VIR Vulnerability Intelligence Relay

Search

Found 33,080 results in 1549ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42860 high 8.5 8.5 openedx 1mo ago edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint
CVE-2026-7847 low 2.6 2.6 1mo ago Langchain-Chatchat Uses Insufficiently Random Values
CVE-2026-25589 high 8.8 8.8 sleswindows windows redisbloom 1mo ago RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTOR…
CVE-2026-25588 high 8.8 8.8 sleswindows windows redistimeseries 1mo ago RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE comma…
CVE-2026-25243 high 8.8 8.8 slesdebian debianwindows windows redis 1mo ago RHSA-2026:23229: redis security update (Important)
CVE-2026-23631 high 8.1 8.1 slesdebian debianwindows windows redis 1mo ago Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft…
CVE-2026-23479 high 8.8 8.8 slesdebian debianwindows windows redis 1mo ago Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blo…
CVE-2026-40110 high 7.3 7.3 debian debian jupyter 1mo ago Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)
CVE-2026-35397 high 8.8 8.8 debian debian jupyter 1mo ago Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories
CVE-2026-7846 low 2.6 2.6 1mo ago Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
CVE-2026-7845 low 2.6 2.6 1mo ago Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
CVE-2026-7412 high 8.6 8.6 1mo ago Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery
CVE-2026-43070 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPF_END value tracking When a register undergoes a BPF_END (byte swap) operation, its scalar value is …
CVE-2026-43063 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they ret…
CVE-2026-43062 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() l2cap_ecred_reconf_rsp() casts the incoming data to struct l2cap…
CVE-2026-43060 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates th…
CVE-2026-43059 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAF…
CVE-2026-32689 high 8.0 sles 1mo ago Phoenix: Long-poll NDJSON body splitting causes large memory allocation
CVE-2026-31196 high 8.8 8.8 1mo ago The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing aut…
CVE-2026-31195 high 8.8 8.8 1mo ago The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authentic…
CVE-2025-66369 high 7.5 7.5 1mo ago An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem…
CVE-2026-4304 high 7.5 7.5 1mo ago The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied …
CVE-2026-36355 high 7.7 8.7 EXP 1mo ago The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct…
CVE-2026-29168 high 7.3 7.3 FIX debian debian sleswindows windows apache 1mo ago Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users a…
CVE-2026-7833 high 7.2 7.2 1mo ago A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulatio…
CVE-2026-7832 high 7.0 7.0 1mo ago A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attackin…
CVE-2026-6918 high 7.5 7.5 sles eclipse 1mo ago In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.
CVE-2026-6261 high 8.8 8.8 1mo ago The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled…
CVE-2026-43573 high 7.7 7.7 openclaw 1mo ago OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
CVE-2026-43571 high 8.8 8.8 openclaw 1mo ago OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
CVE-2026-43569 high 8.8 8.8 openclaw 1mo ago OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
CVE-2026-43535 high 8.1 8.1 openclaw 1mo ago OpenClaw: Collect-mode queue batches could reuse the last sender authorization context
CVE-2026-43533 high 8.6 8.6 openclaw 1mo ago OpenClaw: QQBot media tags could read arbitrary local files through reply text
CVE-2026-43532 high 7.7 7.7 openclaw 1mo ago OpenClaw: Discord event cover images bypassed sandbox media normalization
CVE-2026-43531 high 8.8 8.8 openclaw 1mo ago OpenClaw: Workspace .env could inject OpenClaw runtime-control variables
CVE-2026-43530 high 8.8 8.8 openclaw 1mo ago OpenClaw: busybox and toybox applet execution weakened exec approval binding
CVE-2026-43529 low 2.5 2.5 openclaw 1mo ago OpenClaw: TOCTOU read in exec script preflight
CVE-2026-43527 high 7.7 7.7 openclaw 1mo ago OpenClaw: Browser SSRF policy default allowed private-network navigation
CVE-2026-42439 high 8.5 8.5 openclaw 1mo ago OpenClaw: Browser tabs action select and close routes bypassed SSRF policy
CVE-2026-42438 high 7.7 7.7 openclaw 1mo ago OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure
CVE-2026-42437 high 7.5 7.5 1mo ago OpenClaw: Voice-call realtime WebSocket accepted oversized frames
CVE-2026-42436 high 7.7 7.7 1mo ago OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
CVE-2026-42435 high 8.8 8.8 1mo ago OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms
CVE-2026-42434 high 8.8 8.8 1mo ago OpenClaw: Sandboxed agents could escape exec routing via host=node override
CVE-2023-54348 high 8.8 8.8 1mo ago ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the …
CVE-2023-54347 high 7.5 7.5 open-emr 1mo ago OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers c…
CVE-2023-54346 high 7.5 7.5 1mo ago WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file path…
CVE-2023-54345 high 8.8 8.8 frappe 1mo ago Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame intr…
CVE-2026-6322 high 7.5 7.5 FIX debian debian openjsf 1mo ago fast-uri vulnerable to host confusion via percent-encoded authority delimiters
CVE-2026-43870 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption
CVE-2026-3359 high 7.5 7.5 1mo ago The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due…
CVE-2026-43869 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
CVE-2026-6180 high 8.1 8.1 papercut 1mo ago A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co…
CVE-2026-5192 high 7.5 7.5 1mo ago The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path…
CVE-2026-7812 high 7.3 7.3 1mo ago A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP…
CVE-2026-7811 high 7.3 7.3 1mo ago A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component…
CVE-2026-7810 high 7.3 7.3 1mo ago A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. …
CVE-2026-4803 high 7.2 7.2 1mo ago The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and inclu…
CVE-2026-3456 high 7.5 7.5 1mo ago The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1…
CVE-2026-35228 high 8.7 8.7 1mo ago Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulner…
CVE-2026-5100 high 7.5 7.5 1mo ago The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplie…
CVE-2026-44028 high 7.5 7.5 FIX slesdebian debian 1mo ago An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
CVE-2026-7788 high 7.3 7.3 1mo ago A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_documen…
CVE-2026-7785 high 7.3 7.3 1mo ago A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file…
CVE-2026-7784 high 7.3 7.3 1mo ago A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipula…
CVE-2026-35092 high 7.5 7.5 FIX rheldebian debian sles corosyncredhat 1mo ago A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) pac…
CVE-2026-35091 high 8.2 8.2 FIX rheldebian debian sles corosyncredhat 1mo ago A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User…
CVE-2026-27858 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeated…
CVE-2026-27857 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer t…
CVE-2026-26007 high 8.0 FIX rhel sles rocky 1mo ago RHSA-2026:12176: fence-agents security update (Important)
CVE-2026-25679 high 8.0 FIX rocky rheldebian debian google 1mo ago Important: image-builder security update
CVE-2025-68724 high 8.0 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential inte…
CVE-2025-59032 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access t…
CVE-2025-40252 high 8.0 FIX slesdebian debian rhel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede…
CVE-2026-7791 high 7.8 7.8 aws 1mo ago Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to …
CVE-2026-7776 high 7.5 7.5 1mo ago Hashicorp Boundary workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes
CVE-2026-38751 high 7.2 7.2 devcode 1mo ago OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)
CVE-2026-42606 high 8.8 8.8 azuracast 1mo ago AzuraCast has Password Reset Poisoning via Untrusted X-Forwarded-Host Header that Leads to Account Takeover and 2FA Bypass
CVE-2026-42605 high 8.8 8.8 azuracast 1mo ago AzuraCast has Path Traversal in `currentDirectory` Parameter that Enables Remote Code Execution via Media Upload
CVE-2026-7768 high 7.5 7.5 fastify 1mo ago @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
CVE-2026-6321 high 7.5 7.5 FIX slesdebian debian openjsf 1mo ago fast-uri vulnerable to path traversal via percent-encoded dot segments
CVE-2025-67796 high 8.1 8.1 1mo ago IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users
CVE-2026-43964 high 7.5 7.5 FIX slesdebian debianwindows windows postfix 1mo ago Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
CVE-2026-42237 high 8.8 8.8 n8n 1mo ago n8n has SQL Injection in Snowflake and MySQL Nodes
CVE-2026-42236 high 7.5 7.5 n8n 1mo ago n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
CVE-2026-42234 high 8.8 8.8 n8n 1mo ago n8n has a Python Task Runner Sandbox Escape Vulnerability
CVE-2026-42232 high 8.8 8.8 n8n 1mo ago n8n has XML Node Prototype Pollution that to RCE
CVE-2026-42231 high 8.8 8.8 n8n 1mo ago n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
CVE-2026-42229 high 8.8 8.8 n8n 1mo ago n8n has SQL Injection in SeaTable Node
CVE-2026-42226 high 7.5 7.5 n8n 1mo ago n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay
CVE-2026-42154 high 7.5 7.5 slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
CVE-2026-42151 high 7.5 7.5 FIX slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
CVE-2026-25863 high 7.5 7.5 1mo ago Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fiel…
CVE-2026-43616 high 7.8 7.8 horsicq 1mo ago Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
CVE-2026-42088 high 8.1 8.1 openc3 1mo ago OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py…
CVE-2026-41471 high 7.5 7.5 1mo ago The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enu…
CVE-2026-37459 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CVE-2026-32834 high 7.5 7.5 1mo ago Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote …
CVE-2026-29004 high 8.1 8.1 debian debian sles 1mo ago BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attac…
CVE-2026-0073 high 8.8 8.8 1mo ago In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as…