VYPR

CVEs

26,912 total · page 27 of 539

  • CVE-2026-41264CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.…

  • CVE-2026-25874CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.16

    LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated…

  • CVE-2026-6074CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended…

  • CVE-2026-41247CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.02

    elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg (background color) parameter is accepted from user input and passed through image…

  • CVE-2026-6920CriApr 23, 2026
    risk 0.62cvss 9.6epss 0.00

    Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6919CriApr 23, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-31533CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by commit 859054147318 ("net: tls: handle backlogging of crypto requests"), has a…

  • CVE-2026-31181CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31178CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31177CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31175CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-40472CriApr 23, 2026
    risk 0.57cvss 9.9epss 0.00

    In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.

  • CVE-2026-40471CriApr 23, 2026
    risk 0.55cvss 9.6epss 0.00

    hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated…

  • CVE-2026-40470CriApr 23, 2026
    risk 0.64cvss 9.9epss 0.00

    A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP…

  • CVE-2026-39087CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.00

    ntfy before 2.22.0 allows SSRF because of an unanchored regular expression.

  • CVE-2026-23751CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint…

  • CVE-2025-62373CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.01

    Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializer class (now deprecated)…

  • CVE-2025-50229CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.

  • CVE-2026-41460CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can…

  • CVE-2026-39440CriApr 23, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

  • CVE-2026-6887CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

  • CVE-2026-6886CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

  • CVE-2026-6885CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

  • CVE-2026-3960CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.01

    A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL…

  • CVE-2026-41229CriApr 23, 2026
    risk 0.52cvss 9.1epss 0.00

    Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with `change_serversettings` permission adds or updates a…

  • CVE-2026-41228CriApr 23, 2026
    risk 0.57cvss 9.9epss 0.01

    Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against the list of available language files. An authenticated customer can set…

  • CVE-2026-3844CriApr 23, 2026
    risk 0.59cvss 9.8epss 0.37

    The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary…

  • CVE-2026-41679CriApr 23, 2026
    risk 0.58cvss 10.0epss 0.02

    Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with…

  • CVE-2026-41211CriApr 23, 2026
    risk 0.65cvss 10.0epss 0.00

    Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A caller can supply `../` segments or an absolute path to escape the…

  • CVE-2026-41197CriApr 23, 2026
    risk 0.60cvss epss 0.00

    Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig…

  • CVE-2026-41196CriApr 23, 2026
    risk 0.58cvss 10.0epss 0.00

    Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device.…

  • CVE-2026-41179CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.09

    Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs`…

  • CVE-2026-41176CriApr 23, 2026
    risk 0.59cvss 9.8epss 0.35

    Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in…

  • CVE-2026-29198CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.00

    In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.

  • CVE-2026-41167CriApr 22, 2026
    risk 0.52cvss 9.1epss 0.01

    Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via…

  • CVE-2026-33656CriApr 22, 2026
    risk 0.52cvss 9.1epss 0.01

    EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` field on `Attachment` entities.…

  • CVE-2026-33471CriApr 22, 2026
    risk 0.55cvss 9.6epss 0.00

    nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0,…

  • CVE-2026-34415CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.04

    Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined…

  • CVE-2018-25272CriApr 22, 2026
    risk 0.64cvss 9.8epss 0.00

    ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and…

  • CVE-2018-25270CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.01

    ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to…

  • CVE-2026-6356CriApr 22, 2026
    risk 0.62cvss 9.6epss 0.00

    A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

  • CVE-2026-31501CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_psdata() returns a pointer into the CPPI descriptor. In both emac_rx_packet() and emac_rx_packet_zc(), the descriptor is…

  • CVE-2026-31478CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add support for read compound"), response buffer management was changed to use dynamic…

  • CVE-2026-31463CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access after folio_end_read()") partially addressed invalid folio access for folios…

  • CVE-2026-31448CriApr 22, 2026
    risk 0.54cvss 9.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails (in this example, because the…

  • CVE-2026-31444CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequence: 1) opinfo is linked into ci->m_op_list (via opinfo_add) before …

  • CVE-2026-31436CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues…

  • CVE-2026-6235CriApr 22, 2026
    risk 0.64cvss 9.8epss 0.01

    The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This…

  • CVE-2026-4119CriApr 22, 2026
    risk 0.59cvss 9.1epss 0.01

    The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_delete_db_table) without…

  • CVE-2026-41304CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.02

    WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled input (`url` parameter) without proper sanitization. The input is directly concatenated into a…