VYPR

CVEs

82,359 total · page 33 of 1,648

  • CVE-2026-49202HigJun 4, 2026
    risk 0.56cvss 8.6epss 0.00

    Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.

  • CVE-2026-49194HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.

  • CVE-2026-49193HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.

  • CVE-2026-49190HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.

  • CVE-2026-49189HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.

  • CVE-2026-49187HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.

  • CVE-2026-41010HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded…

  • CVE-2026-8829HigJun 4, 2026
    risk 0.42cvss 7.5epss 0.00

    HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a…

  • CVE-2026-41860HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling an attacker to intercept traffic between…

  • CVE-2026-41859HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director…

  • CVE-2026-41858HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The…

  • CVE-2026-41011HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via…

  • CVE-2026-10737HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and…

  • CVE-2026-10777HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper…

  • CVE-2026-10771HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in…

  • CVE-2026-52793higJun 3, 2026
    risk 0.38cvss epss 0.00

    ## Summary Froxlor's API authentication (`FroxlorRPC::validateAuth`) does not enforce Two-Factor Authentication. When a user (admin or customer) enables 2FA on their account, the web UI correctly requires a TOTP code after password verification. However, the API accepts…

  • CVE-2026-44023higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided `Content-Disposition` to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF…

  • CVE-2026-44019higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by…

  • CVE-2026-47214higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted `file://` URIs enabling local file system access when `enable_local_fetch=True` - Path resolution allowed traversal outside intended directories via `../` sequences and…

  • CVE-2026-44020higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact The USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the…

  • CVE-2026-44016higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact In versions `>= 2.82.0, < 2.91.0`, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing…

  • CVE-2026-50033HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

  • CVE-2026-44682HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

  • CVE-2026-44609HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

  • CVE-2026-42061HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

  • CVE-2026-44017higJun 3, 2026
    risk 0.38cvss epss 0.00

    ### Impact In versions `< 2.91.0`, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could…

  • CVE-2026-8889HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).

  • CVE-2026-8888HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic…

  • CVE-2026-8881HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.

  • CVE-2026-8879HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all…

  • CVE-2026-8878HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily…

  • CVE-2026-8876HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.

  • CVE-2026-8874HigJun 3, 2026
    risk 0.46cvss 7.1epss 0.00

    Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent…

  • CVE-2026-7888HigJun 3, 2026
    risk 0.55cvss epss 0.00

    Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious…

  • CVE-2026-46273HigJun 3, 2026
    risk 0.49cvss 8.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the…

  • CVE-2026-46271HigJun 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary…

  • CVE-2026-46270HigJun 3, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `power_supply` handle, means that…

  • CVE-2026-46267HigJun 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while its timers and state machine work may still be active. Timer…

  • CVE-2026-46265HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma] is flushing…

  • CVE-2026-46264HigJun 3, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: [ ]…

  • CVE-2026-46263HigJun 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can be indexed out of bounds. eng_id is used directly as an index into stream_enc_regs[], which has…

  • CVE-2026-46260HigJun 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 route is created with RTA_NH_ID, struct fib6_info does not have the trailing struct…

  • CVE-2026-46259HigJun 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() accesses task->real_parent without proper RCU protection, which leads to: cpu 0 …

  • CVE-2026-46253HigJun 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same persistent_ram_zone (e.g., via ramoops_pstore_read -> ramoops_get_next_prz for…

  • CVE-2026-46251HigJun 3, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block group tree to the switch_commits list before calling switch_commit_roots, as we…

  • CVE-2026-46250HigJun 3, 2026
    risk 0.40cvss 7.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, __current_thread_info is defined as global register variable locating in $gp, and is simply assigned with new address during…

  • CVE-2026-46246HigJun 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `extcon` handle, means that the…

  • CVE-2026-40290HigJun 3, 2026
    risk 0.51cvss 7.8epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free (UAF) race condition exists in the shared memory…

  • CVE-2026-36611HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers.

  • CVE-2026-36609HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding (securityEncode function), this allows an attacker to…