VIR Vulnerability Intelligence Relay

Search

Found 49,659 results in 3394ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-7258 high 7.5 7.5 FIX slesdebian debianwindows windows php 28d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On…
CVE-2026-8224 high 7.5 7.5 open5gs 28d ago A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of …
CVE-2026-8223 high 7.5 7.5 open5gs 28d ago A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation result…
CVE-2026-8222 high 7.5 7.5 open5gs 28d ago A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such mani…
CVE-2026-8216 high 7.3 7.3 28d ago A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. …
CVE-2026-42575 high 7.5 7.5 29d ago apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)
CVE-2026-42574 high 7.5 7.5 29d ago apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root
CVE-2026-42562 high 8.3 8.3 29d ago Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/use…
CVE-2026-41893 high 7.5 7.5 signalk 29d ago Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)
CVE-2026-8192 high 8.8 8.8 29d ago A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/…
CVE-2026-8191 high 8.8 8.8 29d ago A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os …
CVE-2026-8190 high 8.8 8.8 29d ago A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwa…
CVE-2026-8189 high 8.8 8.8 29d ago A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Au…
CVE-2026-8188 high 8.8 8.8 29d ago A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/Encryp…
CVE-2026-8186 high 7.5 7.5 open5gs 29d ago A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation resul…
CVE-2026-8187 high 7.5 7.5 open5gs 29d ago A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption…
CVE-2026-3828 high 7.2 7.2 29d ago Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can e…
CVE-2026-42311 high 7.8 7.8 FIX debian debian python 29d ago Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
CVE-2026-42461 high 7.5 7.5 getarcane 29d ago Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
CVE-2026-42301 high 7.8 7.8 29d ago pyp2spec is Vulnerable to Code Injection
CVE-2026-42297 high 8.3 8.3 argoproj 29d ago Argo has Missing Authorization in its Sync ConfigMap Provider
CVE-2026-42296 high 8.1 8.1 argoproj 29d ago Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
CVE-2026-42294 high 7.5 7.5 argoproj 29d ago Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
CVE-2026-6666 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 29d ago A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVE-2026-6664 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 29d ago An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
CVE-2026-41705 high 8.6 8.6 vmware 29d ago Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs
CVE-2026-44833 high 7.1 7.1 snipeitapp 29d ago Snipe-IT has an open redirect vulnerability
CVE-2026-42452 high 8.1 8.1 29d ago Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled…
CVE-2026-42352 high 8.6 8.6 29d ago pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
CVE-2026-42351 high 7.5 7.5 29d ago pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider
CVE-2026-42345 high 7.7 7.7 29d ago FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a full…
CVE-2026-42339 high 7.1 7.1 newapi 29d ago QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0
CVE-2026-41432 high 8.2 8.2 newapi 29d ago New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud
CVE-2023-49316 high 8.0 FIX debian debian 29d ago Phpseclib needs guardrails on large binaryfield integers
CVE-2026-44567 high 7.3 7.3 openwebui 1mo ago Open WebUI has Improper Authorization Control
CVE-2026-44832 high 8.8 8.8 snipeitapp 1mo ago Snipe-IT has Privilege Escalation via API Permissions Assignment
CVE-2026-41486 high 8.8 8.8 anyscale 1mo ago Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
CVE-2026-44247 high 7.4 7.4 linuxfoundation 1mo ago Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluste…
CVE-2026-7807 high 8.8 8.8 smartertools 1mo ago SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
CVE-2026-42189 high 7.5 7.5 russh_projectwarpgate_project 1mo ago russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler
CVE-2026-44552 high 8.7 8.7 openwebui 1mo ago Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning
CVE-2026-44553 high 8.1 8.1 openwebui 1mo ago Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
CVE-2026-8178 high 8.1 8.1 aws 1mo ago Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading
CVE-2026-29203 high 8.8 8.8 1mo ago A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
CVE-2026-29202 high 8.8 8.8 1mo ago Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.
CVE-2026-29201 high 8.6 8.6 1mo ago Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
CVE-2024-27355 high 8.0 FIX debian debian 1mo ago phpseclib guardrails needed on OID length
CVE-2026-6659 high 7.5 7.5 debian debian 1mo ago Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography.
CVE-2026-44499 high 8.0 1mo ago Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning
CVE-2026-43967 high 7.5 7.5 absinthe-graphql 1mo ago Absinthe: Quadratic fragment-name uniqueness check
CVE-2026-42793 high 7.5 7.5 absinthe-graphql 1mo ago Absinthe: Unbounded atom creation from parsed directive name
CVE-2026-42353 high 8.2 8.2 1mo ago i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters
CVE-2026-41886 high 7.5 7.5 1mo ago locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor
CVE-2026-41883 high 8.1 8.1 1mo ago OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
CVE-2026-41693 high 8.2 8.2 1mo ago i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite
CVE-2026-41690 high 8.6 8.6 1mo ago i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters
CVE-2026-41683 high 8.6 8.6 1mo ago i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header
CVE-2026-34354 high 7.4 7.4 1mo ago Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directo…
CVE-2026-29975 high 7.5 7.5 1mo ago lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by o…
CVE-2026-29974 high 7.5 7.5 1mo ago An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan o…
CVE-2026-29972 high 8.2 8.2 1mo ago nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the librar…
CVE-2026-44498 high 7.5 7.5 zfnd 1mo ago Zebra's Block Validator Undercounts Coinbase and P2SH Sigops
CVE-2026-43469 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (d…
CVE-2026-43466 high 8.2 8.2 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5e_reset_txqs…
CVE-2026-43464 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when …
CVE-2026-43462 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emac_tx_mem_map() The DMA mappings were leaked on mapping error. Free them with the existing…
CVE-2026-43461 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary g…
CVE-2026-43460 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which au…
CVE-2026-43459 high 7.3 7.3 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a us…
CVE-2026-43458 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link reference in ldisc_open and ser_release A reproducer triggers a KASAN slab-use-after-free in pty_wri…
CVE-2026-43456 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KA…
CVE-2026-43454 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix for duplicate device in netdev hooks When handling NETDEV_REGISTER notification, duplicate device regis…
CVE-2026-43453 high 7.1 7.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() pipapo_drop() passes rulemap[i + 1].n to pipapo_unmap() …
CVE-2026-43452 high 8.2 8.2 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kin…
CVE-2026-43450 high 7.1 7.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() nfnl_cthelper_dump_table() has a 'goto restart' that ju…
CVE-2026-43449 high 7.1 7.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set dev->online_queues is a count incremented in nvme_init_queue. Thus, valid indi…
CVE-2026-43447 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cach…
CVE-2026-43442 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops When IORING_SETUP_SQE_MIXED is used without IORING_SETUP_NO_SQ…
CVE-2026-43441 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is n…
CVE-2026-43440 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL afte…
CVE-2026-43438 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy …
CVE-2026-43437 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reas…
CVE-2026-43434 high 7.8 7.8 FIX debian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rust_binder: check ownership before using vma When installing missing pages (or zapping them), Rust Binder will look up the vma i…
CVE-2026-43433 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rust_binder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into …
CVE-2026-43427 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-o…
CVE-2026-43426 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the …
CVE-2026-43408 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing ceph_path_info initializers ceph_mdsc_build_path() must be called with a zero-initialized ceph_path_…
CVE-2026-43405 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in ceph_monmap_decode() This patch fixes unnecessary implicit conversions that change si…
CVE-2026-43403 high 8.8 8.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other priv…
CVE-2026-43391 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privilege…
CVE-2026-43388 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to the caller-provided …
CVE-2026-43386 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie The current code checks 'i + 5 < in_len' at the end o…
CVE-2026-43385 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: Fix rcu_tasks stall in threaded busypoll I was debugging a NIC driver when I noticed that when I enable threaded busypoll, b…
CVE-2026-43380 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read The q54sj108a2_debugfs_read function suffers from a stack buffer ove…
CVE-2026-43378 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced afte…
CVE-2026-43377 high 8.1 8.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signin…
CVE-2026-43374 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() publis…
CVE-2026-43373 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting…
CVE-2026-43370 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race w…
CVE-2026-43368 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more…