VYPR

CVEs

100,472 total · page 112 of 2,010

  • CVE-2026-6749HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6747HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6746HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.01

    Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-40520HigApr 21, 2026
    risk 0.40cvss 7.2epss 0.01

    FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token…

  • CVE-2026-41039HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. …

  • CVE-2026-41038HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user…

  • CVE-2026-6553HigApr 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.

  • CVE-2026-41037HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against…

  • CVE-2026-41036HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful…

  • CVE-2026-39467HigApr 21, 2026
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.

  • CVE-2025-13826HigApr 21, 2026
    risk 0.53cvss epss 0.00

    Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the…

  • CVE-2026-31368HigApr 21, 2026
    risk 0.51cvss 7.8epss 0.00

    AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

  • CVE-2026-40497HigApr 21, 2026
    risk 0.46cvss 8.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes ``, ``, ``, `` but does NOT strip `` tags. The mailbox signature field is saved via POST…

  • CVE-2026-40250HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1040` performs `chan->width…

  • CVE-2026-40244HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1722` performs `curc->width…

  • CVE-2026-39973HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding…

  • CVE-2026-39866HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.02

    Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue.

  • CVE-2026-39386HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.00

    Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance (member management, room settings,…

  • CVE-2026-39320HigApr 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service (ReDoS) attack within the WebSocket subscription handling logic. By injecting unescaped regex…

  • CVE-2026-41303HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and…

  • CVE-2026-41302HigApr 21, 2026
    risk 0.42cvss 7.6epss 0.00

    OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch() calls to access internal resources or interact…

  • CVE-2026-41299HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients…

  • CVE-2026-41297HigApr 21, 2026
    risk 0.42cvss 7.6epss 0.00

    OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect…

  • CVE-2026-41296HigApr 21, 2026
    risk 0.46cvss 8.2epss 0.00

    OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read…

  • CVE-2026-41295HigApr 21, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended…

  • CVE-2026-41294HigApr 21, 2026
    risk 0.49cvss 8.6epss 0.00

    OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and…

  • CVE-2026-35587HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.00

    Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used…

  • CVE-2026-35570HigApr 21, 2026
    risk 0.48cvss 8.4epss 0.00

    OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no…

  • CVE-2026-29643HigApr 20, 2026
    risk 0.39cvss 7.1epss 0.00

    XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting…

  • CVE-2026-5928HigApr 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated…

  • CVE-2026-34403HigApr 20, 2026
    risk 0.46cvss 8.1epss 0.00

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking (CSWSH). Combined with the fact that…

  • CVE-2026-33626HigApr 20, 2026
    risk 0.45cvss 7.5epss 0.45

    LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary…

  • CVE-2026-33031HigApr 20, 2026
    risk 0.46cvss 8.1epss 0.00

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that…

  • CVE-2026-29648HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.00

    In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based…

  • CVE-2026-29642HigApr 20, 2026
    risk 0.44cvss 7.8epss 0.00

    A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg…

  • CVE-2026-6249HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and…

  • CVE-2026-5478HigApr 20, 2026
    risk 0.46cvss 8.1epss 0.01

    The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old_files data from public form submissions as legitimate server-side upload state, and…

  • CVE-2026-32135HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for…

  • CVE-2026-29645HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings…

  • CVE-2026-6248HigApr 20, 2026
    risk 0.46cvss 8.1epss 0.01

    The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not validate or restrict the value of file-type custom profile fields, allowing…

  • CVE-2026-39111HigApr 20, 2026
    risk 0.49cvss 7.5epss 0.00

    SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve…

  • CVE-2026-39110HigApr 20, 2026
    risk 0.53cvss 8.2epss 0.00

    SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during…

  • CVE-2026-6662HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to…

  • CVE-2026-41445HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.00

    KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to…

  • CVE-2026-40488HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS…

  • CVE-2026-30266HigApr 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file

  • CVE-2026-26943HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially…

  • CVE-2026-25524HigApr 20, 2026
    risk 0.46cvss 8.1epss 0.01

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`,…

  • CVE-2026-24506HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially…

  • CVE-2026-24505HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.00

    Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.