VIR Vulnerability Intelligence Relay

Search

Found 24,810 results in 845ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45865 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "…
CVE-2026-45864 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range [valid : pos), if…
CVE-2026-45863 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() The dw_i3c_master_i2c_xfers() function allocates memory for the xfer struct…
CVE-2026-45858 unknown FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1 When allocating initialized blocks from a large unwritten exte…
CVE-2026-45857 unknown FIX slesdebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn vi…
CVE-2026-45855 unknown FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, ata_sc…
CVE-2026-45854 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which cr…
CVE-2026-45853 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() amdgpu_discovery_get_nps_info() internally allocates me…
CVE-2026-45851 unknown FIX debian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserve_unaccepted() function incorrectly calculates the size of the memblock…
CVE-2026-45850 unknown FIX debian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers befo…
CVE-2026-45849 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and oce…
CVE-2026-45848 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aa_sock_file_perm Deal with the potential that sock and sock-sk can be NULL during socket setup or tea…
CVE-2026-45847 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: net: remove WARN_ON_ONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances o…
CVE-2025-71309 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni_read_folio_cmpr Syzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr). This is ca…
CVE-2025-71308 unknown FIX slesdebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie_destroy_context() is invoked during error handling i…
CVE-2025-71307 unknown FIX slesdebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures durin…
CVE-2025-71306 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec() KASAN reported a stack-out-of-bounds access in ima_appraise_measurement …
CVE-2025-71305 unknown FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: drm/display/dp_mst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong…
CVE-2025-71304 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disab…
CVE-2025-71303 unknown FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that …
CVE-2026-45846 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunn…
CVE-2026-45845 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft…
CVE-2026-45844 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arp_packet_match() unconditionally parses the ARP pay…
CVE-2026-45842 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc_init() accepts rslots == 0 as a valid configuration, with …
CVE-2026-45841 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO nf_osf_match_one() computes ctx->window % f->wss.val in the OSF_WS…
CVE-2026-45840 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with …
CVE-2026-45839 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() CO-RE accessor strings are colon-separated indices that desc…
CVE-2026-45838 unknown FIX slesdebian debianwindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_get_next_key() list_next_entry() never returns NULL -- when the current element …
CVE-2026-45837 unknown FIX slesdebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close on fork arena_vm_open() only bumps vml->mmap_count but never registers the child VMA in…
CVE-2024-47272 low 2.7 2.7 synology 8d ago Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to …
CVE-2024-47270 low 2.7 2.7 synology 8d ago Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra…
CVE-2024-47267 low 2.7 2.7 synology 8d ago Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows …
CVE-2026-49017 unknown FIX debian debian 8d ago In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu…
CVE-2026-9608 low 2.4 2.4 9d ago A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can le…
CVE-2026-49009 low 3.1 3.1 9d ago Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
CVE-2026-33552 low 3.7 3.7 9d ago Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
CVE-2025-68711 low 2.4 2.4 9d ago AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…
CVE-2025-68708 low 2.4 2.4 9d ago SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's …
CVE-2025-68710 low 2.4 2.4 9d ago Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay …
CVE-2026-35202 low 2.5 9d ago Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocat…
CVE-2026-9572 low 3.3 3.3 debian debian gpac 9d ago A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t…
CVE-2026-9567 low 3.3 3.3 debian debian 9d ago A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointe…
CVE-2026-42448 low 3.5 3.5 9d ago Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed
CVE-2026-9564 low 2.4 2.4 9d ago A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Perf…
CVE-2026-47715 low 3.1 3.1 9d ago Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requir…
CVE-2026-45836 unknown FIX slesdebian debianwindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb() Add the same NULL guard already present in l2cap_sock_resume…
CVE-2026-45835 unknown FIX slesdebian debianwindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() Add the same NULL guard already present in l2cap_sock_resu…
CVE-2026-45834 unknown FIX slesdebian debianwindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Add the same NULL guard already present in l2cap_sock_resume…
CVE-2026-47716 low 3.1 3.1 9d ago Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the …
CVE-2026-44410 low 3.8 3.8 9d ago This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma…
CVE-2026-48784 unknown FIX debian debian 9d ago CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
CVE-2026-48761 unknown FIX debian debian 9d ago CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content
CVE-2026-48760 unknown FIX debian debian 9d ago CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense
CVE-2026-48747 unknown FIX debian debian 9d ago CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade
CVE-2026-48736 unknown FIX debian debian 9d ago CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
CVE-2026-48489 unknown FIX debian debian 9d ago CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes
CVE-2026-46644 unknown FIX debian debian 9d ago symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form
CVE-2026-9530 low 3.3 3.3 9d ago A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani…
CVE-2026-9529 low 3.3 3.3 9d ago A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulati…
CVE-2026-9504 low 3.3 3.3 10d ago A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou…
CVE-2026-9503 low 3.3 3.3 10d ago A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null …
CVE-2026-9501 low 3.3 3.3 10d ago A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipul…
CVE-2026-48852 low 3.7 3.7 FIX debian debian putty 10d ago PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
CVE-2026-48851 low 3.1 3.1 FIX debian debian putty 10d ago PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
CVE-2026-9485 low 3.5 3.5 10d ago A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument …
CVE-2026-48847 low 3.7 3.7 FIX debian debian 10d ago Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
CVE-2026-9471 low 3.5 3.5 10d ago A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation…
CVE-2026-9414 low 3.5 3.5 10d ago A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice …
CVE-2026-48832 low 3.5 3.5 FIX debian debian 11d ago action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
CVE-2026-9398 low 3.1 3.1 11d ago A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass b…
CVE-2026-9396 low 3.7 3.7 11d ago A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulat…
CVE-2026-48831 unknown debian debian 11d ago Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to b…
CVE-2026-9395 low 3.5 3.5 11d ago A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentia…
CVE-2026-9394 low 3.1 3.1 11d ago A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to w…
CVE-2026-9377 low 2.4 2.4 11d ago A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName …
CVE-2026-9373 low 3.7 3.7 11d ago A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authent…
CVE-2026-9370 low 3.7 3.7 11d ago A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/…
CVE-2026-9357 low 3.5 3.5 11d ago A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack r…
CVE-2026-9306 low 3.7 3.7 12d ago A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjou…
CVE-2026-39824 low 3.3 3.3 FIX debian debianwindows windows 13d ago NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated strin…
CVE-2026-39967 low 3.1 3.1 13d ago TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user a…
CVE-2026-9249 low 3.1 3.1 devolutions 13d ago Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : * D…
CVE-2026-9248 low 2.6 2.6 devolutions 13d ago Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault …
CVE-2026-9247 low 2.4 2.4 devolutions 13d ago Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to admi…
CVE-2026-8477 low 2.7 2.7 devolutions 13d ago Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensit…
CVE-2026-8997 unknown FIX debian debian 13d ago vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length …
CVE-2026-46554 low 2.5 14d ago NocoDB: Stale Auth Cache After API Token Deletion
CVE-2026-46553 low 2.5 14d ago NocoDB: Attachment Size Limit Bypass via Upload-by-URL
CVE-2026-46549 low 2.5 14d ago NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
CVE-2026-46668 low 2.5 14d ago SpiceDB: Caveat structures with nested lists can result in improper cache reuse
CVE-2026-46497 low 2.5 14d ago Crawlee for Python: SSRF via sitemap-derived URLs
CVE-2026-43496 unknown FIX slesdebian debianwindows windows 14d ago In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children (eg qfq qdisc) who…
CVE-2026-7837 low 3.7 3.7 FIX slesdebian debian 14d ago A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited da…
CVE-2026-44075 low 3.7 3.7 FIX slesdebian debian 14d ago A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session op…
CVE-2026-44074 low 3.7 3.7 FIX slesdebian debian 14d ago Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker…
CVE-2026-44071 low 3.7 3.7 FIX slesdebian debian 14d ago Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of servic…
CVE-2026-44057 low 3.1 3.1 FIX slesdebian debian 14d ago A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen…
CVE-2026-7836 low 3.1 3.1 FIX slesdebian debian 14d ago An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification v…
CVE-2026-7835 low 3.1 3.1 FIX slesdebian debian 14d ago A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro…
CVE-2026-44072 low 3.0 3.0 FIX slesdebian debian 14d ago Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor …