VYPR

CVEs

100,472 total · page 114 of 2,010

  • CVE-2026-35582HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.01

    Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The…

  • CVE-2026-40350HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.00

    Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use them to enumerate all users and create a new administrator account. This happens…

  • CVE-2026-35465HigApr 18, 2026
    risk 0.42cvss 7.5epss 0.00

    SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by…

  • CVE-2026-40581HigApr 18, 2026
    risk 0.46cvss 8.1epss 0.00

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An…

  • CVE-2026-40482HigApr 18, 2026
    risk 0.39cvss epss 0.00

    ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0.

  • CVE-2026-40480HigApr 18, 2026
    risk 0.39cvss epss 0.00

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson()…

  • CVE-2026-40349HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.01

    Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending `isAdmin=true` to `PUT /settings/users/{userId}` for their own user ID. The endpoint is…

  • CVE-2026-40348HigApr 18, 2026
    risk 0.43cvss 7.7epss 0.00

    Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/jellyfin/server-url-verify`. The endpoint accepts a…

  • CVE-2026-40323HigApr 18, 2026
    risk 0.49cvss 7.5epss 0.00

    SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive…

  • CVE-2026-2262HigApr 18, 2026
    risk 0.46cvss 7.5epss 0.02

    The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to the endpoint being registered with `'permission_callback'…

  • CVE-2026-40481HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to…

  • CVE-2026-40476HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields,…

  • CVE-2026-40474HigApr 17, 2026
    risk 0.42cvss 7.6epss 0.00

    wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since…

  • CVE-2026-40352HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.00

    FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has…

  • CVE-2026-40321HigApr 17, 2026
    risk 0.45cvss 8.0epss 0.08

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users.…

  • CVE-2026-40527HigApr 17, 2026
    risk 0.44cvss 7.8epss 0.01

    radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF…

  • CVE-2026-40303HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is…

  • CVE-2026-40286HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' (Cadastrar Sócio) function. By injecting a payload into the 'Member Name' (Nome Sócio) field, the…

  • CVE-2026-40285HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.00

    WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) in…

  • CVE-2026-40196HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.00

    HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface…

  • CVE-2026-35603HigApr 17, 2026
    risk 0.40cvss 7.3epss 0.00

    Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData…

  • CVE-2026-35512HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.01

    xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs.…

  • CVE-2026-40461HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.

  • CVE-2026-40434HigApr 17, 2026
    risk 0.53cvss 8.1epss 0.00

    Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

  • CVE-2026-40066HigApr 17, 2026
    risk 0.57cvss 8.8epss 0.00

    Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.

  • CVE-2026-35682HigApr 17, 2026
    risk 0.57cvss 8.8epss 0.02

    Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access.

  • CVE-2026-35215HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of…

  • CVE-2026-34232HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the…

  • CVE-2026-32650HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

  • CVE-2026-32623HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.01

    xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual…

  • CVE-2026-32324HigApr 17, 2026
    risk 0.50cvss 7.7epss 0.00

    Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.

  • CVE-2026-32107HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.00

    xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and…

  • CVE-2026-32105HigApr 17, 2026
    risk 0.43cvss 7.7epss 0.00

    xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the…

  • CVE-2026-33337HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.01

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer…

  • CVE-2026-28224HigApr 17, 2026
    risk 0.46cvss 8.2epss 0.00

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null…

  • CVE-2026-28212HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.01

    Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null…

  • CVE-2026-27890HigApr 17, 2026
    risk 0.46cvss 8.2epss 0.00

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the…

  • CVE-2026-5718HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.04

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which…

  • CVE-2026-5710HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.01

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile[] POST values as the source of truth for…

  • CVE-2026-40320HigApr 17, 2026
    risk 0.51cvss 7.8epss 0.00

    Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded…

  • CVE-2025-65104HigApr 17, 2026
    risk 0.44cvss 7.9epss 0.00

    Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the…

  • CVE-2026-40518HigApr 17, 2026
    risk 0.39cvss 7.1epss 0.00

    ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to…

  • CVE-2026-40516HigApr 17, 2026
    risk 0.47cvss 8.3epss 0.00

    OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses.…

  • CVE-2026-40515HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root…

  • CVE-2026-3464HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.01

    The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role…

  • CVE-2026-21733HigApr 17, 2026
    risk 0.47cvss 7.3epss 0.00

    Vulnerability in Imagination Technologies Graphics DDK on Linux, Android --  RESERVED

  • CVE-2026-6490HigApr 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The…

  • CVE-2026-40459HigApr 17, 2026
    risk 0.57cvss 8.8epss 0.01

    PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J…

  • CVE-2026-31317HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

  • CVE-2026-6507HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption,…