VIR Vulnerability Intelligence Relay

Search

Found 58,011 results in 3114ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45027 medium 5.9 5.9 8d ago WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith…
CVE-2026-44475 medium 6.1 6.1 8d ago Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored va…
CVE-2026-44474 low 3.7 3.7 8d ago Ella Core has handover failures during concurrent Security Mode Command
CVE-2026-49054 medium 4.3 4.3 8d ago Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2.
CVE-2026-44353 medium 6.5 6.5 FIX debian debian streamlink 8d ago Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries an…
CVE-2026-44839 medium 4.8 4.8 FIX slesdebian debianwindows windows broadcom 8d ago RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.
CVE-2026-48545 medium 6.8 6.8 gradio_project 8d ago Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across…
CVE-2026-45570 critical 9.6 9.6 FIX debian debianwindows windows go-git_project 8d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in …
CVE-2026-49053 medium 5.3 5.3 8d ago Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon…
CVE-2026-45571 medium 5.4 5.4 FIX debian debianwindows windows go-git_project 8d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside…
CVE-2026-49052 medium 4.3 4.3 8d ago Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon…
CVE-2026-49051 medium 4.3 4.3 8d ago Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: …
CVE-2026-49047 medium 4.3 4.3 8d ago Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27.
CVE-2026-49044 medium 6.5 6.5 8d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Ad…
CVE-2026-49045 medium 4.3 4.3 8d ago Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11.
CVE-2026-44972 medium 5.0 5.0 8d ago GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read…
CVE-2026-49059 medium 4.7 4.7 8d ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
CVE-2026-49102 medium 6.1 6.1 8d ago Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).
CVE-2026-48973 medium 4.3 4.3 8d ago Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14.
CVE-2026-47119 medium 6.1 6.1 8d ago Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the im…
CVE-2026-6957 medium 4.9 4.9 mattermost 8d ago Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federat…
CVE-2026-47118 medium 6.5 6.5 8d ago Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, whi…
CVE-2026-1248 medium 4.3 4.3 ibm 8d ago IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
CVE-2026-9674 medium 4.3 4.3 jenkins 8d ago A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.
CVE-2026-48927 medium 5.5 5.5 jenkins 8d ago Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
CVE-2026-48926 medium 4.3 4.3 jenkins 8d ago Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of cred…
CVE-2026-48925 medium 4.3 4.3 kostyasha 8d ago A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request.
CVE-2026-48924 medium 4.3 4.3 jenkins 8d ago Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CVE-2026-48923 medium 4.3 4.3 jenkins 8d ago Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe…
CVE-2026-48919 medium 6.6 6.6 jenkins 8d ago Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48918 medium 6.6 6.6 jenkins 8d ago Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
CVE-2026-48917 medium 6.6 6.6 jenkins 8d ago Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48916 medium 6.6 6.6 jenkins 8d ago Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
CVE-2026-7876 critical 9.1 9.1 ibm 8d ago IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
CVE-2024-40684 medium 5.9 5.9 8d ago IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log…
CVE-2024-28765 medium 5.3 5.3 ibm 8d ago IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message …
CVE-2026-9035 medium 6.5 6.5 8d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-23679 medium 6.2 6.2 FIX sleswindows windowsdebian debian libusb 8d ago libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla…
CVE-2026-8405 medium 6.5 6.5 ibm 8d ago IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.
CVE-2026-47104 medium 5.5 5.5 FIX sleswindows windowsdebian debian libusb 8d ago libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed US…
CVE-2026-8175 critical 9.8 9.8 8d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-7524 critical 9.8 9.8 langflow 8d ago IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
CVE-2026-7254 medium 5.3 5.3 8d ago IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
CVE-2026-6936 medium 6.5 6.5 ibm 8d ago IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th…
CVE-2026-6053 medium 5.5 5.5 linux-kernel ibm 8d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
CVE-2026-5516 medium 4.4 4.4 ibm 8d ago IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting …
CVE-2026-5515 medium 5.5 5.5 ibm 8d ago IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2026-46043 critical 9.1 9.1 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at l…
CVE-2026-46039 critical 9.8 9.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the len…
CVE-2026-45988 critical 9.8 9.8 FIX debian debian sleswindows windows 8d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a …
CVE-2026-3676 medium 6.5 6.5 ibm 8d ago IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of se…
CVE-2026-1933 medium 6.5 6.5 FIX slesdebian debian rhel redhatsamba 8d ago A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem wri…
CVE-2026-42791 low 3.7 3.7 FIX slesdebian debian erlang 8d ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP re…
CVE-2026-2607 medium 5.1 5.1 8d ago IBM MQ Operator SC2: v3.2.0 through 3.2.23CD:  v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied M…
CVE-2026-45972 critical 9.8 9.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open()…
CVE-2026-45898 critical 9.8 9.8 FIX debian debian sles 8d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplify cm_event_handler()") chan…
CVE-2026-2340 medium 6.5 6.5 FIX slesdebian debian rhel redhatsamba 8d ago A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to i…
CVE-2026-48971 medium 4.3 4.3 8d ago Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Expo…
CVE-2026-9689 medium 4.2 4.2 redhat 8d ago A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote at…
CVE-2026-42761 critical 9.3 9.3 8d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B…
CVE-2026-42758 critical 9.8 9.8 8d ago Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
CVE-2026-42757 critical 9.9 9.9 8d ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects Webi…
CVE-2026-42756 critical 9.9 9.9 8d ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP &#8211; Compress / Optimize Images &amp; Convert WebP | SEO Friendly quickwebp all…
CVE-2026-42755 critical 9.3 9.3 8d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: …
CVE-2026-42751 medium 6.5 6.5 8d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: f…
CVE-2026-42750 medium 6.5 6.5 8d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <…
CVE-2026-42748 critical 9.9 9.9 8d ago Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.…
CVE-2026-42747 critical 9.3 9.3 8d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects …
CVE-2026-42744 medium 6.5 6.5 8d ago Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a …
CVE-2026-42740 critical 9.3 9.3 8d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throu…
CVE-2026-42732 medium 6.5 6.5 8d ago Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a thr…
CVE-2026-42725 medium 6.5 6.5 8d ago Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Contr…
CVE-2026-42727 critical 9.3 9.3 8d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B…
CVE-2026-42726 medium 6.5 6.5 8d ago Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …
CVE-2026-42731 critical 9.8 9.8 8d ago Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a…
CVE-2026-2288 medium 4.8 4.8 8d ago The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_title' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and o…
CVE-2026-3349 medium 6.1 6.1 8d ago The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insuffic…
CVE-2026-3348 medium 4.4 4.4 8d ago The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings (Description, Title, and other fields) in all versions up to, and including, 3.6.…
CVE-2026-2280 medium 4.8 4.8 8d ago The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output esca…
CVE-2025-0898 medium 6.5 6.5 8d ago The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authentica…
CVE-2026-48968 medium 6.5 6.5 8d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.…
CVE-2026-48877 medium 6.5 6.5 8d ago Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0.
CVE-2026-2237 medium 6.2 6.2 synology 8d ago A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive inf…
CVE-2025-66593 medium 5.6 5.6 synology 8d ago An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
CVE-2025-66592 medium 5.6 5.6 synology 8d ago An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-servi…
CVE-2025-13593 medium 5.6 5.6 synology 8d ago Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during instal…
CVE-2025-12686 critical 9.8 9.8 8d ago Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via …
CVE-2025-13392 critical 9.8 9.8 8d ago Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta…
CVE-2025-13167 medium 5.4 5.4 synology 8d ago Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users …
CVE-2025-10466 medium 5.9 5.9 synology 8d ago Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with admi…
CVE-2024-47272 low 2.7 2.7 synology 8d ago Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to …
CVE-2024-47271 medium 4.9 4.9 synology 8d ago Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privi…
CVE-2024-47270 low 2.7 2.7 synology 8d ago Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra…
CVE-2024-47269 medium 4.9 4.9 synology 8d ago Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with adm…
CVE-2024-47268 medium 4.9 4.9 synology 8d ago Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtai…
CVE-2024-47267 low 2.7 2.7 synology 8d ago Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows …
CVE-2024-11399 medium 6.8 6.8 synology 8d ago Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks…
CVE-2026-49002 critical 9.1 9.1 8d ago Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and mo…
CVE-2026-40849 medium 6.5 6.5 8d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. …
CVE-2026-40848 medium 6.5 6.5 8d ago An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can resul…