VIR Vulnerability Intelligence Relay

Search

Found 66,550 results in 2454ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46342 low 2.5 18d ago Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
CVE-2026-46338 medium 5.5 18d ago Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
CVE-2026-45802 medium 5.5 18d ago FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
CVE-2026-45796 medium 5.5 18d ago Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint
CVE-2026-46357 medium 6.5 6.5 18d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site crea…
CVE-2026-45785 medium 5.5 18d ago OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle
CVE-2026-45784 medium 5.5 18d ago rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
CVE-2026-8096 medium 6.5 6.5 18d ago The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not p…
CVE-2026-41470 medium 5.9 5.9 sles 18d ago LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attack…
CVE-2026-34154 medium 5.3 5.3 discourse 18d ago Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain a…
CVE-2026-33741 medium 6.8 6.8 18d ago EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later…
CVE-2026-32738 medium 6.5 6.5 debian debian sles struktur 18d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und…
CVE-2026-32134 medium 5.9 5.9 18d ago NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br…
CVE-2026-48019 unknown debian debian 18d ago Laravel CRLF injection in default email rule
CVE-2026-5511 low 2.7 2.7 tp-link 18d ago In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.  …
CVE-2026-36827 medium 5.4 5.4 18d ago A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters …
CVE-2026-46341 medium 5.5 18d ago Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching
CVE-2026-46337 medium 5.3 5.3 wwbn 18d ago AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`
CVE-2026-8706 medium 6.5 6.5 sles mozilla 18d ago Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-…
CVE-2026-45739 medium 4.3 4.3 strawberry 18d ago Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser U…
CVE-2026-45737 medium 5.5 18d ago Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
CVE-2026-45712 medium 5.5 18d ago Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)
CVE-2026-45711 medium 5.5 18d ago Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs
CVE-2026-45709 medium 5.5 18d ago Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer
CVE-2026-45692 medium 5.5 18d ago Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization
CVE-2026-45670 medium 5.5 18d ago Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
CVE-2026-45669 medium 5.5 18d ago Nuxt: Reflected XSS in `navigateTo()` external redirect
CVE-2026-45581 medium 5.5 18d ago fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
CVE-2026-45557 medium 5.8 5.8 19d ago Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network tr…
CVE-2026-34883 medium 5.3 5.3 19d ago An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate priv…
CVE-2026-46496 medium 5.5 19d ago HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p…
CVE-2026-45409 medium 5.5 slesdebian debian 19d ago Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prio…
CVE-2026-8971 medium 6.5 6.5 FIX debian debian sles mozilla 19d ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8951 medium 6.5 6.5 FIX debian debian sles mozilla 19d ago Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-23557 medium 6.5 6.5 slesdebian debian 19d ago Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap…
CVE-2025-40904 medium 5.4 5.4 nozominetworks 19d ago A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malici…
CVE-2025-40903 medium 4.8 4.8 nozominetworks 19d ago A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileg…
CVE-2025-40902 medium 4.8 4.8 nozominetworks 19d ago A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a mal…
CVE-2025-40901 medium 4.8 4.8 nozominetworks 19d ago A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges ca…
CVE-2025-40900 medium 4.6 4.6 nozominetworks 19d ago An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal…
CVE-2025-14575 unknown sleswindows windows 19d ago An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste…
CVE-2026-7860 unknown 19d ago Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability
CVE-2026-4630 medium 6.8 6.8 redhat 19d ago A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtai…
CVE-2026-45442 medium 4.3 4.3 19d ago Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.…
CVE-2026-43492 unknown FIX slesdebian debianwindows windows 19d ago In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() …
CVE-2026-43491 unknown FIX slesdebian debianwindows windows 19d ago In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added …
CVE-2026-37982 medium 6.8 6.8 redhat 19d ago Keycloak: Unauthorized account takeover via WebAuthn token replay
CVE-2026-37981 medium 4.3 4.3 redhat 19d ago A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) r…
CVE-2026-37979 medium 6.5 6.5 redhat 19d ago Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass
CVE-2026-37978 medium 4.9 4.9 redhat 19d ago Keycloak: Information Disclosure via evaluate-scopes Admin API
CVE-2026-8726 unknown 19d ago SQL Injection in extension "News system" (news)
CVE-2026-45187 medium 6.5 6.5 apache 19d ago Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-35086 medium 6.5 6.5 apache 19d ago Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to vers…
CVE-2026-31906 medium 6.1 6.1 apache 19d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrad…
CVE-2026-31388 medium 5.3 5.3 apache 19d ago Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixe…
CVE-2026-31387 medium 5.3 5.3 apache 19d ago Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31380 medium 6.5 6.5 apache 19d ago Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06…
CVE-2026-31379 medium 6.1 6.1 apache 19d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of…
CVE-2026-31378 medium 6.5 6.5 apache 19d ago Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-29220 medium 6.5 6.5 apache 19d ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v…
CVE-2026-29207 medium 6.5 6.5 apache 19d ago Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24…
CVE-2026-44408 medium 6.3 6.3 19d ago There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can  modify configuration through the interface.
CVE-2026-8922 medium 5.4 5.4 redhat 19d ago Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured
CVE-2026-8830 medium 4.3 4.3 redhat 19d ago Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation
CVE-2026-8814 medium 5.3 5.3 19d ago ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
CVE-2026-32994 medium 5.3 5.3 19d ago The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any…
CVE-2026-33565 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28751 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28733 medium 6.5 6.5 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
CVE-2026-27781 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-27766 medium 5.5 5.5 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
CVE-2026-25850 medium 5.5 5.5 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
CVE-2026-25110 low 3.3 3.3 19d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-33514 medium 4.3 4.3 discourse 19d ago Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…
CVE-2026-33234 medium 5.0 5.0 19d ago AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen…
CVE-2026-32312 medium 4.3 4.3 glpi-project 19d ago GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue…
CVE-2026-32244 medium 5.3 5.3 discourse 19d ago Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…
CVE-2026-4893 medium 5.3 5.3 FIX rheldebian debian sles 19d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4891 medium 5.3 5.3 FIX rheldebian debian sles 19d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-40356 medium 5.9 5.9 FIX rheldebian debian sles 19d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-40355 medium 5.9 5.9 FIX rheldebian debian sles 19d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-39373 low 2.5 FIX rhel slesdebian debian 19d ago JWCrypto: JWE ZIP decompression bomb
CVE-2026-34000 medium 6.1 6.1 FIX rhel slesdebian debian x.org 19d ago A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
CVE-2026-32710 medium 5.5 FIX rhel slesdebian debian 19d ago MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un…
CVE-2026-31677 medium 5.5 5.5 FIX rhel slesdebian debian google 19d ago Important: kernel security update
CVE-2026-30892 medium 5.5 FIX rheldebian debian rocky 19d ago Moderate: crun security update
CVE-2026-23868 medium 5.1 5.1 FIX rheldebian debian sles giflib_project 19d ago Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult b…
CVE-2026-23040 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an…
CVE-2026-0968 low 3.1 3.1 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2026-0967 medium 5.5 5.5 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2026-0965 low 3.3 3.3 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2026-0964 medium 6.3 6.3 FIX rheldebian debian sles libsshredhat 19d ago Moderate: libssh security update
CVE-2026-0865 medium 5.5 FIX rocky rheldebian debian 19d ago User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2025-9615 low 3.3 3.3 FIX rhel slesdebian debian 19d ago Low: NetworkManager security update
CVE-2025-8277 low 3.1 3.1 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-8114 medium 4.7 4.7 FIX rheldebian debian sles libssh 19d ago Moderate: libssh security update
CVE-2025-5351 medium 6.5 6.5 FIX rheldebian debian sles libsshredhat 19d ago Moderate: libssh security update
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-4877 medium 4.5 4.5 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-40134 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le…