VYPR

CVEs

100,472 total · page 123 of 2,010

  • CVE-2026-30999HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-30998HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

  • CVE-2026-30997HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-1462HigApr 13, 2026
    risk 0.50cvss 8.8epss 0.00

    A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables…

  • CVE-2025-66236HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit…

  • CVE-2026-31426HigApr 13, 2026
    risk 0.39cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() When ec_install_handlers() returns -EPROBE_DEFER on reduced-hardware platforms, it has already started the EC and installed the address space…

  • CVE-2026-31419HigApr 13, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clones it for others. Concurrent slave…

  • CVE-2026-31417HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that `x25_sock.fraglen` does not overflow. The `fraglen` also needs to be resetted when purging `fragment_queue` in `x25_clear_queues()`.

  • CVE-2026-34476HigApr 13, 2026
    risk 0.39cvss 7.1epss 0.00

    Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue.

  • CVE-2026-6204HigApr 13, 2026
    risk 0.40cvss 7.2epss 0.08

    LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the…

  • CVE-2026-35337HigApr 13, 2026
    risk 0.50cvss 8.8epss 0.01

    Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without…

  • CVE-2026-0234HigApr 13, 2026
    risk 0.47cvss epss 0.00

    An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

  • CVE-2026-6168HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The…

  • CVE-2026-6167HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be…

  • CVE-2026-6166HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be…

  • CVE-2026-5936HigApr 13, 2026
    risk 0.55cvss 8.5epss 0.00

    An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata…

  • CVE-2026-40436HigApr 13, 2026
    risk 0.46cvss 7.1epss 0.00

    The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface.…

  • CVE-2026-3830HigApr 13, 2026
    risk 0.56cvss 8.6epss 0.00

    The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

  • CVE-2026-6165HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The…

  • CVE-2026-6164HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2026-6163HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2026-6161HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely.…

  • CVE-2026-6158HigApr 13, 2026
    risk 0.48cvss 7.3epss 0.01

    A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2026-25208HigApr 13, 2026
    risk 0.46cvss 8.1epss 0.00

    Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

  • CVE-2026-25207HigApr 13, 2026
    risk 0.41cvss 7.4epss 0.00

    Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

  • CVE-2026-25205HigApr 13, 2026
    risk 0.41cvss 7.4epss 0.00

    Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash  97e8115ab1110bc502b4b5e4a0c689a71520d335 .

  • CVE-2026-6157HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The…

  • CVE-2026-6153HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit…

  • CVE-2026-34856HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-34853HigApr 13, 2026
    risk 0.50cvss 7.7epss 0.00

    Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-6152HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely.…

  • CVE-2026-6151HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMER_ID results in sql injection. It is possible to launch the attack…

  • CVE-2026-6149HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be…

  • CVE-2026-6148HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection.…

  • CVE-2026-6142HigApr 13, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote…

  • CVE-2026-6137HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2026-6136HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2026-6135HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The…

  • CVE-2026-6134HigApr 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried…

  • CVE-2026-6133HigApr 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is…

  • CVE-2026-6130HigApr 12, 2026
    risk 0.41cvss 7.3epss 0.01

    A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to…

  • CVE-2026-6129HigApr 12, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and…

  • CVE-2026-40393HigApr 12, 2026
    risk 0.53cvss 8.1epss 0.00

    In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

  • CVE-2019-25713HigApr 12, 2026
    risk 0.46cvss 7.1epss 0.00

    MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with…

  • CVE-2019-25710HigApr 12, 2026
    risk 0.46cvss 8.2epss 0.00

    Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database…

  • CVE-2019-25707HigApr 12, 2026
    risk 0.46cvss 7.1epss 0.00

    eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to…

  • CVE-2019-25706HigApr 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and…

  • CVE-2019-25705HigApr 12, 2026
    risk 0.55cvss 8.4epss 0.00

    Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding…

  • CVE-2019-25703HigApr 12, 2026
    risk 0.46cvss 7.1epss 0.00

    ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values…

  • CVE-2019-25701HigApr 12, 2026
    risk 0.55cvss 8.4epss 0.00

    Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger…