VIR Vulnerability Intelligence Relay

Search

Found 38,471 results in 2459ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-4909 low 2.4 2.4 2mo ago A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site …
CVE-2026-4908 critical 9.8 9.8 code-projects 2mo ago A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of …
CVE-2026-34060 critical 9.8 9.8 FIX debian debian shopify 2mo ago Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpol…
CVE-2025-53521 unknown 1.5 KEV 2mo ago F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.
CVE-2026-4899 low 2.4 2.4 2mo ago A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argume…
CVE-2026-3190 unknown 2mo ago Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
CVE-2026-3121 unknown 2mo ago Keycloak: manage-clients permission escalates to full realm admin access
CVE-2026-26213 critical 9.8 9.8 2mo ago thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to e…
CVE-2026-33536 unknown FIX debian debian sles 2mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incr…
CVE-2026-33871 unknown slesdebian debian google 2mo ago Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
CVE-2026-33870 unknown slesdebian debian google 2mo ago Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
CVE-2026-33873 unknown 2mo ago Langflow has Authenticated Code Execution in Agentic Assistant Validation
CVE-2026-33748 unknown debian debian slesubuntu ubuntu 2mo ago Docker vulnerabilities
CVE-2026-33747 unknown debian debian slesubuntu ubuntu 2mo ago Docker vulnerabilities
CVE-2026-33535 unknown FIX debian debian sles 2mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` inter…
CVE-2026-33728 critical 9.8 9.8 datadog 2mo ago dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data witho…
CVE-2026-4809 critical 9.8 9.8 2mo ago plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling…
CVE-2026-4850 critical 9.8 9.8 code-projects 2mo ago A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of…
CVE-2026-4835 low 3.5 3.5 2mo ago A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface.…
CVE-2014-125112 critical 9.8 9.8 FIX debian debian miyagawa 2mo ago Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows …
CVE-2026-4833 low 3.3 3.3 debian debian 2mo ago A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled r…
CVE-2026-4831 low 3.7 3.7 2mo ago A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protecte…
CVE-2026-4698 critical 9.8 9.8 FIX rocky rheldebian debian mozilla 2mo ago JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4823 low 2.5 2.5 2mo ago A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to inf…
CVE-2025-70952 unknown debian debian 2mo ago pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names
CVE-2026-33701 unknown 2mo ago OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution
CVE-2026-26832 critical 9.8 9.8 zapolnoch 2mo ago node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. …
CVE-2026-27071 critical 9.1 9.1 2mo ago Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7.
CVE-2026-27889 unknown FIX slesdebian debian 2mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSock…
CVE-2026-4784 critical 9.8 9.8 code-projects 3mo ago A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argum…
CVE-2026-20684 low 3.3 3.3 FIX macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-33248 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to der…
CVE-2026-33246 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. Th…
CVE-2026-33223 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a …
CVE-2026-33222 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could…
CVE-2026-33219 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can c…
CVE-2026-33218 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nat…
CVE-2026-33217 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied …
CVE-2026-33216 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords ar…
CVE-2026-33215 unknown FIX debian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and M…
CVE-2026-29785 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled (not …
CVE-2026-33247 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients p…
CVE-2026-33249 unknown FIX slesdebian debian 3mo ago NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message …
CVE-2026-33634 unknown 1.5 KEV sles 3mo ago Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credenti…
CVE-2026-32948 unknown 3mo ago sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows
CVE-2026-32642 unknown 3mo ago Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol
CVE-2026-3260 unknown debian debian 3mo ago Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
CVE-2026-4753 critical 9.1 9.1 3mo ago Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
CVE-2026-4750 critical 9.1 9.1 FIX debian debian 3mo ago Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
CVE-2026-22739 unknown 3mo ago Spring Cloud Config Server: Path Traversal via Profile Parameter Allows Arbitrary File Access
CVE-2026-4616 low 2.4 2.4 3mo ago A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulati…
CVE-2026-28895 unknown ios 3mo ago iOS 26.4 and iPadOS 26.4
CVE-2026-28893 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28892 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28891 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28890 unknown xcode 3mo ago Xcode 26.4
CVE-2026-28889 unknown xcode 3mo ago Xcode 26.4
CVE-2026-28888 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28881 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28875 unknown ios 3mo ago iOS 26.4 and iPadOS 26.4
CVE-2026-28874 unknown ios 3mo ago iOS 26.4 and iPadOS 26.4
CVE-2026-28862 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28858 unknown ios 3mo ago iOS 26.4 and iPadOS 26.4
CVE-2026-28856 unknown ios watchos apple 3mo ago visionOS 26.4
CVE-2026-28845 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28844 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28842 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28841 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28839 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28837 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28835 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28834 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28832 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28831 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28829 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28828 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28827 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28825 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28824 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28823 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28822 unknown iosmacos macos watchos 3mo ago visionOS 26.4
CVE-2026-28821 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28820 unknown macos macos 3mo ago macOS Tahoe 26.4
CVE-2026-28818 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28817 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-28816 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20701 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20699 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20698 unknown tvos iosmacos macos 3mo ago visionOS 26.4
CVE-2026-20697 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20695 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20694 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20693 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20692 unknown macos macos ios 3mo ago macOS Sonoma 14.8.5
CVE-2026-20688 unknown macos macos ios apple 3mo ago visionOS 26.4
CVE-2026-20660 unknown macos macos 3mo ago macOS Sequoia 15.7.5
CVE-2026-20651 unknown macos macos 3mo ago macOS Sequoia 15.7.5
CVE-2026-20639 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20633 unknown macos macos 3mo ago macOS Sonoma 14.8.5
CVE-2026-20632 unknown macos macos 3mo ago macOS Tahoe 26.4