VIR Vulnerability Intelligence Relay

Search

Found 38,471 results in 1691ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-5836 low 2.4 2.4 2mo ago A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_product.php. The manipulation of the argument prod…
CVE-2026-5835 low 2.4 2.4 2mo ago A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argumen…
CVE-2026-5834 low 2.4 2.4 2mo ago A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name resul…
CVE-2026-5810 low 3.5 3.5 2mo ago A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argume…
CVE-2026-5806 low 3.5 3.5 2mo ago A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cro…
CVE-2026-39987 unknown 1.5 KEV 2mo ago Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
CVE-2026-39892 unknown FIX slesdebian debian 2mo ago Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
CVE-2026-39883 unknown FIX debian debian google 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command us…
CVE-2026-39882 unknown FIX debian debian 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a si…
CVE-2026-39890 critical 9.5 2mo ago PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
CVE-2026-5795 unknown debian debian sles 2mo ago Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables
CVE-2026-33229 unknown 2mo ago XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API
CVE-2026-39510 low 2.7 2.7 2mo ago Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control S…
CVE-2026-39847 unknown 2mo ago Emmett has a path traversal in internal assets handler
CVE-2026-39395 unknown FIX debian debian sles 2mo ago Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with…
CVE-2026-35583 unknown 2mo ago Emissary has a Path Traversal via Blacklist Bypass in Configuration API
CVE-2026-35581 unknown 2mo ago Emissary has a Command Injection via PLACE_NAME Configuration in Executrix
CVE-2026-35580 unknown 2mo ago Emissary has GitHub Actions Shell Injection via Workflow Inputs
CVE-2026-39376 unknown 2mo ago FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
CVE-2026-39324 critical 9.5 FIX slesdebian debianubuntu ubuntu 2mo ago Rack::Session vulnerability
CVE-2026-1340 unknown 2.5 KEVEXP 2mo ago Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
CVE-2026-32289 unknown FIX debian debian sles google 2mo ago Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS …
CVE-2026-32288 unknown FIX debian debian sles google 2mo ago tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
CVE-2026-31789 critical 9.8 9.8 FIX slesdebian debian opensslgoogle 2mo ago Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr…
CVE-2026-5739 unknown 2mo ago PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection
CVE-2026-35571 unknown 2mo ago Emissary has Stored XSS via Navigation Template Link Injection
CVE-2026-35568 unknown 2mo ago Java-SDK has a DNS Rebinding Vulnerability
CVE-2026-35406 unknown FIX debian debian sles 2mo ago Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable…
CVE-2026-29181 unknown FIX debian debian google 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across va…
CVE-2026-32588 unknown 2mo ago Apache Cassandra has an authenticated DoS over CQL
CVE-2026-27315 unknown 2mo ago Apache Cassandra has sensitive Information Leak in cqlsh
CVE-2026-27314 unknown 2mo ago Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator
CVE-2026-33816 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-33815 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-34444 critical 10.0 10.0 debian debian scoder 2mo ago Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
CVE-2026-33439 unknown 2mo ago OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
CVE-2026-4292 unknown FIX slesdebian debian 2mo ago Django vulnerable to privilege abuse in ModelAdmin.list_editable
CVE-2026-4277 unknown FIX slesdebian debian 2mo ago Django vulnerable to privilege abuse in GenericInlineModelAdmin
CVE-2026-3902 unknown FIX slesdebian debian 2mo ago Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
CVE-2026-33034 unknown FIX slesdebian debian 2mo ago Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit
CVE-2026-33033 unknown FIX slesdebian debian 2mo ago Django has potential DoS via MultiPartParser through crafted multipart uploads
CVE-2026-35554 unknown sles 2mo ago Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition
CVE-2026-33866 unknown 2mo ago MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint
CVE-2026-33865 unknown 2mo ago MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface
CVE-2026-5735 critical 9.8 9.8 FIX debian debian sles mozilla 2mo ago Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp…
CVE-2026-22679 critical 9.8 9.8 weaver 2mo ago Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows att…
CVE-2026-28808 unknown FIX debian debian sles 2mo ago Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a U…
CVE-2026-32144 unknown FIX debian debian sles 2mo ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP respons…
CVE-2026-34197 unknown 2.5 KEVEXP debian debian 2mo ago Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
CVE-2026-33227 unknown debian debian 2mo ago Apache ActiveMQ: Improper validation and restriction of a classpath path name
CVE-2026-28810 unknown FIX debian debian sles 2mo ago Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, pr…
CVE-2026-1114 critical 9.8 9.8 lollms 2mo ago In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerabili…
CVE-2025-65115 critical 9.8 9.8 hitachi 2mo ago Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2…
CVE-2026-5682 low 3.7 3.7 2mo ago A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation lea…
CVE-2026-35022 critical 9.8 9.8 anthropic 2mo ago Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning…
CVE-2026-35490 unknown 2mo ago changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
CVE-2026-35035 critical 9.5 2mo ago CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS
CVE-2026-5668 low 2.4 2.4 2mo ago A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipu…
CVE-2026-34989 critical 9.0 9.0 ci4-cms-erp 2mo ago CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVE-2026-5647 low 2.4 2.4 2mo ago A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argum…
CVE-2026-5644 low 2.4 2.4 2mo ago A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice…
CVE-2026-5643 low 2.4 2.4 2mo ago A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of th…
CVE-2026-37977 unknown 2mo ago Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim
CVE-2026-31405 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] ta…
CVE-2026-5622 low 3.7 3.7 2mo ago A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component J…
CVE-2026-35616 unknown 1.5 KEV 2mo ago Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
CVE-2026-35679 low 3.5 3.5 2mo ago Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was someti…
CVE-2026-5584 critical 9.8 9.8 fosowl 2mo ago A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulatio…
CVE-2026-5574 critical 9.1 9.1 2mo ago A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/pa…
CVE-2026-5573 critical 9.8 9.8 2mo ago A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted…
CVE-2026-5570 critical 9.8 9.8 2mo ago A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authenticatio…
CVE-2026-5569 critical 9.8 9.8 2mo ago A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper a…
CVE-2026-5568 low 3.5 3.5 2mo ago A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scrip…
CVE-2026-5562 critical 9.8 9.8 provectus 2mo ago A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation lea…
CVE-2026-5526 critical 9.8 9.8 2mo ago A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation result…
CVE-2026-35166 unknown FIX debian debian sles 2mo ago Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or…
CVE-2026-32186 critical 10.0 10.0 2mo ago Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-28373 critical 9.6 9.6 macos macos stackfield 2mo ago The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export ca…
CVE-2026-23455 critical 9.1 9.1 FIX sles rheldebian debian 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit leng…
CVE-2026-23450 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_…
CVE-2026-5463 critical 9.8 9.8 danmcinerney 2mo ago Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This break…
CVE-2026-35545 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure …
CVE-2026-35544 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass vi…
CVE-2026-35543 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead …
CVE-2026-35542 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. Thi…
CVE-2026-35541 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing …
CVE-2026-35540 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if s…
CVE-2026-35539 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
CVE-2026-35538 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
CVE-2026-35537 unknown FIX debian debian 2mo ago An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated atta…
CVE-2026-35171 unknown 2mo ago Kedro has Arbitrary Code Execution via Malicious Logging Configuration
CVE-2026-35167 unknown 2mo ago Kedro: Path Traversal in versioned dataset loading via unsanitized version string
CVE-2026-32211 critical 9.1 9.1 2mo ago Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
CVE-2026-33105 critical 10.0 10.0 2mo ago Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26135 critical 9.6 9.6 2mo ago Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVE-2026-33107 critical 10.0 10.0 2mo ago Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32213 critical 10.0 10.0 2mo ago Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-5420 low 2.5 2.5 2mo ago A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. …
CVE-2026-5413 low 3.7 3.7 2mo ago A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argum…
CVE-2026-5370 low 3.5 3.5 2mo ago Krayin CRM is vulnerable to Cross-site Scripting (XSS)