VYPR

CVEs

11,229 total · page 16 of 225

  • CVE-2026-30118CriMay 19, 2026
    risk 0.57cvss 9.8epss 0.00

    scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs,…

  • CVE-2026-30117CriMay 19, 2026
    risk 0.57cvss 9.8epss 0.01

    scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file.

  • CVE-2026-44159CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.00

    Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021.

  • CVE-2026-2587CriMay 19, 2026
    risk 0.62cvss 9.6epss 0.01

    A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL)…

  • CVE-2026-2586CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.01

    An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application…

  • CVE-2026-45568criMay 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to `urllib.parse.urljoin`, which replaces Alice's configured target host with Bob's host and returns…

  • CVE-2026-8959CriMay 19, 2026
    risk 0.62cvss 9.6epss 0.00

    Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8956CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8953CriMay 19, 2026
    risk 0.62cvss 9.6epss 0.01

    Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8950CriMay 19, 2026
    risk 0.60cvss 9.3epss 0.00

    Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8948CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-47323CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in…

  • CVE-2026-43633CriMay 19, 2026
    risk 0.58cvss 10.0epss 0.01

    HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution. Attackers can inject crafted…

  • CVE-2026-4883CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks…

  • CVE-2026-43493CriMay 19, 2026
    risk 0.57cvss 9.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications.

  • CVE-2026-46725CriMay 19, 2026
    risk 0.60cvss epss 0.02

    The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3…

  • CVE-2026-45434CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.23

    Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-41919CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-31986CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-2611CriMay 19, 2026
    risk 0.55cvss 9.6epss 0.00

    In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a…

  • CVE-2026-4885CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only…

  • CVE-2026-8838CriMay 18, 2026
    risk 0.57cvss 9.8epss 0.01

    Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version…

  • CVE-2026-27130CriMay 18, 2026
    risk 0.57cvss 9.9epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation.…

  • CVE-2026-25244CriMay 18, 2026
    risk 0.57cvss 9.8epss 0.03

    WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution (RCE) in test orchestration. Git permits branch names…

  • CVE-2026-8836CriMay 18, 2026
    risk 0.57cvss 9.8epss 0.01

    A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer…

  • CVE-2026-45230CriMay 18, 2026
    risk 0.52cvss 9.1epss 0.01

    DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation.…

  • CVE-2026-42822CriMay 18, 2026
    risk 0.65cvss 10.0epss 0.00

    Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2023-24215CriMay 18, 2026
    risk 0.59cvss 9.1epss 0.00

    Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.

  • CVE-2026-45829CriMay 18, 2026
    risk 0.65cvss epss 0.12

    A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in…

  • CVE-2026-41948CriMay 18, 2026
    risk 0.54cvss 9.4epss 0.01

    Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant…

  • CVE-2026-41947CriMay 18, 2026
    risk 0.52cvss 9.1epss 0.00

    Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace…

  • CVE-2026-7304CriMay 18, 2026
    risk 0.64cvss 9.8epss 0.01

    SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

  • CVE-2026-7302CriMay 18, 2026
    risk 0.59cvss 9.1epss 0.00

    SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

  • CVE-2026-7301CriMay 18, 2026
    risk 0.64cvss 9.8epss 0.00

    SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.

  • CVE-2026-4320CriMay 18, 2026
    risk 0.60cvss epss 0.00

    Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation…

  • CVE-2026-8721CriMay 17, 2026
    risk 0.64cvss 9.8epss 0.00

    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded. The C code (or OpenSSL internally)…

  • CVE-2026-8507CriMay 17, 2026
    risk 0.57cvss 9.8epss 0.01

    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with…

  • CVE-2018-25335CriMay 17, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name'…

  • CVE-2018-25332CriMay 17, 2026
    risk 0.64cvss 9.8epss 0.01

    GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a…

  • CVE-2018-25320CriMay 17, 2026
    risk 0.64cvss 9.8epss 0.01

    ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with…

  • CVE-2021-47952CriMay 16, 2026
    risk 0.64cvss 9.8epss 0.01

    python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval…

  • CVE-2020-37239CriMay 16, 2026
    risk 0.64cvss 9.8epss 0.00

    libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc…

  • CVE-2020-37228CriMay 16, 2026
    risk 0.64cvss 9.8epss 0.00

    iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform…

  • CVE-2026-44551CriMay 15, 2026
    risk 0.59cvss 9.1epss 0.01

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm…

  • CVE-2026-46364CriMay 15, 2026
    risk 0.57cvss 9.8epss 0.02

    phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the…

  • CVE-2026-45010CriMay 15, 2026
    risk 0.52cvss 9.1epss 0.00

    phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's…

  • CVE-2021-47965CriMay 15, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to…

  • CVE-2026-44774CriMay 15, 2026
    risk 0.57cvss 9.9epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The…

  • CVE-2026-44717CriMay 15, 2026
    risk 0.64cvss 9.8epss 0.00

    MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1.

  • CVE-2026-44699CriMay 15, 2026
    risk 0.52cvss epss 0.00

    LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker…