VYPR

CVEs

100,472 total · page 121 of 2,010

  • CVE-2026-26176HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26174HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26173HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26172HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26171HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.02

    Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

  • CVE-2026-26170HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26168HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26167HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26166HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Double free in Windows Shell allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26165HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26163HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26162HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26161HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26160HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26159HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26156HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-26154HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-26153HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26152HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26151HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.01

    Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-26143HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.01

    Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-25184HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-23666HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

  • CVE-2026-23657HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-20930HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-0207HigApr 14, 2026
    risk 0.55cvss epss 0.00

    A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.

  • CVE-2026-34622HigApr 14, 2026
    risk 0.56cvss 8.6epss 0.00

    Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current…

  • CVE-2026-27291HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-27284HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the…

  • CVE-2026-27283HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-27238HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-39815HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests

  • CVE-2026-38532HigApr 14, 2026
    risk 0.53cvss 8.1epss 0.00

    A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request.

  • CVE-2026-38530HigApr 14, 2026
    risk 0.53cvss 8.1epss 0.00

    A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request.

  • CVE-2026-38529HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request.

  • CVE-2026-38528HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.

  • CVE-2026-38527HigApr 14, 2026
    risk 0.55cvss 8.5epss 0.00

    A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

  • CVE-2026-23708HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.00

    A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via…

  • CVE-2026-22828HigApr 14, 2026
    risk 0.53cvss 8.1epss 0.01

    A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation…

  • CVE-2025-61848HigApr 14, 2026
    risk 0.47cvss 7.2epss 0.01

    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0…

  • CVE-2026-4369HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage…

  • CVE-2026-4345HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary…

  • CVE-2026-4344HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…

  • CVE-2025-7389HigApr 14, 2026
    risk 0.53cvss epss 0.00

    A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself.  The delegated authority of the AdminServer could allow its users…

  • CVE-2026-2450HigApr 14, 2026
    risk 0.48cvss epss 0.00

    .NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.

  • CVE-2026-2332HigApr 14, 2026
    risk 0.48cvss 7.4epss 0.01

    In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty…

  • CVE-2026-33892HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do…

  • CVE-2026-31923HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade…

  • CVE-2026-27668HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and…

  • CVE-2026-25654HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the…