VYPR

CVEs

26,910 total · page 26 of 539

  • CVE-2026-41492CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.02

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an…

  • CVE-2026-41415CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer…

  • CVE-2026-41328CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled.…

  • CVE-2026-41327CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled.…

  • CVE-2026-41898CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the…

  • CVE-2026-41681CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the…

  • CVE-2026-41678CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8,…

  • CVE-2026-41677CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can…

  • CVE-2026-41676CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x,…

  • CVE-2026-6911CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user…

  • CVE-2026-39920CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to…

  • CVE-2026-31669CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU to guarantee socket memory stability during RCU read-side critical sections.…

  • CVE-2026-31668CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, shared between seg6_input_core() and seg6_output_core(). These two paths can…

  • CVE-2026-31659CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a…

  • CVE-2026-31657CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim…

  • CVE-2026-31649CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementation unconditionally computes len = nopaged_len - bmax; where nopaged_len = skb_headlen(skb) (linear bytes only) and…

  • CVE-2026-31637CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt()…

  • CVE-2026-31636CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser limit to rxgk_do_verify_authenticator().…

  • CVE-2026-31633CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to rounding up token_len before checking it, thereby allowing the length check to be…

  • CVE-2026-31609CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it again after smbd_post_send() moved it to…

  • CVE-2026-31608CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should not call it again after…

  • CVE-2026-31607CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_submit() unconditionally overwrites urb->number_of_packets from the network PDU.…

  • CVE-2026-31589CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from…

  • CVE-2026-31536CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have requests without IB_SEND_SIGNALED, which will be destroyed in the final request that…

  • CVE-2026-25660CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user…

  • CVE-2026-21515CriApr 24, 2026
    risk 0.64cvss 9.9epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-1952CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

  • CVE-2026-1951CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

  • CVE-2026-1950CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

  • CVE-2026-1949CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

  • CVE-2026-33078CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/config/routes.py. The server_ip parameter, sourced from the URL path, is passed…

  • CVE-2026-33076CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.01

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version…

  • CVE-2026-40630CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism…

  • CVE-2026-40620CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host,…

  • CVE-2026-35503CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page…

  • CVE-2026-27843CriApr 24, 2026
    risk 0.59cvss 9.1epss 0.01

    A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network…

  • CVE-2026-25775CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.00

    A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges,…

  • CVE-2026-41274CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary…

  • CVE-2026-35431CriApr 23, 2026
    risk 0.65cvss 10.0epss 0.01

    Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33819CriApr 23, 2026
    risk 0.65cvss 10.0epss 0.01

    Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

  • CVE-2026-33102CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.00

    Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-32210CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.01

    Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-26210CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without…

  • CVE-2026-24303CriApr 23, 2026
    risk 0.62cvss 9.6epss 0.00

    Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-6942CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.02

    radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject…

  • CVE-2026-41276CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.07

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this…

  • CVE-2026-41268CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.14

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE::…

  • CVE-2026-41265CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python…

  • CVE-2026-41264CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.…

  • CVE-2026-25874CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.16

    LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated…