VYPR

CVEs

345,051 total · page 37 of 6,902

  • CVE-2026-52943impJun 24, 2026
    risk 0.39cvss 7.0epss 0.00

    kernel: net: skbuff: fix missing zerocopy reference in pskb_carve helpers

  • CVE-2026-52944Jun 24, 2026
    risk 0.00cvss epss 0.00

    kernel: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE

  • CVE-2026-53091impJun 24, 2026
    risk 0.38cvss 7.0epss 0.00

    kernel: net: pull headers in qdisc_pkt_len_segs_init()

  • CVE-2026-53100lowJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: wifi: mt76: fix deadlock in remain-on-channel

  • CVE-2026-53125lowJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: md: fix array_state=clear sysfs deadlock

  • CVE-2026-53126lowJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()

  • CVE-2026-53127lowJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: block: fix zones_cond memory leak on zone revalidation error paths

  • CVE-2026-53128Jun 24, 2026
    risk 0.00cvss epss 0.00

    kernel: drbd: Balance RCU calls in drbd_adm_dump_devices()

  • CVE-2026-53129modJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: fs/mbcache: cancel shrink work before destroying the cache

  • CVE-2026-53130Jun 24, 2026
    risk 0.00cvss epss 0.00

    kernel: fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START

  • CVE-2026-7574Jun 23, 2026
    risk 0.00cvss epss 0.00

    Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at…

  • CVE-2026-5818Jun 23, 2026
    risk 0.00cvss epss 0.00

    Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.

  • CVE-2026-6458Jun 23, 2026
    risk 0.00cvss epss 0.00

    Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the…

  • CVE-2026-54329higJun 23, 2026
    risk 0.38cvss epss 0.00

    ### Impact A cross-tenant data injection vulnerability was identified in the Snipe-IT Accessories API when Full Multiple Companies Support (FMCS) is enabled. A low-privileged authenticated user belonging to one company can create an accessory record under another company by…

  • CVE-2026-55542lowJun 23, 2026
    risk 0.00cvss epss 0.00

    ### Impact Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the…

  • CVE-2026-55519lowJun 23, 2026
    risk 0.00cvss epss

    ### Impact A vulnerability was identified in Snipe-IT v8.4.0 (build 21280-g91a95dbc6) that allows any authenticated user with generic asset edit permissions to delete files attached to any asset in the system, regardless of ownership or company assignment. This constitutes an…

  • CVE-2026-55483medJun 23, 2026
    risk 0.19cvss epss

    ### Impact The `store()` method in both the web and API `UsersController` only strips the superuser permission when a non-superuser creates a user. It does not strip the admin permission. This allows any authenticated user with the `users.create` permission to create a new user…

  • CVE-2026-55482medJun 23, 2026
    risk 0.19cvss epss

    ### Impact The `BulkAssetsController::update()` method accepts `company_id` directly from user input without calling `Company::getIdForCurrentUser()`, the standard company-scoping function used by every other controller in the codebase. A non-superadmin user can move assets…

  • CVE-2026-50550medJun 23, 2026
    risk 0.26cvss epss

    ### Impact A user who can edit other users could reset a superadmin's 2FA. ### Patches Patched in 8.5.0

  • CVE-2026-49976medJun 23, 2026
    risk 0.26cvss epss

    ### Impact The CSV user import in update mode bypasses user-edit authorization. A user with only the `import` permission can overwrite any non-admin user's email by uploading a CSV, then trigger a password reset to take over the account. `UserImporter.php` checks the…

  • CVE-2026-49870medJun 23, 2026
    risk 0.26cvss epss

    ### Impact `POST /two-factor` had no rate limiting, lockout, or attempt counter. An attacker with valid credentials can submit unlimited TOTP guesses. The TOTP implementation accepts the current code plus one step on either side (`config/google2fa.php window=1`), so at any…

  • CVE-2026-48496medJun 23, 2026
    risk 0.19cvss epss

    ### Summary An unprivileged process can easily trigger the `processPIDEvents` goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the `openat2` syscall forever and the profiler can no longer work…

  • CVE-2026-12164Jun 23, 2026
    risk 0.00cvss epss 0.00

    Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles…

  • CVE-2026-48492medJun 23, 2026
    risk 0.19cvss epss 0.00

    ### Impact The GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated…

  • CVE-2026-48493Jun 23, 2026
    risk 0.00cvss epss 0.00

    Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser — for example `assets.view`, `assets.create`,…

  • CVE-2026-56785Jun 23, 2026
    risk 0.00cvss epss 0.00

    FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript…

  • CVE-2026-54588Jun 23, 2026
    risk 0.00cvss epss 0.00

    Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any…

  • CVE-2026-12163Jun 23, 2026
    risk 0.00cvss epss 0.00

    Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or…

  • CVE-2026-11972Jun 23, 2026
    risk 0.00cvss epss 0.00

    When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop.

  • CVE-2026-54517medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary In `BeanDeserializer._deserializeUsingPropertyBased`, the active-view (`@JsonView`) filter was applied only to creator properties; the regular property-buffering branch performed no `prop.visibleInView(activeView)` check. A change making…

  • CVE-2026-54516medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary `POJOPropertiesCollector._renameProperties()` allows a property with `@JsonProperty("renamed")` on the getter and `@JsonIgnore` on the setter to be renamed rather than dropped. With `MapperFeature.INFER_PROPERTY_MUTATORS` enabled (default), the private backing field…

  • CVE-2026-54515medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary In `BeanDeserializerBase.createContextual()`, per-property `@JsonIgnoreProperties` exclusions are applied by `_handleByNameInclusion()`, producing a `contextual` deserializer whose `BeanPropertyMap` has the ignored properties removed. The subsequent per-property…

  • CVE-2026-54514medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary `JDKFromStringDeserializer` constructed `InetSocketAddress` with `new InetSocketAddress(host, port)`, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an…

  • CVE-2026-54513higJun 23, 2026
    risk 0.39cvss epss 0.01

    ## Summary `BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray()` allowlists any array type based only on `clazz.isArray()`, without validating the array's component (element) type against the configured allowlist. A PTV built with `allowIfSubTypeIsArray()` plus an…

  • CVE-2026-54512higJun 23, 2026
    risk 0.39cvss epss 0.01

    `jackson-databind`'s `PolymorphicTypeValidator` (PTV) is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters (i.e. the type ID string contains `<`),…

  • CVE-2026-50193medJun 23, 2026
    risk 0.19cvss epss 0.01

    ### Impact Potential Denial-of-Service when attacker sends deeply nested JSON if (and only if) service: 1. Reads deeply nested (1000s of levels) JSON as `JsonNode` (ObjectMapper.readTree()) 2. Writes out same (or modifided) node using `JsonNode.toString()` which can consume…

  • CVE-2026-54518medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary `UnwrappedPropertyHandler.processUnwrappedCreatorProperties()` replays buffered JSON into creator parameters but never consults `prop.visibleInView(activeView)`. The normal property-based creator path gates creator properties on the active view, but this…

  • CVE-2026-41862Jun 23, 2026
    risk 0.00cvss epss 0.00

    Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code execution inside the application…

  • CVE-2026-23513Jun 23, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In…

  • CVE-2026-11819Jun 23, 2026
    risk 0.00cvss epss 0.00

    Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into…

  • CVE-2025-64105Jun 23, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating rel_id when…

  • CVE-2026-54555Jun 23, 2026
    risk 0.00cvss epss 0.00

    rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command…

  • CVE-2026-55863medJun 23, 2026
    risk 0.26cvss epss

    ## Summary The `ActionHandler.post()` method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts (PTZ controls, alarm triggers, etc.). ##…

  • CVE-2026-55249Jun 23, 2026
    risk 0.00cvss epss 0.00

    @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync() template string without shell-safe…

  • CVE-2026-55488higJun 23, 2026
    risk 0.39cvss epss 0.01

    ### Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using…

  • CVE-2026-55448medJun 23, 2026
    risk 0.19cvss epss 0.00

    ### Summary `mise` loads `github.credential_command` from local project config before any trust decision, then executes that value with `sh -c` when resolving a GitHub token. An attacker who can place a `.mise.toml` in a repository can execute arbitrary shell commands when the…

  • CVE-2026-55441higJun 23, 2026
    risk 0.39cvss epss 0.00

    ### Summary mise's trust feature gates config files (`mise.toml`, `.tool-versions`) through `trust_check`, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (`mise-tasks/`, `.mise/tasks/`, …) but no config file, mise…

  • CVE-2026-55736Jun 23, 2026
    risk 0.00cvss epss 0.00

    Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with…

  • CVE-2026-54557medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if…

  • CVE-2026-54320Jun 23, 2026
    risk 0.00cvss epss 0.00

    Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted (and declined) by a user whose email matched the invitation but had not been verified. Daytona authenticates…