VIR Vulnerability Intelligence Relay

Search

Found 34,069 results in 1648ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-14586 critical 9.8 9.8 6mo ago A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulati…
CVE-2025-14585 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID resu…
CVE-2025-14584 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument U…
CVE-2025-14583 critical 9.8 9.8 campcodes 6mo ago A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to u…
CVE-2025-67721 unknown 6mo ago aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
CVE-2025-3586 unknown 6mo ago Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations
CVE-2025-14578 critical 9.8 9.8 angeljudesuarez 6mo ago A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID causes …
CVE-2025-14571 critical 9.8 9.8 projectworlds 6mo ago A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the arg…
CVE-2025-14570 critical 9.8 9.8 projectworlds 6mo ago A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argumen…
CVE-2025-53960 unknown 6mo ago Apache StreamPark: Use the user’s password as the secret key Vulnerability
CVE-2025-40345 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-14566 critical 9.8 9.8 kidaze 6mo ago A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php…
CVE-2025-14565 critical 9.8 9.8 kidaze 6mo ago A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. …
CVE-2025-54981 unknown 6mo ago Apache StreamPark uses a Weak Encryption Algorithm
CVE-2025-54947 unknown 6mo ago Apache StreamPark has a hard-coded encryption key
CVE-2025-26866 unknown 6mo ago Apache HugeGraph-Server: RAFT and deserialization vulnerability
CVE-2018-4063 unknown 1.5 KEV 6mo ago Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploade…
CVE-2025-14537 critical 9.8 9.8 fabian 6mo ago A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argum…
CVE-2025-14536 critical 9.8 9.8 fabian 6mo ago A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login.…
CVE-2025-14529 critical 9.8 9.8 campcodes 6mo ago A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid cau…
CVE-2025-14527 critical 9.8 9.8 projectworlds 6mo ago A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument bo…
CVE-2025-14522 critical 9.8 9.8 baowzh 6mo ago A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing …
CVE-2025-14520 critical 9.1 9.1 baowzh 6mo ago A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the a…
CVE-2025-14518 critical 9.8 9.8 powerjob 6mo ago PowerJob has a server-side request forgery vulnerability in PingPongUtils.java
CVE-2025-14515 critical 9.8 9.8 campcodes 6mo ago A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation of the argume…
CVE-2025-14514 critical 9.8 9.8 campcodes 6mo ago A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress caus…
CVE-2025-67505 unknown 6mo ago Race condition in the Okta Java SDK
CVE-2025-66033 unknown 6mo ago Improper Memory Cleanup in the Okta Java SDK
CVE-2025-67643 unknown 6mo ago Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability
CVE-2025-67642 unknown 6mo ago Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials
CVE-2025-67641 unknown 6mo ago Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability
CVE-2025-67640 unknown 6mo ago Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin
CVE-2025-67639 unknown 6mo ago Jenkins has a CSRF vulnerability on the login form
CVE-2025-67638 unknown 6mo ago Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67637 unknown 6mo ago Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67636 unknown 6mo ago Jenkins is missing a permission check on password fields
CVE-2025-67635 unknown 6mo ago Jenkins has a Denial of service vulnerability in HTTP-based CLI
CVE-2025-67713 unknown FIX debian debian 6mo ago Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like /…
CVE-2025-66628 unknown FIX debian debian sles 6mo ago ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in…
CVE-2025-66474 unknown 6mo ago XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
CVE-2025-66473 unknown 6mo ago XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis
CVE-2025-66472 unknown 6mo ago XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication
CVE-2025-8110 unknown 1.5 KEV 6mo ago Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
CVE-2025-66675 unknown 6mo ago Apache Struts has a Denial of Service vulnerability
CVE-2025-14082 unknown 6mo ago Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
CVE-2025-13955 unknown 6mo ago Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default pa…
CVE-2025-13954 unknown 6mo ago Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI
CVE-2025-14337 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /new_grade.php. This manipulation of the argument grade causes sql injection. Th…
CVE-2025-14336 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of the argument sy results in …
CVE-2025-14335 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation of the argu…
CVE-2025-14334 critical 9.8 9.8 angeljudesuarez 6mo ago A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /new_adviser.php. Executing manipulation of the argument Name can lead to sql injectio…
CVE-2025-14307 unknown debian debianubuntu ubuntu 6mo ago Robocode vulnerabilities
CVE-2025-14306 unknown debian debianubuntu ubuntu 6mo ago Robocode vulnerabilities
CVE-2025-12504 critical 9.8 9.8 6mo ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software UNIS allows SQL Injection. This issue affects UNIS: before 42321.
CVE-2025-11022 critical 9.6 9.6 6mo ago Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery.  This CSRF vulnerability resulting in Command Injection has been identified. Thi…
CVE-2025-14285 critical 9.8 9.8 code-projects 6mo ago A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_personnel.php. The manipulation of the argument per_id results in s…
CVE-2025-62221 unknown 1.5 KEV 6mo ago Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
CVE-2025-6218 unknown 1.5 KEVFIX debian debian 6mo ago RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
CVE-2025-14258 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument …
CVE-2025-14257 critical 9.8 9.8 angeljudesuarez 6mo ago A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument ID can lead to sql injection. T…
CVE-2025-14256 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql i…
CVE-2025-14251 critical 9.8 9.8 fabian 6mo ago A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin Login. Such manipulation of the arg…
CVE-2025-14250 critical 9.8 9.8 fabian 6mo ago A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user_contact.php. This manipulation of the argument Name causes sq…
CVE-2025-14249 critical 9.8 9.8 fabian 6mo ago A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id …
CVE-2025-14248 critical 9.8 9.8 fabian 6mo ago A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql inj…
CVE-2025-14247 critical 9.8 9.8 fabian 6mo ago A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument item_name …
CVE-2025-14246 critical 9.8 9.8 fabian 6mo ago A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument user_id resul…
CVE-2025-14245 critical 9.8 9.8 ideacms 6mo ago A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection.…
CVE-2025-14227 critical 9.8 9.8 philipinho 6mo ago A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation re…
CVE-2025-14226 critical 9.8 9.8 angeljudesuarez 6mo ago A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql i…
CVE-2025-14224 critical 9.8 9.8 6mo ago A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in …
CVE-2025-14223 critical 9.8 9.8 carmelo 6mo ago A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_…
CVE-2025-14218 critical 9.8 9.8 fabian 6mo ago A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argume…
CVE-2025-14217 critical 9.8 9.8 fabian 6mo ago A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. T…
CVE-2025-14216 critical 9.8 9.8 fabian 6mo ago A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql i…
CVE-2025-14215 critical 9.8 9.8 fabian 6mo ago A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. T…
CVE-2025-14212 critical 9.8 9.8 projectworlds 6mo ago A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing a manipulation of the arg…
CVE-2025-14211 critical 9.8 9.8 projectworlds 6mo ago A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing a manipulatio…
CVE-2025-14210 critical 9.8 9.8 projectworlds 6mo ago A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument u…
CVE-2025-14209 critical 9.8 9.8 campcodes 6mo ago A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the argument stud_id causes sql inj…
CVE-2025-66644 unknown 1.5 KEV 6mo ago Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
CVE-2022-37055 unknown 1.5 KEV 6mo ago D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service …
CVE-2025-14199 critical 9.8 9.8 verysync 6mo ago A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administratio…
CVE-2025-14182 critical 9.8 9.8 sobey 6mo ago A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File …
CVE-2025-40281 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-40280 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-40278 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-66623 unknown 6mo ago Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
CVE-2025-66564 unknown FIX debian debian 6mo ago Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (whi…
CVE-2025-66506 unknown FIX debian debian 6mo ago Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to str…
CVE-2025-14094 critical 9.8 9.8 6mo ago A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injecti…
CVE-2025-14093 critical 9.8 9.8 6mo ago A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os co…
CVE-2025-66573 unknown 6mo ago Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display n…
CVE-2025-66516 unknown FIX debian debianubuntu ubuntu 6mo ago Apache Tika vulnerabilities
CVE-2025-40264 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-40263 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-40262 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-40261 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-40257 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities
CVE-2025-40254 unknown FIX slesdebian debianubuntu ubuntu 6mo ago Linux kernel (Azure) vulnerabilities