VYPR

CVEs

30,473 total · page 33 of 610

  • CVE-2026-34178CriApr 9, 2026
    risk 0.52cvss 9.1epss 0.00

    In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project…

  • CVE-2026-34177CriApr 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project…

  • CVE-2026-5854CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.18

    A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is…

  • CVE-2026-5853CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.14

    A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command…

  • CVE-2026-5852CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.14

    A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried…

  • CVE-2026-5851CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.14

    A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed…

  • CVE-2026-5850CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.16

    A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the…

  • CVE-2026-1830CriApr 9, 2026
    risk 0.67cvss 9.8epss 0.03

    The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible…

  • CVE-2026-3199CriApr 8, 2026
    risk 0.61cvss epss 0.00

    A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

  • CVE-2026-5902CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.00

    Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5874CriApr 8, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-40035CriApr 8, 2026
    risk 0.59cvss 9.1epss 0.01

    Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing…

  • CVE-2026-39892CriApr 8, 2026
    risk 0.57cvss 9.8epss 0.01

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This…

  • CVE-2026-39890CriApr 8, 2026
    risk 0.57cvss 9.8epss 0.01

    PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file…

  • CVE-2026-39888CriApr 8, 2026
    risk 0.64cvss 9.9epss 0.01

    PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist…

  • CVE-2026-39860CriApr 8, 2026
    risk 0.52cvss 9.0epss 0.00

    Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following…

  • CVE-2026-2942CriApr 8, 2026
    risk 0.57cvss 9.8epss 0.01

    The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload…

  • CVE-2025-52221CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.00

    Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.

  • CVE-2026-31017CriApr 8, 2026
    risk 0.59cvss 9.1epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML…

  • CVE-2023-46945CriApr 8, 2026
    risk 0.59cvss 9.1epss 0.00

    QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

  • CVE-2026-33229CriApr 8, 2026
    risk 0.57cvss 9.8epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g.,…

  • CVE-2026-31040CriApr 8, 2026
    risk 0.57cvss 9.8epss 0.01

    A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.

  • CVE-2025-14816CriApr 8, 2026
    risk 0.60cvss epss 0.00

    Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper…

  • CVE-2025-14815CriApr 8, 2026
    risk 0.60cvss epss 0.00

    Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian…

  • CVE-2026-39640CriApr 8, 2026
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.

  • CVE-2026-39620CriApr 8, 2026
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.

  • CVE-2026-39619CriApr 8, 2026
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2.

  • CVE-2026-39617CriApr 8, 2026
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.

  • CVE-2026-33088CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.00

    Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.

  • CVE-2026-25776CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.00

    Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

  • CVE-2026-3535CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.01

    The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook,…

  • CVE-2026-4003CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.01

    The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the…

  • CVE-2026-3296CriApr 8, 2026
    risk 0.57cvss 9.8epss 0.01

    The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize()…

  • CVE-2026-27143CriApr 8, 2026
    risk 0.57cvss 9.8epss 0.01

    Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

  • CVE-2026-1346CriApr 8, 2026
    risk 0.60cvss 9.3epss 0.00

    IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate…

  • CVE-2026-39847CriApr 7, 2026
    risk 0.52cvss 9.1epss 0.01

    Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) is vulnerable to path traversal attacks. An attacker can use ../ sequences (eg…

  • CVE-2026-39846CriApr 7, 2026
    risk 0.52cvss 9.0epss 0.01

    SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped…

  • CVE-2026-34582CriApr 7, 2026
    risk 0.52cvss 9.1epss 0.00

    Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed…

  • CVE-2026-34078CriApr 7, 2026
    risk 0.58cvss 10.0epss 0.02

    Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This…

  • CVE-2026-31789CriApr 7, 2026
    risk 0.57cvss 9.8epss 0.00

    Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined…

  • CVE-2026-39397CriApr 7, 2026
    risk 0.54cvss 9.4epss 0.00

    @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/* CRUD endpoint handlers registered by createPuckPlugin() called Payload's local API with the default overrideAccess: true, bypassing all collection-level…

  • CVE-2026-33439CriApr 7, 2026
    risk 0.58cvss 9.8epss 0.10

    Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution (RCE) via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the…

  • CVE-2026-39382CriApr 7, 2026
    risk 0.53cvss epss 0.00

    dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses…

  • CVE-2025-69515CriApr 7, 2026
    risk 0.59cvss 9.1epss 0.01

    An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

  • CVE-2026-39355CriApr 7, 2026
    risk 0.57cvss 9.9epss 0.00

    Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other…

  • CVE-2026-39351CriApr 7, 2026
    risk 0.52cvss 9.1epss 0.00

    Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit.

  • CVE-2025-71058CriApr 7, 2026
    risk 0.59cvss 9.1epss 0.00

    Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a…

  • CVE-2026-39339CriApr 7, 2026
    risk 0.53cvss 9.1epss 0.01

    ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/Slim/Middleware/AuthMiddleware.php) allows unauthenticated attackers to access all protected API endpoints by including…

  • CVE-2026-39337CriApr 7, 2026
    risk 0.58cvss 10.0epss 0.01

    ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to…

  • CVE-2026-39324CriApr 7, 2026
    risk 0.57cvss 9.8epss 0.00

    Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of…