VIR Vulnerability Intelligence Relay

Search

Found 30,490 results in 6989ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45064 medium 5.5 FIX debian debian 16d ago Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
CVE-2026-24425 critical 9.9 9.9 FIX debian debian symfony 16d ago Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH…
CVE-2026-45232 low 3.7 3.7 FIX slesdebian debianwindows windows samba 17d ago Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor…
CVE-2026-43620 medium 5.5 5.5 FIX slesdebian debianwindows windows samba 17d ago Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta…
CVE-2026-43619 medium 6.3 6.3 FIX slesdebian debianwindows windows samba 17d ago Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat …
CVE-2026-43617 medium 4.8 4.8 FIX slesdebian debianwindows windows samba 17d ago Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass host…
CVE-2026-43163 medium 4.7 4.7 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP…
CVE-2026-31607 critical 9.8 9.8 FIX rhel slesdebian debian 17d ago In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_…
CVE-2026-5090 medium 6.1 6.1 FIX debian debian 17d ago Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could…
CVE-2026-32814 medium 6.5 6.5 debian debian sles 17d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to …
CVE-2026-32739 medium 6.5 6.5 debian debian sles struktur 17d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1…
CVE-2026-33642 critical 9.8 9.8 FIX debian debian kovidgoyal 17d ago Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned …
CVE-2026-32738 medium 6.5 6.5 debian debian sles struktur 17d ago libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und…
CVE-2026-48019 unknown debian debian 17d ago Laravel CRLF injection in default email rule
CVE-2026-31072 critical 9.8 9.8 debian debian sles 17d ago APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
CVE-2026-8971 medium 6.5 6.5 FIX debian debian sles mozilla 17d ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8951 medium 6.5 6.5 FIX debian debian sles mozilla 17d ago Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-8948 critical 9.1 9.1 FIX debian debian sles mozilla 17d ago Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-23557 medium 6.5 6.5 slesdebian debian 17d ago Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap…
CVE-2026-43493 critical 9.8 9.8 FIX slesdebian debianwindows windows 17d ago In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that va…
CVE-2026-43492 unknown FIX slesdebian debianwindows windows 17d ago In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() …
CVE-2026-43491 unknown FIX slesdebian debianwindows windows 17d ago In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added …
CVE-2026-7321 critical 9.6 9.6 FIX rheldebian debianalmalinux almalinux mozilla 18d ago RHSA-2026:20586: thunderbird security update (Important)
CVE-2026-4893 medium 5.3 5.3 FIX rheldebian debian sles 18d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4891 medium 5.3 5.3 FIX rheldebian debian sles 18d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-40356 medium 5.9 5.9 FIX rheldebian debian sles 18d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-40355 medium 5.9 5.9 FIX rheldebian debian sles 18d ago RHSA-2026:16799: krb5 security update (Important)
CVE-2026-39373 low 2.5 FIX rhel slesdebian debian 18d ago Low: python-jwcrypto security update
CVE-2026-34000 medium 6.1 6.1 FIX rhel slesdebian debian x.org 18d ago A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
CVE-2026-32710 medium 5.5 FIX rhel slesdebian debian 18d ago MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un…
CVE-2026-31677 medium 5.5 5.5 FIX rhel slesdebian debian google 18d ago Important: kernel security update
CVE-2026-30892 medium 5.5 FIX rheldebian debian rocky 18d ago Moderate: crun security update
CVE-2026-23868 medium 5.1 5.1 FIX rheldebian debian sles giflib_project 18d ago Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult b…
CVE-2026-23040 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an…
CVE-2026-0968 low 3.1 3.1 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2026-0967 medium 5.5 5.5 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2026-0965 low 3.3 3.3 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2026-0964 medium 6.3 6.3 FIX rheldebian debian sles libsshredhat 18d ago Moderate: libssh security update
CVE-2026-0865 medium 5.5 FIX rocky rheldebian debian 18d ago User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2025-9615 low 3.3 3.3 FIX rhel slesdebian debian 18d ago Low: NetworkManager security update
CVE-2025-8277 low 3.1 3.1 FIX rheldebian debian sles 18d ago Moderate: libssh security update
CVE-2025-8114 medium 4.7 4.7 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2025-68121 critical 10.0 10.0 FIX rocky rheldebian debian golanggoogle 18d ago Unexpected session resumption in crypto/tls
CVE-2025-55754 critical 9.6 9.6 FIX rhel slesdebian debian apache 18d ago Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Win…
CVE-2025-5351 medium 6.5 6.5 FIX rheldebian debian sles libsshredhat 18d ago Moderate: libssh security update
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 18d ago Moderate: libssh security update
CVE-2025-4877 medium 4.5 4.5 FIX rheldebian debian sles 18d ago Moderate: libssh security update
CVE-2025-40134 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le…
CVE-2025-38470 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on…
CVE-2025-38441 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_…
CVE-2025-38405 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128…
CVE-2025-38400 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio…
CVE-2025-38279 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w…
CVE-2025-38166 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:…
CVE-2025-38097 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen…
CVE-2025-38015 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d…
CVE-2025-37980 medium 5.5 FIX rhel slesdebian debian google 18d ago In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe…
CVE-2025-22105 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec…
CVE-2025-13465 medium 5.3 5.3 FIX rhel sles rocky lodash 18d ago Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pr…
CVE-2025-12748 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago Moderate: libvirt security update
CVE-2025-11568 medium 4.4 4.4 FIX rocky rheldebian debian 18d ago RHSA-2025:23086: luksmeta security update (Moderate)
CVE-2025-11411 medium 5.5 FIX rhel slesdebian debian 18d ago Moderate: unbound security update
CVE-2024-33655 medium 5.5 FIX rhel slesdebian debian 18d ago Moderate: unbound security update
CVE-2024-12086 medium 6.8 6.8 FIX arch arch rhel sles sambaredhat 18d ago Important: rsync security update
CVE-2026-46559 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.
CVE-2026-46557 medium 5.5 FIX debian debian 18d ago ImageMagick: Stack overflow in fx operation
CVE-2026-46523 medium 5.5 FIX debian debian 18d ago ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46521 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
CVE-2026-45664 medium 5.5 FIX debian debian 18d ago ImageMagick: Policy Bypass in MNG coder could
CVE-2026-45624 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
CVE-2026-8836 critical 9.8 9.8 FIX debian debian 18d ago A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of…
CVE-2026-45031 medium 5.5 FIX debian debian 18d ago ImageMagick: Policy Bypass in PSD decoder
CVE-2026-45358 medium 5.5 FIX debian debian 18d ago ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
CVE-2026-45359 medium 5.5 FIX debian debian 18d ago ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
CVE-2026-42326 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Read in IPTC encoder
CVE-2026-33637 medium 6.5 6.5 FIX debian debian faraday_project 19d ago Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping
CVE-2026-8721 critical 9.8 9.8 FIX debian debian 19d ago Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv…
CVE-2026-8507 critical 9.8 9.8 FIX debian debian 19d ago Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(…
CVE-2026-8723 medium 5.3 5.3 debian debianwindows windows 20d ago ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
CVE-2026-8704 medium 6.5 6.5 FIX debian debian 21d ago Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
CVE-2026-8696 critical 9.8 9.8 FIX debian debian radare 21d ago radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbi…
CVE-2026-8695 critical 9.8 9.8 FIX debian debian radare 21d ago radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b…
CVE-2026-44310 medium 5.4 5.4 debian debian 21d ago Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
CVE-2026-44309 medium 5.3 5.3 debian debian 21d ago Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's …
CVE-2026-45803 low 3.5 3.5 debian debian sleswindows windows github 21d ago `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
CVE-2026-8669 medium 6.5 6.5 FIX debian debian 21d ago Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
CVE-2026-8503 medium 6.5 6.5 FIX debian debian guimard 21d ago Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re…
CVE-2025-54518 unknown slesdebian debianwindows windows google 22d ago <p>This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.</p> <p>…
CVE-2026-6811 medium 5.9 5.9 debian debian 22d ago Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is…
CVE-2026-44662 medium 5.5 FIX debian debianwindows windows 22d ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr…
CVE-2026-8586 medium 5.5 5.5 FIX debian debianwindows windows google 22d ago Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
CVE-2026-8584 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 22d ago Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…
CVE-2026-8583 medium 5.3 5.3 FIX debian debianwindows windows google 22d ago Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa…
CVE-2026-8582 medium 5.3 5.3 FIX debian debianwindows windows google 22d ago Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se…
CVE-2026-8580 critical 9.6 9.6 FIX debian debianwindows windows google 22d ago Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8579 low 3.1 3.1 FIX debian debianwindows windows google 22d ago Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write…
CVE-2026-8578 low 3.1 3.1 FIX debian debian linux-kernelwindows windows google 22d ago Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro…
CVE-2026-8576 medium 4.3 4.3 FIX debian debian linux-kernelwindows windows google 22d ago Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security sev…
CVE-2026-8572 low 3.1 3.1 FIX debian debianwindows windows google 22d ago Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
CVE-2026-8570 medium 6.5 6.5 FIX debian debianwindows windows google 22d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev…