VYPR

CVEs

345,233 total · page 107 of 6,905

  • CVE-2026-41711MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through…

  • CVE-2026-41706MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in…

  • CVE-2026-41701MedJun 10, 2026
    risk 0.29cvss 4.4epss 0.00

    Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

  • CVE-2026-41697MedJun 10, 2026
    risk 0.31cvss 4.8epss 0.00

    Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected…

  • CVE-2026-41696MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring…

  • CVE-2026-41695HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through…

  • CVE-2026-41694LowJun 10, 2026
    risk 0.17cvss 3.7epss 0.00

    Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions:…

  • CVE-2026-41008MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an…

  • CVE-2026-41003HigJun 10, 2026
    risk 0.42cvss 7.6epss 0.00

    An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16;…

  • CVE-2026-40993HigJun 10, 2026
    risk 0.47cvss 7.3epss 0.00

    An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials…

  • CVE-2026-40991MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating…

  • CVE-2026-40988HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security…

  • CVE-2026-12491modJun 10, 2026
    risk 0.24cvss 4.8epss 0.00

    vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

  • CVE-2026-9754MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command

  • CVE-2026-9753HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the…

  • CVE-2026-9752MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that…

  • CVE-2026-9751MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.

  • CVE-2026-9750MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal…

  • CVE-2026-9749MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to…

  • CVE-2026-9748MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate…

  • CVE-2026-9747MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.

  • CVE-2026-9746MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.

  • CVE-2026-9743MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context,…

  • CVE-2026-9742HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in…

  • CVE-2026-9741MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as…

  • CVE-2026-9740HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between…

  • CVE-2026-9735MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

  • CVE-2026-46433MedJun 9, 2026
    risk 0.35cvss 6.5epss 0.00

    lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 *…

  • CVE-2026-46374HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application…

  • CVE-2026-46373HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive…

  • CVE-2026-44963CriJun 9, 2026
    risk 0.61cvss epss 0.02

    A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

  • CVE-2026-10238Jun 9, 2026
    risk 0.00cvss epss

    Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

  • CVE-2026-47905MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-47904MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-47903MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does…

  • CVE-2026-47902MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-34713HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition.…

  • CVE-2026-34712HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does…

  • CVE-2026-34711HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue…

  • CVE-2026-34657MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this…

  • CVE-2026-34417MedJun 9, 2026
    risk 0.40cvss 6.1epss 0.00

    OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is…

  • CVE-2026-25860MedJun 9, 2026
    risk 0.40cvss 6.1epss 0.00

    OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM…

  • CVE-2026-48030criJun 9, 2026
    risk 0.52cvss epss 0.00

    ### Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL_COMMANDS whitelist and achieving…

  • CVE-2026-47767Jun 9, 2026
    risk 0.00cvss epss 0.00

    ### Description CVE-2024-50340 (GHSA-x8vp-gf4q-mw5j) addressed an issue where, with `register_argc_argv=On`, a crafted query string let an unauthenticated GET change the kernel environment and debug flag by feeding `--env`/`--no-debug` through `$_SERVER['argv']`. The fix…

  • CVE-2026-48303CriJun 9, 2026
    risk 0.65cvss 10.0epss 0.01

    Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is…

  • CVE-2026-48292HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-48291HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-47961MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue…

  • CVE-2026-47960HigJun 9, 2026
    risk 0.48cvss 7.4epss 0.00

    ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories…

  • CVE-2026-47959HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…