VIR Vulnerability Intelligence Relay

Search

Found 41,187 results in 3150ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46119 critical 9.1 9.1 FIX debian debianwindows windows sles 7d ago In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a (potentially corrupted) message of type CEPH_MSG_AUTH_REPL…
CVE-2026-46117 high 7.8 7.8 FIX debian debian sles 7d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing …
CVE-2026-46116 high 7.8 7.8 FIX debian debianwindows windows sles 7d ago In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete KASAN reproduces a slab-use-after-free in __xfrm_state_delete()'…
CVE-2026-46115 critical 9.8 9.8 FIX debian debian sleswindows windows 7d ago In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovec_phys_mergeable biovec_phys_mergeable() is used by the request merge, DMA mapping, and integrity …
CVE-2026-46114 high 7.5 7.5 FIX debian debian sleswindows windows 7d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads atomic_write_reply() at drivers/infiniband/sw/rxe/rxe_resp.c unconditionally de…
CVE-2026-46113 high 8.8 8.8 FIX debian debian sleswindows windows 7d ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp->g…
CVE-2026-46112 high 7.8 7.8 FIX debian debianwindows windows sles 7d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_remove() requires the caller to hold lock…
CVE-2026-46111 high 7.8 7.8 FIX debian debianwindows windows sles 7d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in create_big_sync Add hci_conn_valid() check in create_big_sync() to detect stale connect…
CVE-2026-46110 high 7.5 7.5 FIX debian debian sleswindows windows 7d ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU a…
CVE-2026-46107 high 7.8 7.8 FIX debian debianwindows windows sles 7d ago In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalance_children. If the internal btree node …
CVE-2026-46105 high 7.8 7.8 FIX debian debian sles 7d ago In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capabilit…
CVE-2026-9804 high 7.7 7.7 sleswindows windows 7d ago A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing …
CVE-2026-6226 high 8.8 8.8 7d ago The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling th…
CVE-2026-4408 critical 9.0 9.0 FIX slesdebian debian rhel 7d ago Important: samba security update
CVE-2026-9227 high 8.8 8.8 8d ago The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a …
CVE-2026-7862 high 8.6 8.6 8d ago The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any Wo…
CVE-2026-7797 high 7.5 7.5 8d ago The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append_where_sql' parameter in all version…
CVE-2026-7634 high 7.2 7.2 8d ago The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitizatio…
CVE-2026-7052 high 7.2 7.2 8d ago The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file_upload' parameter in all versions up to, and including, 2.…
CVE-2026-6455 high 8.1 8.1 8d ago The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and i…
CVE-2026-44604 high 7.0 7.0 debian debian 8d ago A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts t…
CVE-2026-9009 high 8.8 8.8 8d ago The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due t…
CVE-2026-9795 high 7.3 7.3 redhat 8d ago A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, in…
CVE-2026-9793 high 7.5 7.5 redhat 8d ago A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing …
CVE-2026-7802 high 8.8 8.8 8d ago The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user …
CVE-2026-32999 critical 9.0 9.0 8d ago Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the aff…
CVE-2026-32995 high 7.5 7.5 8d ago The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it dir…
CVE-2026-2374 high 7.2 7.2 8d ago The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `$_SERVER['PHP_SELF']` superglobal in all versions up to, and including, 1.8.0. This is due to…
CVE-2026-8915 high 8.8 8.8 samsung 8d ago Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
CVE-2026-34079 high 8.0 FIX debian debian sles rhel 8d ago Important: flatpak security update
CVE-2026-34078 high 8.0 FIX debian debian sles rhel 8d ago Important: flatpak security update
CVE-2026-23392 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from…
CVE-2025-71089 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a f…
CVE-2025-68366 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK:…
CVE-2025-68347 high 8.0 FIX slesdebian debianalmalinux almalinux 8d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write mor…
CVE-2025-68183 high 8.0 FIX sles rheldebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA …
CVE-2025-38653 high 8.0 FIX rhel slesdebian debian 8d ago In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may ca…
CVE-2026-45725 high 8.0 8d ago compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal
CVE-2026-47717 high 8.0 8d ago FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
CVE-2026-47243 high 8.0 8d ago Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
CVE-2026-46621 critical 9.5 8d ago Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
CVE-2026-46562 critical 9.5 8d ago Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
CVE-2026-45704 high 8.0 8d ago Pimcore has a CustomReports Share Bypass
CVE-2026-46414 high 8.8 8.8 8d ago Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fie…
CVE-2026-46402 high 8.1 8.1 8d ago Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing se…
CVE-2026-45322 high 7.8 7.8 8d ago Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in …
CVE-2026-45332 high 7.5 7.5 8d ago Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcr…
CVE-2026-47269 high 7.4 7.4 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request o…
CVE-2026-44713 high 8.8 8.8 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so…
CVE-2026-44712 high 8.2 8.2 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is…
CVE-2026-44711 high 7.9 7.9 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption…
CVE-2026-44709 high 7.8 7.8 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly withou…
CVE-2026-9208 high 8.8 8.8 8d ago Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-8364 critical 9.8 9.8 8d ago Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo,…
CVE-2026-8363 critical 9.8 9.8 8d ago A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
CVE-2026-8362 critical 9.8 9.8 8d ago A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome
CVE-2026-8361 high 7.5 7.5 8d ago A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
CVE-2026-8360 high 7.5 7.5 8d ago Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into th…
CVE-2026-8359 high 7.5 7.5 8d ago When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would b…
CVE-2026-48064 high 8.1 8.1 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display manage…
CVE-2026-47272 high 7.1 7.1 8d ago pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() function in src/pad.c only verified that the user-side pad (~/.pamusb/device.…
CVE-2026-44590 critical 9.3 9.3 8d ago Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pul…
CVE-2026-44982 high 8.0 8d ago CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
CVE-2026-44726 high 8.0 8d ago Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
CVE-2026-25879 critical 9.8 9.8 8d ago Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When…
CVE-2026-44887 critical 9.8 9.8 8d ago Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. S…
CVE-2026-44888 critical 9.8 9.8 8d ago Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly…
CVE-2026-45108 high 8.4 8.4 sles 8d ago Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Autho…
CVE-2026-45102 critical 9.9 9.9 8d ago OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be esc…
CVE-2026-45104 high 7.5 7.5 FIX debian debian osgeo 8d ago MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFil…
CVE-2026-42197 high 8.7 8.7 8d ago RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execut…
CVE-2026-45618 critical 9.5 8d ago LiquidJS is Vulnerable to Remote Code Execution
CVE-2026-44635 high 7.5 7.5 8d ago Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlle…
CVE-2026-45617 high 8.0 8d ago LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
CVE-2026-4868 high 8.2 8.2 gitlab 8d ago GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authent…
CVE-2026-45368 high 8.0 8d ago Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend
CVE-2026-45088 high 7.5 7.5 8d ago Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`
CVE-2026-45087 critical 10.0 10.0 8d ago Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by de…
CVE-2026-45357 high 8.0 8d ago LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
CVE-2026-45089 high 8.2 8.2 8d ago Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option
CVE-2026-45090 high 7.5 7.5 8d ago Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both wri…
CVE-2026-42553 high 8.0 8d ago Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien…
CVE-2026-5509 high 7.2 7.2 tp-link 8d ago An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interf…
CVE-2026-44346 high 8.8 8.8 bentoml 8d ago BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n…
CVE-2026-45260 high 8.0 8d ago Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
CVE-2026-45548 high 7.7 7.7 8d ago Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
CVE-2026-45715 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, …
CVE-2026-45716 high 8.8 8.8 8d ago Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration
CVE-2026-45717 high 8.8 8.8 8d ago Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter…
CVE-2026-46425 critical 9.9 9.9 8d ago Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise featu…
CVE-2026-46426 high 7.6 7.6 8d ago Budibase: Unrestricted Upload of File with Dangerous Type
CVE-2026-46427 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D…
CVE-2026-48146 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.…
CVE-2026-48149 high 8.1 8.1 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/…
CVE-2026-48150 critical 9.0 9.0 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-…
CVE-2026-48151 high 7.5 7.5 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for…
CVE-2026-45162 high 8.0 8d ago Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
CVE-2026-48152 high 8.1 8.1 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific owner…
CVE-2026-48153 high 8.5 8.5 8d ago Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check th…
CVE-2026-45061 high 7.7 7.7 8d ago Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A…