VYPR

CVEs

30,473 total · page 30 of 610

  • CVE-2026-40504CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.01

    Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in…

  • CVE-2026-40959CriApr 16, 2026
    risk 0.53cvss 9.3epss 0.00

    Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.

  • CVE-2026-32179criApr 16, 2026
    risk 0.52cvss epss 0.00

    ### Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. ### Details Improper Input Validation Integer Underflow (Wrap or Wraparound) when decoding ACK frame. #### Patches - Fix underflow in ACK frame…

  • CVE-2026-4880CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.01

    The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin…

  • CVE-2026-6388CriApr 15, 2026
    risk 0.59cvss 9.1epss 0.00

    A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger…

  • CVE-2026-40173CriApr 15, 2026
    risk 0.54cvss 9.4epss 0.01

    Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full…

  • CVE-2026-6296CriApr 15, 2026
    risk 0.62cvss 9.6epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2025-41118CriApr 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key…

  • CVE-2026-5189CriApr 15, 2026
    risk 0.60cvss epss 0.00

    CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process…

  • CVE-2026-30993CriApr 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.

  • CVE-2026-20186CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.06

    A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin…

  • CVE-2026-20184CriApr 15, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior…

  • CVE-2026-20180CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.06

    A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin…

  • CVE-2026-20147CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.11

    A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This…

  • CVE-2025-15610CriApr 15, 2026
    risk 0.60cvss epss 0.00

    The .NET Remoting framework used by OpenText Fax (RightFax) includes known security vulnerabilities that could be exploited if the service is exposed in environments where the remoting ports are accessible.

  • CVE-2026-5387CriApr 15, 2026
    risk 0.60cvss epss 0.00

    The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters,…

  • CVE-2026-30625CriApr 15, 2026
    risk 0.57cvss 9.8epss 0.01

    Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument…

  • CVE-2026-33808CriApr 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when…

  • CVE-2026-33807CriApr 15, 2026
    risk 0.52cvss 9.1epss 0.00

    @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed…

  • CVE-2025-14813CriApr 15, 2026
    risk 0.53cvss epss 0.00

    : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81…

  • CVE-2026-3461CriApr 15, 2026
    risk 0.64cvss 9.8epss 0.00

    The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address…

  • CVE-2026-39842CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.01

    OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's…

  • CVE-2026-1555CriApr 15, 2026
    risk 0.64cvss 9.8epss 0.01

    The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the…

  • CVE-2026-39399CriApr 14, 2026
    risk 0.55cvss 9.6epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package…

  • CVE-2026-35033CriApr 14, 2026
    risk 0.52cvss 9.1epss 0.00

    Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in…

  • CVE-2026-35031CriApr 14, 2026
    risk 0.57cvss 9.9epss 0.01

    Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field is not validated, allowing path traversal via the file extension and enabling…

  • CVE-2026-34457CriApr 14, 2026
    risk 0.52cvss 9.1epss 0.00

    OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an auth_request-style integration (such as nginx auth_request) and…

  • CVE-2026-39907CriApr 14, 2026
    risk 0.65cvss 10.0epss 0.01

    Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak…

  • CVE-2026-39906CriApr 14, 2026
    risk 0.65cvss 10.0epss 0.01

    Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through…

  • CVE-2026-27304CriApr 14, 2026
    risk 0.60cvss 9.3epss 0.04

    ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

  • CVE-2026-5752CriApr 14, 2026
    risk 0.53cvss 9.3epss 0.00

    Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

  • CVE-2026-34615CriApr 14, 2026
    risk 0.61cvss 9.3epss 0.01

    Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a…

  • CVE-2026-33824CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.56

    Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

  • CVE-2026-27303CriApr 14, 2026
    risk 0.63cvss 9.6epss 0.01

    Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a…

  • CVE-2026-27246CriApr 14, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's…

  • CVE-2026-27245CriApr 14, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's…

  • CVE-2026-27243CriApr 14, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's…

  • CVE-2026-26149CriApr 14, 2026
    risk 0.59cvss 9.0epss 0.01

    Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.

  • CVE-2025-70023CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.00

    An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6.

  • CVE-2026-39813CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.17

    A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via

  • CVE-2026-39808CriApr 14, 2026
    risk 0.66cvss 9.8epss 0.49

    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via

  • CVE-2026-38526CriApr 14, 2026
    risk 0.64cvss 9.9epss 0.01

    An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2025-65135CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.00

    In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

  • CVE-2025-65133CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database…

  • CVE-2025-63939CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.

  • CVE-2025-61260CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.07

    A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex…

  • CVE-2026-31049CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field

  • CVE-2025-8095CriApr 14, 2026
    risk 0.59cvss epss 0.00

    The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications.  OECH1 encodings should be considered exploitable and immediately replaced…

  • CVE-2026-2449CriApr 14, 2026
    risk 0.59cvss epss 0.00

    Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.

  • CVE-2026-31908CriApr 14, 2026
    risk 0.52cvss 9.1epss 0.01

    Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which…