VYPR

CVEs

100,082 total · page 103 of 2,002

  • CVE-2026-5943HigApr 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during…

  • CVE-2026-5941HigApr 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.

  • CVE-2026-5940HigApr 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.

  • CVE-2026-27172HigApr 27, 2026
    risk 0.50cvss 8.8epss 0.01

    The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without…

  • CVE-2026-40858HigApr 27, 2026
    risk 0.50cvss 8.8epss 0.01

    The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel…

  • CVE-2026-40022HigApr 27, 2026
    risk 0.46cvss 8.2epss 0.01

    When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and…

  • CVE-2026-7101HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to…

  • CVE-2026-7100HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may…

  • CVE-2026-7099HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely.…

  • CVE-2026-7098HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The…

  • CVE-2026-42379HigApr 27, 2026
    risk 0.50cvss 7.7epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.

  • CVE-2026-40473HigApr 27, 2026
    risk 0.50cvss 8.8epss 0.01

    The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests…

  • CVE-2026-40048HigApr 27, 2026
    risk 0.44cvss 7.8epss 0.00

    The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is…

  • CVE-2026-7097HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely.…

  • CVE-2026-7096HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.04

    A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack…

  • CVE-2026-7094HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the…

  • CVE-2026-7088HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched…

  • CVE-2026-7087HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely.…

  • CVE-2026-7082HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The…

  • CVE-2026-7081HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The…

  • CVE-2026-3868HigApr 27, 2026
    risk 0.57cvss epss 0.00

    An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted…

  • CVE-2026-7106HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.00

    The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked to the personal_options_update…

  • CVE-2026-7080HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The…

  • CVE-2026-7079HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made…

  • CVE-2026-7078HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit…

  • CVE-2026-7077HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly…

  • CVE-2026-3006HigApr 27, 2026
    risk 0.46cvss 7.0epss 0.00

    Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software.

  • CVE-2026-7076HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-7075HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2026-7074HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-7073HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may…

  • CVE-2026-7072HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit…

  • CVE-2026-7070HigApr 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made…

  • CVE-2026-7069HigApr 27, 2026
    risk 0.52cvss 8.0epss 0.01

    A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be…

  • CVE-2026-7068HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available…

  • CVE-2026-7067HigApr 27, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The…

  • CVE-2026-7066HigApr 27, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack…

  • CVE-2026-7065HigApr 27, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to…

  • CVE-2026-33277HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.

  • CVE-2026-7064HigApr 26, 2026
    risk 0.47cvss 7.3epss 0.02

    A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit…

  • CVE-2026-7063HigApr 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is…

  • CVE-2026-7062HigApr 26, 2026
    risk 0.48cvss 7.3epss 0.01

    A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit…

  • CVE-2026-7061HigApr 26, 2026
    risk 0.48cvss 7.3epss 0.01

    A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack…

  • CVE-2026-7060HigApr 26, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus.…

  • CVE-2026-7058HigApr 26, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It…

  • CVE-2026-7057HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit…

  • CVE-2026-7056HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now…

  • CVE-2026-7055HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried…

  • CVE-2026-7054HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be…

  • CVE-2026-7053HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The…