SSRF in /api/v3/post via Webmention dispatch
CVE-2026-42176 medium 6.7 6.7 1mo ago Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to…
CVE-2026-41495 medium 5.3 5.3 n8n-mcp 1mo ago n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests
CVE-2026-44557 medium 4.3 4.3 openwebui 1mo ago Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection
CVE-2026-44737 medium 5.5 1mo ago Grav: Stored XSS via page title (data[header][title]) in admin panel
CVE-2026-41511 medium 5.5 5.5 openmcdf_projectopenmcdf 1mo ago OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory …
CVE-2026-42030 medium 6.1 6.1 FIX debian debian osgeo 1mo ago MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker t…
CVE-2026-42028 medium 5.3 5.3 1mo ago novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intend…
CVE-2026-42794 medium 6.1 6.1 absinthe-graphql 1mo ago absinthe_plug Has a Cross-site Scripting vulnerability
CVE-2026-41885 medium 6.5 6.5 1mo ago i18next-locize-backend has URL Injection via Unsanitized Path Parameters
CVE-2026-41591 medium 6.4 6.4 1mo ago Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping
CVE-2026-44500 medium 5.3 5.3 zfnd 1mo ago Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers
CVE-2026-43475 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT This resolves the follow splat and lock-up when running with PREEMPT_RT …
CVE-2026-43474 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context wh…
CVE-2026-43473 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when…
CVE-2026-43472 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: unshare: fix unshare_fs() handling There's an unpleasant corner case in unshare(2), when we have a CLONE_NEWNS in flags and curre…
CVE-2026-43471 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() The kernel log indicates a crash in ufshcd_a…
CVE-2026-43470 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir If we found an alias through nfs3_do_create/nfs_add_or_obtain /d_splic…
CVE-2026-43468 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw->wq esw->work_queue executes esw_functions_changed_event_handler -> esw_vfs_c…
CVE-2026-43467 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix crash when moving to switchdev mode When moving to switchdev mode when the device doesn't support IPsec, we try to …
CVE-2026-43463 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() rxrpc_kernel_lookup_peer() can also return error poi…
CVE-2026-43457 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_r…
CVE-2026-43455 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key->lock in mctp_flow_prepare_output() mctp_flow_prepare_output() checks key->dev and may call mctp_dev_set_ke…
CVE-2026-43451 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path nfqnl_recv_verdict() calls find_dequeue_entry() to remove…
CVE-2026-43448 medium 4.7 4.7 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix race bug in nvme_poll_irqdisable() In the following scenario, pdev can be disabled between (1) and (3) by (2). This…