VIR Vulnerability Intelligence Relay

Search

Found 58,594 results in 2852ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42887 medium 4.5 4.5 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLogin…
CVE-2026-42886 medium 4.9 4.9 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely …
CVE-2026-42885 medium 4.3 4.3 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a …
CVE-2026-42884 medium 4.3 4.3 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking w…
CVE-2026-42883 medium 6.5 6.5 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t…
CVE-2026-42882 critical 9.4 9.4 27d ago S3-Proxy has Security Issues in its Resource Path Matching Implementation
CVE-2026-42876 medium 4.9 4.9 27d ago ExternalSecrets vulnerable to privilege escalation with secret overwriting
CVE-2026-42875 medium 5.5 27d ago External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
CVE-2026-42874 low 3.7 3.7 27d ago Microdot has HTTP response splitting in Response.set_cookie()
CVE-2026-42872 medium 6.1 6.1 27d ago WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of use…
CVE-2026-42869 critical 10.0 10.0 27d ago SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value i…
CVE-2026-42565 medium 4.3 4.3 27d ago @workos/authkit-session has an Open Redirect via state-derived redirect target
CVE-2026-42050 medium 5.5 5.5 FIX debian debian sles imagemagick 27d ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in…
CVE-2026-43979 medium 5.0 5.0 27d ago Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled value…
CVE-2026-43898 critical 10.0 10.0 nyariv 27d ago SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…
CVE-2026-42070 medium 5.5 27d ago Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti…
CVE-2026-41897 medium 5.5 27d ago Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu…
CVE-2026-41159 medium 5.3 5.3 debian debian mermaid_project 27d ago Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies…
CVE-2026-41150 medium 5.3 5.3 debian debian mermaid_project 27d ago Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i…
CVE-2026-40598 medium 5.5 27d ago MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
CVE-2026-39960 medium 5.4 5.4 27d ago MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values
CVE-2026-34970 medium 5.5 27d ago MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
CVE-2026-34754 medium 4.3 4.3 27d ago MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API
CVE-2026-34744 medium 5.5 27d ago MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue
CVE-2026-34579 medium 5.5 27d ago MantisBT has an authorization bypass in private issue monitoring
CVE-2026-34390 medium 5.5 27d ago MantisBT Vulnerable to Privilege Escalation from Manager to Administrator
CVE-2026-8318 medium 5.3 5.3 27d ago A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_in…
CVE-2026-45222 medium 6.1 6.1 27d ago @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json
CVE-2026-43969 low 3.2 3.2 FIX debian debianwindows windows ninenines 27d ago cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
CVE-2026-43968 medium 4.0 4.0 FIX debian debianwindows windows ninenines 27d ago ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values
CVE-2026-42864 critical 9.9 9.9 27d ago FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft
CVE-2026-7814 medium 4.8 4.8 sles pgadmin 27d ago pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
CVE-2026-8305 critical 9.8 9.8 openclaw 27d ago A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb…
CVE-2026-7210 critical 9.8 9.8 slesdebian debianwindows windows libexpat_projectpython 27d ago `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this…
CVE-2026-45005 medium 6.0 6.0 openclaw 27d ago OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
CVE-2026-45003 medium 5.0 5.0 openclaw 27d ago OpenClaw: Workspace dotenv files cannot override connector endpoint hosts
CVE-2026-45002 medium 5.3 5.3 openclaw 27d ago OpenClaw: Hook mapping templates could bypass hook session-key opt-in
CVE-2026-45000 medium 5.0 5.0 openclaw 27d ago OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing…
CVE-2026-44999 medium 5.3 5.3 openclaw 27d ago OpenClaw: Isolated cron awareness events were recorded as trusted system events
CVE-2026-44998 medium 5.4 5.4 openclaw 27d ago OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restr…
CVE-2026-44997 medium 4.3 4.3 openclaw 27d ago OpenClaw's ACP child sessions inherit subagent security envelope constraints
CVE-2026-44996 low 3.7 3.7 openclaw 27d ago OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag…
CVE-2026-44994 medium 5.3 5.3 openclaw 27d ago OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Att…
CVE-2026-44993 medium 5.4 5.4 openclaw 27d ago OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enfo…
CVE-2026-44992 medium 5.0 5.0 openclaw 27d ago OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests
CVE-2026-44991 medium 4.2 4.2 openclaw 27d ago OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
CVE-2026-44777 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.
CVE-2026-44659 medium 4.7 4.7 27d ago Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the a…
CVE-2026-44658 low 2.4 2.4 27d ago Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same r…
CVE-2026-44226 medium 5.3 5.3 pyload 27d ago PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI
CVE-2026-43995 critical 9.8 9.8 flowiseai 27d ago Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
CVE-2026-43896 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab…
CVE-2026-43895 medium 4.4 4.4 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during mo…
CVE-2026-43894 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.…
CVE-2026-43639 critical 9.1 9.1 bitwarden 27d ago Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide…
CVE-2026-43638 medium 5.4 5.4 bitwarden 27d ago Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz…
CVE-2026-42865 medium 4.3 4.3 getinboxzero 27d ago Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated…
CVE-2026-42858 critical 9.9 9.9 openedx 27d ago Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply …
CVE-2026-42857 medium 5.4 5.4 openedx 27d ago Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags …
CVE-2026-42316 medium 6.5 6.5 27d ago kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k…
CVE-2026-42315 medium 6.5 6.5 pyload-ng_project 27d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_…
CVE-2026-42314 medium 6.5 6.5 pyload-ng_project 27d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ …
CVE-2026-42312 medium 6.8 6.8 pyload-ng_project 27d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
CVE-2026-41257 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator …
CVE-2026-41256 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil…
CVE-2026-41250 medium 5.7 5.7 27d ago Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.
CVE-2026-40612 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with…
CVE-2026-38569 medium 5.4 5.4 27d ago HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add.
CVE-2026-38567 critical 9.8 9.8 27d ago HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c…
CVE-2026-34095 medium 6.1 6.1 FIX debian debian mediawiki 27d ago Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects …
CVE-2026-34094 low 3.8 3.8 FIX debian debian mediawiki 27d ago Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-34093 medium 5.3 5.3 FIX debian debian mediawiki 27d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.P…
CVE-2026-33052 medium 5.5 27d ago MantisBT Has Authorization Bypass in Global Profile Creation
CVE-2026-27478 critical 9.5 27d ago Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
CVE-2026-36906 medium 6.1 6.1 27d ago Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function
CVE-2026-31252 medium 5.7 5.7 27d ago CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load(…
CVE-2026-8292 medium 6.5 6.5 open5gs 27d ago A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu…
CVE-2026-8291 medium 6.5 6.5 open5gs 27d ago A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial…
CVE-2026-7820 medium 6.5 6.5 sles pgadmin 27d ago pgAdmin 4: Improper restriction of excessive authentication attempts
CVE-2026-7817 medium 6.5 6.5 sles pgadmin 27d ago pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
CVE-2026-7813 critical 9.9 9.9 sles pgadmin 27d ago pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules
CVE-2026-6815 medium 5.9 6.9 EXP casbin 27d ago An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo…
CVE-2026-44643 critical 10.0 10.0 peerigon 27d ago Angular Expressions - Remote Code Execution using filters
CVE-2026-44201 medium 5.3 5.3 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access t…
CVE-2026-44199 medium 6.5 6.5 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav…
CVE-2026-44198 medium 4.3 4.3 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, …
CVE-2026-44197 medium 6.5 6.5 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis…
CVE-2026-31246 medium 6.5 6.5 27d ago GPT-Pilot contains a command injection vulnerability in the Executor.run() method
CVE-2025-65417 medium 6.1 6.1 27d ago docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.
CVE-2025-65416 medium 6.3 6.3 27d ago docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.
CVE-2025-65415 medium 5.4 5.4 27d ago docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.
CVE-2025-61310 medium 6.1 6.1 27d ago A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…
CVE-2025-61309 medium 6.1 6.1 27d ago A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…
CVE-2025-61308 medium 6.1 6.1 27d ago A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…
CVE-2025-61307 medium 6.1 6.1 27d ago A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t…
CVE-2025-61306 medium 6.1 6.1 27d ago A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr…
CVE-2025-61305 medium 6.1 6.1 27d ago A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…
CVE-2026-44477 critical 9.9 9.9 linuxfoundation 27d ago CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as t…
CVE-2026-8290 medium 6.5 6.5 open5gs 27d ago A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat…
CVE-2026-8289 medium 6.5 6.5 open5gs 27d ago A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipu…