VIR Vulnerability Intelligence Relay

Search

Found 62,680 results in 2270ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-14870 high 7.5 7.5 gitlab 24d ago GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause …
CVE-2025-14869 high 7.5 7.5 gitlab 24d ago GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause …
CVE-2026-46446 high 7.1 7.1 FIX debian debian 24d ago SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
CVE-2026-46445 high 7.1 7.1 FIX debian debian 24d ago SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-46419 high 7.5 7.5 25d ago Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.
CVE-2026-8500 critical 9.8 9.8 25d ago Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o…
CVE-2026-32991 high 7.1 7.1 25d ago Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.
CVE-2026-29206 high 8.1 8.1 25d ago Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.
CVE-2026-45158 critical 9.1 9.1 opnsense 25d ago OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell scrip…
CVE-2026-44478 high 7.5 7.5 25d ago hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingComplete…
CVE-2026-44471 high 7.8 7.8 FIX debian debian gitoxidelabs 25d ago gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int…
CVE-2026-44447 high 7.5 7.5 frappe 25d ago ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious…
CVE-2026-44446 high 7.5 7.5 frappe 25d ago ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would all…
CVE-2026-44442 critical 9.9 9.9 frappe 25d ago ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permi…
CVE-2026-44194 critical 9.1 9.1 opnsense 25d ago OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileg…
CVE-2026-44193 critical 9.1 9.1 opnsense 25d ago OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. T…
CVE-2026-42463 high 8.1 8.1 fit2cloud 25d ago SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass …
CVE-2026-32993 high 8.3 8.3 25d ago Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.
CVE-2026-32992 high 8.2 8.2 25d ago SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
CVE-2026-29205 high 8.6 8.6 25d ago Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
CVE-2026-8328 unknown slesdebian debianwindows windows 25d ago The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpee…
CVE-2026-45714 critical 9.1 9.1 25d ago CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Inv…
CVE-2026-45708 high 7.2 7.2 25d ago CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. The next time any admin clicks Print on any order,…
CVE-2026-45229 high 8.8 8.8 25d ago Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui…
CVE-2026-45055 high 8.1 8.1 25d ago CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded …
CVE-2026-45053 critical 9.1 9.1 25d ago CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The end…
CVE-2026-44380 high 7.2 7.2 misp 25d ago MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organ…
CVE-2026-44377 critical 9.1 9.1 25d ago CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and …
CVE-2026-42602 high 8.1 8.1 opentelemetry 25d ago azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke…
CVE-2026-42561 high 7.5 7.5 slesdebian debian 25d ago Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data…
CVE-2026-42304 high 7.5 7.5 FIX slesdebian debianwindows windows twisted 25d ago Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exha…
CVE-2026-39358 high 7.2 7.2 25d ago CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters (sort[price], sort_activity, sort_ad…
CVE-2026-21821 high 8.3 8.3 25d ago The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expo…
CVE-2025-27853 high 7.3 7.3 garmin 25d ago The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser…
CVE-2025-27851 critical 9.3 9.3 garmin 25d ago The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including…
CVE-2025-27850 high 7.5 7.5 garmin 25d ago The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links…
CVE-2026-44364 critical 9.5 25d ago misp-modules website - Missing CSRF protection in the website home blueprint
CVE-2026-44351 critical 9.1 9.1 25d ago fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver
CVE-2026-33377 high 7.1 7.1 sles grafana 25d ago An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.
CVE-2026-33376 high 7.4 7.4 sles grafana 25d ago When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128…
CVE-2026-8466 high 8.0 debian debianwindows windows 25d ago Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
CVE-2026-44248 high 7.5 7.5 slesdebian debian netty 25d ago Netty MQTT: Resource exhaustion in MqttDecoder
CVE-2026-43970 high 8.0 debian debianwindows windows 25d ago Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib…
CVE-2026-42587 high 7.5 7.5 slesdebian debian nettygoogle 25d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
CVE-2026-42586 high 7.1 7.1 slesdebian debian netty 25d ago Netty Redis Codec Encoder has a CRLF Injection Issue
CVE-2026-42585 high 7.5 7.5 slesdebian debian netty 25d ago Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
CVE-2026-42584 critical 9.1 9.1 slesdebian debian netty 25d ago Netty has HttpClientCodec response desynchronization
CVE-2026-42583 high 7.5 7.5 slesdebian debian netty 25d ago Netty Lz4FrameDecoder is vulnerable to resource exhaustion
CVE-2026-42582 high 7.5 7.5 slesdebian debian netty 25d ago Netty HTTP/3 QPACK literal unbounded allocation
CVE-2026-42581 critical 9.8 9.8 slesdebian debian netty 25d ago Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
CVE-2026-42579 critical 9.1 9.1 slesdebian debian netty 25d ago Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
CVE-2026-42578 high 7.5 7.5 slesdebian debian netty 25d ago Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
CVE-2026-42577 high 7.5 7.5 debian debian netty 25d ago Netty epoll transport denial of service via RST on half-closed TCP connection
CVE-2026-42032 critical 9.1 9.1 okfn 25d ago CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
CVE-2026-42031 critical 9.8 9.8 okfn 25d ago CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
CVE-2026-41132 high 7.4 7.4 okfn 25d ago CKAN has no certificate validation on STMP connection
CVE-2026-33583 high 8.7 8.7 25d ago Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Ag…
CVE-2026-30906 high 7.8 7.8 zoom 25d ago Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2026-30905 high 7.8 7.8 zoom 25d ago External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via loca…
CVE-2026-0257 critical 9.1 10.0 KEV paloaltonetworks 25d ago Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
CVE-2026-45411 critical 9.8 9.8 vm2_project 25d ago vm2 Has a Sandbox Breakout Using Async Generator
CVE-2026-45109 high 7.5 7.5 vercel 25d ago Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
CVE-2026-44579 high 7.5 7.5 vercel 25d ago Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
CVE-2026-44578 high 8.6 8.6 vercel 25d ago Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades
CVE-2026-44009 critical 9.8 9.8 vm2_project 25d ago vm2 has Sandbox Breakout Through Null Proto Exception
CVE-2026-44008 critical 9.8 9.8 vm2_project 25d ago vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`
CVE-2026-44007 critical 9.1 9.1 vm2_project 25d ago vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
CVE-2026-44006 critical 10.0 10.0 vm2_project 25d ago vm2 has a Sandbox Escape Vulnerability
CVE-2026-44005 critical 10.0 10.0 vm2_project 25d ago vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
CVE-2026-44004 high 7.5 7.5 vm2_project 25d ago vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion
CVE-2026-44001 high 8.6 8.6 vm2_project 25d ago vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
CVE-2026-44000 high 7.2 7.2 vm2_project 25d ago vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary
CVE-2026-43999 critical 9.9 9.9 vm2_project 25d ago vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape
CVE-2026-43998 high 8.5 8.5 vm2_project 25d ago vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
CVE-2026-43997 critical 10.0 10.0 vm2_project 25d ago vm2 Access to Host Object Enables Sandbox Escape
CVE-2026-44575 high 7.5 7.5 vercel 25d ago Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
CVE-2026-44574 high 8.1 8.1 vercel 25d ago Next.js has a Middleware / Proxy bypass through dynamic route parameter injection
CVE-2026-44573 high 7.5 7.5 vercel 25d ago Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
CVE-2026-6282 high 8.1 8.1 25d ago A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to ot…
CVE-2026-6281 high 8.8 8.8 25d ago A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.
CVE-2026-45740 high 7.5 7.5 protobufjs_project 25d ago protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
CVE-2026-45033 high 7.8 7.8 github 25d ago GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git r…
CVE-2026-44470 high 7.8 7.8 anthropic 25d ago The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Window…
CVE-2026-44432 high 7.5 7.5 FIX slesdebian debian python 25d ago urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
CVE-2026-44295 high 8.7 8.7 protobufjs_project 25d ago protobuf.js: Code injection in pbjs static output from crafted schema names
CVE-2026-44293 high 8.8 8.8 protobufjs_project 25d ago protobuf.js: Code injection through bytes field defaults in generated toObject code
CVE-2026-44291 high 8.1 8.1 protobufjs_project 25d ago protobuf.js: Code generation gadget after prototype pollution
CVE-2026-44290 high 7.5 7.5 protobufjs_project 25d ago protobuf.js: Process-wide denial of service through unsafe option paths
CVE-2026-44289 high 7.5 7.5 protobufjs_project 25d ago protobuf.js: Denial of service through unbounded protobuf recursion
CVE-2026-43489 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av…
CVE-2026-43488 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA…
CVE-2026-43487 unknown FIX slesdebian debian google 25d ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau…
CVE-2026-43486 unknown FIX slesdebian debian google 25d ago In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep…
CVE-2026-43485 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j…
CVE-2026-43484 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre…
CVE-2026-43483 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d…
CVE-2026-43482 unknown FIX slesdebian debian google 25d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which …
CVE-2026-43481 high 7.8 7.8 FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() con…
CVE-2026-43480 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r…
CVE-2026-43479 unknown FIX slesdebian debian 25d ago In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.…