VIR Vulnerability Intelligence Relay

Search

Found 27,897 results in 4587ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45756 unknown FIX debian debian 15d ago Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
CVE-2026-45755 unknown FIX debian debian 15d ago Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
CVE-2026-45754 unknown FIX debian debian 15d ago Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
CVE-2026-45753 unknown FIX debian debian 15d ago Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
CVE-2026-45305 low 2.5 FIX debian debian 15d ago Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
CVE-2026-45304 low 2.5 FIX debian debian 15d ago Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
CVE-2026-45133 low 2.5 FIX debian debian 15d ago Symfony hardened the parser when handling untrusted input
CVE-2026-45075 medium 5.5 FIX debian debian 15d ago Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
CVE-2026-45074 medium 5.5 FIX debian debian 15d ago Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
CVE-2026-45073 medium 5.5 FIX debian debian 15d ago Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
CVE-2026-45072 low 2.5 FIX debian debian 15d ago Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering
CVE-2026-45071 low 2.5 FIX debian debian 15d ago Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
CVE-2026-45070 medium 5.5 FIX debian debian 15d ago Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
CVE-2026-45069 medium 5.5 FIX debian debian 15d ago Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
CVE-2026-45068 medium 5.5 FIX debian debian 15d ago Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
CVE-2026-45066 medium 5.5 FIX debian debian 15d ago Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
CVE-2026-45065 medium 5.5 FIX debian debian 15d ago Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
CVE-2026-45064 medium 5.5 FIX debian debian 15d ago Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
CVE-2026-45232 low 3.7 3.7 FIX slesdebian debianwindows windows samba 16d ago Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor…
CVE-2026-43620 medium 5.5 5.5 FIX slesdebian debianwindows windows samba 16d ago Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta…
CVE-2026-43619 medium 6.3 6.3 FIX slesdebian debianwindows windows samba 16d ago Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat …
CVE-2026-43617 medium 4.8 4.8 FIX slesdebian debianwindows windows samba 16d ago Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass host…
CVE-2026-43163 medium 4.7 4.7 FIX rhel slesdebian debian 16d ago In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP…
CVE-2026-5090 medium 6.1 6.1 FIX debian debian 16d ago Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could…
CVE-2026-32814 medium 6.5 6.5 debian debian sles 16d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to …
CVE-2026-32739 medium 6.5 6.5 debian debian sles struktur 16d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1…
CVE-2026-32738 medium 6.5 6.5 debian debian sles struktur 16d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und…
CVE-2026-48019 unknown debian debian 16d ago Laravel CRLF injection in default email rule
CVE-2026-8971 medium 6.5 6.5 FIX debian debian sles mozilla 16d ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8951 medium 6.5 6.5 FIX debian debian sles mozilla 16d ago Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-23557 medium 6.5 6.5 slesdebian debian 16d ago Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap…
CVE-2026-43492 unknown FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() …
CVE-2026-43491 unknown FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added …
CVE-2026-4893 medium 5.3 5.3 FIX rheldebian debian sles 17d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4891 medium 5.3 5.3 FIX rheldebian debian sles 17d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-40356 medium 5.9 5.9 FIX rheldebian debian sles 17d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-40355 medium 5.9 5.9 FIX rheldebian debian sles 17d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-39373 low 2.5 FIX rhel slesdebian debian 17d ago Low: python-jwcrypto security update
CVE-2026-34000 medium 6.1 6.1 FIX rhel slesdebian debian x.org 17d ago A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
CVE-2026-32710 medium 5.5 FIX rhel slesdebian debian 17d ago MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un…
CVE-2026-31677 medium 5.5 5.5 FIX rhel slesdebian debian google 17d ago In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to t…
CVE-2026-30892 medium 5.5 FIX rheldebian debian rocky 17d ago Moderate: crun security update
CVE-2026-23868 medium 5.1 5.1 FIX rheldebian debian sles giflib_project 17d ago Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult b…
CVE-2026-23040 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an…
CVE-2026-0968 low 3.1 3.1 FIX rheldebian debian sles libssh 17d ago Moderate: libssh security update
CVE-2026-0967 medium 5.5 5.5 FIX rheldebian debian sles libssh 17d ago Moderate: libssh security update
CVE-2026-0965 low 3.3 3.3 FIX rheldebian debian sles libssh 17d ago Moderate: libssh security update
CVE-2026-0964 medium 6.3 6.3 FIX rheldebian debian sles libsshredhat 17d ago Moderate: libssh security update
CVE-2026-0865 medium 5.5 FIX rocky rheldebian debian 17d ago User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2025-9615 low 3.3 3.3 FIX rhel slesdebian debian 17d ago Low: NetworkManager security update
CVE-2025-8277 low 3.1 3.1 FIX rheldebian debian sles 17d ago Moderate: libssh security update
CVE-2025-8114 medium 4.7 4.7 FIX rheldebian debian sles libssh 17d ago Moderate: libssh security update
CVE-2025-5351 medium 6.5 6.5 FIX rheldebian debian sles libsshredhat 17d ago Moderate: libssh security update
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 17d ago Moderate: libssh security update
CVE-2025-4877 medium 4.5 4.5 FIX rheldebian debian sles 17d ago Moderate: libssh security update
CVE-2025-40134 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le…
CVE-2025-38470 medium 5.5 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on…
CVE-2025-38441 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_…
CVE-2025-38405 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128…
CVE-2025-38400 medium 5.5 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio…
CVE-2025-38279 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w…
CVE-2025-38166 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:…
CVE-2025-38097 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen…
CVE-2025-38015 medium 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d…
CVE-2025-37980 medium 5.5 FIX rhel slesdebian debian google 17d ago In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe…
CVE-2025-22105 medium 5.5 5.5 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec…
CVE-2025-13465 medium 5.3 5.3 FIX rhel sles rocky lodash 17d ago Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pr…
CVE-2025-12748 medium 5.5 5.5 FIX rhel slesdebian debian 17d ago Moderate: libvirt security update
CVE-2025-11568 medium 4.4 4.4 FIX rocky rheldebian debian 17d ago RHSA-2025:23086: luksmeta security update (Moderate)
CVE-2025-11411 medium 5.5 FIX rhel slesdebian debian 17d ago Moderate: unbound security update
CVE-2024-33655 medium 5.5 FIX rhel slesdebian debian 17d ago Moderate: unbound security update
CVE-2024-12086 medium 6.8 6.8 FIX arch arch rhel sles sambaredhat 17d ago Important: rsync security update
CVE-2026-46559 medium 5.5 FIX debian debian 17d ago ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.
CVE-2026-46557 medium 5.5 FIX debian debian 17d ago ImageMagick: Stack overflow in fx operation
CVE-2026-46523 medium 5.5 FIX debian debian 17d ago ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46521 medium 5.5 FIX debian debian 17d ago ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
CVE-2026-45664 medium 5.5 FIX debian debian 17d ago ImageMagick: Policy Bypass in MNG coder could
CVE-2026-45624 medium 5.5 FIX debian debian 17d ago ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
CVE-2026-45031 medium 5.5 FIX debian debian 17d ago ImageMagick: Policy Bypass in PSD decoder
CVE-2026-45358 medium 5.5 FIX debian debian 17d ago ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
CVE-2026-45359 medium 5.5 FIX debian debian 17d ago ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
CVE-2026-42326 medium 5.5 FIX debian debian 17d ago ImageMagick: Heap Buffer Over-Read in IPTC encoder
CVE-2026-33637 medium 6.5 6.5 FIX debian debian faraday_project 18d ago Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping
CVE-2026-33416 medium 5.5 FIX rheldebian debian sles 18d ago Moderate: libpng security update
CVE-2026-8723 medium 5.3 5.3 debian debianwindows windows 19d ago ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
CVE-2026-8704 medium 6.5 6.5 FIX debian debian 20d ago Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
CVE-2026-44310 medium 5.4 5.4 debian debian 20d ago Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
CVE-2026-44309 medium 5.3 5.3 debian debian 20d ago Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's …
CVE-2026-45803 low 3.5 3.5 debian debian sleswindows windows github 20d ago `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
CVE-2026-8669 medium 6.5 6.5 FIX debian debian 20d ago Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
CVE-2026-8503 medium 6.5 6.5 FIX debian debian guimard 20d ago Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re…
CVE-2025-54518 unknown slesdebian debianwindows windows google 21d ago <p>This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.</p> <p>…
CVE-2026-6811 medium 5.9 5.9 debian debian 21d ago Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is…
CVE-2026-44662 medium 5.5 FIX debian debianwindows windows 21d ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr…
CVE-2026-8586 medium 5.5 5.5 FIX debian debianwindows windows google 21d ago Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
CVE-2026-8584 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 21d ago Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…
CVE-2026-8583 medium 5.3 5.3 FIX debian debianwindows windows google 21d ago Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa…
CVE-2026-8582 medium 5.3 5.3 FIX debian debianwindows windows google 21d ago Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se…
CVE-2026-8579 low 3.1 3.1 FIX debian debianwindows windows google 21d ago Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write…
CVE-2026-8578 low 3.1 3.1 FIX debian debian linux-kernelwindows windows google 21d ago Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro…