VIR Vulnerability Intelligence Relay

Search

Found 75,243 results in 5094ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9388 critical 9.8 9.8 14d ago A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface.…
CVE-2026-9387 critical 9.8 9.8 14d ago A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interfa…
CVE-2026-9386 critical 9.8 9.8 14d ago A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipu…
CVE-2026-9385 critical 9.8 9.8 14d ago A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Th…
CVE-2026-9384 critical 9.8 9.8 14d ago A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …
CVE-2026-9379 medium 6.3 6.3 14d ago A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argume…
CVE-2026-9378 medium 6.3 6.3 14d ago A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument…
CVE-2026-9376 medium 6.3 6.3 14d ago A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Execut…
CVE-2026-9374 medium 6.3 6.3 14d ago A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a mani…
CVE-2026-9371 medium 5.6 5.6 14d ago A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to …
CVE-2026-9369 medium 5.3 5.3 14d ago A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboar…
CVE-2026-9365 medium 5.6 5.6 debian debian 14d ago A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the arg…
CVE-2026-9363 medium 6.3 6.3 14d ago A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a ma…
CVE-2026-9362 medium 6.3 6.3 14d ago A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting …
CVE-2026-9361 medium 6.3 6.3 14d ago A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument s…
CVE-2026-9359 medium 6.3 6.3 14d ago A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulati…
CVE-2026-9358 medium 4.3 4.3 debian debian 14d ago A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead t…
CVE-2026-9352 medium 5.3 5.3 15d ago A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway H…
CVE-2026-9351 medium 6.5 6.5 15d ago A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file…
CVE-2026-9349 medium 5.3 5.3 15d ago A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideP…
CVE-2026-9354 medium 6.5 6.5 15d ago A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument …
CVE-2026-9347 medium 6.3 6.3 15d ago A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mas…
CVE-2026-9343 medium 6.3 6.3 15d ago A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argu…
CVE-2026-9342 medium 6.3 6.3 15d ago A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o…
CVE-2018-25357 critical 9.8 9.8 dolibarr 15d ago Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ca…
CVE-2018-25354 medium 4.3 4.3 15d ago Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag…
CVE-2018-25350 critical 9.8 9.8 15d ago userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…
CVE-2018-25349 medium 6.1 6.1 15d ago userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba…
CVE-2018-25343 medium 4.3 4.3 15d ago Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft H…
CVE-2026-9305 medium 6.3 6.3 15d ago A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Th…
CVE-2026-9304 medium 5.0 5.0 15d ago A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The ma…
CVE-2026-9303 medium 4.3 4.3 15d ago A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Th…
CVE-2026-9302 medium 6.3 6.3 15d ago A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of …
CVE-2026-9301 medium 6.3 6.3 15d ago A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. Th…
CVE-2026-9300 medium 6.3 6.3 15d ago A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be e…
CVE-2026-9298 medium 6.3 6.3 15d ago A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory…
CVE-2026-9297 medium 6.3 6.3 15d ago A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of th…
CVE-2026-9299 medium 6.3 6.3 15d ago A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memo…
CVE-2026-9296 medium 6.3 6.3 15d ago A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument…
CVE-2026-47124 medium 5.5 16d ago Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
CVE-2026-46716 critical 9.5 16d ago Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
CVE-2026-47157 medium 5.5 16d ago aiograpi: Unsafe signup challenge path handling
CVE-2026-47120 medium 5.5 16d ago Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
CVE-2026-42827 medium 6.5 6.5 windows windows microsoft 16d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-41149 medium 5.5 debian debian 16d ago Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
CVE-2026-41104 critical 10.0 10.0 windows windows microsoft 16d ago Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.
CVE-2026-40412 critical 10.0 10.0 windows windows microsoft 16d ago Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
CVE-2026-40411 critical 9.9 9.9 windows windows microsoft 16d ago Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
CVE-2026-41073 medium 4.6 4.6 FIX debian debian 16d ago RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled …
CVE-2026-42901 critical 10.0 10.0 windows windows microsoft 16d ago Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41148 medium 5.5 debian debian 16d ago Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
CVE-2026-33843 critical 9.1 9.1 windows windows microsoft 16d ago Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41090 critical 9.3 9.3 windows windows microsoft 16d ago Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47280 critical 10.0 10.0 windows windows microsoft 16d ago Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-23652 critical 10.0 10.0 windows windows microsoft 16d ago Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
CVE-2026-41069 medium 6.5 6.5 debian debian sles struktur 16d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS.…
CVE-2026-40864 medium 4.3 4.3 debian debian jupyter 16d ago JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with…
CVE-2025-68817 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Low Latency NVIDIA) vulnerabilities
CVE-2025-68340 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2025-68211 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2025-40164 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Low Latency NVIDIA) vulnerabilities
CVE-2025-38408 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2025-38232 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2025-38125 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2025-38057 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2023-54207 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2023-53520 unknown FIX slesdebian debianubuntu ubuntu 16d ago Linux kernel (Azure) vulnerabilities
CVE-2023-32629 unknown 1.5 EXPFIX slesdebian debianubuntu ubuntu 16d ago Linux kernel vulnerabilities
CVE-2023-2640 unknown 1.5 EXPFIX debian debianubuntu ubuntu 16d ago Linux kernel vulnerabilities
CVE-2026-40610 medium 5.5 5.5 bentoml 16d ago BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symli…
CVE-2026-39969 medium 6.5 6.5 16d ago TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub…
CVE-2026-39966 medium 6.5 6.5 16d ago TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block…
CVE-2026-42627 medium 6.2 6.2 debian debian 16d ago In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based …
CVE-2026-39964 medium 5.4 5.4 16d ago Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers
CVE-2026-46715 medium 5.5 16d ago Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
CVE-2026-42626 medium 5.9 5.9 16d ago HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can…
CVE-2026-36227 medium 6.5 6.5 16d ago Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter
CVE-2026-36226 medium 6.1 6.1 16d ago Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User compone…
CVE-2026-33712 critical 10.0 10.0 16d ago Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Re…
CVE-2026-32253 critical 9.8 9.8 lizardbyte 16d ago Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are h…
CVE-2026-28735 medium 5.4 5.4 mattermost 16d ago Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to g…
CVE-2026-28444 medium 6.5 6.5 16d ago Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verify…
CVE-2026-9251 medium 5.4 5.4 devolutions 16d ago Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain ac…
CVE-2026-9246 medium 4.3 4.3 devolutions 16d ago Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of s…
CVE-2026-9245 medium 5.0 5.0 devolutions 16d ago Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a craft…
CVE-2026-9224 medium 4.3 4.3 devolutions 16d ago Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This is…
CVE-2026-9223 medium 4.3 4.3 devolutions 16d ago Missing authorization in the vault import feature in Devolutions Server  2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request.
CVE-2026-5171 medium 4.3 4.3 devolutions 16d ago Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activ…
CVE-2026-42506 medium 6.1 6.1 FIX windows windows slesdebian debian golang 16d ago Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
CVE-2026-42502 medium 6.1 6.1 FIX windows windows slesdebian debian golang 16d ago Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
CVE-2026-27136 medium 6.1 6.1 FIX windows windows slesdebian debian golang 16d ago Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
CVE-2026-25681 medium 6.1 6.1 FIX windows windows slesdebian debian golang 16d ago Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
CVE-2026-25680 medium 6.5 6.5 FIX windows windows slesdebian debian golang 16d ago Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
CVE-2026-46670 critical 9.5 16d ago YesWiki: Unauthenticated SQL Injection
CVE-2026-8353 medium 4.8 4.8 concretecms 16d ago Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user …
CVE-2026-8347 medium 4.3 4.3 concretecms 16d ago Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog.  This can cause Cross-entity state tampering with view-only permission on one…
CVE-2026-8340 medium 4.3 4.3 concretecms 16d ago Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_contents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version…
CVE-2025-46371 medium 5.5 5.5 dell 16d ago Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially explo…
CVE-2025-32751 medium 5.5 5.5 dell 16d ago Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi…
CVE-2021-21508 medium 6.7 6.7 16d ago Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user c…