VYPR

CVEs

26,912 total · page 29 of 539

  • CVE-2026-39918CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.01

    Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the…

  • CVE-2026-24467CriApr 20, 2026
    risk 0.52cvss 9.0epss 0.01

    OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that…

  • CVE-2026-5760CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.01

    SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

  • CVE-2026-33557CriApr 20, 2026
    risk 0.52cvss 9.1epss 0.01

    A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating…

  • CVE-2026-5964CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.00

    EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

  • CVE-2026-5963CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.00

    EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

  • CVE-2026-6644CriApr 20, 2026
    risk 0.59cvss 9.1epss 0.01

    A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient…

  • CVE-2026-6643CriApr 20, 2026
    risk 0.64cvss 9.9epss 0.00

    A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker…

  • CVE-2026-32956CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.01

    SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

  • CVE-2026-41242CriApr 18, 2026
    risk 0.57cvss 9.8epss 0.01

    protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1…

  • CVE-2026-40494CriApr 18, 2026
    risk 0.57cvss 9.8epss 0.00

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check vulnerability. The run-packet…

  • CVE-2026-40493CriApr 18, 2026
    risk 0.57cvss 9.8epss 0.00

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the…

  • CVE-2026-40492CriApr 18, 2026
    risk 0.57cvss 9.8epss 0.00

    SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the byte-swap code uses…

  • CVE-2026-40572CriApr 18, 2026
    risk 0.52cvss 9.0epss 0.00

    NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions,…

  • CVE-2026-40317CriApr 18, 2026
    risk 0.53cvss 9.3epss 0.00

    NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel…

  • CVE-2026-40582CriApr 18, 2026
    risk 0.52cvss epss 0.01

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and…

  • CVE-2026-40484CriApr 18, 2026
    risk 0.52cvss 9.1epss 0.01

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory(), which…

  • CVE-2026-40324CriApr 18, 2026
    risk 0.52cvss 9.1epss 0.01

    Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list…

  • CVE-2026-5720CriApr 17, 2026
    risk 0.52cvss 9.1epss 0.01

    miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read…

  • CVE-2026-40478CriApr 17, 2026
    risk 0.59cvss 9.0epss 0.01

    Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it…

  • CVE-2026-40477CriApr 17, 2026
    risk 0.59cvss 9.0epss 0.01

    Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it…

  • CVE-2026-40351CriApr 17, 2026
    risk 0.57cvss 9.8epss 0.01

    FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password…

  • CVE-2026-40258CriApr 17, 2026
    risk 0.52cvss 9.1epss 0.00

    The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability (Zip Slip) in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP…

  • CVE-2026-29013CriApr 17, 2026
    risk 0.57cvss 9.8epss 0.00

    libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted…

  • CVE-2026-33689CriApr 17, 2026
    risk 0.52cvss 9.1epss 0.00

    xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial…

  • CVE-2026-23500CriApr 17, 2026
    risk 0.52cvss 9.1epss 0.01

    Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed…

  • CVE-2026-40342CriApr 17, 2026
    risk 0.57cvss 9.9epss 0.01

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated…

  • CVE-2026-35546CriApr 17, 2026
    risk 0.64cvss 9.8epss 0.01

    Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

  • CVE-2026-33516CriApr 17, 2026
    risk 0.52cvss 9.1epss 0.00

    xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger…

  • CVE-2026-40525CriApr 17, 2026
    risk 0.52cvss 9.1epss 0.01

    OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed…

  • CVE-2026-6284CriApr 17, 2026
    risk 0.59cvss 9.1epss 0.00

    An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.

  • CVE-2026-37749CriApr 17, 2026
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.

  • CVE-2025-15625CriApr 17, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.

  • CVE-2026-6443CriApr 17, 2026
    risk 0.64cvss 9.8epss 0.01

    All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to…

  • CVE-2026-34018CriApr 17, 2026
    risk 0.57cvss 9.8epss 0.00

    An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.

  • CVE-2026-40322CriApr 16, 2026
    risk 0.52cvss 9.0epss 0.00

    SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid…

  • CVE-2026-33122CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.00

    DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the…

  • CVE-2026-33082CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.00

    DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and…

  • CVE-2026-27820CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.01

    zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously…

  • CVE-2026-5426CriApr 16, 2026
    risk 0.52cvss 9.1epss 0.01

    Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

  • CVE-2026-37347CriApr 16, 2026
    risk 0.59cvss 9.1epss 0.00

    SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.

  • CVE-2026-37345CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.00

    SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.

  • CVE-2026-37340CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.00

    SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php.

  • CVE-2026-37339CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.00

    SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php.

  • CVE-2026-37338CriApr 16, 2026
    risk 0.61cvss 9.4epss 0.00

    SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.

  • CVE-2026-6270CriApr 16, 2026
    risk 0.52cvss 9.1epss 0.01

    @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does…

  • CVE-2026-31843CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.02

    The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication…

  • CVE-2026-3596CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.01

    The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This…

  • CVE-2026-6350CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.01

    MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.

  • CVE-2026-6349CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.02

    The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.