VYPR

CVEs

11,229 total · page 15 of 225

  • CVE-2026-6960CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.01

    The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated…

  • CVE-2026-48207CriMay 21, 2026
    risk 0.57cvss 9.8epss 0.01

    Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data…

  • CVE-2026-39531CriMay 21, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0.

  • CVE-2025-71211CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note:…

  • CVE-2025-71210CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via…

  • CVE-2026-5118CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.00

    The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's…

  • CVE-2026-43501CriMay 21, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6_hdr->daddr, recompresses, then pulls the old…

  • CVE-2026-44050CriMay 21, 2026
    risk 0.57cvss 9.9epss 0.00

    A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.

  • CVE-2026-6279CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.02

    The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp_conditional_tags` case in `Fusion_Builder_Conditional_Render_Helper::get_value(…

  • CVE-2026-9152CriMay 21, 2026
    risk 0.65cvss epss 0.00

    A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a…

  • CVE-2026-48172CriKEVMay 21, 2026
    risk 0.76cvss 9.8epss 0.19

    LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash.…

  • CVE-2026-47372CriMay 20, 2026
    risk 0.52cvss 9.1epss 0.00

    Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

  • CVE-2026-8631CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print…

  • CVE-2026-9141CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side…

  • CVE-2026-9139CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the…

  • CVE-2026-9129CriMay 20, 2026
    risk 0.61cvss epss 0.00

    A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path…

  • CVE-2026-9102CriMay 20, 2026
    risk 0.61cvss epss 0.01

    A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape…

  • CVE-2026-9082CriKEVMay 20, 2026
    risk 0.80cvss 9.8epss 0.85

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before…

  • CVE-2026-45444CriMay 20, 2026
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

  • CVE-2026-39405CriMay 20, 2026
    risk 0.54cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in…

  • CVE-2026-33137CriMay 20, 2026
    risk 0.53cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/{wikiName} API executes…

  • CVE-2026-23734CriMay 20, 2026
    risk 0.55cvss epss 0.20

    XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path…

  • CVE-2026-20223CriMay 20, 2026
    risk 0.65cvss 10.0epss 0.01

    A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and…

  • CVE-2026-8598CriMay 20, 2026
    risk 0.59cvss 9.1epss 0.01

    An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

  • CVE-2026-46421criMay 20, 2026
    risk 0.52cvss epss 0.00

    ## Impact On April 29, 2026, compromised versions of `@cap-js/sqlite@2.2.2`, `@cap-js/postgres@2.2.2`, and `@cap-js/db-service@2.10.1` were published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all…

  • CVE-2026-8467CriMay 20, 2026
    risk 0.55cvss epss 0.01

    Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive'…

  • CVE-2026-22314CriMay 20, 2026
    risk 0.59cvss 9.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49;…

  • CVE-2026-42960CriMay 20, 2026
    risk 0.58cvss 10.0epss 0.00

    NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able…

  • CVE-2026-33278CriMay 20, 2026
    risk 0.57cvss 9.8epss 0.01

    NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary…

  • CVE-2026-9065CriMay 20, 2026
    risk 0.60cvss epss 0.00

    SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The root cause is a flawed escaping bypass in the query…

  • CVE-2026-9059CriMay 20, 2026
    risk 0.60cvss epss 0.00

    NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ('_clean_column()') in the data…

  • CVE-2026-7637CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known…

  • CVE-2026-24207CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

  • CVE-2026-7284CriMay 20, 2026
    risk 0.57cvss 9.8epss 0.00

    The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a…

  • CVE-2026-6555CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files…

  • CVE-2026-8495CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.00

    Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

  • CVE-2026-34234CriMay 19, 2026
    risk 0.65cvss 10.0epss 0.01

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it performs the install.lock check only after including and…

  • CVE-2026-46412criMay 19, 2026
    risk 0.59cvss epss 0.00

    ## Summary Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of `@beproduct/nestjs-auth` (0.1.2 through 0.1.19). The packages contained payloads from the **Mini Shai-Hulud** npm supply-chain worm…

  • CVE-2026-46354criMay 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary `azureidentity.Validate()` verifies that the PKCS#7 signer certificate chains to a trusted Azure CA but never verifies the PKCS#7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. `{"vmId":""}` and the…

  • CVE-2026-46339criMay 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with **zero prerequisites** and **no credentials required**. The…

  • CVE-2026-45695criMay 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary Kopia's HTTP server, when started with `--without-password `, accepts unauthenticated requests to `/api/v1/repo/exists`. The handler forwards an attacker-supplied storage configuration to `blob.NewStorage`. For SFTP backends with `externalSSH: true`, that path…

  • CVE-2026-33642CriMay 19, 2026
    risk 0.57cvss 9.9epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to…

  • CVE-2026-8605CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.00

    In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.

  • CVE-2026-8603CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

  • CVE-2026-8602CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.

  • CVE-2026-36829CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing…

  • CVE-2026-37281CriMay 19, 2026
    risk 0.57cvss 9.8epss 0.02

    An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.

  • CVE-2026-31072CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object function allows for arbitrary class instantiation and state injection by dynamically…

  • CVE-2026-31071CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.01

    API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access…

  • CVE-2026-31070CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.00

    The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body