VIR Vulnerability Intelligence Relay

Search

Found 33,988 results in 1399ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-24747 unknown FIX debian debian 4mo ago PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`…
CVE-2026-24819 unknown 4mo ago weixin4j has Improperly Controlled Sequential Memory Allocation
CVE-2026-24802 unknown 4mo ago jsonrpc4j has Infinite Loop in RPC Stream Writer
CVE-2026-24806 unknown 4mo ago Quick-Media Batik Codec FIX package has Code Injection vulnerability
CVE-2026-24686 unknown FIX debian debian sles 4mo ago go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the lo…
CVE-2026-24486 unknown 1.0 EXPFIX slesdebian debian 4mo ago Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_…
CVE-2026-24400 unknown debian debian sles 4mo ago AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
CVE-2026-1190 unknown 4mo ago Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
CVE-2025-14969 unknown 4mo ago Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion
CVE-2026-1443 critical 9.8 9.8 fabian 4mo ago A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argumen…
CVE-2026-24656 unknown 4mo ago Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
CVE-2016-15057 unknown 1.0 EXP 4mo ago Apache Continuum vulnerable to Command Injection through Installations REST API
CVE-2025-27821 unknown 4mo ago Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability
CVE-2026-1423 critical 9.8 9.8 fabian 4mo ago A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to un…
CVE-2026-1422 critical 9.8 9.8 fabian 4mo ago A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a m…
CVE-2026-1414 critical 9.8 9.8 sangfor 4mo ago A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the com…
CVE-2026-1413 critical 9.8 9.8 sangfor 4mo ago A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the compo…
CVE-2026-1412 critical 9.8 9.8 sangfor 4mo ago A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the co…
CVE-2026-24061 unknown 2.5 KEVEXPFIX debian debian 4mo ago GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
CVE-2026-23760 unknown 1.5 KEV 4mo ago SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and…
CVE-2026-21509 unknown 1.5 KEV 4mo ago Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a sec…
CVE-2025-52691 unknown 2.5 KEVEXP 4mo ago SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail s…
CVE-2018-14634 unknown 2.5 KEVEXPFIX slesdebian debian 4mo ago Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escala…
CVE-2026-22586 critical 9.8 9.8 salesforce 4mo ago Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allow…
CVE-2025-66719 unknown 4mo ago Free5gc NRF is vulnerable to scope validation bypass via maliciously crafted targetNF value
CVE-2026-24128 unknown 4mo ago XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages
CVE-2025-4320 critical 10.0 10.0 5mo ago Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass…
CVE-2025-4319 critical 9.4 9.4 5mo ago Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute…
CVE-2026-0603 unknown 5mo ago Hibernate vulnerable to SQL Injection
CVE-2026-0775 unknown slesdebian debian 5mo ago npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker mu…
CVE-2024-37079 unknown 1.5 KEV 5mo ago Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to …
CVE-2025-22234 unknown 5mo ago Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
CVE-2026-24137 unknown FIX debian debian sles 5mo ago sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. I…
CVE-2026-23954 unknown FIX debian debian 5mo ago Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use d…
CVE-2026-23953 unknown FIX debian debian 5mo ago Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ grou…
CVE-2026-24117 unknown FIX slesdebian debian 5mo ago Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public k…
CVE-2026-23831 unknown FIX slesdebian debian 5mo ago Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec…
CVE-2025-67221 unknown sles 5mo ago orjson does not limit recursion for deeply nested JSON documents
CVE-2025-49055 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affect…
CVE-2026-1225 unknown slesdebian debian 5mo ago Logback allows an attacker to instantiate classes already present on the class path
CVE-2025-68645 unknown 1.5 KEV 5mo ago Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal reque…
CVE-2025-34026 unknown 1.5 KEV 5mo ago Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The…
CVE-2026-23992 unknown FIX debian debian sles 5mo ago go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signa…
CVE-2026-23991 unknown FIX debian debian sles 5mo ago go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (val…
CVE-2026-22444 unknown FIX debian debian 5mo ago Apache Solr: Insufficient file-access checking in standalone core-creation requests
CVE-2026-22022 unknown FIX debian debian 5mo ago Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
CVE-2025-14083 unknown 5mo ago Keycloak Admin REST API exposes backend schema and rules
CVE-2025-14559 unknown 5mo ago Keycloak services allows the issuance of access and refresh tokens for disabled users
CVE-2026-1035 unknown 5mo ago Keycloak does not validate and update refresh token usage atomically
CVE-2026-23952 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting La…
CVE-2026-23874 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Languag…
CVE-2026-20045 unknown 1.5 KEV 5mo ago Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unifie…
CVE-2025-65482 unknown 5mo ago XDocReport affected by an XML External Entity (XXE) vulnerability
CVE-2025-64087 unknown 5mo ago XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability
CVE-2026-22770 unknown FIX debian debian sles 5mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in …
CVE-2026-1180 unknown 5mo ago Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)
CVE-2026-1202 critical 9.8 9.8 crmeb 5mo ago A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the…
CVE-2026-1179 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid …
CVE-2026-1178 critical 9.8 9.8 yonyou 5mo ago A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipu…
CVE-2026-1177 critical 9.8 9.8 yonyou 5mo ago A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler. Executing a…
CVE-2026-1176 critical 9.8 9.8 itsourcecode 5mo ago A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results …
CVE-2026-1160 critical 9.8 9.8 phpgurukul 5mo ago A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argum…
CVE-2026-1159 critical 9.8 9.8 adonesevangelista 5mo ago A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argum…
CVE-2026-1152 critical 9.8 9.8 technical-laohu 5mo ago A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument c…
CVE-2025-59355 unknown 5mo ago Apache Linkis: Password Exposure
CVE-2025-29847 unknown 5mo ago Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
CVE-2026-1133 critical 9.8 9.8 yonyou 5mo ago A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the…
CVE-2026-1132 critical 9.8 9.8 yonyou 5mo ago A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of th…
CVE-2026-1131 critical 9.8 9.8 yonyou 5mo ago A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument cat…
CVE-2026-1130 critical 9.8 9.8 yonyou 5mo ago A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the arg…
CVE-2026-1129 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argum…
CVE-2026-1125 critical 9.8 9.8 5mo ago A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enabl…
CVE-2026-1124 critical 9.8 9.8 yonyou 5mo ago A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. …
CVE-2026-1123 critical 9.8 9.8 yonyou 5mo ago A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument I…
CVE-2026-1122 critical 9.8 9.8 yonyou 5mo ago A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument…
CVE-2026-1121 critical 9.8 9.8 yonyou 5mo ago A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID…
CVE-2026-1120 critical 9.8 9.8 yonyou 5mo ago A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the…
CVE-2026-1119 critical 9.8 9.8 angeljudesuarez 5mo ago A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activ…
CVE-2026-1118 critical 9.8 9.8 angeljudesuarez 5mo ago A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title result…
CVE-2026-1107 critical 9.8 9.8 eyoucms 5mo ago A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argu…
CVE-2026-1105 critical 9.8 9.8 easycms 5mo ago A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The at…
CVE-2026-1062 critical 9.8 9.8 xiweicheng 5mo ago A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes serv…
CVE-2026-1061 critical 9.8 9.8 xiweicheng 5mo ago A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation o…
CVE-2026-1059 critical 9.8 9.8 feminer 5mo ago A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The …
CVE-2026-26216 unknown 5mo ago Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
CVE-2026-26217 unknown 5mo ago Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
CVE-2026-23528 unknown debian debian 5mo ago Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which wi…
CVE-2025-15104 unknown debian debian 5mo ago Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services.…
CVE-2025-68675 unknown 5mo ago Apache Airflow proxy credentials for various providers might leak in task logs
CVE-2025-68438 unknown 5mo ago Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated
CVE-2025-62582 critical 9.8 9.8 deltaww 5mo ago Delta Electronics DIAView has multiple vulnerabilities.
CVE-2025-62581 critical 9.8 9.8 deltaww 5mo ago Delta Electronics DIAView has multiple vulnerabilities.
CVE-2026-1002 unknown 5mo ago Vert.x Web static handler component cache can be manipulated to deny the access to static files
CVE-2026-0976 unknown 5mo ago Keycloak has an improper input validation vulnerability
CVE-2025-69725 unknown FIX debian debian sles 5mo ago An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.
CVE-2026-22036 unknown FIX slesdebian debian 5mo ago Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert tho…
CVE-2025-71140 unknown FIX slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and de…
CVE-2025-66169 unknown 5mo ago Apache Camel camel-neo4j component is vulnerable to cypher injection
CVE-2026-22772 unknown FIX debian debian sles 5mo ago Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers …
CVE-2026-22702 unknown FIX slesdebian debian 5mo ago virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform sym…