VIR Vulnerability Intelligence Relay

Search

Found 33,989 results in 1298ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-14248 critical 9.8 9.8 fabian 6mo ago A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql inj…
CVE-2025-14247 critical 9.8 9.8 fabian 6mo ago A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument item_name …
CVE-2025-14246 critical 9.8 9.8 fabian 6mo ago A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument user_id resul…
CVE-2025-14245 critical 9.8 9.8 ideacms 6mo ago A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection.…
CVE-2025-14227 critical 9.8 9.8 philipinho 6mo ago A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation re…
CVE-2025-14226 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql i…
CVE-2025-14224 critical 9.8 9.8 6mo ago A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in …
CVE-2025-14223 critical 9.8 9.8 carmelo 6mo ago A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_…
CVE-2025-14218 critical 9.8 9.8 fabian 6mo ago A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argume…
CVE-2025-14217 critical 9.8 9.8 fabian 6mo ago A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. T…
CVE-2025-14216 critical 9.8 9.8 fabian 6mo ago A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql i…
CVE-2025-14215 critical 9.8 9.8 fabian 6mo ago A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. T…
CVE-2025-14212 critical 9.8 9.8 projectworlds 6mo ago A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing a manipulation of the arg…
CVE-2025-14211 critical 9.8 9.8 projectworlds 6mo ago A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing a manipulatio…
CVE-2025-14210 critical 9.8 9.8 projectworlds 6mo ago A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument u…
CVE-2025-14209 critical 9.8 9.8 campcodes 6mo ago A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the argument stud_id causes sql inj…
CVE-2025-66644 unknown 1.5 KEV 6mo ago Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
CVE-2022-37055 unknown 1.5 KEV 6mo ago D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service …
CVE-2025-14199 critical 9.8 9.8 verysync 6mo ago A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administratio…
CVE-2025-14182 critical 9.8 9.8 sobey 6mo ago A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File …
CVE-2025-40281 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto syzbot reported a possible shift-out-of-bounds [1] Blame…
CVE-2025-40280 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reini…
CVE-2025-40278 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . …
CVE-2025-66623 unknown 6mo ago Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
CVE-2025-66564 unknown FIX debian debian 6mo ago Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (whi…
CVE-2025-66506 unknown FIX debian debian 6mo ago Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to str…
CVE-2025-14094 critical 9.8 9.8 6mo ago A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injecti…
CVE-2025-14093 critical 9.8 9.8 6mo ago A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os co…
CVE-2025-66573 unknown 6mo ago Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display n…
CVE-2025-66516 unknown FIX debian debian 6mo ago Apache Tika has XXE vulnerability
CVE-2025-40264 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrb_params in case of OS2BMC be_insert_vlan_in_pkt() is called with the wrb_params argument being NULL at be_send_pk…
CVE-2025-40263 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`…
CVE-2025-40262 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an ad…
CVE-2025-40261 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending I/O to com…
CVE-2025-40257 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcp_pm_del_add_timer() mptcp_pm_del_add_timer() can call sk_stop_timer_sync(sk, &entry->add_timer) while a…
CVE-2025-40254 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the set(nsh(...)) action is completely wr…
CVE-2025-40250 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rma…
CVE-2025-14004 critical 9.8 9.8 xunruicms 6mo ago A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performin…
CVE-2025-40214 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of …
CVE-2024-3884 unknown debian debian 6mo ago Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
CVE-2025-55182 unknown 2.5 KEVEXP aws 6mo ago Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Ser…
CVE-2025-66453 unknown slesdebian debian 6mo ago Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
CVE-2025-65955 unknown FIX debian debian sles 6mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests …
CVE-2025-13472 unknown 6mo ago BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources
CVE-2021-26828 unknown 1.5 KEV 6mo ago OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
CVE-2025-61727 unknown FIX debian debian sles 6mo ago An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com doe…
CVE-2025-64460 unknown FIX slesdebian debian 6mo ago Django is vulnerable to DoS via XML serializer text extraction
CVE-2025-13372 unknown FIX slesdebian debian 6mo ago Django is vulnerable to SQL injection in column aliases
CVE-2025-10939 unknown 6mo ago Keycloak unable to restrict access to the admin console
CVE-2025-11538 unknown 6mo ago Keycloak has debug default bind address
CVE-2025-48633 unknown 1.5 KEV 6mo ago Android Framework contains an unspecified vulnerability that allows for information disclosure.
CVE-2025-48572 unknown 1.5 KEV 6mo ago Android Framework contains an unspecified vulnerability that allows for privilege escalation.
CVE-2025-55749 unknown 6mo ago XWiki Jetty Package (XJetty) allows accessing any application file through URL
CVE-2025-64775 unknown 6mo ago Apache Struts is Vulnerable to DoS via File Leak
CVE-2025-13815 critical 9.8 9.8 mogublog_project 6mo ago A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestr…
CVE-2025-13814 critical 9.8 9.8 mogublog_project 6mo ago A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results …
CVE-2025-13806 critical 9.8 9.8 nutzam 6mo ago NutzBoot Incorrect Privilege Assignment vulnerability
CVE-2025-13800 critical 9.8 9.8 6mo ago A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command …
CVE-2025-13799 critical 9.8 9.8 6mo ago A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to …
CVE-2025-13798 critical 9.8 9.8 6mo ago A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command inject…
CVE-2025-13797 critical 9.8 9.8 6mo ago A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swi…
CVE-2025-13788 critical 9.8 9.8 chanjet 6mo ago A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to s…
CVE-2025-13786 critical 9.8 9.8 wtcms_project 6mo ago A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content res…
CVE-2025-13783 critical 9.8 9.8 wtcms_project 6mo ago A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/Commentad…
CVE-2025-13782 critical 9.8 9.8 wtcms_project 6mo ago A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.c…
CVE-2025-12183 unknown debian debian 6mo ago LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS
CVE-2025-66372 unknown 6mo ago Mustangproject allows exfiltrating files via XXE attacks
CVE-2021-26829 unknown 1.5 KEV 6mo ago OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm.
CVE-2025-3261 unknown 6mo ago ThingsBoard allows an authenticated user to upload malicious SVG images
CVE-2025-54057 unknown 6mo ago Apache SkyWalking has a stored XSS vulnerability
CVE-2025-66035 unknown FIX debian debian 6mo ago Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF tok…
CVE-2025-62728 unknown 6mo ago Hive Metastore Server is vulnerable to SQL Injection
CVE-2025-59390 unknown 6mo ago Apache Druid’s Kerberos authenticator uses a weak fallback secret
CVE-2025-66021 unknown 6mo ago OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization
CVE-2025-9624 unknown debian debian 6mo ago OpenSearch is vulnerable to DoS via complex query_string inputs
CVE-2025-58360 unknown 2.5 KEVEXP 6mo ago OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation…
CVE-2025-21621 unknown 6mo ago GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
CVE-2025-65085 critical 9.8 9.8 ashlar 6mo ago A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose inform…
CVE-2025-65084 critical 9.8 9.8 ashlar 6mo ago An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information …
CVE-2025-65998 unknown 7mo ago Apache Syncope's AES encryption stores hard-coded passwords in internal database
CVE-2025-13585 critical 9.8 9.8 angeljudesuarez 7mo ago A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injecti…
CVE-2025-13583 critical 9.8 9.8 carmelo 7mo ago A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulatio…
CVE-2025-13582 critical 9.8 9.8 anisha 7mo ago A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing…
CVE-2025-13578 critical 9.8 9.8 code-projects 7mo ago A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to …
CVE-2025-13572 critical 9.8 9.8 projectworlds 7mo ago A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to …
CVE-2025-13562 critical 9.8 9.8 7mo ago A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The atta…
CVE-2025-13561 critical 9.8 9.8 torrahclef 7mo ago A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql i…
CVE-2025-13560 critical 9.8 9.8 torrahclef 7mo ago A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injectio…
CVE-2025-13557 critical 9.8 9.8 campcodes 7mo ago A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads …
CVE-2025-13556 critical 9.8 9.8 campcodes 7mo ago A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing a manipulation of the argument my…
CVE-2025-13555 critical 9.8 9.8 campcodes 7mo ago A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument s…
CVE-2025-13554 critical 9.8 9.8 campcodes 7mo ago A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argume…
CVE-2025-13546 critical 9.8 9.8 ashraf-kabir 7mo ago A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the compone…
CVE-2025-13544 critical 9.8 9.8 ashraf-kabir 7mo ago A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customer_register.php. Executing manipulation…
CVE-2025-62609 unknown 7mo ago MLX has Wild Pointer Dereference in load_gguf()
CVE-2025-62608 unknown 7mo ago MLX has heap-buffer-overflow in load()
CVE-2025-13485 critical 9.8 9.8 admerc 7mo ago A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument …
CVE-2025-61757 unknown 1.5 KEV 7mo ago Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
CVE-2025-13451 critical 9.8 9.8 oretnom23 7mo ago A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql in…
CVE-2025-13449 critical 9.8 9.8 oretnom23 7mo ago A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injecti…