VYPR

CVEs

345,217 total · page 106 of 6,905

  • CVE-2026-45160MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's…

  • CVE-2026-46546LowJun 10, 2026
    risk 0.07cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors'…

  • CVE-2026-44634HigJun 10, 2026
    risk 0.50cvss epss 0.00

    SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write…

  • CVE-2026-53675MedJun 10, 2026
    risk 0.21cvss 4.3epss 0.00

    BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary user_id because the…

  • CVE-2026-53674HigJun 10, 2026
    risk 0.39cvss 7.1epss 0.00

    BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters.…

  • CVE-2026-53673HigJun 10, 2026
    risk 0.46cvss 8.1epss 0.00

    BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass another user's identifier to…

  • CVE-2026-47838MedJun 10, 2026
    risk 0.37cvss 6.8epss 0.00

    SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions:…

  • CVE-2026-46545HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing…

  • CVE-2026-46543MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls…

  • CVE-2026-46542MedJun 10, 2026
    risk 0.21cvss 4.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in…

  • CVE-2026-46541HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails…

  • CVE-2026-46540MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails…

  • CVE-2026-46539MedJun 10, 2026
    risk 0.31cvss 5.9epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return true without performing any cryptographic verification when…

  • CVE-2026-46518HigJun 10, 2026
    risk 0.50cvss 7.7epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary…

  • CVE-2026-46517HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.

  • CVE-2026-46491HigJun 10, 2026
    risk 0.49cvss 8.6epss 0.00

    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an…

  • CVE-2026-46432HigJun 10, 2026
    risk 0.44cvss 7.8epss 0.00

    LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_code=True" in multiple HuggingFace model-loading call sites. At time of…

  • CVE-2026-46411MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not…

  • CVE-2026-45782HigJun 10, 2026
    risk 0.51cvss epss 0.00

    Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous…

  • CVE-2026-44716HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is…

  • CVE-2026-44505MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the…

  • CVE-2026-41837MedJun 10, 2026
    risk 0.34cvss 5.3epss 0.00

    Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16;…

  • CVE-2026-41732HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a…

  • CVE-2026-41731HigJun 10, 2026
    risk 0.46cvss 8.1epss 0.00

    JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer…

  • CVE-2026-41730MedJun 10, 2026
    risk 0.34cvss 5.3epss 0.00

    Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through…

  • CVE-2026-41729HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded…

  • CVE-2026-41728HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0…

  • CVE-2026-41727MedJun 10, 2026
    risk 0.42cvss 6.5epss 0.00

    Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to…

  • CVE-2026-41726MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for…

  • CVE-2026-41721MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the…

  • CVE-2026-41719MedJun 10, 2026
    risk 0.42cvss 6.4epss 0.00

    A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5;…

  • CVE-2026-41717HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring…

  • CVE-2026-41716HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14;…

  • CVE-2026-41714MedJun 10, 2026
    risk 0.26cvss 4.0epss 0.00

    Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3;…

  • CVE-2026-41711MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through…

  • CVE-2026-41706MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in…

  • CVE-2026-41701MedJun 10, 2026
    risk 0.29cvss 4.4epss 0.00

    Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

  • CVE-2026-41697MedJun 10, 2026
    risk 0.31cvss 4.8epss 0.00

    Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected…

  • CVE-2026-41696MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring…

  • CVE-2026-41695HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through…

  • CVE-2026-41694LowJun 10, 2026
    risk 0.17cvss 3.7epss 0.00

    Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions:…

  • CVE-2026-41008MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an…

  • CVE-2026-41003HigJun 10, 2026
    risk 0.42cvss 7.6epss 0.00

    An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16;…

  • CVE-2026-40993HigJun 10, 2026
    risk 0.47cvss 7.3epss 0.00

    An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials…

  • CVE-2026-40991MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating…

  • CVE-2026-40988HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security…

  • CVE-2026-12491modJun 10, 2026
    risk 0.24cvss 4.8epss 0.00

    vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

  • CVE-2026-9754MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command

  • CVE-2026-9753HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the…

  • CVE-2026-9752MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that…