VIR Vulnerability Intelligence Relay

Search

Found 748 results in 82ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-7858 critical 9.8 9.8 4d ago A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x thr…
CVE-2026-45426 low 3.1 3.1 apache 4d ago Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against …
CVE-2026-42252 critical 9.1 9.1 apache 4d ago Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] …
CVE-2026-40963 low 3.1 3.1 apache 4d ago The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated U…
CVE-2026-40549 unknown 4d ago SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user…
CVE-2026-40548 unknown 4d ago SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside …
CVE-2026-40547 unknown 4d ago SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files p…
CVE-2026-40546 unknown 4d ago SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.…
CVE-2026-40545 unknown 4d ago SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the …
CVE-2026-40544 unknown 4d ago SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive c…
CVE-2026-40543 unknown 4d ago SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases wi…
CVE-2026-10234 low 3.5 3.5 4d ago A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results i…
CVE-2026-10233 low 3.3 3.3 slesdebian debian 4d ago A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MD…
CVE-2026-10228 low 3.5 3.5 4d ago A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_chec…
CVE-2026-48191 low 3.5 3.5 4d ago An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA an…
CVE-2026-48190 low 3.5 3.5 4d ago An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be…
CVE-2026-48188 critical 9.1 9.1 4d ago An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue o…
CVE-2026-10216 low 3.7 3.7 4d ago A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulatio…
CVE-2026-10201 low 3.3 3.3 slesdebian debian 4d ago A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a ma…
CVE-2026-10199 low 3.3 3.3 slesdebian debian 4d ago A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null po…
CVE-2026-10198 low 3.3 3.3 slesdebian debian 4d ago A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipul…
CVE-2026-10197 low 3.3 3.3 slesdebian debian 5d ago A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handle…
CVE-2026-10187 critical 9.8 9.8 5d ago A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Perfo…
CVE-2026-10169 low 3.7 3.7 5d ago A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_pa…
CVE-2018-25412 critical 9.8 9.8 deltasql_project 6d ago Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form…
CVE-2026-10112 low 2.4 2.4 6d ago A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site s…
CVE-2026-47416 unknown 6d ago praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
CVE-2026-47409 unknown 6d ago praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
CVE-2026-47414 unknown 6d ago praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
CVE-2026-47406 unknown 6d ago praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks
CVE-2026-47410 unknown 6d ago praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
CVE-2026-47405 unknown 6d ago PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
CVE-2026-47399 unknown 6d ago PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
CVE-2026-47407 unknown 6d ago PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
CVE-2026-47408 unknown 6d ago praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
CVE-2026-48169 unknown 6d ago PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
CVE-2026-47397 unknown 6d ago PraisonAI has an Arbitrary File Write in Python API
CVE-2026-47391 unknown 6d ago PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
CVE-2026-47394 unknown 6d ago PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
CVE-2026-47392 unknown 6d ago PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
CVE-2026-47395 unknown 6d ago PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
CVE-2026-47393 unknown 6d ago PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
CVE-2026-47396 unknown 6d ago PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
CVE-2026-47390 unknown 6d ago PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
CVE-2026-47398 unknown 6d ago PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334
CVE-2026-47268 unknown 7d ago Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
CVE-2026-47233 unknown 7d ago Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
CVE-2026-47234 unknown 7d ago Admidio writes session IDs and auto-login cookie values to application logs
CVE-2026-47232 unknown 7d ago Admidio PKCS#12 private key export action lacks CSRF protection
CVE-2026-47231 unknown 7d ago Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
CVE-2026-47230 unknown 7d ago Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
CVE-2026-47229 unknown 7d ago Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
CVE-2026-47228 unknown 7d ago Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
CVE-2026-47227 unknown 7d ago Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
CVE-2026-47226 unknown 7d ago Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
CVE-2026-47213 unknown 7d ago BoxLite has a Timeout Bypass Vulnerability
CVE-2026-47211 unknown 7d ago ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
CVE-2026-47203 unknown 7d ago Authelia Missing Username Canonicalization in Basic Auth (LDAP)
CVE-2026-47695 unknown 7d ago CC-Tweaked has an SSRF Protection Bypass with NAT64
CVE-2026-47184 unknown 7d ago zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
CVE-2026-45700 critical 9.8 9.8 FIX debian debian sles freerdp 7d ago FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/pl…
CVE-2026-45372 critical 9.9 9.9 debian debian sles yhirose 7d ago cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header va…
CVE-2026-45151 unknown 7d ago NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code fi…
CVE-2026-47183 unknown 7d ago zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
CVE-2026-47180 unknown 7d ago zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
CVE-2026-47260 unknown 7d ago Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs
CVE-2026-46705 unknown 7d ago russh server userauth state is not reset when authentication principal changes
CVE-2026-46702 unknown 7d ago russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
CVE-2026-47255 unknown 7d ago AgenticMail API/storage and outbound relay hardening fixes
CVE-2026-47248 unknown 7d ago Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
CVE-2026-9051 critical 9.1 9.1 7d ago There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to pr…
CVE-2026-49383 low 3.3 3.3 jetbrains 7d ago In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-47744 critical 9.9 9.9 7d ago Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/…
CVE-2026-45324 low 3.3 3.3 7d ago Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul…
CVE-2026-45613 low 3.3 3.3 7d ago Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c…
CVE-2026-38739 unknown 7d ago ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
CVE-2026-46690 unknown 7d ago unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
CVE-2026-47266 unknown 7d ago formie's unauthenticated front-end submission editing can overwrite existing submissions
CVE-2026-4387 unknown 7d ago StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a…
CVE-2026-47190 unknown 7d ago IPAM controller service account granted unnecessary full access to Secrets
CVE-2026-47141 unknown 7d ago NodeVM observability builtins leak host process and HTTP request data
CVE-2026-7786 critical 9.8 9.8 7d ago Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials …
CVE-2026-5386 critical 9.1 9.1 7d ago The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without …
CVE-2026-45668 unknown 7d ago Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled…
CVE-2026-45661 critical 9.9 9.9 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitr…
CVE-2026-45633 critical 9.9 9.9 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and…
CVE-2026-45632 critical 9.9 9.9 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, up…
CVE-2026-45631 critical 10.0 10.0 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker …
CVE-2026-45630 critical 9.0 9.0 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users …
CVE-2026-45629 critical 9.9 9.9 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to…
CVE-2026-45628 critical 9.6 9.6 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (…
CVE-2026-43917 unknown 7d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scop…
CVE-2026-47139 unknown 7d ago NodeVM network builtin exclusions bypass via internal _http_client and _http_server
CVE-2026-47140 unknown 7d ago NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
CVE-2026-47210 unknown 7d ago vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
CVE-2026-47137 unknown 7d ago vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
CVE-2026-47209 unknown 7d ago vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
CVE-2026-47135 unknown 7d ago vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
CVE-2026-47208 unknown 7d ago vm2 is Vulnerable to Sandbox Breakout Through Promise Species
CVE-2026-47131 unknown 7d ago vm2 has a Sandbox Escape issue