VIR Vulnerability Intelligence Relay

Search

Found 62,236 results in 2329ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-34258 medium 4.7 4.7 27d ago SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicki…
CVE-2026-27682 medium 6.1 6.1 sap 27d ago Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that …
CVE-2026-0502 medium 5.4 5.4 27d ago Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This ha…
CVE-2026-8349 medium 4.3 4.3 27d ago omec-project amf crashes when processing malformed LocationReports
CVE-2026-42554 medium 6.1 6.1 gofiber 27d ago Fiber vulnerable to XSS in AutoFormat Content Negotiation
CVE-2026-34962 medium 5.5 5.5 pengutronix 27d ago barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo…
CVE-2026-7010 medium 6.5 6.5 FIX debian debian 27d ago HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host t…
CVE-2026-44695 medium 6.5 6.5 getoutline 27d ago Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A…
CVE-2026-43889 medium 6.5 6.5 27d ago Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifie…
CVE-2026-42600 medium 4.9 4.9 minio 27d ago MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
CVE-2026-34960 medium 6.5 6.5 pengutronix 27d ago barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within …
CVE-2026-28967 medium 4.9 4.9 FIX macos macos ios 27d ago iOS 18.7.7 and iPadOS 18.7.7
CVE-2026-28830 medium 4.7 4.7 FIX macos macos 27d ago macOS Tahoe 26.4
CVE-2026-20696 medium 5.5 5.5 FIX macos macos 27d ago macOS Tahoe 26.4
CVE-2026-8320 medium 4.7 4.7 27d ago A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of …
CVE-2026-8319 medium 5.3 5.3 27d ago aiwaves-cn agents is vulnerable to resource consumption in the recall_relevant_memories_to_working_memory function
CVE-2026-6146 medium 5.3 5.3 27d ago Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data d…
CVE-2026-45026 medium 6.8 6.8 27d ago WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the …
CVE-2026-45025 medium 6.8 6.8 27d ago WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the …
CVE-2026-42887 medium 4.5 4.5 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLogin…
CVE-2026-42886 medium 4.9 4.9 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely …
CVE-2026-42885 medium 4.3 4.3 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a …
CVE-2026-42884 medium 4.3 4.3 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking w…
CVE-2026-42883 medium 6.5 6.5 27d ago Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t…
CVE-2026-42876 medium 4.9 4.9 27d ago ExternalSecrets vulnerable to privilege escalation with secret overwriting
CVE-2026-42875 medium 5.5 27d ago External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
CVE-2026-42872 medium 6.1 6.1 27d ago WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of use…
CVE-2026-42565 medium 4.3 4.3 27d ago @workos/authkit-session has an Open Redirect via state-derived redirect target
CVE-2026-42050 medium 5.5 5.5 FIX debian debian sles imagemagick 27d ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in…
CVE-2026-43979 medium 5.0 5.0 27d ago Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled value…
CVE-2026-42070 medium 5.5 27d ago Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti…
CVE-2026-41897 medium 5.5 27d ago Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu…
CVE-2026-41159 medium 5.3 5.3 debian debian mermaid_project 27d ago Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies…
CVE-2026-41150 medium 5.3 5.3 debian debian mermaid_project 27d ago Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i…
CVE-2026-40598 medium 5.5 27d ago MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page
CVE-2026-39960 medium 5.4 5.4 27d ago MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values
CVE-2026-34970 medium 5.5 27d ago MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
CVE-2026-34754 medium 4.3 4.3 27d ago MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API
CVE-2026-34744 medium 5.5 27d ago MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue
CVE-2026-34579 medium 5.5 27d ago MantisBT has an authorization bypass in private issue monitoring
CVE-2026-34390 medium 5.5 27d ago MantisBT Vulnerable to Privilege Escalation from Manager to Administrator
CVE-2026-8318 medium 5.3 5.3 27d ago A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_in…
CVE-2026-45222 medium 6.1 6.1 27d ago @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json
CVE-2026-43968 medium 4.0 4.0 FIX debian debianwindows windows ninenines 27d ago ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values
CVE-2026-7814 medium 4.8 4.8 sles pgadmin 27d ago pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules
CVE-2026-45005 medium 6.0 6.0 openclaw 27d ago OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
CVE-2026-45003 medium 5.0 5.0 openclaw 27d ago OpenClaw: Workspace dotenv files cannot override connector endpoint hosts
CVE-2026-45002 medium 5.3 5.3 openclaw 27d ago OpenClaw: Hook mapping templates could bypass hook session-key opt-in
CVE-2026-45000 medium 5.0 5.0 openclaw 27d ago OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing…
CVE-2026-44999 medium 5.3 5.3 openclaw 27d ago OpenClaw: Isolated cron awareness events were recorded as trusted system events
CVE-2026-44998 medium 5.4 5.4 openclaw 27d ago OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restr…
CVE-2026-44997 medium 4.3 4.3 openclaw 27d ago OpenClaw's ACP child sessions inherit subagent security envelope constraints
CVE-2026-44994 medium 5.3 5.3 openclaw 27d ago OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Att…
CVE-2026-44993 medium 5.4 5.4 openclaw 27d ago OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enfo…
CVE-2026-44992 medium 5.0 5.0 openclaw 27d ago OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests
CVE-2026-44991 medium 4.2 4.2 openclaw 27d ago OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
CVE-2026-44777 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.
CVE-2026-44659 medium 4.7 4.7 27d ago Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the a…
CVE-2026-44226 medium 5.3 5.3 pyload 27d ago PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI
CVE-2026-43896 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab…
CVE-2026-43895 medium 4.4 4.4 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during mo…
CVE-2026-43894 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.…
CVE-2026-43638 medium 5.4 5.4 bitwarden 27d ago Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz…
CVE-2026-42865 medium 4.3 4.3 getinboxzero 27d ago Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated…
CVE-2026-42857 medium 5.4 5.4 openedx 27d ago Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags …
CVE-2026-42316 medium 6.5 6.5 27d ago kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k…
CVE-2026-42315 medium 6.5 6.5 pyload-ng_project 27d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_…
CVE-2026-42314 medium 6.5 6.5 pyload-ng_project 27d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ …
CVE-2026-42312 medium 6.8 6.8 pyload-ng_project 27d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
CVE-2026-41257 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator …
CVE-2026-41256 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil…
CVE-2026-41250 medium 5.7 5.7 27d ago Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.
CVE-2026-40612 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 27d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with…
CVE-2026-38569 medium 5.4 5.4 27d ago HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add.
CVE-2026-34095 medium 6.1 6.1 FIX debian debian mediawiki 27d ago Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects …
CVE-2026-34093 medium 5.3 5.3 FIX debian debian mediawiki 27d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.P…
CVE-2026-33052 medium 5.5 27d ago MantisBT Has Authorization Bypass in Global Profile Creation
CVE-2026-36906 medium 6.1 6.1 27d ago Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function
CVE-2026-31252 medium 5.7 5.7 27d ago CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load(…
CVE-2026-23411 unknown FIX slesdebian debianubuntu ubuntu google 27d ago Linux kernel (BlueField) vulnerabilities
CVE-2026-23410 unknown FIX slesdebian debianubuntu ubuntu google 27d ago Linux kernel (BlueField) vulnerabilities
CVE-2026-23405 unknown FIX slesdebian debianubuntu ubuntu google 27d ago Linux kernel (BlueField) vulnerabilities
CVE-2026-23404 unknown FIX slesdebian debianubuntu ubuntu google 27d ago Linux kernel (BlueField) vulnerabilities
CVE-2026-23403 unknown FIX slesdebian debianubuntu ubuntu google 27d ago Linux kernel (BlueField) vulnerabilities
CVE-2024-46816 unknown FIX slesdebian debianubuntu ubuntu 27d ago Linux kernel (BlueField) vulnerabilities
CVE-2024-46777 unknown FIX slesdebian debianubuntu ubuntu 27d ago Linux kernel vulnerabilities
CVE-2026-8292 medium 6.5 6.5 open5gs 27d ago A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu…
CVE-2026-8291 medium 6.5 6.5 open5gs 27d ago A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial…
CVE-2026-7820 medium 6.5 6.5 sles pgadmin 27d ago pgAdmin 4: Improper restriction of excessive authentication attempts
CVE-2026-7817 medium 6.5 6.5 sles pgadmin 27d ago pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
CVE-2026-6815 medium 5.9 6.9 EXP casbin 27d ago An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo…
CVE-2026-44201 medium 5.3 5.3 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access t…
CVE-2026-44199 medium 6.5 6.5 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav…
CVE-2026-44198 medium 4.3 4.3 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, …
CVE-2026-44197 medium 6.5 6.5 torchbox 27d ago Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis…
CVE-2026-31246 medium 6.5 6.5 27d ago GPT-Pilot contains a command injection vulnerability in the Executor.run() method
CVE-2025-65417 medium 6.1 6.1 27d ago docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.
CVE-2025-65416 medium 6.3 6.3 27d ago docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.
CVE-2025-65415 medium 5.4 5.4 27d ago docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.
CVE-2025-61310 medium 6.1 6.1 27d ago A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…