VIR Vulnerability Intelligence Relay

Search

Found 33,080 results in 2524ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42440 high 7.5 7.5 FIX debian debian apache 1mo ago OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOut…
CVE-2026-42375 high 8.8 8.8 1mo ago D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
CVE-2026-42374 high 8.8 8.8 1mo ago D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
CVE-2026-42373 high 8.8 8.8 1mo ago D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
CVE-2026-42372 high 8.8 8.8 1mo ago D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
CVE-2026-42079 high 8.6 8.6 1mo ago PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
CVE-2026-42075 high 8.1 8.1 1mo ago Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
CVE-2026-37461 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-29514 high 8.8 8.8 1mo ago NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or con…
CVE-2026-25266 high 7.8 7.8 1mo ago Memory corruption while processing IOCTL command when device is in power-save state.
CVE-2026-24082 high 7.8 7.8 1mo ago Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
CVE-2025-47408 high 7.8 7.8 1mo ago Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
CVE-2025-47407 high 7.0 7.0 1mo ago Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVE-2025-47405 high 7.8 7.8 1mo ago Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
CVE-2025-47404 high 7.8 7.8 1mo ago Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
CVE-2025-47403 high 7.5 7.5 1mo ago Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
CVE-2025-47401 high 7.5 7.5 1mo ago Transient DOS when processing target power rate tables during channel configuration.
CVE-2026-40563 high 8.1 8.1 apache 1mo ago Apache Atlas has a Code Injection Vulnerability
CVE-2026-36365 high 7.8 7.8 1mo ago An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep function…
CVE-2026-29169 high 7.5 7.5 FIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-6266 high 8.3 8.3 1mo ago A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on emai…
CVE-2025-70069 high 7.5 7.5 debian debian sles 1mo ago An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
CVE-2026-34059 high 7.5 7.5 FIX debian debian rhel sles apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-24072 high 8.8 8.8 FIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2025-58074 high 8.8 8.8 1mo ago A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res…
CVE-2026-3120 high 7.2 7.2 1mo ago Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue aff…
CVE-2026-7750 high 8.8 8.8 1mo ago A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The …
CVE-2026-7749 high 8.8 8.8 1mo ago A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manip…
CVE-2026-7748 high 8.8 8.8 1mo ago A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executin…
CVE-2026-33846 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago GnuTLS vulnerabilities
CVE-2026-7740 low 3.3 3.3 1mo ago A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id…
CVE-2026-7739 low 3.3 3.3 1mo ago A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation …
CVE-2026-7737 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7736 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-43864 low 2.5 2.5 slesdebian debian 1mo ago mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
CVE-2026-43863 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
CVE-2026-43862 low 3.7 3.7 slesdebian debian 1mo ago In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
CVE-2026-43861 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 does not check for '\0' in url_pct_decode.
CVE-2026-43860 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
CVE-2026-43859 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
CVE-2026-29199 high 8.1 8.1 phpbb 1mo ago phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host …
CVE-2026-7733 high 7.3 7.3 1mo ago Funadmin has an Improper Access Control Issue
CVE-2026-7735 high 7.3 7.3 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7734 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7727 high 7.3 7.3 1mo ago A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/…
CVE-2026-7723 high 7.3 7.3 1mo ago Prefect Unauthenticated Event Injection via /api/events/in WebSocket
CVE-2026-7717 high 8.8 8.8 1mo ago A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Execu…
CVE-2026-42365 high 7.5 7.5 1mo ago A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. …
CVE-2026-42364 high 8.8 8.8 1mo ago An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An…
CVE-2026-7711 high 7.3 7.3 1mo ago MindsDB has an Improper Access Control Issue
CVE-2026-7710 high 7.3 7.3 1mo ago A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Perform…
CVE-2026-42246 high 7.4 7.4 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to STARTTLS stripping via invalid response timing
CVE-2026-42245 high 7.5 7.5 slesdebian debian ruby-lang 1mo ago net-imap has quadratic complexity when reading response literals
CVE-2026-35414 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-35388 high 8.0 FIX rhel slesdebian debian 1mo ago OpenSSH vulnerabilities
CVE-2026-35387 high 8.0 FIX rhel slesdebian debian 1mo ago OpenSSH vulnerabilities
CVE-2026-35386 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-35385 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-31431 high 7.8 10.0 KEVEXPFIX rhelarch arch sles redhatsusearista 1mo ago kmod update
CVE-2026-24660 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-23270 high 7.8 7.8 FIX rhel sles rocky 1mo ago Important: kernel security update
CVE-2026-23136 high 8.0 FIX rhel slesdebian debian 1mo ago Linux kernel vulnerabilities
CVE-2026-20889 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-7703 high 7.3 7.3 1mo ago A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be i…
CVE-2026-7698 high 7.3 7.3 1mo ago A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo.…
CVE-2026-7695 high 7.3 7.3 1mo ago A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinA…
CVE-2026-7689 low 3.7 3.7 1mo ago Dolibarr has Insufficient Verification of Data Authenticity
CVE-2026-7694 high 7.3 7.3 1mo ago A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMi…
CVE-2026-7685 high 8.8 8.8 1mo ago A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer ove…
CVE-2026-7684 high 8.8 8.8 1mo ago A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffe…
CVE-2026-5063 high 7.2 7.2 1mo ago The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to,…
CVE-2026-7679 high 7.3 7.3 1mo ago A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/servi…
CVE-2026-7677 low 3.5 3.5 1mo ago A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic…
CVE-2026-7675 high 8.8 8.8 1mo ago A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid l…
CVE-2026-7674 high 8.8 8.8 1mo ago A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation…
CVE-2026-7671 low 3.7 3.7 1mo ago A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restr…
CVE-2026-7670 high 7.3 7.3 1mo ago A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql inje…
CVE-2026-7668 high 7.3 7.3 1mo ago A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulatio…
CVE-2026-7644 high 7.3 7.3 1mo ago A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote …
CVE-2026-7632 high 7.3 7.3 1mo ago A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid cause…
CVE-2026-7630 high 7.3 7.3 1mo ago A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of …
CVE-2026-2554 high 8.1 8.1 1mo ago The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl…
CVE-2026-6320 high 7.5 7.5 1mo ago The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker…
CVE-2026-4100 high 7.1 7.1 1mo ago The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to mis…
CVE-2026-4062 high 7.5 7.5 1mo ago The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to in…
CVE-2026-4061 high 7.5 7.5 1mo ago The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook …
CVE-2026-4060 high 7.5 7.5 1mo ago The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user …
CVE-2026-7611 high 8.1 8.1 1mo ago A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a…
CVE-2026-7610 high 8.1 8.1 1mo ago A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi…
CVE-2026-7609 high 8.8 8.8 1mo ago A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation cause…
CVE-2026-7491 high 8.1 8.1 1mo ago School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.
CVE-2026-7490 high 7.2 7.2 sun.net 1mo ago CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
CVE-2026-7489 high 8.8 8.8 sun.net 1mo ago CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2026-7608 high 8.0 8.0 1mo ago A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public a…
CVE-2026-5324 high 7.2 7.2 1mo ago The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v…
CVE-2026-7649 high 7.5 7.5 1mo ago The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in al…
CVE-2026-7607 high 8.8 8.8 1mo ago A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads t…
CVE-2026-7606 high 8.1 8.1 1mo ago A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of …
CVE-2026-6229 high 7.2 7.2 1mo ago The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs i…