VIR Vulnerability Intelligence Relay

Search

Found 1,383 results in 116ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-10611 unknown 2d ago An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=t…
CVE-2025-69369 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racqu…
CVE-2025-68886 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Coo…
CVE-2025-58897 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fer…
CVE-2025-58707 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: fr…
CVE-2019-25719 high 8.6 8.6 2d ago Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow netwo…
CVE-2019-25717 medium 4.3 4.3 2d ago Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection…
CVE-2026-8993 medium 6.5 6.5 2d ago D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate fu…
CVE-2026-39551 high 8.1 8.1 2d ago Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
CVE-2026-39550 high 8.1 8.1 2d ago Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
CVE-2026-42685 high 7.1 7.1 2d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5…
CVE-2026-42670 high 7.5 7.5 2d ago Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Fi…
CVE-2026-42669 high 7.5 7.5 2d ago Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.
CVE-2025-58705 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti…
CVE-2025-58024 high 7.5 7.5 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affec…
CVE-2026-5422 high 8.1 8.1 debian debian jupyter 2d ago A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.…
CVE-2026-5191 medium 5.4 5.4 2d ago The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insu…
CVE-2026-46718 medium 6.5 6.5 apache 2d ago Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended …
CVE-2026-41115 medium 4.3 4.3 apache 2d ago An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead…
CVE-2026-34907 unknown 2d ago Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScr…
CVE-2026-34906 unknown 2d ago Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter…
CVE-2026-10549 unknown 2d ago LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th…
CVE-2025-53346 medium 4.3 4.3 2d ago Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3.
CVE-2025-53345 high 8.8 8.8 2d ago Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.
CVE-2025-53302 medium 5.3 5.3 2d ago Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5.
CVE-2025-52766 medium 6.5 6.5 2d ago Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a t…
CVE-2025-52759 high 7.1 7.1 2d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a thr…
CVE-2025-53440 high 8.1 8.1 2d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Con…
CVE-2026-9730 medium 4.3 4.3 2d ago The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on t…
CVE-2026-9723 medium 4.3 4.3 2d ago The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the go…
CVE-2026-9722 medium 4.3 4.3 2d ago The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPage…
CVE-2026-9599 medium 4.3 4.3 2d ago The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin_init fu…
CVE-2026-9234 medium 4.3 4.3 2d ago The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification …
CVE-2026-8885 medium 6.4 6.4 2d ago The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insuf…
CVE-2026-8422 medium 4.3 4.3 2d ago The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation o…
CVE-2026-4081 medium 6.4 6.4 2d ago The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and ou…
CVE-2026-4080 medium 6.4 6.4 2d ago The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization…
CVE-2026-4071 medium 4.3 4.3 2d ago The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page…
CVE-2026-3620 medium 4.4 4.4 2d ago The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input saniti…
CVE-2026-3514 high 7.5 7.5 prefect 2d ago In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication mid…
CVE-2026-2425 medium 6.1 6.1 2d ago The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input …
CVE-2026-2382 medium 6.4 6.4 2d ago The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions up to, and including, 1.9.5. …
CVE-2026-1784 high 8.8 8.8 2d ago The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was…
CVE-2026-1451 medium 6.1 6.1 2d ago The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escapi…
CVE-2026-1450 medium 6.1 6.1 2d ago The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output esc…
CVE-2025-5085 medium 5.5 5.5 2d ago The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization an…
CVE-2026-8293 high 7.5 7.5 2d ago The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user…
CVE-2026-3198 medium 6.5 6.5 lfprojects 3d ago MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlfl…
CVE-2026-10583 medium 4.7 4.7 3d ago A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configur…
CVE-2026-10581 medium 6.3 6.3 3d ago A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side …
CVE-2026-3871 medium 6.5 6.5 3d ago A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial…
CVE-2026-3870 medium 6.5 6.5 3d ago A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of…
CVE-2026-3722 medium 6.4 6.4 3d ago The Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in al…
CVE-2026-10568 medium 6.3 6.3 3d ago A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection.…
CVE-2026-10566 medium 5.3 5.3 3d ago A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argumen…
CVE-2026-10510 medium 6.1 6.1 3d ago Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute ar…
CVE-2026-10100 medium 4.4 4.4 3d ago The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up …
CVE-2026-10559 medium 6.3 6.3 3d ago A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to fil…
CVE-2026-10558 medium 6.3 6.3 3d ago A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in fi…
CVE-2026-10550 medium 6.3 6.3 3d ago A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argum…
CVE-2026-10548 medium 5.3 5.3 3d ago A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the com…
CVE-2026-9050 medium 4.3 4.3 3d ago The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user i…
CVE-2026-9048 medium 4.3 4.3 3d ago The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated …
CVE-2026-10302 medium 6.3 6.3 3d ago A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql …
CVE-2026-10301 medium 4.3 4.3 3d ago A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in c…
CVE-2026-28511 medium 4.3 4.3 elabftw 3d ago eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the …
CVE-2026-25277 high 8.8 8.8 qualcomm 3d ago Memory corruption while using Strongbox due to buffer overflow.
CVE-2026-25276 high 8.8 8.8 qualcomm 3d ago Memory corruption while using Strongbox due to missing bounds check.
CVE-2026-25260 high 7.8 7.8 qualcomm 3d ago Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
CVE-2026-25259 high 7.8 7.8 qualcomm 3d ago Memory corruption while processing multiple IOCTL command for escape operations.
CVE-2026-25258 high 7.8 7.8 qualcomm 3d ago Memory corruption while processing IOCTL calls for escape operations.
CVE-2026-24782 high 8.8 8.8 accellion 3d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBui…
CVE-2026-24761 medium 4.3 4.3 accellion 3d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metad…
CVE-2026-24756 medium 4.3 4.3 accellion 3d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…
CVE-2026-24755 medium 5.4 5.4 accellion 3d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permi…
CVE-2026-24754 medium 5.4 5.4 accellion 3d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code…
CVE-2026-24753 medium 6.5 6.5 accellion 3d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…
CVE-2026-24752 high 8.2 8.2 accellion 3d ago Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra…
CVE-2026-24092 high 7.2 7.2 qualcomm 3d ago Memory Corruption when processing fastboot commands to set display mode.
CVE-2026-24091 high 7.2 7.2 qualcomm 3d ago Memory corruption while processing fastboot commands with improperly formatted input.
CVE-2026-24090 high 7.1 7.1 qualcomm 3d ago Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
CVE-2026-24089 high 7.2 7.2 qualcomm 3d ago Memory corruption while processing fastboot commands with invalid input.
CVE-2026-24088 high 8.2 8.2 qualcomm 3d ago Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2026-24087 high 7.2 7.2 qualcomm 3d ago Memory corruption while processing fastboot OEM commands.
CVE-2026-24085 high 7.2 7.2 qualcomm 3d ago Memory Corruption when processing display command line information due to improper initialization of a variable.
CVE-2026-10297 medium 6.3 6.3 3d ago A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It …
CVE-2026-10296 medium 6.3 6.3 3d ago A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Usernam…
CVE-2025-59614 medium 6.7 6.7 qualcomm 3d ago Memory Corruption when sending random number generator command with insufficient output buffer size.
CVE-2025-59613 medium 6.7 6.7 qualcomm 3d ago Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
CVE-2025-59612 medium 6.7 6.7 qualcomm 3d ago Memory corruption in windows drivers while sending incorrect trusted application request
CVE-2025-59611 medium 6.7 6.7 qualcomm 3d ago Memory corruption in diagnostic services due to absence of input validation
CVE-2025-59610 medium 6.4 6.4 qualcomm 3d ago Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2025-59609 medium 5.5 5.5 qualcomm 3d ago Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2025-59606 high 7.8 7.8 qualcomm 3d ago Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2025-59605 high 7.8 7.8 qualcomm 3d ago Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-59604 high 7.8 7.8 qualcomm 3d ago Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2025-59601 medium 6.5 6.5 qualcomm 3d ago Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
CVE-2019-25718 high 8.4 8.4 3d ago Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog inter…
CVE-2026-49491 high 8.2 8.2 3d ago Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests …
CVE-2026-40964 high 7.5 7.5 3d ago Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and pl…