VIR Vulnerability Intelligence Relay

Search

Found 33,996 results in 1622ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-12194 unknown debian debian sles 8mo ago Bouncy Castle Vulnerable to Uncontrolled Resource Consumption
CVE-2025-40022 unknown FIX slesdebian debian 8mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in …
CVE-2025-11253 critical 9.8 9.8 8mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection. This issue affects Netty ERP: before V.1.1…
CVE-2025-62254 unknown 8mo ago Liferay Portal ComboServlet denial of service via large file combination
CVE-2025-59287 unknown 2.5 KEVEXP 8mo ago Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
CVE-2025-62255 unknown 8mo ago Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page
CVE-2025-60837 unknown 8mo ago MCMS reflected cross-site scripting (XSS) vulnerability
CVE-2025-62256 unknown 8mo ago Liferay Portal and DXP do not properly restrict access to OpenAPI
CVE-2025-12110 unknown 8mo ago Keycloak does not invalidate offline sessions when the offline_access scope is removed
CVE-2025-11429 unknown 8mo ago Keycloak does not invalidate sessions when "Remember Me" is disabled
CVE-2025-11023 critical 9.8 9.8 8mo ago Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software a…
CVE-2025-62247 unknown 8mo ago Liferay Portal and DXP are Missing Authorization in Collection Provider
CVE-2025-62248 unknown 8mo ago Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS)
CVE-2025-62710 unknown 8mo ago Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
CVE-2025-11966 unknown 8mo ago Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names
CVE-2025-11965 unknown 8mo ago Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories
CVE-2025-62023 critical 9.0 9.0 8mo ago Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.
CVE-2025-59557 critical 9.3 9.3 8mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from…
CVE-2025-59007 critical 9.8 9.8 8mo ago Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elem…
CVE-2025-58963 critical 10.0 10.0 8mo ago Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9.
CVE-2025-49931 critical 9.3 9.3 8mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a…
CVE-2025-49915 critical 9.3 9.3 8mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS A…
CVE-2025-49380 critical 9.8 9.8 8mo ago Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: fr…
CVE-2025-61932 unknown 1.5 KEV 8mo ago Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packet…
CVE-2025-62249 unknown 8mo ago Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget
CVE-2025-62250 unknown 8mo ago Liferay Portal fails to verify messages from the cluster network is trusted
CVE-2025-57738 unknown 8mo ago Apache Syncope allows malicious administrators to inject Groovy code
CVE-2025-61884 unknown 1.5 KEV 8mo ago Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
CVE-2025-33073 unknown 2.5 KEVEXP 8mo ago Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the …
CVE-2025-2747 unknown 1.5 KEV 8mo ago Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
CVE-2025-2746 unknown 1.5 KEV 8mo ago Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
CVE-2025-11943 critical 9.8 9.8 8mo ago A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default cred…
CVE-2025-11942 critical 9.8 9.8 8mo ago A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the a…
CVE-2025-47410 unknown 8mo ago Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system
CVE-2025-56316 unknown 8mo ago MCMS vulnerable SQL injection via the content_title parameter
CVE-2025-34281 unknown 8mo ago ThingsBoard vulnerable to stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature
CVE-2025-10044 unknown 8mo ago Keycloak error_description injection on error pages that can trigger phishing attacks
CVE-2025-11849 critical 9.3 9.3 8mo ago Mammoth is vulnerable to Directory Traversal
CVE-2025-41254 unknown debian debian 8mo ago Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
CVE-2025-41253 unknown 8mo ago Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
CVE-2025-62371 unknown 8mo ago OpenSearch Data Prepper plugins trust all SSL certificates by default
CVE-2025-59419 unknown FIX slesdebian debian 8mo ago Netty has SMTP Command Injection Vulnerability that Allows Email Forgery
CVE-2025-55039 unknown 8mo ago Apache Spark has Inadequate Encryption Strength
CVE-2025-39997 unknown FIX slesdebian debian 8mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer pro…
CVE-2025-39977 unknown FIX slesdebian debian 8mo ago In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 …
CVE-2025-54253 unknown 1.5 KEV 8mo ago Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
CVE-2025-59250 unknown 8mo ago JDBC Driver for SQL Server has improper input validation issue
CVE-2025-11736 critical 9.8 9.8 angeljudesuarez 8mo ago A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql…
CVE-2024-44088 unknown 8mo ago Apache Geode web-api is vulnerable to Cross-site Scripting
CVE-2025-10610 critical 9.8 9.8 8mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL In…
CVE-2025-62251 unknown 8mo ago Liferay has Incorrect Permission Assignment for Critical Resource
CVE-2025-59230 unknown 1.5 KEV 8mo ago Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.
CVE-2025-47827 unknown 1.5 KEV 8mo ago IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a cr…
CVE-2025-24990 unknown 1.5 KEV 8mo ago Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain…
CVE-2016-7836 unknown 1.5 KEV 8mo ago SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console progra…
CVE-2025-62252 unknown 8mo ago Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2025-62246 unknown 8mo ago Liferay Mentions Web is Vulnerable to Cross-site Scripting
CVE-2025-62242 unknown 8mo ago Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2025-62241 unknown 8mo ago Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2025-62244 unknown 8mo ago Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2025-62243 unknown 8mo ago Liferay Publications is vulnerable to Incorrect Authorization
CVE-2025-6919 critical 9.8 9.8 8mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allo…
CVE-2025-11664 critical 9.8 9.8 campcodes 8mo ago A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipul…
CVE-2025-11662 critical 9.8 9.8 mayurik 8mo ago A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in s…
CVE-2025-11661 critical 9.8 9.8 oranbyte 8mo ago A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing auth…
CVE-2025-11660 critical 9.8 9.8 oranbyte 8mo ago A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets…
CVE-2025-11659 critical 9.8 9.8 oranbyte 8mo ago A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/up…
CVE-2025-11658 critical 9.8 9.8 oranbyte 8mo ago A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. Th…
CVE-2025-11657 critical 9.8 9.8 oranbyte 8mo ago A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createN…
CVE-2025-11656 critical 9.8 9.8 oranbyte 8mo ago A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Exec…
CVE-2025-11631 critical 9.1 9.1 docsys_project 8mo ago A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path …
CVE-2025-11630 critical 9.8 9.8 docsys_project 8mo ago A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument …
CVE-2025-11629 critical 9.8 9.8 docsys_project 8mo ago A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to …
CVE-2025-11615 critical 9.8 9.8 mayurik 8mo ago A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument Servic…
CVE-2025-11614 critical 9.8 9.8 mayurik 8mo ago A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of t…
CVE-2025-11608 critical 9.8 9.8 fabian 8mo ago A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation …
CVE-2025-11604 critical 9.8 9.8 projectworlds 8mo ago A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status cause…
CVE-2025-11601 critical 9.8 9.8 oretnom23 8mo ago A vulnerability was detected in SourceCodester Online Student Result System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing manipulation of the argu…
CVE-2025-11599 critical 9.8 9.8 campcodes 8mo ago A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email …
CVE-2025-11597 critical 9.8 9.8 fabian 8mo ago A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id le…
CVE-2025-11596 critical 9.8 9.8 fabian 8mo ago A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument…
CVE-2025-11595 critical 9.8 9.8 campcodes 8mo ago A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing a manipulation of the argument mobile…
CVE-2025-62706 unknown FIX slesdebian debian 8mo ago Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can exp…
CVE-2025-62245 unknown 8mo ago Liferay Portal is vulnerable to CSRF through publication comments
CVE-2025-11581 unknown 8mo ago PowerJob OpenAPIController is missing authorization
CVE-2025-11585 critical 9.8 9.8 fabian 8mo ago A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql in…
CVE-2025-11584 critical 9.8 9.8 fabian 8mo ago A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecializatio…
CVE-2025-61920 unknown FIX slesdebian debian 8mo ago Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote atta…
CVE-2025-11583 critical 9.8 9.8 fabian 8mo ago A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injectio…
CVE-2025-11582 critical 9.8 9.8 fabian 8mo ago A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtuserna…
CVE-2025-11580 unknown 8mo ago PowerJob has Missing Authorization in its /user/list file
CVE-2025-62239 unknown 8mo ago Liferay Portal is vulnerable to XSS through its workflow process builder
CVE-2025-62238 unknown 8mo ago Liferay Portal's Membership page is vulnerable to XSS through “name“ text field
CVE-2025-62237 unknown 8mo ago Liferay Portal Commerce is vulnerable to XSS through account "name" field
CVE-2025-11579 unknown FIX debian debian sles 8mo ago github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause …
CVE-2025-37727 unknown 8mo ago Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
CVE-2025-30001 unknown 8mo ago Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability
CVE-2025-62240 unknown 8mo ago Liferay Portal is vulnerable to XSS through its Calendar Events parameters
CVE-2025-11558 critical 9.8 9.8 fabian 8mo ago A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in …
CVE-2025-11557 critical 9.8 9.8 projectworlds 8mo ago A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads…