VIR Vulnerability Intelligence Relay

Search

Found 24,078 results in 3251ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44637 high 7.1 7.1 FIX debian debian sles saitoha 22d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-boun…
CVE-2026-44636 high 7.8 7.8 FIX debian debian sles saitoha 22d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…
CVE-2026-43909 high 8.8 8.8 debian debian openimageio 22d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
CVE-2026-43908 high 8.8 8.8 debian debian openimageio 22d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
CVE-2026-43907 high 8.3 8.3 debian debian openimageio 22d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGB…
CVE-2026-43906 high 7.8 7.8 debian debian openimageio 22d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the H…
CVE-2026-43905 high 7.8 7.8 debian debian openimageio 22d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer…
CVE-2026-43904 high 7.8 7.8 debian debian openimageio 22d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…
CVE-2026-43903 high 7.8 7.8 debian debian openimageio 22d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT…
CVE-2026-44973 high 8.1 8.1 debian debian 22d ago Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem…
CVE-2026-24712 high 7.3 7.3 debian debian northern.tech 22d ago Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
CVE-2026-6638 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 22d ago SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti…
CVE-2026-6637 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 22d ago Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if…
CVE-2026-6479 high 7.5 7.5 FIX slesdebian debianwindows windows postgresql 22d ago Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disable…
CVE-2026-6477 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 22d ago Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a cli…
CVE-2026-6476 high 7.2 7.2 FIX slesdebian debian postgresql 22d ago SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next r…
CVE-2026-6475 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 22d ago Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou…
CVE-2026-6473 high 8.8 8.8 FIX slesdebian debianwindows windows postgresql 22d ago Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code…
CVE-2026-46446 high 7.1 7.1 FIX debian debian 22d ago SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
CVE-2026-46445 high 7.1 7.1 FIX debian debian 22d ago SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-44471 high 7.8 7.8 FIX debian debian gitoxidelabs 23d ago gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int…
CVE-2026-8328 unknown slesdebian debianwindows windows 23d ago The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpee…
CVE-2026-42561 high 7.5 7.5 slesdebian debian 23d ago Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data…
CVE-2026-42304 high 7.5 7.5 FIX slesdebian debianwindows windows twisted 23d ago Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exha…
CVE-2026-8466 high 8.0 debian debianwindows windows 23d ago Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
CVE-2026-44248 high 7.5 7.5 slesdebian debian netty 23d ago Netty MQTT: Resource exhaustion in MqttDecoder
CVE-2026-43970 high 8.0 debian debianwindows windows 23d ago Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib…
CVE-2026-42587 high 7.5 7.5 slesdebian debian nettygoogle 23d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
CVE-2026-42586 high 7.1 7.1 slesdebian debian netty 23d ago Netty Redis Codec Encoder has a CRLF Injection Issue
CVE-2026-42585 high 7.5 7.5 slesdebian debian netty 23d ago Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
CVE-2026-42583 high 7.5 7.5 slesdebian debian netty 23d ago Netty Lz4FrameDecoder is vulnerable to resource exhaustion
CVE-2026-42582 high 7.5 7.5 slesdebian debian netty 23d ago Netty HTTP/3 QPACK literal unbounded allocation
CVE-2026-42578 high 7.5 7.5 slesdebian debian netty 23d ago Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
CVE-2026-42577 high 7.5 7.5 debian debian netty 23d ago Netty epoll transport denial of service via RST on half-closed TCP connection
CVE-2026-44432 high 7.5 7.5 FIX slesdebian debian python 23d ago urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) c…
CVE-2026-43489 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av…
CVE-2026-43488 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA…
CVE-2026-43487 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau…
CVE-2026-43486 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep…
CVE-2026-43485 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j…
CVE-2026-43484 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre…
CVE-2026-43483 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d…
CVE-2026-43482 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which …
CVE-2026-43481 high 7.8 7.8 FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() con…
CVE-2026-43480 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r…
CVE-2026-43479 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.…
CVE-2026-43478 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put…
CVE-2026-43477 unknown FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_V…
CVE-2026-43476 high 7.8 7.8 FIX slesdebian debian 23d ago In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) in…
CVE-2026-44724 high 7.8 7.8 FIX debian debian 23d ago Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
CVE-2026-6276 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 23d ago Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the seco…
CVE-2026-5773 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 23d ago libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avo…
CVE-2026-45793 high 8.0 FIX debian debian 23d ago Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
CVE-2026-40164 high 7.5 7.5 FIX rheldebian debian sles 24d ago Important: jq security update
CVE-2026-39979 high 8.0 FIX rheldebian debian sles 24d ago Important: jq security update
CVE-2026-44660 high 7.5 7.5 debian debian ultrajson_project 24d ago UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an excepti…
CVE-2026-44301 high 8.1 8.1 FIX debian debian gohugo 24d ago Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with…
CVE-2026-44296 high 7.5 7.5 FIX debian debian 24d ago Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). Whe…
CVE-2026-42268 high 7.5 7.5 FIX slesdebian debian owasp 24d ago ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused …
CVE-2026-44240 high 7.5 7.5 FIX debian debian 24d ago basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
CVE-2026-8430 high 8.1 8.1 FIX debian debian 24d ago SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co…
CVE-2026-8429 high 8.8 8.8 FIX debian debian 24d ago SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi…
CVE-2026-5089 high 7.3 7.3 FIX debian debian 24d ago YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. Whe…
CVE-2026-43513 high 7.5 7.5 FIX slesdebian debian apache 24d ago Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 …
CVE-2026-42498 high 7.3 7.3 FIX slesdebian debian apache 24d ago Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1…
CVE-2026-41284 high 7.5 7.5 FIX slesdebian debian apache 24d ago Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 t…
CVE-2026-8390 high 7.3 7.3 FIX debian debian mozilla 24d ago Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8389 high 7.3 7.3 FIX debian debian mozilla 24d ago JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8162 high 7.5 7.5 FIX debian debian pillarjs 24d ago multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
CVE-2026-8161 high 7.5 7.5 FIX debian debian pillarjs 24d ago multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
CVE-2026-8159 high 7.5 7.5 FIX debian debian pillarjs 24d ago multiparty vulnerable to ReDoS via filename parsing
CVE-2026-4887 high 7.1 7.1 FIX rheldebian debian sles gimp 25d ago Important: gimp security update
CVE-2026-43284 high 8.8 9.8 EXPFIX rhel slesdebian debian awsgoogle 25d ago Important: kernel security update
CVE-2026-4154 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4153 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4152 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4151 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-4150 high 8.0 FIX rheldebian debian sles 25d ago Important: gimp security update
CVE-2026-42046 high 7.8 7.8 FIX debian debian sles 25d ago libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-boun…
CVE-2026-37630 high 7.3 7.3 FIX debian debian 25d ago An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function
CVE-2026-7790 high 7.5 7.5 debian debianwindows windows ninenines 25d ago Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …
CVE-2026-5172 high 7.3 7.3 FIX debian debian sleswindows windows 25d ago A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
CVE-2026-34092 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue…
CVE-2026-34091 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-34090 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2.
CVE-2026-34088 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-34087 high 7.5 7.5 FIX debian debian mediawiki 25d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
CVE-2026-4802 high 8.0 8.0 FIX debian debian rhel sles 25d ago A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links i…
CVE-2026-43500 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 25d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and th…
CVE-2026-1837 unknown FIX iosmacos macos tvos 26d ago visionOS 26.5
CVE-2026-8177 high 7.5 7.5 FIX debian debian sleswindows windows 26d ago XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UT…
CVE-2026-45186 high 7.5 7.5 FIX debian debian sleswindows windows libexpat_project 26d ago RHSA-2026:23230: expat security update (Important)
CVE-2026-7263 high 7.5 7.5 FIX slesdebian debian php 26d ago In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML docu…
CVE-2026-7568 high 7.5 7.5 FIX slesdebian debianwindows windows php 26d ago Important: php:8.2 security update
CVE-2026-7262 high 7.5 7.5 FIX slesdebian debianwindows windows php 26d ago Important: php:8.2 security update
CVE-2026-7258 high 7.5 7.5 FIX slesdebian debianwindows windows php 26d ago Important: php:8.2 security update
CVE-2026-42311 high 7.8 7.8 FIX debian debian python 27d ago Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
CVE-2026-6666 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 28d ago A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVE-2026-6664 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 28d ago An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
CVE-2023-49316 high 8.0 FIX debian debian 28d ago Phpseclib needs guardrails on large binaryfield integers