VYPR

CVEs

11,223 total · page 12 of 225

  • CVE-2026-46115CriMay 28, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovec_phys_mergeable biovec_phys_mergeable() is used by the request merge, DMA mapping, and integrity merge paths to decide if two physically contiguous bvec segments can be…

  • CVE-2026-4408CriMay 28, 2026
    risk 0.52cvss 9.0epss 0.03

    A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is…

  • CVE-2026-32999CriMay 28, 2026
    risk 0.59cvss 9.0epss 0.00

    Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.

  • CVE-2026-32998CriMay 28, 2026
    risk 0.61cvss epss 0.00

    This vulnerability in Veeam Service Provider Console allows for remote code execution.

  • CVE-2026-9739CriMay 27, 2026
    risk 0.54cvss epss 0.00

    Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. However, the hardcoded `Access-Control-Allow-Origin: *` header in the SSE…

  • CVE-2026-46621criMay 27, 2026
    risk 0.59cvss epss 0.00

    ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython (via the JSR-223 ScriptEngine API) without enforcing a secure…

  • CVE-2026-46562criMay 27, 2026
    risk 0.59cvss epss 0.01

    # Remote Code Execution via Mission Database algorithm override ## Summary The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `MdbOverrideApi.updateAlgorithm` is constructed without a `ClassFilter`, allowing a user with the `ChangeMissionDatabase`…

  • CVE-2026-45083CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.00

    The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and…

  • CVE-2026-8364CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache.

  • CVE-2026-8363CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:

  • CVE-2026-8362CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome

  • CVE-2026-45102CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in…

  • CVE-2026-44888CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into pialert.conf without validation. Since pialert.conf is loaded via Python's…

  • CVE-2026-44887CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.01

    Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected…

  • CVE-2026-44590CriMay 27, 2026
    risk 0.54cvss 9.3epss 0.01

    Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pull_request_target trigger. Any GitHub user can execute arbitrary commands on the…

  • CVE-2026-45618criMay 27, 2026
    risk 0.52cvss epss 0.00

    ### Summary It is possible to execute arbitrary code with crafted templates ### Details `1|valueOf` -> `this` when evaluating the filter ```liquid {%assign r=1|valueOf%} {{r|inspect}} ``` ```json {"context":{"scopes":[{"r":"[Circular]"}],"re…

  • CVE-2026-48150CriMay 27, 2026
    risk 0.52cvss 9.0epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and…

  • CVE-2026-46425CriMay 27, 2026
    risk 0.57cvss 9.9epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise feature flag and SCIM config) and doInScimContext (sets the SCIM request context).…

  • CVE-2026-45087CriMay 27, 2026
    risk 0.58cvss 10.0epss 0.01

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key.…

  • CVE-2026-48027CriKEVMay 27, 2026
    risk 0.84cvss 9.8epss 0.02

    Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was…

  • CVE-2026-44330CriMay 27, 2026
    risk 0.65cvss 10.0epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token…

  • CVE-2026-44329CriMay 27, 2026
    risk 0.58cvss 10.0epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization…

  • CVE-2026-44327CriMay 27, 2026
    risk 0.58cvss 10.0epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at…

  • CVE-2026-44326CriMay 27, 2026
    risk 0.54cvss 9.4epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete…

  • CVE-2026-44315CriMay 27, 2026
    risk 0.54cvss 9.4epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management…

  • CVE-2026-49103CriMay 27, 2026
    risk 0.54cvss epss 0.00

    Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

  • CVE-2026-45570CriMay 27, 2026
    risk 0.55cvss 9.6epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A…

  • CVE-2026-8175CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be…

  • CVE-2026-7876CriMay 27, 2026
    risk 0.59cvss 9.1epss 0.00

    IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific…

  • CVE-2026-7524CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.01

    IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

  • CVE-2026-46043CriMay 27, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at least header_size(pkt) bytes long before payload_size() is used. However,…

  • CVE-2026-46039CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might…

  • CVE-2026-45988CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just…

  • CVE-2026-45972CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.

  • CVE-2026-45898CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplify cm_event_handler()") changed the work submission logic to unconditionally call queue_work() with the…

  • CVE-2026-35090CriMay 27, 2026
    risk 0.60cvss epss 0.01

    In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and…

  • CVE-2026-35087CriMay 27, 2026
    risk 0.60cvss epss 0.01

    Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 -…

  • CVE-2026-42761CriMay 27, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce:…

  • CVE-2026-42758CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.

  • CVE-2026-42757CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.

  • CVE-2026-42756CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize…

  • CVE-2026-42755CriMay 27, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.

  • CVE-2026-42748CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.

  • CVE-2026-42747CriMay 27, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 4.0.6.

  • CVE-2026-42740CriMay 27, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through <= 1.0.3.

  • CVE-2026-42731CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.

  • CVE-2026-42727CriMay 27, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce:…

  • CVE-2026-8054CriMay 27, 2026
    risk 0.58cvss epss 0.02

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read,…

  • CVE-2026-49002CriMay 27, 2026
    risk 0.59cvss 9.1epss 0.00

    Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

  • CVE-2025-12686CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.03

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.