VYPR

CVEs

11,229 total · page 21 of 225

  • CVE-2026-44126CriMay 8, 2026
    risk 0.60cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

  • CVE-2026-44125CriMay 8, 2026
    risk 0.60cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

  • CVE-2026-43341CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen…

  • CVE-2026-43304CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new…

  • CVE-2026-41512CriMay 8, 2026
    risk 0.64cvss 9.9epss 0.01

    ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.

  • CVE-2026-41509CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit…

  • CVE-2026-41507CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled…

  • CVE-2026-41497CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution…

  • CVE-2026-25199CriMay 8, 2026
    risk 0.59cvss 9.1epss 0.01

    Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting,…

  • CVE-2026-8153CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.02

    OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.

  • CVE-2026-8076CriMay 8, 2026
    risk 0.60cvss epss 0.00

    Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed…

  • CVE-2026-6213CriMay 8, 2026
    risk 0.65cvss epss 0.00

    A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated…

  • CVE-2013-10075CriMay 8, 2026
    risk 0.59cvss 9.1epss 0.00

    Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to…

  • CVE-2025-69691CriMay 8, 2026
    risk 0.64cvss 9.9epss 0.01

    Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.

  • CVE-2025-69690CriMay 8, 2026
    risk 0.59cvss 9.1epss 0.01

    Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are…

  • CVE-2025-69599CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.00

    RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.

  • CVE-2025-67887CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.02

    1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for…

  • CVE-2023-46453CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.01

    Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300…

  • CVE-2024-51092CriMay 8, 2026
    risk 0.66cvss 9.1epss 0.07

    LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().

  • CVE-2026-43944CriMay 8, 2026
    risk 0.55cvss 9.6epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted…

  • CVE-2026-43941CriMay 8, 2026
    risk 0.62cvss 9.6epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who…

  • CVE-2026-42208CriKEVMay 8, 2026
    risk 0.74cvss 9.8epss 0.85

    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate…

  • CVE-2026-41501CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-controlled remote version…

  • CVE-2026-41500CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.02

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-controlled remote releaseInfo.name…

  • CVE-2026-42880CriMay 7, 2026
    risk 0.55cvss 9.6epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to…

  • CVE-2026-8034CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname…

  • CVE-2026-7891CriMay 7, 2026
    risk 0.60cvss epss 0.00

    The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though…

  • CVE-2026-42826CriMay 7, 2026
    risk 0.65cvss 10.0epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-35428CriMay 7, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33844CriMay 7, 2026
    risk 0.59cvss 9.0epss 0.01

    Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

  • CVE-2026-33823CriMay 7, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

  • CVE-2026-33109CriMay 7, 2026
    risk 0.64cvss 9.9epss 0.01

    Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

  • CVE-2026-41902CriMay 7, 2026
    risk 0.59cvss 9.1epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new user's password. The endpoint performs no expiration check — the hash remains…

  • CVE-2026-37709CriMay 7, 2026
    risk 0.57cvss 9.8epss 0.00

    Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component

  • CVE-2026-7415CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.01

    The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without…

  • CVE-2026-7414CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.01

    Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management…

  • CVE-2025-63704CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.

  • CVE-2025-63703CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().

  • CVE-2026-36458CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.

  • CVE-2025-63706CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.02

    NPM package next-npm-version1.0.1 is vulnerable to Command injection.

  • CVE-2026-6795CriMay 7, 2026
    risk 0.62cvss 9.6epss 0.00

    URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

  • CVE-2026-41589CriMay 7, 2026
    risk 0.55cvss 9.6epss 0.00

    Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary…

  • CVE-2026-30496CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including…

  • CVE-2026-8094CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

  • CVE-2026-8091CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

  • CVE-2026-6508CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.

  • CVE-2026-33587CriMay 7, 2026
    risk 0.58cvss 10.0epss 0.00

    Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

  • CVE-2026-41586CriMay 7, 2026
    risk 0.60cvss epss 0.00

    Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on…

  • CVE-2026-42217CriMay 7, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a…

  • CVE-2026-42216CriMay 7, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from…