VIR Vulnerability Intelligence Relay

Search

Found 33,079 results in 1552ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42296 high 8.1 8.1 argoproj 29d ago Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
CVE-2026-42294 high 7.5 7.5 argoproj 29d ago Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
CVE-2026-6666 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 29d ago A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVE-2026-6664 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 29d ago An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
CVE-2026-41705 high 8.6 8.6 vmware 29d ago Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs
CVE-2026-44833 high 7.1 7.1 snipeitapp 29d ago Snipe-IT has an open redirect vulnerability
CVE-2026-44987 low 3.8 3.8 29d ago SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th…
CVE-2026-42452 high 8.1 8.1 29d ago Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled…
CVE-2026-42352 high 8.6 8.6 29d ago pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
CVE-2026-42351 high 7.5 7.5 29d ago pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider
CVE-2026-42345 high 7.7 7.7 29d ago FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a full…
CVE-2026-42339 high 7.1 7.1 newapi 29d ago QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0
CVE-2026-41432 high 8.2 8.2 newapi 29d ago New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud
CVE-2023-49316 high 8.0 FIX debian debian 29d ago Phpseclib needs guardrails on large binaryfield integers
CVE-2026-44567 high 7.3 7.3 openwebui 29d ago Open WebUI has Improper Authorization Control
CVE-2026-44832 high 8.8 8.8 snipeitapp 29d ago Snipe-IT has Privilege Escalation via API Permissions Assignment
CVE-2026-42195 low 3.4 3.4 29d ago draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut…
CVE-2026-41486 high 8.8 8.8 anyscale 29d ago Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
CVE-2026-44247 high 7.4 7.4 linuxfoundation 29d ago Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluste…
CVE-2026-7807 high 8.8 8.8 smartertools 29d ago SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
CVE-2026-42189 high 7.5 7.5 russh_projectwarpgate_project 29d ago russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler
CVE-2026-44552 high 8.7 8.7 openwebui 29d ago Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning
CVE-2026-44553 high 8.1 8.1 openwebui 29d ago Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
CVE-2026-8178 high 8.1 8.1 aws 29d ago Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading
CVE-2026-29203 high 8.8 8.8 29d ago A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
CVE-2026-29202 high 8.8 8.8 29d ago Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.
CVE-2026-29201 high 8.6 8.6 29d ago Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
CVE-2024-27355 high 8.0 FIX debian debian 29d ago phpseclib guardrails needed on OID length
CVE-2026-6659 high 7.5 7.5 debian debian 29d ago Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography.
CVE-2026-44499 high 8.0 1mo ago Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning
CVE-2026-43967 high 7.5 7.5 absinthe-graphql 1mo ago Absinthe: Quadratic fragment-name uniqueness check
CVE-2026-42793 high 7.5 7.5 absinthe-graphql 1mo ago Absinthe: Unbounded atom creation from parsed directive name
CVE-2026-42353 high 8.2 8.2 1mo ago i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters
CVE-2026-41886 high 7.5 7.5 1mo ago locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor
CVE-2026-41883 high 8.1 8.1 1mo ago OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
CVE-2026-41693 high 8.2 8.2 1mo ago i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite
CVE-2026-41690 high 8.6 8.6 1mo ago i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters
CVE-2026-41683 high 8.6 8.6 1mo ago i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header
CVE-2026-34354 high 7.4 7.4 1mo ago Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directo…
CVE-2026-29975 high 7.5 7.5 1mo ago lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by o…
CVE-2026-29974 high 7.5 7.5 1mo ago An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan o…
CVE-2026-29972 high 8.2 8.2 1mo ago nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the librar…
CVE-2026-44498 high 7.5 7.5 zfnd 1mo ago Zebra's Block Validator Undercounts Coinbase and P2SH Sigops
CVE-2026-43469 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (d…
CVE-2026-43466 high 8.2 8.2 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5e_reset_txqs…
CVE-2026-43464 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when …
CVE-2026-43462 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emac_tx_mem_map() The DMA mappings were leaked on mapping error. Free them with the existing…
CVE-2026-43461 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary g…
CVE-2026-43460 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which au…
CVE-2026-43459 high 7.3 7.3 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a us…
CVE-2026-43458 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link reference in ldisc_open and ser_release A reproducer triggers a KASAN slab-use-after-free in pty_wri…
CVE-2026-43456 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KA…
CVE-2026-43454 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix for duplicate device in netdev hooks When handling NETDEV_REGISTER notification, duplicate device regis…
CVE-2026-43453 high 7.1 7.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() pipapo_drop() passes rulemap[i + 1].n to pipapo_unmap() …
CVE-2026-43452 high 8.2 8.2 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kin…
CVE-2026-43450 high 7.1 7.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() nfnl_cthelper_dump_table() has a 'goto restart' that ju…
CVE-2026-43449 high 7.1 7.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set dev->online_queues is a count incremented in nvme_init_queue. Thus, valid indi…
CVE-2026-43447 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cach…
CVE-2026-43442 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops When IORING_SETUP_SQE_MIXED is used without IORING_SETUP_NO_SQ…
CVE-2026-43441 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is n…
CVE-2026-43440 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL afte…
CVE-2026-43438 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy …
CVE-2026-43437 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reas…
CVE-2026-43434 high 7.8 7.8 FIX debian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rust_binder: check ownership before using vma When installing missing pages (or zapping them), Rust Binder will look up the vma i…
CVE-2026-43433 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rust_binder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into …
CVE-2026-43427 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-o…
CVE-2026-43426 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the …
CVE-2026-43408 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing ceph_path_info initializers ceph_mdsc_build_path() must be called with a zero-initialized ceph_path_…
CVE-2026-43405 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in ceph_monmap_decode() This patch fixes unnecessary implicit conversions that change si…
CVE-2026-43403 high 8.8 8.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other priv…
CVE-2026-43391 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privilege…
CVE-2026-43388 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to the caller-provided …
CVE-2026-43386 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie The current code checks 'i + 5 < in_len' at the end o…
CVE-2026-43385 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: Fix rcu_tasks stall in threaded busypoll I was debugging a NIC driver when I noticed that when I enable threaded busypoll, b…
CVE-2026-43380 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read The q54sj108a2_debugfs_read function suffers from a stack buffer ove…
CVE-2026-43378 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced afte…
CVE-2026-43377 high 8.1 8.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signin…
CVE-2026-43374 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() publis…
CVE-2026-43373 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting…
CVE-2026-43370 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race w…
CVE-2026-43368 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more…
CVE-2026-43366 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when …
CVE-2026-43365 high 8.2 8.2 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff valu…
CVE-2026-43362 high 8.1 8.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov.…
CVE-2026-43353 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple tra…
CVE-2026-43352 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: …
CVE-2026-41588 high 8.1 8.1 inducer 1mo ago RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
CVE-2026-41584 high 7.5 7.5 zfnd 1mo ago Zebra has rk Identity Point Panic in Transaction Verification
CVE-2026-41576 high 7.1 7.1 1mo ago Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through PHP's nl2br() function, wh…
CVE-2026-41570 high 7.8 7.8 FIX debian debian phpunit_project 1mo ago PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line argu…
CVE-2026-41524 high 8.7 8.7 1mo ago Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with…
CVE-2026-38361 high 7.5 7.5 fohrloop 1mo ago An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload func…
CVE-2025-67486 high 7.2 7.2 dolibarr 1mo ago Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerabilit…
CVE-2026-44340 high 7.5 7.5 praison 1mo ago PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
CVE-2026-44339 high 8.6 8.6 praison 1mo ago PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
CVE-2026-44334 high 8.4 8.4 praison 1mo ago PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
CVE-2026-43350 high 7.6 7.6 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an…
CVE-2026-43347 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions (ESR=0x…
CVE-2026-43345 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to …
CVE-2026-43339 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition,…