VYPR

CVEs

11,229 total · page 17 of 225

  • CVE-2026-42155CriMay 15, 2026
    risk 0.60cvss epss 0.00

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an…

  • CVE-2026-41258CriMay 15, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox…

  • CVE-2026-45772CriMay 15, 2026
    risk 0.57cvss 9.8epss 0.00

    Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package…

  • CVE-2026-2031CriMay 15, 2026
    risk 0.65cvss epss 0.01

    An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted…

  • CVE-2026-7182CriMay 15, 2026
    risk 0.60cvss epss 0.00

    Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in…

  • CVE-2026-41553CriMay 15, 2026
    risk 0.65cvss 10.0epss 0.01

    PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and…

  • CVE-2026-8398CriKEVMay 15, 2026
    risk 0.77cvss 9.8epss 0.01

    A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained…

  • CVE-2026-5229CriMay 15, 2026
    risk 0.57cvss 9.8epss 0.01

    The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't…

  • CVE-2026-0481CriMay 15, 2026
    risk 0.60cvss epss 0.00

    Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability

  • CVE-2026-44666CriMay 14, 2026
    risk 0.53cvss epss 0.00

    HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\t) from its strip list. User input then reaches shell_exec(), where the shell interprets…

  • CVE-2026-44212CriMay 14, 2026
    risk 0.53cvss 9.3epss 0.00

    PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious…

  • CVE-2026-8634CriMay 14, 2026
    risk 0.52cvss 9.1epss 0.01

    Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment.…

  • CVE-2026-8580CriMay 14, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8511CriMay 14, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-26191CriMay 14, 2026
    risk 0.57cvss 9.8epss 0.01

    Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when an uninstall…

  • CVE-2026-45375CriMay 14, 2026
    risk 0.52cvss 9.0epss 0.00

    SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a package's plugin.json (and the equivalent theme.json / template.json / widget.json / icon.json) into the Settings →…

  • CVE-2026-44670CriMay 14, 2026
    risk 0.54cvss epss 0.01

    SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / database) names without any HTML escape, then a render template uses raw strings.ReplaceAll(tpl, "${avName}", nodeAvName) to embed the name in HTML before…

  • CVE-2026-44592CriMay 14, 2026
    risk 0.61cvss 9.4epss 0.00

    Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The…

  • CVE-2026-44588CriMay 14, 2026
    risk 0.54cvss epss 0.01

    SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in…

  • CVE-2026-44523CriMay 14, 2026
    risk 0.58cvss 10.0epss 0.00

    Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability…

  • CVE-2026-41315CriMay 14, 2026
    risk 0.57cvss 9.8epss 0.01

    mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond and /start_task interfaces, it is possible to modify the default built-in…

  • CVE-2026-44542CriMay 14, 2026
    risk 0.52cvss 9.1epss 0.01

    FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As…

  • CVE-2026-41615CriMay 14, 2026
    risk 0.62cvss 9.6epss 0.01

    Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-42555CriMay 14, 2026
    risk 0.52cvss 9.1epss 0.01

    Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language…

  • CVE-2026-20182CriKEVMay 14, 2026
    risk 0.86cvss 10.0epss 0.88

    May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this…

  • CVE-2026-44791criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. ## Patches The issue has been fixed in n8n versions 1.123.43,…

  • CVE-2026-44790criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. ## Patches The issue has been fixed in…

  • CVE-2026-44789criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. ## Patches The issue…

  • CVE-2026-42596CriMay 14, 2026
    risk 0.54cvss 9.4epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such…

  • CVE-2026-42589CriMay 14, 2026
    risk 0.57cvss 9.8epss 0.03

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key…

  • CVE-2026-44484CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.00

    PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

  • CVE-2026-44482CriMay 14, 2026
    risk 0.55cvss 9.6epss 0.00

    soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local…

  • CVE-2026-42457CriMay 14, 2026
    risk 0.52cvss 9.0epss 0.00

    vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of…

  • CVE-2026-2347CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001.

  • CVE-2025-11024CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001.

  • CVE-2026-6512CriMay 14, 2026
    risk 0.59cvss 9.1epss 0.00

    The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to…

  • CVE-2026-6510CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.00

    The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for…

  • CVE-2026-6271CriMay 14, 2026
    risk 0.57cvss 9.8epss 0.01

    The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be…

  • CVE-2026-8181CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.15

    The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when…

  • CVE-2026-8500CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.02

    Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for…

  • CVE-2026-45158CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system.…

  • CVE-2026-44442CriMay 13, 2026
    risk 0.57cvss 9.9epss 0.00

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.

  • CVE-2026-44194CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.06

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input…

  • CVE-2026-44193CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.

  • CVE-2026-45714CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.00

    CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invoices, Documents, and Contact Forms). The application unsafely evaluates…

  • CVE-2026-45053CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP…

  • CVE-2026-44377CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and Documents). The application unsafely evaluates user-supplied input directly…

  • CVE-2025-27851CriMay 13, 2026
    risk 0.60cvss 9.3epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of…

  • CVE-2026-44364CriMay 13, 2026
    risk 0.53cvss epss 0.00

    MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home…

  • CVE-2026-44351CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.00

    fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key…