VYPR

CVEs

345,040 total · page 27 of 6,901

  • CVE-2026-53185impJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: zram: fix use-after-free in zram_bvec_write_partial()

  • CVE-2026-53187modJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc

  • CVE-2026-53196impJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: USB: serial: io_ti: fix heap overflow in get_manuf_info()

  • CVE-2026-53198Jun 25, 2026
    risk 0.00cvss epss 0.00

    kernel: ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL

  • CVE-2026-53212modJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: netfilter: nft_tunnel: fix use-after-free on object destroy

  • CVE-2026-53215Jun 25, 2026
    risk 0.00cvss epss 0.01

    kernel: net: mvpp2: refill RX buffers before XDP or skb use

  • CVE-2026-53219modJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: netfilter: x_tables: avoid leaking percpu counter pointers

  • CVE-2026-53220modJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: netfilter: revalidate bridge ports

  • CVE-2026-53221modJun 25, 2026
    risk 0.29cvss 5.5epss 0.01

    kernel: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()

  • CVE-2026-53225modJun 25, 2026
    risk 0.29cvss 5.5epss 0.01

    kernel: sctp: fix uninit-value in __sctp_rcv_asconf_lookup()

  • CVE-2026-53228modJun 25, 2026
    risk 0.39cvss 7.0epss 0.01

    kernel: ipv6: sit: reload inner IPv6 header after GSO offloads

  • CVE-2026-53229modJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure

  • CVE-2026-53230modJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list

  • CVE-2026-53234Jun 25, 2026
    risk 0.00cvss epss 0.00

    kernel: net: ibm: emac: Fix use-after-free during device removal

  • CVE-2026-53248Jun 25, 2026
    risk 0.00cvss epss 0.00

    kernel: net: airoha: Fix use-after-free in metadata dst teardown

  • CVE-2026-53256modJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()

  • CVE-2026-53257modJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: wifi: cfg80211: enforce HE/EHT cap/oper consistency

  • CVE-2026-53259modJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: ipv6: anycast: insert aca into global hash under idev->lock

  • CVE-2026-53261lowJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: devlink: Release nested relation on devlink free

  • CVE-2026-53264modJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle

  • CVE-2026-53267impJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: netfilter: nft_ct: bail out on template ct in get eval

  • CVE-2026-53270modJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: ipvs: clear the svc scheduler ptr early on edit

  • CVE-2026-53273Jun 25, 2026
    risk 0.00cvss epss 0.00

    kernel: tee: optee: prevent use-after-free when the client exits before the supplicant

  • CVE-2026-53274lowJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS

  • CVE-2026-53275modJun 25, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: ipv6: mcast: Fix use-after-free when processing MLD queries

  • CVE-2026-8663Jun 24, 2026
    risk 0.00cvss epss 0.01

    OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction.

  • CVE-2026-40079Jun 24, 2026
    risk 0.00cvss epss 0.01

    Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged.…

  • CVE-2026-7569Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that…

  • CVE-2026-9787Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9786Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the…

  • CVE-2026-9785Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9784Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9783Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-39951Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.

  • CVE-2026-9782Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9781Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the…

  • CVE-2026-9780Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that…

  • CVE-2026-7570Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the…

  • CVE-2026-39948Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses…

  • CVE-2026-39955Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.

  • CVE-2026-39938Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.

  • CVE-2026-39900Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.

  • CVE-2026-39899Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.

  • CVE-2026-39897Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.

  • CVE-2026-39894Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. The rrdtool_function_update() function checks metric values with is_numeric()…

  • CVE-2026-39893Jun 24, 2026
    risk 0.00cvss epss 0.00

    Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the…

  • CVE-2026-49979Jun 24, 2026
    risk 0.00cvss epss 0.00

    Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This…

  • CVE-2026-55454Jun 24, 2026
    risk 0.00cvss epss 0.00

    Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to…

  • CVE-2026-9779Jun 24, 2026
    risk 0.00cvss epss 0.00

    ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this…

  • CVE-2026-9778Jun 24, 2026
    risk 0.00cvss epss 0.01

    ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw…