VYPR

CVEs

11,223 total · page 10 of 225

  • CVE-2026-47393criMay 29, 2026
    risk 0.52cvss epss 0.00

    ### Summary CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart (`praisonai…

  • CVE-2026-47396criMay 29, 2026
    risk 0.52cvss epss 0.00

    ### Summary PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured. The affected component is the `praisonai.api.agent_invoke` router as mounted by `praisonai.api.call`. The authentication helper…

  • CVE-2026-45700CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination…

  • CVE-2026-45697CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.00

    Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which could lead to serious compromise of the…

  • CVE-2026-45372CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.00

    cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check (is_field_value) is run…

  • CVE-2026-9051CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.01

    There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires…

  • CVE-2026-47744CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.00

    Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any authenticated user could load the page…

  • CVE-2026-44650CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.01

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses…

  • CVE-2026-44649CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik)…

  • CVE-2026-7786CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device…

  • CVE-2026-5386CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.01

    The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.

  • CVE-2026-45668CriMay 29, 2026
    risk 0.53cvss epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via #docName path traversal and XSS by combining a payload note…

  • CVE-2026-45661CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with…

  • CVE-2026-45633CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell…

  • CVE-2026-45632CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the…

  • CVE-2026-45631CriMay 29, 2026
    risk 0.58cvss 10.0epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute…

  • CVE-2026-45630CriMay 29, 2026
    risk 0.59cvss 9.0epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo…

  • CVE-2026-45629CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading…

  • CVE-2026-45628CriMay 29, 2026
    risk 0.55cvss 9.6epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied branch names, repository URLs, and…

  • CVE-2026-45625CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.00

    Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their…

  • CVE-2026-45663CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly…

  • CVE-2026-44962CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.01

    Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system…

  • CVE-2026-4290CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.00

    The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. This is due to the check_permission() callback unconditionally returning true and…

  • CVE-2026-10042CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.01

    manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize…

  • CVE-2026-46376CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP.…

  • CVE-2026-9508CriMay 29, 2026
    risk 0.65cvss epss 0.00

    Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network…

  • CVE-2026-8326CriMay 29, 2026
    risk 0.65cvss epss 0.00

    Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability…

  • CVE-2026-45312CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.00

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can…

  • CVE-2026-45043CriMay 29, 2026
    risk 0.60cvss epss 0.00

    RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user…

  • CVE-2026-10071CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

  • CVE-2026-9559CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.01

    A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import…

  • CVE-2025-41277CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute…

  • CVE-2025-41276CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute…

  • CVE-2025-41275CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute…

  • CVE-2025-41274CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute…

  • CVE-2025-41273CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web…

  • CVE-2025-41272CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute…

  • CVE-2025-41270CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute…

  • CVE-2025-41269CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute…

  • CVE-2025-41268CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.00

    Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.

  • CVE-2026-9558CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.00

    A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute…

  • CVE-2026-49201CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

  • CVE-2026-49200CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

  • CVE-2026-49199CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

  • CVE-2026-49197CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

  • CVE-2026-3655CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.00

    The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the Firebase session to the phone…

  • CVE-2026-8732CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.09

    The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce…

  • CVE-2026-9967CriMay 28, 2026
    risk 0.62cvss 9.6epss 0.00

    Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9918CriMay 28, 2026
    risk 0.62cvss 9.6epss 0.00

    Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9891CriMay 28, 2026
    risk 0.59cvss 9.0epss 0.00

    Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)