VIR Vulnerability Intelligence Relay

Search

Found 62,611 results in 2291ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48241 high 8.1 8.1 16d ago Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to th…
CVE-2026-48240 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements …
CVE-2026-48239 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents…
CVE-2026-48238 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-…
CVE-2026-48237 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE stat…
CVE-2026-48236 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into…
CVE-2026-48235 high 8.2 8.2 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki…
CVE-2026-48234 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT sta…
CVE-2026-48233 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without san…
CVE-2026-48232 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without…
CVE-2026-48231 high 7.1 7.1 16d ago Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers i…
CVE-2026-46492 high 8.0 16d ago md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
CVE-2026-8596 high 7.2 7.2 aws 16d ago Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
CVE-2026-46432 high 8.0 16d ago LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
CVE-2026-48207 critical 9.8 9.8 apache 16d ago Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…
CVE-2026-46490 high 8.0 16d ago samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
CVE-2026-46481 high 8.0 16d ago OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
CVE-2026-9089 high 8.8 8.8 connectwise 16d ago The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
CVE-2026-39531 critical 9.3 9.3 16d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki…
CVE-2026-45208 high 7.8 7.8 trendmicro 16d ago A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abil…
CVE-2026-45207 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different…
CVE-2026-45206 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different…
CVE-2026-34930 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34929 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34928 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
CVE-2026-34927 high 7.8 7.8 trendmicro 16d ago An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to …
CVE-2026-2740 high 8.4 8.4 16d ago Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mac…
CVE-2025-71217 high 7.8 7.8 trendmicro 16d ago An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please not…
CVE-2025-71216 high 7.8 7.8 trendmicro 16d ago A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an att…
CVE-2025-71215 high 7.0 7.0 trendmicro 16d ago A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. …
CVE-2025-71214 high 7.8 7.8 trendmicro 16d ago An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attack…
CVE-2025-71213 high 7.8 7.8 trendmicro 16d ago An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abili…
CVE-2025-71212 high 7.8 7.8 trendmicro 16d ago A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the…
CVE-2025-71211 critical 9.8 9.8 trendmicro 16d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in …
CVE-2025-71210 critical 9.8 9.8 trendmicro 16d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul…
CVE-2025-13479 high 7.5 7.5 16d ago Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: throug…
CVE-2025-13477 high 7.1 7.1 16d ago Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. Thi…
CVE-2026-5118 critical 9.8 9.8 16d ago The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from P…
CVE-2026-45760 high 8.1 8.1 16d ago (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can c…
CVE-2026-43502 high 7.8 7.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but…
CVE-2026-43501 critical 9.8 9.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header…
CVE-2026-43499 high 7.8 7.8 FIX slesdebian debianwindows windows google 16d ago In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also use…
CVE-2026-43498 high 7.8 7.8 FIX slesdebian debian 16d ago In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_hand…
CVE-2026-43497 high 7.3 7.3 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free dlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebu…
CVE-2026-43496 unknown FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children (eg qfq qdisc) who…
CVE-2026-43495 high 8.8 8.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the m…
CVE-2026-43494 high 7.8 7.8 FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinne…
CVE-2026-45255 high 7.5 7.5 freebsd freebsd 16d ago When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us…
CVE-2026-45253 high 8.4 8.4 freebsd freebsd 16d ago ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code …
CVE-2026-45251 high 7.8 7.8 freebsd freebsd 16d ago A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, t…
CVE-2026-42002 high 7.5 7.5 FIX debian debian powerdns 16d ago Concurrency and locking defects in GSS-TSIG
CVE-2026-42001 high 7.5 7.5 FIX debian debian powerdns 16d ago Insufficient Validation of Autoprimary SOA Queries
CVE-2026-42000 high 8.6 8.6 FIX debian debian powerdns 16d ago Insufficient Validation of Names During AXFR
CVE-2026-39461 high 8.8 8.8 freebsd freebsd 16d ago libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript…
CVE-2026-28764 high 7.8 7.8 mediaarea 16d ago MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
CVE-2026-9157 high 8.4 8.4 17d ago Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.
CVE-2026-5434 high 7.5 7.5 17d ago Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-5433 critical 9.1 9.1 17d ago Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-4858 critical 9.9 9.9 mattermost 17d ago Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an…
CVE-2026-45250 high 7.8 7.8 freebsd freebsd 17d ago The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…
CVE-2026-44068 high 7.6 7.6 FIX slesdebian debian 17d ago Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via…
CVE-2026-44066 high 7.1 7.1 FIX slesdebian debian 17d ago Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor servic…
CVE-2026-44064 high 7.1 7.1 FIX slesdebian debian 17d ago An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.
CVE-2026-44062 high 7.5 7.5 FIX slesdebian debian 17d ago A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted …
CVE-2026-44060 high 7.5 7.5 FIX slesdebian debian 17d ago An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
CVE-2026-44058 high 7.2 7.2 FIX slesdebian debian 17d ago An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.
CVE-2026-44055 high 7.5 7.5 FIX slesdebian debian 17d ago A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
CVE-2026-44053 high 7.4 7.4 FIX slesdebian debian 17d ago Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic at…
CVE-2026-44052 high 7.5 7.5 FIX slesdebian debian 17d ago Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
CVE-2026-44051 high 8.1 8.1 FIX slesdebian debian 17d ago An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink c…
CVE-2026-44050 critical 9.9 9.9 FIX slesdebian debian 17d ago A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause…
CVE-2026-44049 high 7.5 7.5 FIX slesdebian debian 17d ago An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of serv…
CVE-2026-44048 high 8.8 8.8 FIX slesdebian debian 17d ago A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of servi…
CVE-2026-44047 high 8.8 8.8 FIX slesdebian debian 17d ago An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial o…
CVE-2026-6279 critical 9.8 9.8 17d ago The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `w…
CVE-2026-48172 critical 9.8 10.0 KEV litespeedtech 17d ago LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with ro…
CVE-2026-40165 high 8.7 8.7 17d ago authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Inject…
CVE-2026-47261 unknown 17d ago wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
CVE-2026-47372 critical 9.1 9.1 FIX debian debian 17d ago Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
CVE-2026-40092 high 7.5 7.5 17d ago nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT
CVE-2026-8632 high 7.8 7.8 FIX debian debian sles hp 17d ago A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…
CVE-2026-8631 critical 9.8 9.8 FIX debian debian sles hp 17d ago A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…
CVE-2026-47373 high 7.5 7.5 FIX debian debian 17d ago Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying has…
CVE-2026-9144 high 7.6 7.6 17d ago Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute pe…
CVE-2026-9141 critical 9.8 9.8 17d ago Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern…
CVE-2026-9139 critical 9.8 9.8 17d ago Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-…
CVE-2026-9137 high 7.5 7.5 misp 17d ago The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted …
CVE-2026-9133 high 7.7 7.7 aws 17d ago Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint migh…
CVE-2026-9126 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-9123 high 7.5 7.5 FIX debian debian linux-kernelwindows windows google 17d ago Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traff…
CVE-2026-9121 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-9120 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9119 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
CVE-2026-9118 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9117 high 7.5 7.5 FIX debian debian linux-kernelwindows windows google 17d ago Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf…
CVE-2026-9114 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Hig…
CVE-2026-9112 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
CVE-2026-9111 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 17d ago Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9082 critical 9.8 10.0 KEVEXP drupal 17d ago Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
CVE-2026-45444 critical 10.0 10.0 17d ago Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a th…