VYPR

CVEs

38,011 total · page 19 of 761

  • CVE-2026-9076HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash…

  • CVE-2026-7383HigJun 9, 2026
    risk 0.46cvss 8.1epss 0.00

    Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other…

  • CVE-2026-49959HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.01

    Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git…

  • CVE-2026-49957HigJun 9, 2026
    risk 0.43cvss 7.7epss 0.00

    Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within…

  • CVE-2026-49847HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested…

  • CVE-2026-49842HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's WebSocket frame loop intercepts a #-prefixed speed-test…

  • CVE-2026-49475HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the…

  • CVE-2026-49161HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-49160HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.48

    Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

  • CVE-2026-48583HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-48578HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48576HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.01

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48575HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48574HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

  • CVE-2026-48573HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.01

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48570HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48569HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-48568HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48565HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

  • CVE-2026-48563HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47656HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-47654HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47653HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47652HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-47648HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

  • CVE-2026-47635HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-47634HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47631HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-47298HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.01

    Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-47293HigJun 9, 2026
    risk 0.45cvss 7.0epss 0.00

    Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

  • CVE-2026-47292HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-47289HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47288HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.01

    Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

  • CVE-2026-46492HigJun 9, 2026
    risk 0.40cvss 7.2epss 0.00

    md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including…

  • CVE-2026-45771HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations…

  • CVE-2026-45658HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-45656HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-45654HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-45653HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45649HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-45648HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

  • CVE-2026-45645HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45644HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-45643HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2026-45641HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-45640HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45639HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-45638HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45637HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45636HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.