VYPR

CVEs

100,472 total · page 113 of 2,010

  • CVE-2026-24504HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.00

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially…

  • CVE-2026-6066HigApr 20, 2026
    risk 0.46cvss 7.1epss 0.00

    ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based…

  • CVE-2026-34428HigApr 20, 2026
    risk 0.43cvss 7.7epss 0.00

    Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authenticated backend users can supply…

  • CVE-2026-34427HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super…

  • CVE-2026-26944HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access…

  • CVE-2026-25058HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without…

  • CVE-2026-23774HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high…

  • CVE-2026-4048HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file…

  • CVE-2026-3519HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command

  • CVE-2026-3518HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.03

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command

  • CVE-2026-3517HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.18

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry'…

  • CVE-2026-6635HigApr 20, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication.…

  • CVE-2026-6632HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation…

  • CVE-2026-6631HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be…

  • CVE-2026-6630HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated…

  • CVE-2026-6629HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched…

  • CVE-2026-6625HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the…

  • CVE-2026-31430HigApr 20, 2026
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the…

  • CVE-2026-6621HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the…

  • CVE-2026-5967HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.00

    ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

  • CVE-2026-39454HigApr 20, 2026
    risk 0.51cvss 7.8epss 0.00

    SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result,…

  • CVE-2026-6615HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is…

  • CVE-2026-5966HigApr 20, 2026
    risk 0.53cvss 8.1epss 0.00

    ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

  • CVE-2026-6606HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is…

  • CVE-2026-6605HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is…

  • CVE-2026-6604HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component Cloud Metadata Endpoint. Such manipulation…

  • CVE-2026-6603HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to…

  • CVE-2026-6602HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack…

  • CVE-2026-32965HigApr 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the…

  • CVE-2026-32955HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.01

    SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

  • CVE-2026-6596HigApr 20, 2026
    risk 0.40cvss 7.3epss 0.00

    A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to…

  • CVE-2026-6595HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id…

  • CVE-2026-6594HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be…

  • CVE-2026-6582HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing…

  • CVE-2026-6581HigApr 19, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible.…

  • CVE-2026-6580HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The…

  • CVE-2026-6577HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The…

  • CVE-2026-6574HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be…

  • CVE-2026-6569HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be…

  • CVE-2026-6568HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack…

  • CVE-2026-6563HigApr 19, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2026-6562HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-6560HigApr 19, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has…

  • CVE-2026-32228HigApr 18, 2026
    risk 0.42cvss 7.5epss 0.00

    UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.

  • CVE-2026-30912HigApr 18, 2026
    risk 0.42cvss 7.5epss 0.00

    In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.

  • CVE-2026-30898HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.01

    An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted…

  • CVE-2026-25917HigApr 18, 2026
    risk 0.40cvss 7.2epss 0.01

    Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to…

  • CVE-2026-6518HigApr 18, 2026
    risk 0.57cvss 8.8epss 0.01

    The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only…

  • CVE-2026-40489HigApr 18, 2026
    risk 0.49cvss epss 0.00

    editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a…

  • CVE-2026-40487HigApr 18, 2026
    risk 0.51cvss 8.9epss 0.00

    Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then…