VIR Vulnerability Intelligence Relay

Search

Found 53,076 results in 3215ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9757 high 7.5 7.5 5d ago The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY…
CVE-2026-7465 high 8.8 8.8 5d ago The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible f…
CVE-2026-7459 high 7.5 7.5 5d ago The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the ev…
CVE-2026-10112 low 2.4 2.4 5d ago A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site s…
CVE-2026-10111 high 7.3 7.3 5d ago A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injectio…
CVE-2026-10110 high 7.3 7.3 5d ago A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in…
CVE-2026-47416 unknown 6d ago praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
CVE-2026-47409 unknown 6d ago praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
CVE-2026-47414 unknown 6d ago praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
CVE-2026-47406 unknown 6d ago praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks
CVE-2026-47410 unknown 6d ago praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
CVE-2026-47405 unknown 6d ago PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
CVE-2026-47399 unknown 6d ago PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
CVE-2026-47407 unknown 6d ago PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
CVE-2026-47408 unknown 6d ago praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
CVE-2026-48169 unknown 6d ago PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
CVE-2026-47397 unknown 6d ago PraisonAI has an Arbitrary File Write in Python API
CVE-2026-47391 unknown 6d ago PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
CVE-2026-47394 unknown 6d ago PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
CVE-2026-47392 unknown 6d ago PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
CVE-2026-47395 unknown 6d ago PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
CVE-2026-47393 unknown 6d ago PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
CVE-2026-47396 unknown 6d ago PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
CVE-2026-47390 unknown 6d ago PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
CVE-2026-47398 unknown 6d ago PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334
CVE-2026-47268 unknown 6d ago Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
CVE-2026-47233 unknown 6d ago Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
CVE-2026-47234 unknown 6d ago Admidio writes session IDs and auto-login cookie values to application logs
CVE-2026-47232 unknown 6d ago Admidio PKCS#12 private key export action lacks CSRF protection
CVE-2026-47231 unknown 6d ago Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
CVE-2026-47230 unknown 6d ago Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
CVE-2026-47229 unknown 6d ago Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
CVE-2026-47228 unknown 6d ago Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
CVE-2026-47227 unknown 6d ago Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
CVE-2026-47226 unknown 6d ago Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
CVE-2026-47213 unknown 6d ago BoxLite has a Timeout Bypass Vulnerability
CVE-2026-47211 unknown 6d ago ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
CVE-2026-47203 unknown 6d ago Authelia Missing Username Canonicalization in Basic Auth (LDAP)
CVE-2026-47201 high 8.5 8.5 6d ago authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstre…
CVE-2026-47695 unknown 6d ago CC-Tweaked has an SSRF Protection Bypass with NAT64
CVE-2026-47184 unknown 6d ago zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
CVE-2026-48557 high 8.8 8.8 6d ago Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-ex…
CVE-2026-47123 high 7.5 7.5 6d ago FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifyin…
CVE-2026-46599 high 7.5 7.5 debian debian 6d ago The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded s…
CVE-2026-46527 high 7.5 7.5 debian debian sles yhirose 6d ago cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an att…
CVE-2026-45151 unknown 6d ago NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code fi…
CVE-2026-44422 high 7.5 7.5 FIX debian debian sles freerdp 6d ago FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without track…
CVE-2026-44421 high 8.8 8.8 FIX debian debian sles freerdp 6d ago FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs.…
CVE-2026-44420 high 8.8 8.8 FIX debian debian sles freerdp 6d ago FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel …
CVE-2026-44285 high 7.7 7.7 6d ago FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network pro…
CVE-2026-47183 unknown 6d ago zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
CVE-2026-47180 unknown 6d ago zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
CVE-2026-47260 unknown 6d ago Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs
CVE-2026-46705 unknown 6d ago russh server userauth state is not reset when authentication principal changes
CVE-2026-46702 unknown 6d ago russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
CVE-2026-47255 unknown 6d ago AgenticMail API/storage and outbound relay hardening fixes
CVE-2026-47248 unknown 6d ago Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
CVE-2026-49383 low 3.3 3.3 jetbrains 6d ago In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-49382 high 7.8 7.8 jetbrains 6d ago In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVE-2026-49374 high 7.6 7.6 jetbrains 6d ago In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
CVE-2026-49373 high 8.8 8.8 jetbrains 6d ago In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVE-2026-49372 high 7.5 7.5 jetbrains 6d ago In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49371 high 8.2 8.2 jetbrains 6d ago In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-49370 high 7.5 7.5 jetbrains 6d ago In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
CVE-2026-49367 high 8.8 8.8 jetbrains 6d ago In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVE-2026-49366 high 7.8 7.8 jetbrains 6d ago In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVE-2026-47740 high 8.1 8.1 6d ago Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user withou…
CVE-2026-42941 high 8.3 8.3 6d ago The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
CVE-2026-42929 high 8.3 8.3 6d ago Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
CVE-2026-45324 low 3.3 3.3 6d ago Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul…
CVE-2026-45613 low 3.3 3.3 6d ago Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c…
CVE-2026-38739 unknown 6d ago ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
CVE-2026-46690 unknown 6d ago unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
CVE-2026-47266 unknown 6d ago formie's unauthenticated front-end submission editing can overwrite existing submissions
CVE-2026-48555 high 7.4 7.4 6d ago Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by …
CVE-2026-4387 unknown 6d ago StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a…
CVE-2026-47190 unknown 6d ago IPAM controller service account granted unnecessary full access to Secrets
CVE-2026-47141 unknown 6d ago NodeVM observability builtins leak host process and HTTP request data
CVE-2026-6824 high 8.4 8.4 6d ago A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec…
CVE-2026-5768 high 8.8 8.8 6d ago The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range …
CVE-2026-45668 unknown 6d ago Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled…
CVE-2026-43917 unknown 6d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scop…
CVE-2026-10108 high 7.5 7.5 6d ago xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intende…
CVE-2026-10107 high 7.7 7.7 6d ago MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a…
CVE-2026-10105 high 8.3 8.3 6d ago agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values t…
CVE-2026-47139 unknown 6d ago NodeVM network builtin exclusions bypass via internal _http_client and _http_server
CVE-2026-47140 unknown 6d ago NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
CVE-2026-47210 unknown 6d ago vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
CVE-2026-47137 unknown 6d ago vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
CVE-2026-47209 unknown 6d ago vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
CVE-2026-47135 unknown 6d ago vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
CVE-2026-47208 unknown 6d ago vm2 is Vulnerable to Sandbox Breakout Through Promise Species
CVE-2026-47131 unknown 6d ago vm2 has a Sandbox Escape issue
CVE-2026-47200 unknown 6d ago Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
CVE-2026-45742 unknown 6d ago Gotenberg has a Race Condition via Multipart `downloadFrom` Handling
CVE-2026-45741 unknown 6d ago Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes
CVE-2026-44829 unknown 6d ago Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename
CVE-2026-9194 unknown 6d ago Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
CVE-2026-45662 high 8.8 8.8 6d ago Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${respon…
CVE-2026-39276 high 7.2 7.2 6d ago The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containin…