VIR Vulnerability Intelligence Relay

Search

Found 58,595 results in 3495ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44337 medium 6.3 6.3 praison 27d ago PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
CVE-2026-8288 medium 6.5 6.5 open5gs 27d ago A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Exec…
CVE-2026-35157 critical 9.8 9.8 dell 27d ago Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthentic…
CVE-2026-26946 medium 6.7 6.7 dell 27d ago Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local acce…
CVE-2025-43992 medium 5.6 5.6 dell 27d ago Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica…
CVE-2024-0391 medium 4.3 4.3 wso2 27d ago The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid use…
CVE-2026-43826 medium 6.5 6.5 apache 27d ago Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
CVE-2026-41018 medium 6.5 6.5 apache 27d ago Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL
CVE-2026-5084 medium 6.5 6.5 27d ago WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function…
CVE-2026-8276 low 3.7 3.7 debian debian sles 27d ago bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go
CVE-2026-8275 low 3.7 3.7 debian debian 27d ago bettercap Has an Integer Coercion Error in the ippReadChunkedBody Function
CVE-2026-1677 medium 5.3 5.3 27d ago Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to …
CVE-2026-8274 medium 5.3 5.3 28d ago A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function do_directory of the file cramfsck.c of the component Directory Handler. Such manipulation leads t…
CVE-2026-8270 medium 6.5 6.5 open5gs 28d ago A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The a…
CVE-2026-8269 medium 6.5 6.5 open5gs 28d ago A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of service. Remote explo…
CVE-2026-8268 medium 6.5 6.5 open5gs 28d ago A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial of service. The attack may be launch…
CVE-2026-8267 medium 6.5 6.5 open5gs 28d ago A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack…
CVE-2026-8266 medium 6.5 6.5 open5gs 28d ago A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation resul…
CVE-2026-8263 critical 9.8 9.8 28d ago A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipula…
CVE-2026-8262 low 2.4 2.4 28d ago A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack ma…
CVE-2026-8261 medium 5.9 5.9 debian debian 28d ago A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attac…
CVE-2026-8258 medium 5.3 5.3 debian debian 28d ago A flaw has been found in Squirrel up to 3.2. Impacted is the function validate_format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The at…
CVE-2026-8257 medium 5.5 5.5 debian debian webassembly 28d ago A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a…
CVE-2026-8256 low 2.4 2.4 28d ago A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scriptin…
CVE-2026-8255 low 2.4 2.4 28d ago A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack c…
CVE-2026-8254 low 2.4 2.4 28d ago A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross si…
CVE-2026-8253 low 2.4 2.4 28d ago A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross …
CVE-2026-8252 medium 6.5 6.5 open5gs 28d ago A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference…
CVE-2026-43666 medium 6.2 6.2 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-43659 medium 4.7 4.7 FIX iosmacos macos apple 28d ago visionOS 26.5
CVE-2026-43653 medium 6.2 6.2 FIX iosmacos macos tvos 28d ago The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on …
CVE-2026-39869 medium 4.3 4.3 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28996 medium 5.5 5.5 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28994 medium 5.3 5.3 FIX iosmacos macos tvos 28d ago watchOS 26.5
CVE-2026-28993 medium 5.5 5.5 FIX iosmacos macos apple 28d ago visionOS 26.5
CVE-2026-28992 medium 4.7 4.7 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28988 medium 5.5 5.5 FIX iosmacos macos watchos 28d ago visionOS 26.5
CVE-2026-28985 medium 6.2 6.2 FIX iosmacos macos tvos 28d ago A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to …
CVE-2026-28977 medium 6.2 6.2 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28972 medium 6.5 6.5 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28963 medium 4.6 4.6 FIX iosmacos macos 28d ago A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensi…
CVE-2026-28961 medium 4.6 4.6 FIX macos macos 28d ago This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.
CVE-2026-28957 low 3.3 3.3 FIX iosmacos macos apple 28d ago visionOS 26.5
CVE-2026-28956 medium 6.5 6.5 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28950 medium 6.2 6.2 FIX iosmacos macos 28d ago iOS 18.7.8 and iPadOS 18.7.8
CVE-2026-28922 medium 6.5 6.5 FIX macos macos 28d ago This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.
CVE-2026-28920 medium 6.5 6.5 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28918 medium 6.5 6.5 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28914 medium 5.5 5.5 FIX macos macos 28d ago A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
CVE-2026-28897 medium 6.2 6.2 FIX iosmacos macos tvos 28d ago visionOS 26.5
CVE-2026-28882 medium 4.0 4.0 FIX iosmacos macos apple 28d ago visionOS 26.4
CVE-2026-28878 medium 6.5 6.5 FIX macos macos ios watchos 28d ago visionOS 26.4
CVE-2026-28877 medium 5.5 5.5 FIX iosmacos macos watchos 28d ago visionOS 26.4
CVE-2026-28870 medium 5.5 5.5 FIX iosmacos macos tvos 28d ago visionOS 26.4
CVE-2026-28819 medium 5.4 5.4 FIX iosmacos macos 28d ago An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may …
CVE-2026-8251 medium 6.5 6.5 open5gs 28d ago A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation resu…
CVE-2026-8250 medium 6.5 6.5 open5gs 28d ago A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to …
CVE-2026-8249 medium 6.5 6.5 open5gs 28d ago A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation cause…
CVE-2026-8248 medium 6.5 6.5 open5gs 28d ago A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation…
CVE-2026-45191 medium 6.5 6.5 FIX debian debian sles 28d ago Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validatio…
CVE-2026-45190 medium 6.5 6.5 FIX debian debian sles 28d ago Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit chara…
CVE-2026-45179 medium 5.3 5.3 28d ago Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host o…
CVE-2022-50970 medium 5.4 5.4 28d ago WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra…
CVE-2022-50969 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functi…
CVE-2022-50968 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar…
CVE-2022-50967 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are…
CVE-2022-50966 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are no…
CVE-2022-50965 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are n…
CVE-2022-50964 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter…
CVE-2022-50963 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filte…
CVE-2022-50962 medium 6.1 6.1 28d ago uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar…
CVE-2022-50961 medium 6.4 6.4 28d ago WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Setti…
CVE-2022-50960 medium 6.1 6.1 28d ago WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inj…
CVE-2022-50959 medium 6.1 6.1 28d ago WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Att…
CVE-2022-50958 medium 6.1 6.1 28d ago WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers…
CVE-2022-50957 medium 6.1 6.1 avatar_uploader_project 28d ago Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Atta…
CVE-2022-50956 medium 6.2 6.2 28d ago WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the…
CVE-2022-50955 medium 4.3 4.3 28d ago WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can …
CVE-2022-50954 medium 6.2 6.2 28d ago WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tbli…
CVE-2022-50949 medium 6.4 6.4 28d ago WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, we…
CVE-2022-50948 medium 6.4 6.4 28d ago Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fi…
CVE-2022-50947 medium 6.4 6.4 28d ago WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the po…
CVE-2022-50946 medium 6.4 6.4 28d ago WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title …
CVE-2022-50945 medium 6.4 6.4 28d ago WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input …
CVE-2022-50943 medium 6.1 6.1 moodle 28d ago Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…
CVE-2021-47953 medium 4.3 4.3 28d ago OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick a…
CVE-2021-47951 medium 6.4 6.4 28d ago WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access C…
CVE-2021-47950 medium 6.4 6.4 28d ago Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulati…
CVE-2021-47948 medium 5.4 5.4 28d ago WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers…
CVE-2021-47947 medium 6.4 6.4 28d ago Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edi…
CVE-2021-47946 medium 5.3 5.3 28d ago OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiti…
CVE-2021-47940 critical 9.8 9.8 28d ago WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fi…
CVE-2021-47936 critical 9.8 9.8 28d ago OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Att…
CVE-2021-47933 critical 9.8 9.8 28d ago WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers…
CVE-2021-47932 critical 9.8 9.8 28d ago WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…
CVE-2021-47931 medium 6.4 6.4 28d ago Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing e…
CVE-2021-47929 medium 6.4 6.4 28d ago Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…
CVE-2021-47927 medium 6.4 6.4 28d ago WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …
CVE-2021-47926 medium 6.4 6.4 28d ago Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…
CVE-2021-47925 medium 6.4 6.4 28d ago CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file uplo…