VYPR

CVEs

82,359 total · page 34 of 1,648

  • CVE-2026-36608HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose…

  • CVE-2026-36607HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to the login endpoint (code=7). An attacker on the adjacent network can attempt…

  • CVE-2026-36606HigJun 3, 2026
    risk 0.46cvss 7.1epss 0.00

    Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and…

  • CVE-2026-36603HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN…

  • CVE-2026-20230HigKEVJun 3, 2026
    risk 0.70cvss 8.6epss 0.42

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected…

  • CVE-2026-44281HigJun 3, 2026
    risk 0.39cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch.

  • CVE-2026-42321HigJun 3, 2026
    risk 0.48cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

  • CVE-2026-42318HigJun 3, 2026
    risk 0.39cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable…

  • CVE-2026-42317HigJun 3, 2026
    risk 0.39cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a…

  • CVE-2026-37462HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2026-36574HigJun 3, 2026
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.

  • CVE-2026-37460HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2022-49042HigJun 3, 2026
    risk 0.51cvss 7.8epss 0.00

    An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.

  • CVE-2022-49036HigJun 3, 2026
    risk 0.51cvss 7.8epss 0.00

    An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.

  • CVE-2026-35085HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.

  • CVE-2026-35084HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.

  • CVE-2026-35083HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.

  • CVE-2026-35082HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

  • CVE-2026-35081HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.

  • CVE-2026-35080HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

  • CVE-2026-35079HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

  • CVE-2026-35078HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

  • CVE-2026-35077HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

  • CVE-2026-35076HigJun 3, 2026
    risk 0.53cvss 8.1epss 0.00

    The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

  • CVE-2025-41259HigJun 3, 2026
    risk 0.40cvss epss 0.00

    SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.

  • CVE-2026-41032HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

  • CVE-2025-15656HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.

  • CVE-2025-15655HigJun 3, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0.

  • CVE-2025-14774HigJun 3, 2026
    risk 0.48cvss 7.4epss 0.00

    Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2025-14773HigJun 3, 2026
    risk 0.52cvss 8.0epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2025-14772HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2026-4035HigJun 3, 2026
    risk 0.43cvss 7.7epss 0.00

    A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because…

  • CVE-2025-15654HigJun 3, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.

  • CVE-2026-50031HigJun 3, 2026
    risk 0.49cvss 7.5epss 0.00

    ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to…

  • CVE-2026-10704HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql…

  • CVE-2026-9516HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar's string pointer past the mark with SvPV_set() and restores it…

  • CVE-2026-9334HigJun 3, 2026
    risk 0.40cvss 7.3epss 0.00

    Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array reference under dupkeys_as_arrayref. The branch reached for a duplicate key tests `SvTYPE…

  • CVE-2026-10694HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public…

  • CVE-2026-44654HigJun 2, 2026
    risk 0.46cvss 8.1epss 0.00

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally…

  • CVE-2026-42504HigJun 2, 2026
    risk 0.42cvss 7.5epss 0.01

    Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

  • CVE-2026-40108HigJun 2, 2026
    risk 0.46cvss epss 0.00

    GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.

  • CVE-2026-35482HigJun 2, 2026
    risk 0.52cvss 8.0epss 0.00

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system…

  • CVE-2026-31942HigJun 2, 2026
    risk 0.39cvss 7.1epss 0.00

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread…

  • CVE-2026-8936HigJun 2, 2026
    risk 0.53cvss epss 0.00

    Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.

  • CVE-2024-14036HigJun 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the…

  • CVE-2022-4992HigJun 2, 2026
    risk 0.56cvss 8.6epss 0.00

    Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause…

  • CVE-2021-4481HigJun 2, 2026
    risk 0.53cvss 8.2epss 0.00

    Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the…

  • CVE-2021-4480HigJun 2, 2026
    risk 0.53cvss 8.2epss 0.00

    Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the…

  • CVE-2026-49443HigJun 2, 2026
    risk 0.50cvss 8.8epss 0.00

    authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions…

  • CVE-2026-49143HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data…