VIR Vulnerability Intelligence Relay

Search

Found 12,851 results in 945ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-43515 critical 9.1 9.1 FIX slesdebian debian apache 23d ago Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21,…
CVE-2026-43512 critical 9.8 9.8 FIX slesdebian debian apache 23d ago DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, fr…
CVE-2026-41293 critical 9.8 9.8 FIX slesdebian debian apache 23d ago Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0…
CVE-2026-34187 critical 9.8 9.8 artica 23d ago Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800
CVE-2026-31228 critical 9.8 9.8 23d ago The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev…
CVE-2026-31226 critical 9.8 9.8 23d ago The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi…
CVE-2026-31220 critical 9.8 9.8 23d ago PySyft server-side arbitrary Python execution after code approval
CVE-2026-31217 critical 9.8 9.8 nebuly 23d ago The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user …
CVE-2026-31216 critical 9.1 9.1 nexent 23d ago The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentica…
CVE-2026-31215 critical 9.1 9.1 nexent 23d ago The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper aut…
CVE-2026-31214 critical 9.8 9.8 23d ago The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s…
CVE-2026-30805 critical 9.1 9.1 artica 23d ago Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800
CVE-2026-8043 critical 9.6 9.6 ivanti 23d ago External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to …
CVE-2026-45091 critical 9.1 9.1 23d ago sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
CVE-2026-27851 critical 9.1 9.1 FIX debian debian sles dovecotopen-xchange 23d ago When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP …
CVE-2026-41551 critical 9.1 9.1 23d ago A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote …
CVE-2026-25787 critical 9.1 9.1 23d ago Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker w…
CVE-2026-25786 critical 9.1 9.1 23d ago Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is author…
CVE-2026-22924 critical 9.1 9.1 23d ago A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion…
CVE-2025-6577 critical 9.8 9.8 23d ago Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss…
CVE-2025-40949 critical 9.1 9.1 23d ago A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…
CVE-2026-34263 critical 9.6 9.6 23d ago Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to hi…
CVE-2026-34260 critical 9.6 9.6 23d ago SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applica…
CVE-2026-45321 critical 9.6 10.0 KEV tanstackmistralantoinebcx 23d ago TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.
CVE-2026-43914 critical 9.8 9.8 dani-garcia 23d ago Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is …
CVE-2026-43900 critical 9.3 9.3 23d ago DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepanc…
CVE-2026-43899 critical 9.6 9.6 23d ago DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerabl…
CVE-2026-42882 critical 9.4 9.4 23d ago S3-Proxy has Security Issues in its Resource Path Matching Implementation
CVE-2026-42869 critical 10.0 10.0 23d ago SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value i…
CVE-2026-43898 critical 10.0 10.0 nyariv 23d ago SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…
CVE-2026-42864 critical 9.9 9.9 24d ago FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft
CVE-2026-8305 critical 9.8 9.8 openclaw 24d ago A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb…
CVE-2026-7210 critical 9.8 9.8 slesdebian debianwindows windows libexpat_projectpython 24d ago `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this…
CVE-2026-43995 critical 9.8 9.8 flowiseai 24d ago Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
CVE-2026-43639 critical 9.1 9.1 bitwarden 24d ago Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide…
CVE-2026-42858 critical 9.9 9.9 openedx 24d ago Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply …
CVE-2026-38567 critical 9.8 9.8 24d ago HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c…
CVE-2026-27478 critical 9.5 24d ago Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
CVE-2026-7813 critical 9.9 9.9 sles pgadmin 24d ago pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules
CVE-2026-44643 critical 10.0 10.0 peerigon 24d ago Angular Expressions - Remote Code Execution using filters
CVE-2026-44477 critical 9.9 9.9 linuxfoundation 24d ago CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as t…
CVE-2026-35157 critical 9.8 9.8 dell 24d ago Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthentic…
CVE-2026-8263 critical 9.8 9.8 24d ago A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipula…
CVE-2021-47940 critical 9.8 9.8 25d ago WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fi…
CVE-2021-47936 critical 9.8 9.8 25d ago OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Att…
CVE-2021-47933 critical 9.8 9.8 25d ago WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers…
CVE-2021-47932 critical 9.8 9.8 25d ago WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…
CVE-2021-47923 critical 9.8 9.8 25d ago OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID c…
CVE-2026-6104 critical 9.1 9.1 FIX slesdebian debian php 25d ago In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectl…
CVE-2026-7261 critical 9.8 9.8 FIX slesdebian debianwindows windows php 25d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr…
CVE-2026-6722 critical 9.8 9.8 FIX slesdebian debianwindows windows php 25d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m…
CVE-2025-14179 critical 9.8 9.8 FIX slesdebian debianwindows windows php 25d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by…
CVE-2026-42571 critical 9.5 25d ago Pelican Web UI Affected by a Privilege Escalation Attack
CVE-2026-42560 critical 9.1 9.1 26d ago auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
CVE-2026-6665 critical 9.8 9.8 FIX debian debianwindows windows pgbouncer 26d ago The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se…
CVE-2026-44313 critical 9.1 9.1 26d ago Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the f…
CVE-2026-42556 critical 9.0 9.0 gitroom 26d ago Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow…
CVE-2026-42454 critical 9.9 9.9 26d ago Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate t…
CVE-2026-42354 critical 9.8 9.8 sentry 26d ago Sentry's improper authentication on SAML SSO process allows user identity linking
CVE-2026-42302 critical 9.8 9.8 26d ago FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star…
CVE-2026-42298 critical 9.8 9.8 gitroom 26d ago Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows a…
CVE-2026-37709 critical 9.8 9.8 snipeitapp 26d ago Snipe-IT has insecure permissions in file uploads
CVE-2026-42193 critical 9.1 9.1 26d ago Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verif…
CVE-2026-44400 critical 9.8 9.8 mailenable 26d ago MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent…
CVE-2026-44211 critical 9.6 9.6 cline 26d ago Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time o…
CVE-2026-44694 critical 9.1 9.1 n8n-mcp 26d ago n8n-mcp webhook and API client paths has an authenticated SSRF
CVE-2026-44551 critical 9.1 9.1 openwebui 26d ago Open WebUI has an LDAP Empty Password Authentication Bypass
CVE-2026-42072 critical 9.8 9.8 27d ago NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access
CVE-2026-41889 critical 9.8 9.8 debian debian sleswindows windows jackc 27d ago pgx: SQL Injection via placeholder confusion with dollar quoted string literals
CVE-2026-38360 critical 9.8 9.8 27d ago Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHan…
CVE-2026-44212 critical 9.3 9.3 27d ago PrestaShop has a stored XSS executable in customer service view
CVE-2026-41070 critical 10.0 10.0 FIX debian debian 27d ago openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access
CVE-2026-44497 critical 9.1 9.1 zfnd 27d ago Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
CVE-2026-43465 critical 9.8 9.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer whe…
CVE-2026-43414 critical 9.8 9.8 FIX slesdebian debianwindows windows 27d ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When a…
CVE-2026-43407 critical 9.1 9.1 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() This patch fixes an out-of-bounds access in ceph_handle_a…
CVE-2026-43406 critical 9.1 9.1 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a w…
CVE-2026-43402 critical 9.8 9.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function …
CVE-2026-43384 critical 9.8 9.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the…
CVE-2026-43383 critical 9.4 9.4 FIX slesdebian debian linux-kernel google 27d ago In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use th…
CVE-2026-43379 critical 9.8 9.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is bei…
CVE-2026-43376 critical 9.8 9.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even t…
CVE-2026-41583 critical 9.1 9.1 zfnd 27d ago Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling
CVE-2026-41574 critical 9.8 9.8 nhost 27d ago Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
CVE-2026-37431 critical 9.8 9.8 27d ago Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers …
CVE-2026-44336 critical 9.6 9.6 praison 27d ago PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection
CVE-2026-44335 critical 9.8 9.8 praison 27d ago PraisonAI has an SSRF bypass
CVE-2026-43341 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 27d ago In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the tra…
CVE-2026-43304 critical 9.8 9.8 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buff…
CVE-2026-41512 critical 9.9 9.9 mozilla 27d ago ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomati…
CVE-2026-41509 critical 9.8 9.8 cross-crypto 27d ago CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b…
CVE-2026-41507 critical 9.8 9.8 mauriciopoppe 27d ago Remote Code Execution (RCE) via String Literal Injection into math-codegen
CVE-2026-41497 critical 9.8 9.8 praison 27d ago PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
CVE-2026-25199 critical 9.1 9.1 apache 27d ago Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxm…
CVE-2026-8153 critical 9.8 9.8 27d ago OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
CVE-2013-10075 critical 9.1 9.1 debian debian chorny 27d ago Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not ex…
CVE-2025-69691 critical 9.9 9.9 pfsense 27d ago Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally all…
CVE-2025-69690 critical 9.1 9.1 pfsense 27d ago Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes …
CVE-2025-69599 critical 9.8 9.8 27d ago RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to c…
CVE-2025-67887 critical 9.8 9.8 27d ago 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil…