VYPR

CVEs

82,359 total · page 27 of 1,648

  • CVE-2026-11419HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage…

  • CVE-2026-11401HigJun 5, 2026
    risk 0.45cvss 8.0epss 0.00

    An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted…

  • CVE-2026-11400HigJun 5, 2026
    risk 0.52cvss 8.0epss 0.00

    An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted…

  • CVE-2026-5415HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajax_run_tool() AJAX handler relying solely on a…

  • CVE-2026-5411HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the save_ajax() function of the…

  • CVE-2026-46511HigJun 5, 2026
    risk 0.57cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSettings` endpoint allows an authenticated attacker to perform a complete…

  • CVE-2026-46394HigJun 5, 2026
    risk 0.50cvss epss 0.01

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them…

  • CVE-2026-46393HigJun 5, 2026
    risk 0.46cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a…

  • CVE-2026-46392HigJun 5, 2026
    risk 0.57cvss 8.7epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces…

  • CVE-2026-46391HigJun 5, 2026
    risk 0.57cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker…

  • CVE-2026-50733HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and presentation mode plus HTML export (the bundled…

  • CVE-2026-49493HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes…

  • CVE-2026-49492HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latex_engine code-chunk attribute. On…

  • CVE-2026-45749HigJun 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor…

  • CVE-2026-45745HigJun 5, 2026
    risk 0.52cvss 8.0epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic…

  • CVE-2026-45743HigJun 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by `sessionId`. An authenticated…

  • CVE-2026-45327HigJun 5, 2026
    risk 0.46cvss 8.2epss 0.00

    TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the issue by requiring either HTTP Basic auth or a `?password=` query parameter,…

  • CVE-2026-45291HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260418.124334-32` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in…

  • CVE-2026-45290HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a…

  • CVE-2026-36501HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-11344HigJun 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be…

  • CVE-2026-11342HigJun 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed…

  • CVE-2026-8714HigJun 5, 2026
    risk 0.46cvss epss 0.00

    A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input.  Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful…

  • CVE-2025-5088HigJun 5, 2026
    risk 0.54cvss 8.3epss 0.00

    An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication,…

  • CVE-2026-52878higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator `txVersionChecker.CheckTxVersion` dereferences `tx.RawData.Version` with no nil check. A protobuf…

  • CVE-2026-52880higJun 5, 2026
    risk 0.38cvss epss 0.00

    ### Summary The Klever seednode REST API starts a Gin engine with `Engine.Run(restAPIInterface)`. In Gin v1.9.1, `Engine.Run` calls Go's default `http.ListenAndServe`, which constructs an HTTP server without application-level `ReadHeaderTimeout`, `ReadTimeout`, or…

  • CVE-2026-52879higJun 5, 2026
    risk 0.38cvss epss 0.00

    ### Summary `networkMessenger.directMessageHandler` in `network/p2p/libp2p/netMessenger.go` spawns a fresh goroutine for every incoming direct message before the antiflood layer makes an admission decision. There is no semaphore, throttler, or bound on concurrent in-flight…

  • CVE-2026-47419higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Insecure Direct Object Reference. The agent CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/agents/{agent_id}`) gate access on `require_workspace_member(workspace_id)` only, then resolve `agent_id` through `AgentService.get(agent_id)` which…

  • CVE-2026-47387higJun 5, 2026
    risk 0.45cvss epss 0.00

    ### Summary The shared form-view submit handler in NocoDB writes the form's `redirect_url` to `window.location.href` after a same-host check that does not validate the URL scheme. A user with `editor` role (or above) on any base can plant a `javascript:` URL in the form's…

  • CVE-2026-47383higJun 5, 2026
    risk 0.45cvss epss 0.00

    ### Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. ### Details The comment write paths persisted the raw comment body with no server-side sanitisation; the…

  • CVE-2026-47249higJun 5, 2026
    risk 0.38cvss epss 0.00

    ### Summary A connected peer can send a compressed `RequestDataType_HashArrayType` direct request that is only `442` bytes on the wire but expands into `200000` decoded hash entries inside the resolver path. On `klever-go` `v1.7.17`, this allows remote memory and CPU…

  • CVE-2026-45726higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an…

  • CVE-2026-45720higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Summary `SAML.getSession` (`internal/pkg/auth/interceptor/saml.go`) checks the `Used` flag on a `SAMLAssertion` resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same…

  • CVE-2026-48095HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.01

    7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCuSize shift UB), potentially allowing attackers to cause arbitrary code execution…

  • CVE-2026-11334HigJun 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboard_page/forms/fetch.php. Performing a manipulation of the argument…

  • CVE-2026-50234HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.01

    Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the…

  • CVE-2026-50232HigJun 5, 2026
    risk 0.47cvss 7.2epss 0.00

    Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web…

  • CVE-2026-50231HigJun 5, 2026
    risk 0.47cvss 7.2epss 0.00

    Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query…

  • CVE-2026-11369HigJun 5, 2026
    risk 0.46cvss epss 0.00

    The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference (IDOR) vulnerability…

  • CVE-2026-50264HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the…

  • CVE-2026-50261HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to…

  • CVE-2026-50260HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the…

  • CVE-2026-50259HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a…

  • CVE-2026-50258HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key…

  • CVE-2026-50257HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a…

  • CVE-2026-50256HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but…

  • CVE-2026-8914HigJun 5, 2026
    risk 0.55cvss epss 0.01

    In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the…

  • CVE-2026-21033HigJun 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.

  • CVE-2026-21032HigJun 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.

  • CVE-2026-21031HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.