VYPR

CVEs

11,229 total · page 13 of 225

  • CVE-2026-42740CriMay 27, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through <= 1.0.3.

  • CVE-2026-42731CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.

  • CVE-2026-42727CriMay 27, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce:…

  • CVE-2026-8054CriMay 27, 2026
    risk 0.58cvss epss 0.02

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read,…

  • CVE-2026-49002CriMay 27, 2026
    risk 0.59cvss 9.1epss 0.00

    Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

  • CVE-2025-12686CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.03

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2026-8760CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.01

    The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to `otpl_login_action()` was placed only inside the OTP-generation…

  • CVE-2026-8450CriMay 27, 2026
    risk 0.52cvss 9.1epss 0.01

    HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path…

  • CVE-2026-44632criMay 27, 2026
    risk 0.59cvss epss 0.00

    ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`). The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure…

  • CVE-2026-44985CriMay 26, 2026
    risk 0.55cvss 9.6epss 0.00

    Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using…

  • CVE-2026-44895CriMay 26, 2026
    risk 0.53cvss epss 0.00

    GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: * on every response. The structural defect is that the SSE server stands up a…

  • CVE-2026-44451CriMay 26, 2026
    risk 0.60cvss 9.3epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator…

  • CVE-2026-44450CriMay 26, 2026
    risk 0.64cvss 9.9epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an…

  • CVE-2026-44449CriMay 26, 2026
    risk 0.59cvss 9.1epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script…

  • CVE-2026-44444CriMay 26, 2026
    risk 0.59cvss 9.1epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan (assertSafeBackendBundle). A malicious extension that ships a package.json…

  • CVE-2026-48689CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr,…

  • CVE-2026-3660CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

  • CVE-2026-9170CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.

  • CVE-2026-8633CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.

  • CVE-2026-7251CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the…

  • CVE-2026-47202CriMay 26, 2026
    risk 0.60cvss epss 0.00

    Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.

  • CVE-2026-46624CriMay 26, 2026
    risk 0.57cvss 9.9epss 0.00

    Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute…

  • CVE-2026-44668CriMay 26, 2026
    risk 0.57cvss 9.8epss 0.00

    FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking for a valid session. Four action methods in…

  • CVE-2026-48904CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

  • CVE-2026-48902CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

  • CVE-2026-48899CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    An improper access check allows privilege escalation through the com_users batch task.

  • CVE-2026-48898CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    An improper access check allows privilege escalation through the com_users batch task.

  • CVE-2026-48691CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) +…

  • CVE-2026-45721CriMay 26, 2026
    risk 0.52cvss 9.0epss 0.00

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named…

  • CVE-2026-40383CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    An improper validation of user-supplied input leads to a local file inclusion vulnerability.

  • CVE-2026-35223CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    An improper access check allows unauthorized access to com_config webservice endpoints.

  • CVE-2026-35222CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

  • CVE-2026-35221CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

  • CVE-2026-2264CriMay 26, 2026
    risk 0.60cvss epss 0.00

    A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure…

  • CVE-2026-48687CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.02

    FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by concatenating the $msg parameter…

  • CVE-2026-48686CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from the BGP packet…

  • CVE-2026-4480CriMay 26, 2026
    risk 0.52cvss 9.0epss 0.13

    A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this…

  • CVE-2026-45247CriKEVMay 26, 2026
    risk 0.76cvss 9.8epss 0.28

    Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit…

  • CVE-2026-9543CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be…

  • CVE-2026-7374CriMay 26, 2026
    risk 0.64cvss 9.9epss 0.01

    A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket…

  • CVE-2026-42496CriMay 26, 2026
    risk 0.52cvss 9.1epss 0.00

    Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode…

  • CVE-2026-8376CriMay 26, 2026
    risk 0.57cvss 9.8epss 0.00

    Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified…

  • CVE-2026-42774CriMay 25, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1.

  • CVE-2026-42773CriMay 25, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2.

  • CVE-2026-9478CriMay 25, 2026
    risk 0.64cvss 9.8epss 0.02

    A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The…

  • CVE-2026-9477CriMay 25, 2026
    risk 0.64cvss 9.8epss 0.02

    A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command…

  • CVE-2026-9476CriMay 25, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The…

  • CVE-2026-9475CriMay 25, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation…

  • CVE-2026-9458CriMay 25, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack…

  • CVE-2026-9457CriMay 25, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The…