VYPR

CVEs

11,229 total · page 20 of 225

  • CVE-2026-42613CriMay 11, 2026
    risk 0.54cvss 9.4epss 0.01

    Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are…

  • CVE-2026-42608CriMay 11, 2026
    risk 0.52cvss 9.1epss 0.01

    Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST requests), an unauthenticated attacker can traverse the filesystem to create…

  • CVE-2026-42607CriMay 11, 2026
    risk 0.55cvss 9.1epss 0.04

    Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file…

  • CVE-2026-40636CriMay 11, 2026
    risk 0.64cvss 9.8epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for…

  • CVE-2021-47940CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint…

  • CVE-2021-47936CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.01

    OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and…

  • CVE-2021-47933CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to…

  • CVE-2021-47932CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action…

  • CVE-2021-47923CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover…

  • CVE-2026-6104CriMay 10, 2026
    risk 0.52cvss 9.1epss 0.00

    In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same…

  • CVE-2026-7261CriMay 10, 2026
    risk 0.57cvss 9.8epss 0.00

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in…

  • CVE-2026-6722CriMay 10, 2026
    risk 0.57cvss 9.8epss 0.01

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node…

  • CVE-2025-14179CriMay 10, 2026
    risk 0.57cvss 9.8epss 0.00

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via…

  • CVE-2026-42601CriMay 9, 2026
    risk 0.64cvss 9.8epss 0.00

    ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables…

  • CVE-2026-42571CriMay 9, 2026
    risk 0.52cvss epss 0.00

    Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface (WebUI). This attack…

  • CVE-2026-42569CriMay 9, 2026
    risk 0.54cvss 9.4epss 0.01

    phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6.

  • CVE-2026-42258CriMay 9, 2026
    risk 0.57cvss 9.8epss 0.01

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This…

  • CVE-2026-42257CriMay 9, 2026
    risk 0.57cvss 9.8epss 0.00

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived…

  • CVE-2026-42560CriMay 9, 2026
    risk 0.52cvss 9.1epss 0.00

    auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account…

  • CVE-2026-44313CriMay 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP…

  • CVE-2026-42454CriMay 8, 2026
    risk 0.64cvss 9.9epss 0.01

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into…

  • CVE-2026-42354CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious…

  • CVE-2026-42302CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and…

  • CVE-2026-42298CriMay 8, 2026
    risk 0.58cvss 10.0epss 0.01

    Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows any unauthenticated user to execute arbitrary code during the Docker build…

  • CVE-2026-42287CriMay 8, 2026
    risk 0.65cvss epss 0.00

    Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction.…

  • CVE-2026-42193CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a…

  • CVE-2026-44694CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API…

  • CVE-2026-42160CriMay 8, 2026
    risk 0.65cvss epss 0.00

    Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization…

  • CVE-2026-42072CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but…

  • CVE-2026-41889CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a…

  • CVE-2026-38360CriMay 8, 2026
    risk 0.58cvss 9.8epss 0.06

    Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components.

  • CVE-2026-41070CriMay 8, 2026
    risk 0.58cvss 10.0epss 0.00

    openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode (shared library loaded by…

  • CVE-2026-44497CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash…

  • CVE-2026-43465CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpf_xdp_pull_data() or bpf_xdp_adjust_tail(). The referenced…

  • CVE-2026-43414CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When an error happens, this function is called by qla2x00_sp_release(), when…

  • CVE-2026-43407CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() This patch fixes an out-of-bounds access in ceph_handle_auth_reply() that can be triggered by a message of type CEPH_MSG_AUTH_REPLY. In…

  • CVE-2026-43406CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in process_message_header() If the message frame is (maliciously) corrupted in a way that the length of the control segment ends up being less than the size of…

  • CVE-2026-43402CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function pointers during KUnit testing. The crash was traced back to the pidfs rhashtable…

  • CVE-2026-43384CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

  • CVE-2026-43383CriMay 8, 2026
    risk 0.54cvss 9.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

  • CVE-2026-43379CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race…

  • CVE-2026-43378CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window.

  • CVE-2026-43376CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even though it is accessed under RCU read-side critical sections in places like…

  • CVE-2026-41588CriMay 8, 2026
    risk 0.52cvss 9.0epss 0.00

    RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.

  • CVE-2026-41583CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled…

  • CVE-2026-41574CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's…

  • CVE-2026-37431CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.00

    Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

  • CVE-2026-44336CriMay 8, 2026
    risk 0.55cvss 9.6epss 0.01

    PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and…

  • CVE-2026-44335CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.00

    PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.

  • CVE-2026-44128CriMay 8, 2026
    risk 0.60cvss epss 0.01

    SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.