VIR Vulnerability Intelligence Relay

Search

Found 37 results in 9ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-10737 high 7.5 7.5 48 min ago The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. Thi…
CVE-2026-10777 high 7.3 7.3 4h ago A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php…
CVE-2026-10771 high 7.3 7.3 5h ago A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the compone…
CVE-2026-50033 high 7.3 7.3 7h ago Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
CVE-2026-44682 high 7.3 7.3 7h ago Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
CVE-2026-44609 high 7.3 7.3 7h ago Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
CVE-2026-42061 high 7.3 7.3 7h ago Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
CVE-2026-40290 high 7.8 7.8 debian debian 10h ago OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior …
CVE-2026-37462 high 7.3 7.3 11h ago An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CVE-2026-36748 critical 9.0 9.0 11h ago RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
CVE-2026-36576 critical 9.8 9.8 11h ago An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2026-20230 high 8.6 8.6 11h ago A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attack…
CVE-2026-5241 high 8.0 8.0 13h ago A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The…
CVE-2022-49042 high 7.8 7.8 13h ago An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u…
CVE-2022-49036 high 7.8 7.8 13h ago An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t…
CVE-2026-35085 high 8.8 8.8 14h ago A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
CVE-2026-35084 high 8.8 8.8 14h ago A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
CVE-2026-35083 high 8.8 8.8 14h ago A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
CVE-2026-35082 high 8.8 8.8 14h ago The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
CVE-2026-35081 high 8.1 8.1 14h ago The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
CVE-2026-35080 high 8.1 8.1 14h ago The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35079 high 8.1 8.1 14h ago The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35078 high 8.1 8.1 14h ago The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35077 high 8.1 8.1 14h ago The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35076 high 8.1 8.1 14h ago The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
CVE-2026-35075 critical 9.8 9.8 14h ago An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
CVE-2026-47065 critical 9.8 9.8 16h ago ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the ma…
CVE-2026-41032 high 7.5 7.5 16h ago It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
CVE-2025-15656 high 8.8 8.8 16h ago Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
CVE-2025-15655 high 7.6 7.6 16h ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a …
CVE-2025-14774 high 7.4 7.4 16h ago Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2025-14773 high 8.0 8.0 16h ago Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2025-14772 high 8.8 8.8 16h ago Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2025-14771 critical 9.9 9.9 16h ago Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
CVE-2026-4035 critical 9.1 9.1 18h ago A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environm…
CVE-2025-15654 high 7.1 7.1 18h ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.
CVE-2026-50031 high 7.5 7.5 debian debian 23h ago ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform m…