VIR Vulnerability Intelligence Relay

Search

Found 33,988 results in 1239ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-22701 unknown FIX slesdebian debian 5mo ago filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker …
CVE-2025-62182 unknown 5mo ago Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.
CVE-2026-22703 unknown FIX debian debian sles 5mo ago Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Reko…
CVE-2025-68931 unknown 5mo ago Jervis's AES CBC Mode is Without Authentication
CVE-2025-68925 unknown 5mo ago Jervis Has a JWT Algorithm Confusion Vulnerability
CVE-2025-68704 unknown 5mo ago Jervis Has Weak Random for Timing Attack Mitigation
CVE-2025-68703 unknown 5mo ago Jervis's Salt for PBKDF2 derived from password
CVE-2025-68702 unknown 5mo ago Jervis Has a SHA-256 Hex String Padding Bug
CVE-2025-68701 unknown 5mo ago Jervis has Deterministic AES IV Derivation from Passphrase
CVE-2025-68698 unknown 5mo ago Jervis Has a RSA PKCS#1 Padding Vulnerability
CVE-2026-20805 unknown 1.5 KEV 5mo ago Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
CVE-2025-68472 unknown 5mo ago MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
CVE-2026-0852 critical 9.8 9.8 fabian 5mo ago A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the arg…
CVE-2026-0851 critical 9.8 9.8 fabian 5mo ago A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument tx…
CVE-2025-68493 unknown 5mo ago Apache Struts 2 is Missing XML Validation
CVE-2026-0821 critical 9.8 9.8 debian debian quickjs-ng 5mo ago A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-…
CVE-2025-15503 critical 9.8 9.8 sangfor 5mo ago A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. …
CVE-2025-15502 critical 9.8 9.8 sangfor 5mo ago A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session.…
CVE-2025-65091 unknown 5mo ago XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService
CVE-2025-65090 unknown 5mo ago XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService
CVE-2025-15496 critical 9.8 9.8 guchengwuyue 5mo ago A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack m…
CVE-2025-15493 critical 9.8 9.8 docsys_project 5mo ago A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument…
CVE-2025-70974 unknown 5mo ago FASTJSON Includes Functionality from Untrusted Control Sphere
CVE-2026-0732 critical 9.8 9.8 5mo ago A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The atta…
CVE-2025-68158 unknown FIX slesdebian debian 5mo ago Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSR…
CVE-2026-0700 critical 9.8 9.8 carmelo 5mo ago A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the arg…
CVE-2026-0707 unknown 5mo ago Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVE-2026-22187 unknown 5mo ago Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing
CVE-2026-22186 unknown 5mo ago Bio-Formats has an XML External Entity (XXE) vulnerability
CVE-2026-22189 critical 9.8 9.8 cmu 5mo ago The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. W…
CVE-2026-22244 unknown 5mo ago OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE
CVE-2026-21885 unknown FIX debian debian 5mo ago Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SS…
CVE-2025-12543 unknown debian debian 5mo ago Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
CVE-2025-66560 unknown 5mo ago Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
CVE-2025-47552 critical 9.8 9.8 5mo ago Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
CVE-2025-32303 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2026-0643 critical 9.8 9.8 projectworlds 5mo ago A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of th…
CVE-2025-37164 unknown 2.5 KEVEXP 5mo ago Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution.
CVE-2009-0556 unknown 1.5 KEV 5mo ago Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index…
CVE-2025-30996 critical 9.9 9.9 5mo ago Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify…
CVE-2026-21892 unknown FIX debian debian 5mo ago Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsaf…
CVE-2025-39477 critical 9.8 9.8 5mo ago Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
CVE-2026-0607 critical 9.8 9.8 fabian 5mo ago A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to s…
CVE-2026-0606 critical 9.8 9.8 fabian 5mo ago A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument I…
CVE-2025-69230 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is…
CVE-2025-69229 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a …
CVE-2025-69228 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontro…
CVE-2025-69227 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS a…
CVE-2025-69226 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path no…
CVE-2025-69225 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There…
CVE-2025-69224 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII…
CVE-2025-69223 unknown FIX slesdebian debian 5mo ago AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be a…
CVE-2025-61916 unknown 5mo ago Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
CVE-2026-0605 critical 9.8 9.8 fabian 5mo ago A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument…
CVE-2025-39484 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7.
CVE-2025-68280 unknown 5mo ago Apache SIS has Improper Restriction of XML External Entity Reference vulnerability
CVE-2026-0597 critical 9.8 9.8 campcodes 5mo ago A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRe…
CVE-2026-21452 unknown debian debian 5mo ago MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation
CVE-2026-0592 critical 9.8 9.8 fabian 5mo ago A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component U…
CVE-2026-0591 critical 9.8 9.8 fabian 5mo ago A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Ha…
CVE-2026-0590 critical 9.8 9.8 fabian 5mo ago A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter…
CVE-2025-68865 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global:…
CVE-2025-31048 critical 9.9 9.9 5mo ago Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4.
CVE-2025-30633 critical 9.3 9.3 5mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Nat…
CVE-2026-0585 critical 9.8 9.8 fabian 5mo ago A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. …
CVE-2026-0584 critical 9.8 9.8 fabian 5mo ago A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argu…
CVE-2026-0583 critical 9.8 9.8 fabian 5mo ago A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The man…
CVE-2025-66518 unknown 5mo ago Apache Kyuubi Server vulnerable to Path Traversal
CVE-2025-15022 unknown 5mo ago Vaadin vulnerable to Cross-site Scripting
CVE-2026-0582 critical 9.8 9.8 angeljudesuarez 5mo ago A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to …
CVE-2026-0581 critical 9.8 9.8 5mo ago A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipula…
CVE-2025-15458 critical 9.8 9.8 1234n 5mo ago A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to…
CVE-2025-15457 critical 9.8 9.8 1234n 5mo ago A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a man…
CVE-2026-0579 critical 9.8 9.8 fabian 5mo ago A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. …
CVE-2026-0578 critical 9.8 9.8 fabian 5mo ago A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manip…
CVE-2026-0577 critical 9.8 9.8 fabian 5mo ago A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing a ma…
CVE-2026-0576 critical 9.8 9.8 fabian 5mo ago A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler.…
CVE-2026-0575 critical 9.8 9.8 fabian 5mo ago A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the compone…
CVE-2026-0570 critical 9.8 9.8 fabian 5mo ago A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql i…
CVE-2026-0569 critical 9.8 9.8 fabian 5mo ago A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql in…
CVE-2026-0568 critical 9.8 9.8 fabian 5mo ago A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injectio…
CVE-2026-0567 critical 9.8 9.8 code-projects 5mo ago A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql inj…
CVE-2026-0566 critical 9.8 9.8 code-projects 5mo ago A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image le…
CVE-2026-0565 critical 9.8 9.8 code-projects 5mo ago A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del c…
CVE-2026-0546 critical 9.8 9.8 code-projects 5mo ago A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. T…
CVE-2025-15436 critical 9.8 9.8 yonyou 5mo ago A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql inj…
CVE-2025-15435 critical 9.8 9.8 yonyou 5mo ago A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql inject…
CVE-2025-15434 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to lau…
CVE-2025-15425 critical 9.8 9.8 yonyou 5mo ago A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulatio…
CVE-2025-15424 critical 9.8 9.8 yonyou 5mo ago A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulat…
CVE-2025-15421 critical 9.8 9.8 yonyou 5mo ago A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the…
CVE-2025-15420 critical 9.8 9.8 yonyou 5mo ago A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. T…
CVE-2025-15410 critical 9.8 9.8 anisha 5mo ago A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to…
CVE-2025-15409 critical 9.8 9.8 anisha 5mo ago A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of …
CVE-2025-47411 unknown 5mo ago Apache StreamPipes has Improper Privilege Management issue
CVE-2025-15408 critical 9.8 9.8 anisha 5mo ago A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing a manipulation of the argument dre_title results …
CVE-2025-15407 critical 9.8 9.8 anisha 5mo ago A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to…
CVE-2026-0544 critical 9.8 9.8 itsourcecode 5mo ago A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injec…
CVE-2025-68131 unknown FIX debian debian sles 5mo ago CBORDecoder reuse can leak shareable values across decode calls
CVE-2025-15391 critical 9.8 9.8 5mo ago A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be …