VYPR

CVEs

101,963 total · page 129 of 2,040

  • CVE-2026-5877HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5873HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5872HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5871HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5870HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5868HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5866HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5865HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5863HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5862HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5861HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5860HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5859HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-5858HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-40036HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.01

    Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes,…

  • CVE-2026-40032HigApr 8, 2026
    risk 0.44cvss 7.8epss 0.01

    UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization.…

  • CVE-2026-40031HigApr 8, 2026
    risk 0.44cvss 7.8epss 0.00

    MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An…

  • CVE-2026-40030HigApr 8, 2026
    risk 0.44cvss 7.8epss 0.01

    parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell…

  • CVE-2026-40029HigApr 8, 2026
    risk 0.44cvss 7.8epss 0.01

    parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can…

  • CVE-2026-40027HigApr 8, 2026
    risk 0.40cvss 7.3epss 0.00

    ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerability in the NQ_Vault.py artifact parser that uses attacker-controlled file_name_from values from a database directly as the output filename, allowing arbitrary file writes outside…

  • CVE-2026-40024HigApr 8, 2026
    risk 0.39cvss 7.1epss 0.00

    The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem…

  • CVE-2026-5805HigApr 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has…

  • CVE-2026-5436HigApr 8, 2026
    risk 0.46cvss 8.1epss 0.01

    The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field key) passed to the generate_user_file_dirpath() function, which uses WordPress's…

  • CVE-2026-39891HigApr 8, 2026
    risk 0.50cvss 8.8epss 0.01

    PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping,…

  • CVE-2026-39889HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authentication checks: /a2u/info,…

  • CVE-2026-39885HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom…

  • CVE-2026-39883HigApr 8, 2026
    risk 0.39cvss 7.0epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris…

  • CVE-2026-39429HigApr 8, 2026
    risk 0.46cvss 8.2epss 0.00

    kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can…

  • CVE-2026-5802HigApr 8, 2026
    risk 0.47cvss 7.3epss 0.02

    A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly…

  • CVE-2026-39863HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data…

  • CVE-2026-39862HigApr 8, 2026
    risk 0.50cvss 8.8epss 0.01

    Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an…

  • CVE-2026-39859HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile() and parseFile(), but top-level file loads do not enforce that boundary. A Liquid instance…

  • CVE-2026-39362HigApr 8, 2026
    risk 0.39cvss 7.1epss 0.00

    InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is enabled (opt-in), authenticated users can supply remote_image URLs that are fetched server-side via requests.get() with only Django's URLValidator check. There…

  • CVE-2026-35525HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is…

  • CVE-2026-35478HigApr 8, 2026
    risk 0.47cvss 8.3epss 0.00

    InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the…

  • CVE-2026-35476HigApr 8, 2026
    risk 0.40cvss 7.2epss 0.00

    InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly…

  • CVE-2026-23869HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.02

    A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The…

  • CVE-2026-35455HigApr 8, 2026
    risk 0.40cvss 7.3epss 0.00

    immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious…

  • CVE-2026-35446HigApr 8, 2026
    risk 0.43cvss 7.7epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an…

  • CVE-2026-35401HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This…

  • CVE-2026-35169HigApr 8, 2026
    risk 0.50cvss 8.7epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the help_editor module of LORIS did not properly sanitize some user supplied…

  • CVE-2026-34724HigApr 8, 2026
    risk 0.47cvss 7.2epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence type_enrichment_data…

  • CVE-2026-34723HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This…

  • CVE-2026-34392HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of…

  • CVE-2026-33350HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window…

  • CVE-2026-30818HigApr 8, 2026
    risk 0.52cvss 8.0epss 0.01

    An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may…

  • CVE-2026-30815HigApr 8, 2026
    risk 0.52cvss 8.0epss 0.01

    An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation…

  • CVE-2026-30814HigApr 8, 2026
    risk 0.52cvss 8.0epss 0.00

    A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a…

  • CVE-2026-27806HigApr 8, 2026
    risk 0.44cvss 7.8epss 0.00

    Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command("expect", "-c",…

  • CVE-2025-50673HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.