VYPR

CVEs

11,229 total · page 18 of 225

  • CVE-2026-42032CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.00

    CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system…

  • CVE-2026-42031CriMay 13, 2026
    risk 0.58cvss 9.8epss 0.02

    CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This…

  • CVE-2026-0257CriKEVMay 13, 2026
    risk 0.76cvss 9.1epss 0.87

    Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

  • CVE-2026-45411CriMay 13, 2026
    risk 0.57cvss 9.8epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call…

  • CVE-2026-44009CriMay 13, 2026
    risk 0.57cvss 9.8epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.

  • CVE-2026-44008CriMay 13, 2026
    risk 0.57cvss 9.8epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to…

  • CVE-2026-44007CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs…

  • CVE-2026-44006CriMay 13, 2026
    risk 0.65cvss 10.0epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.

  • CVE-2026-44005CriMay 13, 2026
    risk 0.65cvss 10.0epss 0.01

    vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets…

  • CVE-2026-43999CriMay 13, 2026
    risk 0.64cvss 9.9epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host…

  • CVE-2026-43997CriMay 13, 2026
    risk 0.65cvss 10.0epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain…

  • CVE-2026-42557CriMay 13, 2026
    risk 0.55cvss 9.6epss 0.00

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker…

  • CVE-2026-41225CriMay 13, 2026
    risk 0.59cvss 9.1epss 0.00

    A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not…

  • CVE-2020-37168CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the…

  • CVE-2026-42062CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.02

    ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.

  • CVE-2026-40621CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

  • CVE-2026-41050CriMay 13, 2026
    risk 0.57cvss 9.9epss 0.00

    Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

  • CVE-2026-32661CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to…

  • CVE-2025-11159CriMay 13, 2026
    risk 0.59cvss 9.1epss 0.00

    Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

  • CVE-2026-44547CriMay 12, 2026
    risk 0.55cvss 9.6epss 0.00

    ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every…

  • CVE-2026-42288CriMay 12, 2026
    risk 0.65cvss 10.0epss 0.01

    ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DB_PASSWORD remains fully exploitable This vulnerability is…

  • CVE-2026-41901CriMay 12, 2026
    risk 0.59cvss 9.0epss 0.00

    Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially…

  • CVE-2026-44262CriMay 12, 2026
    risk 0.58cvss 9.4epss 0.06

    Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to…

  • CVE-2026-44258CriMay 12, 2026
    risk 0.60cvss epss 0.00

    efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_paste. An attacker can copy or move files…

  • CVE-2026-44257CriMay 12, 2026
    risk 0.60cvss epss 0.00

    efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and…

  • CVE-2026-43948CriMay 12, 2026
    risk 0.64cvss 9.9epss 0.00

    wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object comparison (!=) that evaluates None != None as False, silently bypassing the…

  • CVE-2026-42854CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.01

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an…

  • CVE-2026-42196CriMay 12, 2026
    risk 0.57cvss epss 0.01

    django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load…

  • CVE-2026-45185CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection.…

  • CVE-2026-44225CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.00

    Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access,…

  • CVE-2026-44221CriMay 12, 2026
    risk 0.52cvss 9.0epss 0.00

    ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: (1) ServerSecurityUser.getDatabaseUser() returned a…

  • CVE-2026-42889CriMay 12, 2026
    risk 0.52cvss 9.1epss 0.00

    Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated…

  • CVE-2026-34660CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web…

  • CVE-2026-34659CriMay 12, 2026
    risk 0.63cvss 9.6epss 0.01

    Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code.…

  • CVE-2026-44343CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.00

    WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2.

  • CVE-2026-44277CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

  • CVE-2026-44196CriMay 12, 2026
    risk 0.52cvss 9.1epss 0.00

    Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely.…

  • CVE-2026-44183CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.00

    Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the…

  • CVE-2026-42898CriMay 12, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

  • CVE-2026-42833CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

  • CVE-2026-42823CriMay 12, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-42300CriMay 12, 2026
    risk 0.53cvss epss 0.00

    DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An…

  • CVE-2026-42048CriMay 12, 2026
    risk 0.55cvss 9.6epss 0.04

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly…

  • CVE-2026-41103CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.05

    Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-41096CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

  • CVE-2026-41089CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.72

    Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

  • CVE-2026-40402CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.00

    Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-40379CriMay 12, 2026
    risk 0.60cvss 9.3epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33117CriMay 12, 2026
    risk 0.52cvss 9.1epss 0.00

    The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted…

  • CVE-2026-31242CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE…