VIR Vulnerability Intelligence Relay

Search

Found 66,554 results in 2419ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-4877 medium 4.5 4.5 FIX rheldebian debian sles 19d ago Moderate: libssh security update
CVE-2025-40134 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le…
CVE-2025-38470 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on…
CVE-2025-38441 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_…
CVE-2025-38405 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128…
CVE-2025-38400 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio…
CVE-2025-38279 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w…
CVE-2025-38166 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:…
CVE-2025-38097 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen…
CVE-2025-38015 medium 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d…
CVE-2025-37980 medium 5.5 FIX rhel slesdebian debian google 19d ago In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe…
CVE-2025-22105 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec…
CVE-2025-13465 medium 5.3 5.3 FIX rhel sles rocky lodash 19d ago Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pr…
CVE-2025-12748 medium 5.5 5.5 FIX rhel slesdebian debian 19d ago Moderate: libvirt security update
CVE-2025-11568 medium 4.4 4.4 FIX rocky rheldebian debian 19d ago RHSA-2025:23086: luksmeta security update (Moderate)
CVE-2025-11411 medium 5.5 FIX rhel slesdebian debian 19d ago Moderate: unbound security update
CVE-2024-33655 medium 5.5 FIX rhel slesdebian debian 19d ago Moderate: unbound security update
CVE-2024-12086 medium 6.8 6.8 FIX arch arch rhel sles sambaredhat 19d ago Important: rsync security update
CVE-2026-27737 medium 6.5 6.5 19d ago BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio…
CVE-2026-46559 medium 5.5 FIX debian debian 19d ago ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.
CVE-2026-46557 medium 5.5 FIX debian debian 19d ago ImageMagick: Stack overflow in fx operation
CVE-2026-46523 medium 5.5 FIX debian debian 19d ago ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46521 medium 5.5 FIX debian debian 19d ago ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
CVE-2026-45664 medium 5.5 FIX debian debian 19d ago ImageMagick: Policy Bypass in MNG coder could
CVE-2026-45624 medium 5.5 FIX debian debian 19d ago ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
CVE-2026-45554 medium 5.3 5.3 19d ago NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rathe…
CVE-2026-45684 medium 5.3 5.3 sles opentelemetry 20d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by readi…
CVE-2026-45682 medium 5.5 5.5 sles opentelemetry 20d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking…
CVE-2026-47091 low 3.3 3.3 jarrodwatts 20d ago Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin…
CVE-2026-47090 medium 4.6 4.6 jarrodwatts 20d ago Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded…
CVE-2026-45246 medium 5.5 5.5 steipete 20d ago Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default…
CVE-2026-45244 medium 5.4 5.4 steipete 20d ago Summarize contains a missing authorization vulnerability
CVE-2026-21789 medium 4.6 4.6 20d ago HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
CVE-2026-45683 low 3.8 3.8 sles opentelemetry 20d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_pr…
CVE-2026-45681 medium 5.9 5.9 sles opentelemetry 20d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer bu…
CVE-2026-45243 medium 6.1 6.1 steipete 20d ago Summarize contains a missing authorization vulnerability
CVE-2026-45231 medium 6.1 6.1 20d ago DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side san…
CVE-2026-45731 medium 4.9 4.9 wwbn 20d ago WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line executi…
CVE-2026-45494 medium 5.4 5.4 windows windows microsoft 20d ago Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-45492 medium 5.4 5.4 windows windows microsoft 20d ago Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-32849 medium 5.5 5.5 20d ago NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i…
CVE-2026-32848 medium 4.7 4.7 20d ago NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently…
CVE-2026-29965 medium 6.1 6.1 hsclabs 20d ago HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate…
CVE-2026-29964 medium 6.1 6.1 hsclabs 20d ago HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS…
CVE-2026-45679 medium 6.5 6.5 sles opentelemetry 20d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redi…
CVE-2026-45676 medium 5.5 5.5 sles opentelemetry 20d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string o…
CVE-2026-45031 medium 5.5 FIX debian debian 20d ago ImageMagick: Policy Bypass in PSD decoder
CVE-2026-41568 medium 5.5 20d ago Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
CVE-2026-45358 medium 5.5 FIX debian debian 20d ago ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
CVE-2026-45359 medium 5.5 FIX debian debian 20d ago ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
CVE-2026-45701 medium 5.5 20d ago Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical has…
CVE-2026-8843 medium 6.5 6.5 20d ago Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi…
CVE-2026-45829 unknown 20d ago ChromaDB Python project has a pre-authentication code injection vulnerability
CVE-2026-38719 medium 6.2 6.2 20d ago OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c…
CVE-2026-2728 low 2.5 20d ago LibreNMS: Cross-Site Scripting in ShowConfigController
CVE-2026-45139 medium 5.5 20d ago CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
CVE-2026-36438 medium 5.3 5.3 20d ago An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd
CVE-2026-20685 medium 6.5 6.5 20d ago An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.
CVE-2026-45138 medium 5.5 20d ago CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule
CVE-2026-45660 medium 5.4 5.4 20d ago Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't nor…
CVE-2026-42326 medium 5.5 FIX debian debian 20d ago ImageMagick: Heap Buffer Over-Read in IPTC encoder
CVE-2026-46724 unknown 20d ago TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)
CVE-2026-46722 unknown 20d ago TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search)
CVE-2026-45577 medium 5.5 20d ago Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback s…
CVE-2026-45626 medium 6.3 6.3 20d ago Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is …
CVE-2026-45620 medium 5.3 5.3 wwbn 20d ago WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admin gate. It only has an entry guard: preg_match('/^@/', $_REQUEST['term']) …
CVE-2026-45609 medium 6.5 6.5 springaicommunity 20d ago mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined…
CVE-2026-45582 medium 6.5 6.5 n8n-mcp 20d ago n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of …
CVE-2026-8803 low 3.7 3.7 20d ago A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation cau…
CVE-2026-8802 medium 4.3 4.3 20d ago A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argumen…
CVE-2026-41119 medium 6.8 6.8 20d ago Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leadi…
CVE-2026-6345 medium 6.5 6.5 mattermost 20d ago Mattermost doesn't prevent disclosure of created user password
CVE-2026-6343 medium 4.3 4.3 mattermost 20d ago Mattermost doesn't check public/private permissions
CVE-2026-6339 medium 4.3 4.3 mattermost 20d ago Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint
CVE-2026-6333 medium 5.0 5.0 mattermost 20d ago Mattermost doesn't validate the Host header when constructing response URLs for custom slash command
CVE-2026-5163 medium 6.5 6.5 mattermost 20d ago Mattermost doesn't verify channel membership when processing AI-assisted message rewrites
CVE-2026-4643 low 3.5 3.5 mattermost 20d ago Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server …
CVE-2026-4286 medium 4.3 4.3 mattermost 20d ago Mattermost doesn't check if {{team_id}} was being changed when updating playbooks
CVE-2026-3471 medium 6.5 6.5 mattermost 20d ago Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra…
CVE-2026-3117 medium 6.5 6.5 mattermost 20d ago Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se…
CVE-2026-28732 medium 4.3 4.3 mattermost 20d ago Mattermost doesn't enforce slash command trigger-word uniqueness during command updates
CVE-2026-6342 medium 4.3 4.3 mattermost 20d ago Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via …
CVE-2026-6341 medium 4.3 4.3 mattermost 20d ago Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multip…
CVE-2026-6340 medium 6.5 6.5 mattermost 20d ago Mattermost doesn't validate 7zip archive structure before processing
CVE-2026-6334 low 3.8 3.8 mattermost 20d ago Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow
CVE-2026-4273 medium 4.3 4.3 mattermost 20d ago Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation
CVE-2026-3637 medium 4.3 4.3 mattermost 20d ago Mattermost doesn't check the create_post channel permission during post edit operations
CVE-2026-3495 medium 4.8 4.8 mattermost 20d ago Mattermost doesn't escape some variables that could contain malicious content during error page composition
CVE-2026-2325 medium 6.5 6.5 mattermost 20d ago Mattermost doesn't limit the size of the request body on the start meeting API endpoint
CVE-2026-28759 medium 4.3 4.3 mattermost 20d ago Mattermost does not verify remote cluster channel access when processing shared channel membership removals
CVE-2026-1631 medium 5.4 5.4 20d ago The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and galle…
CVE-2026-8786 medium 6.3 6.3 tencent 20d ago A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component…
CVE-2026-8784 medium 4.2 4.2 20d ago A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack r…
CVE-2026-8783 medium 4.3 4.3 20d ago AMF Vulnerable to Improper Resource Shutdown or Release
CVE-2026-8782 medium 4.3 4.3 20d ago AMF Vulnerable to Improper Resource Shutdown or Release
CVE-2026-8781 medium 4.3 4.3 20d ago AMF Vulnerable to Improper Resource Shutdown or Release
CVE-2026-8780 medium 4.3 4.3 20d ago AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
CVE-2026-8779 medium 4.3 4.3 20d ago AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
CVE-2026-8777 medium 6.3 6.3 20d ago A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulatio…