VIR Vulnerability Intelligence Relay

Search

Found 32,723 results in 1536ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48156 low 3.3 3.3 debian debian pypdf_project 7d ago pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams w…
CVE-2026-47762 high 8.7 8.7 tiny 7d ago TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and injec…
CVE-2026-47760 high 8.7 8.7 tiny 7d ago TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using…
CVE-2026-44358 high 8.2 8.2 7d ago Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspac…
CVE-2026-41565 high 7.5 7.5 FIX debian debian 7d ago CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decryp…
CVE-2026-35676 high 8.2 8.2 7d ago phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Att…
CVE-2026-35675 high 8.2 8.2 7d ago phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verificatio…
CVE-2026-35672 high 7.5 7.5 7d ago phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers c…
CVE-2026-35671 high 8.8 8.8 7d ago phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without…
CVE-2026-49238 high 8.4 8.4 canonical 7d ago An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment …
CVE-2026-49237 high 7.8 7.8 macos macos canonical 7d ago An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd da…
CVE-2026-37579 high 7.3 7.3 7d ago An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component
CVE-2026-37266 high 8.0 8.0 7d ago An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force_download.php component
CVE-2026-9658 high 7.3 7.3 7d ago Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the r…
CVE-2026-46240 high 7.8 7.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: …
CVE-2026-46238 high 8.8 8.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neigh_node, but…
CVE-2026-46237 high 7.1 7.1 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. …
CVE-2026-46232 high 8.1 8.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the lo…
CVE-2026-46230 high 7.1 7.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg.
CVE-2026-46227 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL The SCTP_SENDALL path in sctp_sendmsg() iterates ep->as…
CVE-2026-46218 high 7.1 7.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value The uvd/vce/vcn code accesses the IB at predefined offsets without checking…
CVE-2026-46215 high 7.8 7.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl b…
CVE-2026-46212 high 8.8 8.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadv_bla_del_backbone_claims() removes all claims for a backb…
CVE-2026-46210 high 7.8 7.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt_src during MBPF check During concurrency testing, multiple instances can run in parallel, …
CVE-2026-46209 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-s…
CVE-2026-46208 high 7.8 7.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink re…
CVE-2026-46206 high 7.8 7.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tp_meter sessions during teardown Prevent tp_meter from starting new sender or receiver sessions after mes…
CVE-2026-46205 high 7.8 7.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume …
CVE-2026-46204 high 7.1 7.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing IB Rewrite the IB parsing to use amdgpu_ib_get_value() which handles the bounds c…
CVE-2026-46201 high 7.8 7.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() When xe_dma_buf_init_obj() fails, the attachment from dma_buf_dynami…
CVE-2026-46199 high 7.1 7.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg.
CVE-2026-46198 high 8.8 8.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buff_pos Fixing an integer overflow present in batadv_iv_ogm_send_to_if. The size check is do…
CVE-2026-46197 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds b…
CVE-2026-46190 high 7.1 7.1 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() Sashiko noticed an out-of-bounds read [1]. In spi_nor_par…
CVE-2026-46181 high 7.8 7.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees th…
CVE-2026-46178 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() Sashiko points out that mlx4_srq_alloc() was not undone during erro…
CVE-2026-46177 high 7.5 7.5 FIX debian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: ipmi: Add limits to event and receive message requests The driver would just fetch events and receive messages until the BMC said…
CVE-2026-46176 high 7.8 7.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. Wh…
CVE-2026-46175 high 7.1 7.1 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrat…
CVE-2026-46174 high 8.8 8.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in t…
CVE-2026-46173 high 7.8 7.8 FIX debian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_…
CVE-2026-46166 high 8.8 8.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211_dfs_cac_cancel can cause the iterated chanctx …
CVE-2026-46164 high 7.0 7.0 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info_sub_group() error path When kobject_init_and_add() fails, the call chain is: create_…
CVE-2026-46157 high 7.8 7.8 FIX debian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrent…
CVE-2026-46154 high 7.0 7.0 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters scx_group_set_{weight,idle,bandwidth}() cache scx_root befo…
CVE-2026-46152 high 8.8 8.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but …
CVE-2026-46150 high 7.1 7.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotify_get_mark_safe() may return false for a mark on an unrelated group, whi…
CVE-2026-46149 high 7.1 7.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() target_tg_pt_gp_members_show() formats LUN paths with …
CVE-2026-46145 high 7.8 7.8 FIX debian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to …
CVE-2026-46138 high 8.1 8.1 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt hci_le_create_big_complete_evt() iterates …
CVE-2026-46133 high 7.5 7.5 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 ("RDMA/rxe: Validate pad and ICRC…
CVE-2026-46129 high 7.8 7.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info…
CVE-2026-46125 high 8.8 8.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface i…
CVE-2026-46124 high 7.5 7.5 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofs_export_iget isofs_fh_to_dentry() and isofs_fh_to_parent() pass an atta…
CVE-2026-46123 high 7.7 7.7 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtio_bt: clamp rx length before skb_put virtbt_rx_work() calls skb_put(skb, len) where len comes directly from virtq…
CVE-2026-46120 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: ip6_gre: Use cached t->net in ip6erspan_changelink(). After commit 5e72ce3e3980 ("net: ipv6: Use link netns in newlink() of rtnl_…
CVE-2026-46117 high 7.8 7.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing …
CVE-2026-46116 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete KASAN reproduces a slab-use-after-free in __xfrm_state_delete()'…
CVE-2026-46114 high 7.5 7.5 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads atomic_write_reply() at drivers/infiniband/sw/rxe/rxe_resp.c unconditionally de…
CVE-2026-46113 high 8.8 8.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp->g…
CVE-2026-46112 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_remove() requires the caller to hold lock…
CVE-2026-46111 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in create_big_sync Add hci_conn_valid() check in create_big_sync() to detect stale connect…
CVE-2026-46110 high 7.5 7.5 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU a…
CVE-2026-46107 high 7.8 7.8 FIX debian debianwindows windows sles 8d ago In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalance_children. If the internal btree node …
CVE-2026-46105 high 7.8 7.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capabilit…
CVE-2026-9804 high 7.7 7.7 sleswindows windows 8d ago A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing …
CVE-2026-6226 high 8.8 8.8 8d ago The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling th…
CVE-2026-9227 high 8.8 8.8 8d ago The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a …
CVE-2026-7862 high 8.6 8.6 8d ago The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any Wo…
CVE-2026-7797 high 7.5 7.5 8d ago The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append_where_sql' parameter in all version…
CVE-2026-7634 high 7.2 7.2 8d ago The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitizatio…
CVE-2026-7052 high 7.2 7.2 8d ago The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file_upload' parameter in all versions up to, and including, 2.…
CVE-2026-6455 high 8.1 8.1 8d ago The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and i…
CVE-2026-44604 high 7.0 7.0 debian debian 8d ago A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts t…
CVE-2026-9009 high 8.8 8.8 8d ago The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due t…
CVE-2026-9795 high 7.3 7.3 redhat 8d ago A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, in…
CVE-2026-9793 high 7.5 7.5 redhat 8d ago A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing …
CVE-2026-7802 high 8.8 8.8 8d ago The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user …
CVE-2026-32995 high 7.5 7.5 8d ago The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it dir…
CVE-2026-2374 high 7.2 7.2 8d ago The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `$_SERVER['PHP_SELF']` superglobal in all versions up to, and including, 1.8.0. This is due to…
CVE-2026-8915 high 8.8 8.8 samsung 8d ago Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
CVE-2026-34079 high 8.0 FIX debian debian sles rhel 8d ago Important: flatpak security update
CVE-2026-34078 high 8.0 FIX debian debian sles rhel 8d ago Important: flatpak security update
CVE-2026-23392 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from…
CVE-2025-71089 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a f…
CVE-2025-68366 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK:…
CVE-2025-68347 high 8.0 FIX slesdebian debianalmalinux almalinux 8d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write mor…
CVE-2025-68183 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA …
CVE-2025-38653 high 8.0 FIX rhel slesdebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may ca…
CVE-2026-45725 high 8.0 8d ago compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal
CVE-2026-47717 high 8.0 8d ago FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
CVE-2026-47243 high 8.0 8d ago Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
CVE-2026-45704 high 8.0 8d ago Pimcore has a CustomReports Share Bypass
CVE-2026-46414 high 8.8 8.8 8d ago Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fie…
CVE-2026-46402 high 8.1 8.1 8d ago Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing se…
CVE-2026-45322 high 7.8 7.8 8d ago Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in …
CVE-2026-45332 high 7.5 7.5 8d ago Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcr…
CVE-2026-47269 high 7.4 7.4 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request o…
CVE-2026-44713 high 8.8 8.8 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so…
CVE-2026-44712 high 8.2 8.2 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is…