VYPR

CVEs

26,912 total · page 28 of 539

  • CVE-2026-41064CriApr 22, 2026
    risk 0.53cvss 9.3epss 0.00

    WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validation regex `/^http/` accepts…

  • CVE-2026-40575CriApr 22, 2026
    risk 0.52cvss 9.1epss 0.00

    OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can…

  • CVE-2026-5845CriApr 21, 2026
    risk 0.62cvss 9.6epss 0.00

    An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an…

  • CVE-2026-40946CriApr 21, 2026
    risk 0.53cvss epss 0.00

    Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience (aud) claim validation at the library level. This allows tokens…

  • CVE-2026-40933CriApr 21, 2026
    risk 0.64cvss 9.9epss 0.02

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command…

  • CVE-2026-40911CriApr 21, 2026
    risk 0.58cvss 10.0epss 0.01

    WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side,…

  • CVE-2026-40906CriApr 21, 2026
    risk 0.57cvss 9.9epss 0.00

    Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL…

  • CVE-2026-40892CriApr 21, 2026
    risk 0.57cvss 9.8epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data…

  • CVE-2026-34287CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.00

    Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise…

  • CVE-2026-34286CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.00

    Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise…

  • CVE-2026-34285CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.00

    Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise…

  • CVE-2026-34279CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.00

    Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via…

  • CVE-2026-34275CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2026-33519CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

  • CVE-2026-33518CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

  • CVE-2026-40903CriApr 21, 2026
    risk 0.52cvss 9.1epss 0.00

    goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed…

  • CVE-2026-40887CriApr 21, 2026
    risk 0.60cvss 9.1epss 0.02

    Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a…

  • CVE-2026-40884CriApr 21, 2026
    risk 0.57cvss 9.8epss 0.00

    goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does…

  • CVE-2026-40872CriApr 21, 2026
    risk 0.60cvss epss 0.00

    mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value (logged as the "user" field) without HTML escaping. By submitting an unauthenticated Autodiscover…

  • CVE-2026-40372CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.11

    Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-41193CriApr 21, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a…

  • CVE-2026-5652CriApr 21, 2026
    risk 0.59cvss 9.0epss 0.00

    An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.

  • CVE-2026-40576CriApr 21, 2026
    risk 0.54cvss 9.4epss 0.00

    excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely),…

  • CVE-2026-40569CriApr 21, 2026
    risk 0.52cvss 9.0epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and…

  • CVE-2026-40050CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.01

    CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM…

  • CVE-2026-38835CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.02

    Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2026-21571CriApr 21, 2026
    risk 0.61cvss epss 0.01

    This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.   This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of …

  • CVE-2019-25714CriApr 21, 2026
    risk 0.61cvss epss 0.01

    Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads.…

  • CVE-2026-40498CriApr 21, 2026
    risk 0.57cvss 9.8epss 0.01

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP_KEY,…

  • CVE-2025-41029CriApr 21, 2026
    risk 0.60cvss epss 0.00

    SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'.

  • CVE-2025-15638CriApr 21, 2026
    risk 0.65cvss 10.0epss 0.01

    Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and…

  • CVE-2017-20230CriApr 21, 2026
    risk 0.58cvss 10.0epss 0.01

    Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

  • CVE-2026-6771CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6768CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6760CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6748CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-5965CriApr 21, 2026
    risk 0.65cvss 9.8epss 0.02

    NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

  • CVE-2026-40496CriApr 21, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small…

  • CVE-2026-39861CriApr 21, 2026
    risk 0.65cvss 10.0epss 0.01

    Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed…

  • CVE-2026-41329CriApr 21, 2026
    risk 0.57cvss 9.9epss 0.00

    OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve…

  • CVE-2026-5450CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

  • CVE-2026-33432CriApr 20, 2026
    risk 0.59cvss 9.1epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the…

  • CVE-2026-32613CriApr 20, 2026
    risk 0.64cvss 9.9epss 0.01

    Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike…

  • CVE-2026-32604CriApr 20, 2026
    risk 0.64cvss 9.9epss 0.01

    Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources…

  • CVE-2026-29646CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.00

    In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks…

  • CVE-2026-6257CriApr 20, 2026
    risk 0.52cvss 9.1epss 0.01

    Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this…

  • CVE-2026-32311CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.01

    Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are…

  • CVE-2026-29649CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.00

    NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment…

  • CVE-2026-39109CriApr 20, 2026
    risk 0.61cvss 9.4epss 0.00

    SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve…

  • CVE-2026-30269CriApr 20, 2026
    risk 0.57cvss 9.9epss 0.00

    Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for…