VIR Vulnerability Intelligence Relay

Search

Found 28,679 results in 1377ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-7768 high 7.5 7.5 fastify 1mo ago @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
CVE-2026-6321 high 7.5 7.5 FIX slesdebian debian openjsf 1mo ago fast-uri vulnerable to path traversal via percent-encoded dot segments
CVE-2025-67796 high 8.1 8.1 1mo ago IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users
CVE-2026-43964 high 7.5 7.5 FIX slesdebian debianwindows windows postfix 1mo ago Postfix vulnerability
CVE-2026-42237 high 8.8 8.8 n8n 1mo ago n8n has SQL Injection in Snowflake and MySQL Nodes
CVE-2026-42236 high 7.5 7.5 n8n 1mo ago n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
CVE-2026-42234 high 8.8 8.8 n8n 1mo ago n8n has a Python Task Runner Sandbox Escape Vulnerability
CVE-2026-42232 high 8.8 8.8 n8n 1mo ago n8n has XML Node Prototype Pollution that to RCE
CVE-2026-42231 high 8.8 8.8 n8n 1mo ago n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
CVE-2026-42229 high 8.8 8.8 n8n 1mo ago n8n has SQL Injection in SeaTable Node
CVE-2026-42226 high 7.5 7.5 n8n 1mo ago n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay
CVE-2026-42154 high 7.5 7.5 slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
CVE-2026-42151 high 7.5 7.5 FIX slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
CVE-2026-25863 high 7.5 7.5 1mo ago Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fiel…
CVE-2026-43616 high 7.8 7.8 horsicq 1mo ago Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
CVE-2026-42088 high 8.1 8.1 openc3 1mo ago OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py…
CVE-2026-41471 high 7.5 7.5 1mo ago The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enu…
CVE-2026-37459 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago FRR vulnerabilities
CVE-2026-32834 high 7.5 7.5 1mo ago Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote …
CVE-2026-29004 high 8.1 8.1 debian debian sles 1mo ago BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attac…
CVE-2026-0073 high 8.8 8.8 1mo ago In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as…
CVE-2026-42440 high 7.5 7.5 FIX debian debian apache 1mo ago OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOut…
CVE-2026-42375 high 8.8 8.8 1mo ago D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
CVE-2026-42374 high 8.8 8.8 1mo ago D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
CVE-2026-42373 high 8.8 8.8 1mo ago D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
CVE-2026-42372 high 8.8 8.8 1mo ago D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
CVE-2026-42079 high 8.6 8.6 1mo ago PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
CVE-2026-42075 high 8.1 8.1 1mo ago Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
CVE-2026-37461 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-29514 high 8.8 8.8 1mo ago NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or con…
CVE-2026-25266 high 7.8 7.8 1mo ago Memory corruption while processing IOCTL command when device is in power-save state.
CVE-2026-24082 high 7.8 7.8 1mo ago Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
CVE-2025-47408 high 7.8 7.8 1mo ago Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
CVE-2025-47407 high 7.0 7.0 1mo ago Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVE-2025-47405 high 7.8 7.8 1mo ago Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
CVE-2025-47404 high 7.8 7.8 1mo ago Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
CVE-2025-47403 high 7.5 7.5 1mo ago Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
CVE-2025-47401 high 7.5 7.5 1mo ago Transient DOS when processing target power rate tables during channel configuration.
CVE-2026-40563 high 8.1 8.1 apache 1mo ago Apache Atlas has a Code Injection Vulnerability
CVE-2026-36365 high 7.8 7.8 1mo ago An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep function…
CVE-2026-29169 high 7.5 7.5 FIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-6266 high 8.3 8.3 1mo ago A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on emai…
CVE-2025-70069 high 7.5 7.5 debian debian sles 1mo ago An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
CVE-2026-34059 high 7.5 7.5 FIX debian debian rhel sles apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-24072 high 8.8 8.8 FIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2025-58074 high 8.8 8.8 1mo ago A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res…
CVE-2026-3120 high 7.2 7.2 1mo ago Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue aff…
CVE-2026-7750 high 8.8 8.8 1mo ago A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The …
CVE-2026-7749 high 8.8 8.8 1mo ago A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manip…
CVE-2026-7748 high 8.8 8.8 1mo ago A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executin…
CVE-2026-33846 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago GnuTLS vulnerabilities
CVE-2026-7737 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7736 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-29199 high 8.1 8.1 phpbb 1mo ago phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host …
CVE-2026-7733 high 7.3 7.3 1mo ago Funadmin has an Improper Access Control Issue
CVE-2026-7735 high 7.3 7.3 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7734 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7727 high 7.3 7.3 1mo ago A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/…
CVE-2026-7723 high 7.3 7.3 1mo ago Prefect Unauthenticated Event Injection via /api/events/in WebSocket
CVE-2026-7717 high 8.8 8.8 1mo ago A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Execu…
CVE-2026-42365 high 7.5 7.5 1mo ago A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. …
CVE-2026-42364 high 8.8 8.8 1mo ago An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An…
CVE-2026-7711 high 7.3 7.3 1mo ago MindsDB has an Improper Access Control Issue
CVE-2026-7710 high 7.3 7.3 1mo ago A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Perform…
CVE-2026-42246 high 7.4 7.4 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to STARTTLS stripping via invalid response timing
CVE-2026-42245 high 7.5 7.5 slesdebian debian ruby-lang 1mo ago net-imap has quadratic complexity when reading response literals
CVE-2026-35414 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-35388 high 8.0 FIX rhel slesdebian debian 1mo ago OpenSSH vulnerabilities
CVE-2026-35387 high 8.0 FIX rhel slesdebian debian 1mo ago OpenSSH vulnerabilities
CVE-2026-35386 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-35385 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-31431 high 7.8 10.0 KEVEXPFIX rhelarch arch sles redhatsusearista 1mo ago kmod update
CVE-2026-24660 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-23270 high 7.8 7.8 FIX rhel sles rocky 1mo ago Important: kernel security update
CVE-2026-23136 high 8.0 FIX rhel slesdebian debian 1mo ago Linux kernel vulnerabilities
CVE-2026-20889 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-7703 high 7.3 7.3 1mo ago A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be i…
CVE-2026-7698 high 7.3 7.3 1mo ago A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo.…
CVE-2026-7695 high 7.3 7.3 1mo ago A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinA…
CVE-2026-7694 high 7.3 7.3 1mo ago A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMi…
CVE-2026-7685 high 8.8 8.8 1mo ago A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer ove…
CVE-2026-7684 high 8.8 8.8 1mo ago A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffe…
CVE-2026-5063 high 7.2 7.2 1mo ago The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to,…
CVE-2026-7679 high 7.3 7.3 1mo ago A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/servi…
CVE-2026-7675 high 8.8 8.8 1mo ago A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid l…
CVE-2026-7674 high 8.8 8.8 1mo ago A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation…
CVE-2026-7670 high 7.3 7.3 1mo ago A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql inje…
CVE-2026-7668 high 7.3 7.3 1mo ago A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulatio…
CVE-2026-7644 high 7.3 7.3 1mo ago A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote …
CVE-2026-7632 high 7.3 7.3 1mo ago A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid cause…
CVE-2026-7630 high 7.3 7.3 1mo ago A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of …
CVE-2026-2554 high 8.1 8.1 1mo ago The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl…
CVE-2026-6320 high 7.5 7.5 1mo ago The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker…
CVE-2026-4100 high 7.1 7.1 1mo ago The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to mis…
CVE-2026-4062 high 7.5 7.5 1mo ago The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to in…
CVE-2026-4061 high 7.5 7.5 1mo ago The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook …
CVE-2026-4060 high 7.5 7.5 1mo ago The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user …
CVE-2026-7611 high 8.1 8.1 1mo ago A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a…
CVE-2026-7610 high 8.1 8.1 1mo ago A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi…