VYPR

CVEs

1,630 total · page 2 of 33

  • CVE-2025-67038KEVMar 11, 2026
    risk 0.12cvss epss 0.01

    An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS…

  • CVE-2026-20131KEVMar 4, 2026
    risk 0.18cvss epss 0.28

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure…

  • CVE-2026-21385KEVMar 2, 2026
    risk 0.12cvss epss 0.01

    Memory corruption while using alignments for memory allocation.

  • CVE-2026-22719KEVFeb 25, 2026
    risk 0.12cvss epss 0.17

    VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  …

  • CVE-2026-20133MedKEVFeb 25, 2026
    risk 0.54cvss 6.5epss 0.10

    A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could…

  • CVE-2026-20128HigKEVFeb 25, 2026
    risk 0.61cvss 7.5epss 0.05

    A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an…

  • CVE-2026-20127CriKEVFeb 25, 2026
    risk 0.84cvss 10.0epss 0.58

    A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to…

  • CVE-2026-20122MedKEVFeb 25, 2026
    risk 0.47cvss 5.4epss 0.07

    A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected…

  • CVE-2026-22769KEVFeb 17, 2026
    risk 0.14cvss epss 0.13

    Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading…

  • CVE-2026-2441KEVFeb 13, 2026
    risk 0.17cvss epss 0.22

    Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-25108KEVFeb 13, 2026
    risk 0.13cvss epss 0.05

    FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

  • CVE-2026-20700KEVFeb 11, 2026
    risk 0.12cvss epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a…

  • CVE-2026-21525KEVFeb 10, 2026
    risk 0.13cvss epss 0.05

    Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

  • CVE-2026-21514KEVFeb 10, 2026
    risk 0.12cvss epss 0.02

    Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-21510KEVFeb 10, 2026
    risk 0.12cvss epss 0.26

    Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-21513KEVFeb 10, 2026
    risk 0.14cvss epss 0.15

    Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-21533KEVFeb 10, 2026
    risk 0.14cvss epss 0.04

    Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21519KEVFeb 10, 2026
    risk 0.12cvss epss 0.02

    Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-1603KEVFeb 10, 2026
    risk 0.17cvss epss 0.81

    An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

  • CVE-2026-1731KEVFeb 6, 2026
    risk 0.27cvss epss 0.86

    BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating…

  • CVE-2026-21643CriKEVFeb 6, 2026
    risk 0.81cvss 9.8epss 0.94

    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

  • CVE-2025-15556KEVFeb 3, 2026
    risk 0.12cvss epss 0.01

    Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the…

  • CVE-2026-1340CriKEVJan 29, 2026
    risk 0.84cvss 9.8epss 0.84

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  • CVE-2026-1281KEVJan 29, 2026
    risk 0.22cvss epss 0.81

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  • CVE-2025-40551KEVJan 28, 2026
    risk 0.22cvss epss 0.84

    SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

  • CVE-2025-40536KEVJan 28, 2026
    risk 0.21cvss epss 0.82

    SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

  • CVE-2026-24858CriKEVJan 27, 2026
    risk 0.76cvss 9.8epss 0.86

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through…

  • CVE-2026-21509KEVJan 26, 2026
    risk 0.13cvss epss 0.72

    Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-24423KEVJan 23, 2026
    risk 0.25cvss epss 0.88

    SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be…

  • CVE-2026-23760KEVJan 22, 2026
    risk 0.25cvss epss 0.96

    SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system…

  • CVE-2026-20045KEVJan 21, 2026
    risk 0.12cvss epss 0.04

    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex…

  • CVE-2026-24061KEVJan 21, 2026
    risk 0.22cvss epss 0.99

    telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

  • CVE-2026-20963CriKEVJan 13, 2026
    risk 0.76cvss 9.8epss 0.31

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

  • CVE-2026-20805KEVJan 13, 2026
    risk 0.12cvss epss 0.05

    Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

  • CVE-2025-66376KEVJan 5, 2026
    risk 0.13cvss epss 0.12

    Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

  • CVE-2025-52691KEVDec 29, 2025
    risk 0.28cvss epss 0.85

    Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

  • CVE-2025-68645KEVDec 22, 2025
    risk 0.16cvss epss 0.32

    A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the…

  • CVE-2025-68613KEVDec 19, 2025
    risk 0.16cvss epss 0.98

    n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions…

  • CVE-2025-14847KEVDec 19, 2025
    risk 0.20cvss epss 0.83

    Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2…

  • CVE-2025-14733KEVDec 19, 2025
    risk 0.14cvss epss 0.18

    An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway…

  • CVE-2025-40602KEVDec 18, 2025
    risk 0.12cvss epss 0.02

    A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

  • CVE-2025-68461KEVDec 18, 2025
    risk 0.14cvss epss 0.20

    Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

  • CVE-2025-43529HigKEVDec 17, 2025
    risk 0.69cvss 8.8epss 0.08

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to…

  • CVE-2025-20393KEVDec 17, 2025
    risk 0.13cvss epss 0.29

    A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This…

  • CVE-2025-59374KEVDec 17, 2025
    risk 0.14cvss epss 0.01

    "UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended…

  • CVE-2025-37164KEVDec 16, 2025
    risk 0.21cvss epss 0.90

    A remote code execution issue exists in HPE OneView.

  • CVE-2025-43520MedKEVDec 12, 2025
    risk 0.48cvss 5.5epss 0.00

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may…

  • CVE-2025-43510HigKEVDec 12, 2025
    risk 0.63cvss 7.8epss 0.00

    A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application…

  • CVE-2025-14611KEVDec 12, 2025
    risk 0.21cvss epss 0.51

    Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a…

  • CVE-2025-14174KEVDec 12, 2025
    risk 0.12cvss epss 0.22

    Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)