VYPR

CVEs

345,233 total · page 110 of 6,905

  • CVE-2025-55658MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

  • CVE-2025-55657HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55651MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-52293HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.

  • CVE-2025-52292HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2023-43688HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.

  • CVE-2023-43686MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.

  • CVE-2023-29146HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers…

  • CVE-2026-47241lowJun 9, 2026
    risk 0.00cvss epss 0.00

    ### Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the…

  • CVE-2026-47240Jun 9, 2026
    risk 0.00cvss epss 0.00

    Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing…

  • CVE-2026-50636HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.00

    The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid IN ('...') SQL clause without parameterization or input validation. A remote,…

  • CVE-2026-50635HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.00

    LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default (and documented) configuration, so LSHttpRequest::checkIsAllowedHost()…

  • CVE-2026-50512HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-50511HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-48293HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-44275MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write

  • CVE-2026-41116MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.

  • CVE-2026-34708HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34707HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34706HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34705MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user…

  • CVE-2026-34704MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.…

  • CVE-2026-34703MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.…

  • CVE-2026-34702HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34701HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34700HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-34699HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34698HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34697HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34696HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34695HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34694MedJun 9, 2026
    risk 0.38cvss 5.9epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be…

  • CVE-2026-34693HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or…

  • CVE-2026-34691CriJun 9, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a…

  • CVE-2026-28237MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.

  • CVE-2026-0466MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.

  • CVE-2025-54509MedJun 9, 2026
    risk 0.26cvss epss 0.00

    Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

  • CVE-2026-9213MedJun 9, 2026
    risk 0.45cvss epss 0.00

    A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.

  • CVE-2026-9212MedJun 9, 2026
    risk 0.36cvss epss 0.00

    Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.

  • CVE-2026-9211MedJun 9, 2026
    risk 0.34cvss epss 0.00

    An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.

  • CVE-2026-9210MedJun 9, 2026
    risk 0.32cvss epss 0.00

    Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

  • CVE-2026-9076HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash…

  • CVE-2026-7383HigJun 9, 2026
    risk 0.46cvss 8.1epss 0.00

    Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other…

  • CVE-2026-50508MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-50507MedJun 9, 2026
    risk 0.44cvss 6.8epss 0.05

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-49959HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.01

    Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git…

  • CVE-2026-49958MedJun 9, 2026
    risk 0.26cvss 5.0epss 0.00

    Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path…

  • CVE-2026-49957HigJun 9, 2026
    risk 0.43cvss 7.7epss 0.00

    Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within…

  • CVE-2026-49956MedJun 9, 2026
    risk 0.35cvss 6.5epss 0.00

    Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions…

  • CVE-2026-49955MedJun 9, 2026
    risk 0.27cvss 5.3epss 0.01

    Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST…