VIR Vulnerability Intelligence Relay

Search

Found 24,841 results in 893ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46628 low 2.5 FIX debian debian 16d ago Twig: The `spaceless` filter implicitly marks its output as safe
CVE-2026-46627 unknown FIX debian debian 16d ago Sandbox does not protect against resource exhaustion
CVE-2026-46626 unknown FIX debian debian 16d ago CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
CVE-2026-45756 unknown FIX debian debian 16d ago Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
CVE-2026-45755 unknown FIX debian debian 16d ago Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
CVE-2026-45754 unknown FIX debian debian 16d ago Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
CVE-2026-45753 unknown FIX debian debian 16d ago Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
CVE-2026-45305 low 2.5 FIX debian debian 16d ago Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
CVE-2026-45304 low 2.5 FIX debian debian 16d ago Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
CVE-2026-45133 low 2.5 FIX debian debian 16d ago Symfony hardened the parser when handling untrusted input
CVE-2026-45072 low 2.5 FIX debian debian 16d ago Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering
CVE-2026-45071 low 2.5 FIX debian debian 16d ago Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
CVE-2026-45232 low 3.7 3.7 FIX slesdebian debianwindows windows samba 16d ago Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor…
CVE-2026-8492 low 2.7 2.7 gtranslate 16d ago The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script …
CVE-2026-8491 low 3.7 3.7 adcisolutions 16d ago Node view permissions module enables permissions "View own content" and "View any content" for each content type on permissions page The module doesn't sufficiently handle the case where a user is …
CVE-2026-46342 low 2.5 16d ago Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
CVE-2026-48019 unknown debian debian 16d ago Laravel CRLF injection in default email rule
CVE-2026-5511 low 2.7 2.7 tp-link 16d ago In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.  …
CVE-2026-45739 low 3.1 3.1 16d ago Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser U…
CVE-2025-14575 unknown sleswindows windows 16d ago An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste…
CVE-2026-7860 unknown 16d ago Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability
CVE-2026-43492 unknown FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() …
CVE-2026-43491 unknown FIX slesdebian debianwindows windows 16d ago In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added …
CVE-2026-8726 unknown 16d ago SQL Injection in extension "News system" (news)
CVE-2026-33565 low 3.3 3.3 17d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28751 low 3.3 3.3 17d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-27781 low 3.3 3.3 17d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-25110 low 3.3 3.3 17d ago in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-39373 low 2.5 FIX rhel slesdebian debian 17d ago Low: python-jwcrypto security update
CVE-2026-0968 low 3.1 3.1 FIX rheldebian debian sles libssh 17d ago Moderate: libssh security update
CVE-2026-0965 low 3.3 3.3 FIX rheldebian debian sles libssh 17d ago Moderate: libssh security update
CVE-2025-9615 low 3.3 3.3 FIX rhel slesdebian debian 17d ago Low: NetworkManager security update
CVE-2025-8277 low 3.1 3.1 FIX rheldebian debian sles 17d ago Moderate: libssh security update
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 17d ago Moderate: libssh security update
CVE-2026-47091 low 3.3 3.3 jarrodwatts 17d ago Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin…
CVE-2026-45683 low 3.8 3.8 sles opentelemetry 17d ago OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_pr…
CVE-2026-45829 unknown 17d ago ChromaDB Python project has a pre-authentication code injection vulnerability
CVE-2026-2728 low 2.5 17d ago LibreNMS: Cross-Site Scripting in ShowConfigController
CVE-2026-46724 unknown 17d ago TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)
CVE-2026-46722 unknown 17d ago TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search)
CVE-2026-8803 low 3.7 3.7 17d ago A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation cau…
CVE-2026-4643 low 3.5 3.5 18d ago Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server …
CVE-2026-6334 low 3.8 3.8 mattermost 18d ago Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow
CVE-2026-8770 low 3.3 3.3 continue 18d ago A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat…
CVE-2026-8741 low 3.1 3.1 emqx 19d ago A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manip…
CVE-2026-45316 low 3.5 3.5 openwebui 20d ago Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
CVE-2026-45803 low 3.5 3.5 debian debian sleswindows windows github 20d ago `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
CVE-2026-41963 low 2.8 2.8 21d ago Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41962 low 3.6 3.6 21d ago Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-54518 unknown slesdebian debianwindows windows google 21d ago <p>This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.</p> <p>…
CVE-2026-45781 low 3.5 3.5 21d ago MCP Registry: OCI validator skips ownership check on upstream rate limits
CVE-2026-8579 low 3.1 3.1 FIX debian debianwindows windows google 21d ago Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write…
CVE-2026-8578 low 3.1 3.1 FIX debian debian linux-kernelwindows windows google 21d ago Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro…
CVE-2026-8572 low 3.1 3.1 FIX debian debianwindows windows google 21d ago Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
CVE-2026-8568 low 3.1 3.1 FIX debian debianwindows windows google 21d ago Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Ch…
CVE-2026-8556 low 3.1 3.1 FIX debian debianwindows windows google 21d ago Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…
CVE-2026-8554 low 3.1 3.1 FIX debian debianwindows windows google 21d ago Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted H…
CVE-2026-8553 low 3.1 3.1 FIX debian debianwindows windows google 21d ago Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch…
CVE-2026-8545 low 3.1 3.1 FIX debian debianmacos macos linux-kernel google 21d ago Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi…
CVE-2026-8536 low 3.1 3.1 FIX debian debianmacos macoswindows windows google 21d ago Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation v…
CVE-2026-44638 low 2.5 2.5 FIX debian debian sles saitoha 21d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointe…
CVE-2026-44589 low 3.7 3.7 21d ago nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)
CVE-2026-44970 low 2.5 21d ago dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction
CVE-2026-44969 low 2.5 21d ago dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled
CVE-2026-6923 low 3.8 3.8 21d ago A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.
CVE-2026-44348 low 2.5 2.5 FIX debian debian sles 21d ago PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…
CVE-2025-62317 low 2.6 2.6 21d ago HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary syst…
CVE-2025-62316 low 2.3 2.3 21d ago HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based securi…
CVE-2025-62312 low 3.0 3.0 21d ago HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse,…
CVE-2025-62309 low 2.6 2.6 21d ago HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to…
CVE-2026-45076 low 2.7 2.7 FIX debian debian element 21d ago Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h…
CVE-2026-8295 unknown windows windows 22d ago An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on p…
CVE-2026-7471 low 3.5 3.5 gitlab 22d ago GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control o…
CVE-2026-2900 low 2.7 2.7 gitlab 22d ago GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention w…
CVE-2026-8328 unknown slesdebian debianwindows windows 22d ago The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpee…
CVE-2026-33585 low 3.8 3.8 22d ago Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.…
CVE-2026-44582 low 3.7 3.7 vercel 22d ago Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
CVE-2026-44459 low 3.8 3.8 hono 22d ago Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
CVE-2026-43489 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av…
CVE-2026-43488 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA…
CVE-2026-43487 unknown FIX slesdebian debian google 22d ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau…
CVE-2026-43486 unknown FIX slesdebian debian google 22d ago In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep…
CVE-2026-43485 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j…
CVE-2026-43484 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre…
CVE-2026-43483 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d…
CVE-2026-43482 unknown FIX slesdebian debian google 22d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which …
CVE-2026-43480 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r…
CVE-2026-43479 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.…
CVE-2026-43478 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put…
CVE-2026-43477 unknown FIX slesdebian debian 22d ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_V…
CVE-2026-44242 low 3.7 3.7 23d ago Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
CVE-2026-44220 low 3.2 3.2 23d ago ciguard: discover_pipeline_files follows symlinks out of scan root
CVE-2026-44219 low 3.7 3.7 23d ago ciguard: SCA HTTP client reads response body without size cap
CVE-2026-44218 low 3.0 3.0 23d ago ciguard: Container image runs as root (no USER directive)
CVE-2026-34685 low 3.4 3.4 adobe 23d ago Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec…
CVE-2026-20793 low 3.3 3.3 intel 23d ago Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an a…
CVE-2026-43514 low 3.7 3.7 FIX slesdebian debian apache 23d ago Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M…
CVE-2026-32684 low 2.9 2.9 24d ago The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
CVE-2026-41530 low 3.3 3.3 24d ago The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe…
CVE-2026-40131 low 3.4 3.4 24d ago SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi…