VYPR

CVEs

11,229 total · page 24 of 225

  • CVE-2026-37531CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.01

    AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot…

  • CVE-2026-42473CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

  • CVE-2026-42472CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

  • CVE-2026-43039CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emac_dispatch_skb_zc() allocates a new skb via napi_alloc_skb() but never copies the packet data from the XDP buffer into it.…

  • CVE-2026-43038CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP error packet where its cb contains an IPv4…

  • CVE-2026-43037CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv6 receive path as struct inet6_skb_parm.…

  • CVE-2026-43011CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and returns 1 (error). This error propagates back through the call chain: …

  • CVE-2026-42484CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.00

    A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When…

  • CVE-2026-42483CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.00

    A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because…

  • CVE-2026-42482CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.00

    A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password…

  • CVE-2026-31718CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP close without SMB2_LOGOFF), session_fd_check() sets fp->conn = NULL to preserve…

  • CVE-2026-31705CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after writing each EA entry. The bounds check on buf_free_len is performed before the…

  • CVE-2026-42779CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at…

  • CVE-2026-42778CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was…

  • CVE-2026-7567CriMay 1, 2026
    risk 0.67cvss 9.8epss 0.09

    The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a…

  • CVE-2026-42996CriMay 1, 2026
    risk 0.58cvss epss 0.00

    JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.

  • CVE-2026-42994CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.00

    Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

  • CVE-2026-7546CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.01

    A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely.…

  • CVE-2026-7538CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated…

  • CVE-2026-39858CriApr 30, 2026
    risk 0.58cvss 10.0epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic…

  • CVE-2026-35051CriApr 30, 2026
    risk 0.58cvss 10.0epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted…

  • CVE-2026-33447CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial…

  • CVE-2026-33446CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a…

  • CVE-2026-36767CriApr 30, 2026
    risk 0.65cvss 10.0epss 0.00

    A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.

  • CVE-2026-36760CriApr 30, 2026
    risk 0.62cvss 9.6epss 0.00

    An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload…

  • CVE-2025-71284CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.06

    Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated…

  • CVE-2022-50993CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.01

    Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and…

  • CVE-2026-4670CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.06

    Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

  • CVE-2025-14543CriApr 30, 2026
    risk 0.59cvss 9.1epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0…

  • CVE-2026-7381CriApr 29, 2026
    risk 0.52cvss 9.1epss 0.00

    Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware…

  • CVE-2018-25318CriApr 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin…

  • CVE-2018-25317CriApr 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns…

  • CVE-2018-25316CriApr 29, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language…

  • CVE-2026-30893CriApr 29, 2026
    risk 0.52cvss 9.0epss 0.00

    Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary…

  • CVE-2026-26015CriApr 29, 2026
    risk 0.64cvss 9.8epss 0.01

    DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote…

  • CVE-2026-5166CriApr 29, 2026
    risk 0.62cvss 9.6epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 0.6.4.

  • CVE-2026-41940CriKEVApr 29, 2026
    risk 0.92cvss 9.8epss 0.98

    cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

  • CVE-2026-38992CriApr 29, 2026
    risk 0.64cvss 9.8epss 0.00

    Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.

  • CVE-2026-36841CriApr 29, 2026
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.

  • CVE-2026-42523CriApr 29, 2026
    risk 0.59cvss 9.0epss 0.00

    Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous…

  • CVE-2026-42249CriApr 29, 2026
    risk 0.57cvss 9.8epss 0.01

    Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers…

  • CVE-2026-42248CriApr 29, 2026
    risk 0.57cvss 9.8epss 0.00

    Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is…

  • CVE-2026-3325CriApr 29, 2026
    risk 0.65cvss epss 0.00

    SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the…

  • CVE-2026-7333CriApr 28, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-41446CriApr 28, 2026
    risk 0.64cvss 9.8epss 0.00

    Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with…

  • CVE-2026-41386CriApr 28, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and…

  • CVE-2026-3893CriApr 28, 2026
    risk 0.61cvss 9.4epss 0.00

    The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.

  • CVE-2026-24178CriApr 28, 2026
    risk 0.57cvss 9.8epss 0.01

    NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data…

  • CVE-2026-41873CriApr 28, 2026
    risk 0.64cvss 9.8epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python…

  • CVE-2025-60889CriApr 28, 2026
    risk 0.64cvss 9.8epss 0.01

    Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.