VYPR

CVEs

30,474 total · page 37 of 610

  • CVE-2026-30286CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30283CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30282CriMar 31, 2026
    risk 0.59cvss 9.0epss 0.00

    An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.

  • CVE-2026-30278CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-34361CriMar 31, 2026
    risk 0.53cvss 9.3epss 0.00

    HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined…

  • CVE-2026-34243CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.02

    wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allowing potential command injection…

  • CVE-2026-34235CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure (SS) data. Insufficient bounds checking…

  • CVE-2026-34221CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.00

    MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The…

  • CVE-2026-34220CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.00

    MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been…

  • CVE-2026-30281CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30276CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-34532CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the…

  • CVE-2026-34162CriMar 31, 2026
    risk 0.58cvss 10.0epss 0.00

    FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP…

  • CVE-2026-33579CriMar 31, 2026
    risk 0.57cvss 9.9epss 0.01

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking…

  • CVE-2026-30314CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept…

  • CVE-2026-30312CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.02

    DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as…

  • CVE-2026-30311CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.02

    Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept…

  • CVE-2026-34156CriMar 31, 2026
    risk 0.63cvss 9.9epss 0.36

    NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist (controlled by…

  • CVE-2026-30310CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a…

  • CVE-2026-32917CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.02

    OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing…

  • CVE-2026-32916CriMar 31, 2026
    risk 0.54cvss 9.4epss 0.00

    OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke…

  • CVE-2025-15618CriMar 31, 2026
    risk 0.59cvss 9.1epss 0.00

    Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic…

  • CVE-2026-4317CriMar 31, 2026
    risk 0.60cvss epss 0.00

    SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request…

  • CVE-2026-34060CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.00

    Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code…

  • CVE-2026-34041CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.01

    act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted…

  • CVE-2026-32714CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.00

    SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (such as issuer and key_id). This…

  • CVE-2026-3300CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.41

    The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code…

  • CVE-2026-30880CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.02

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.

  • CVE-2026-30877CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.02

    baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server…

  • CVE-2026-27697CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.

  • CVE-2026-21861CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.02

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of…

  • CVE-2026-4257CriMar 30, 2026
    risk 0.67cvss 9.8epss 0.41

    The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig `Twig_Loader_String` template engine without…

  • CVE-2026-4789CriMar 30, 2026
    risk 0.57cvss 9.8epss 0.01

    Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

  • CVE-2026-34558CriMar 30, 2026
    risk 0.52cvss 9.1epss 0.00

    CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality…

  • CVE-2026-34557CriMar 30, 2026
    risk 0.52cvss 9.1epss 0.00

    CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management…

  • CVE-2026-31946CriMar 30, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse() method…

  • CVE-2026-30313CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as…

  • CVE-2026-30308CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if…

  • CVE-2026-30306CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges…

  • CVE-2026-33026CriMar 30, 2026
    risk 0.52cvss 9.1epss 0.00

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4.

  • CVE-2026-32275CriMar 30, 2026
    risk 0.52cvss 9.1epss 0.00

    Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0.

  • CVE-2026-30307CriMar 30, 2026
    risk 0.57cvss 9.8epss 0.01

    Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept…

  • CVE-2026-30305CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept…

  • CVE-2026-28505CriMar 30, 2026
    risk 0.58cvss 10.0epss 0.00

    Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed eval() for notification text templates. The sandbox attempts to restrict callable names by inspecting…

  • CVE-2026-34714CriMar 30, 2026
    risk 0.53cvss 9.2epss 0.01

    Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

  • CVE-2026-33032CriMar 30, 2026
    risk 0.58cvss 9.8epss 0.38

    Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired()…

  • CVE-2026-30562CriMar 30, 2026
    risk 0.60cvss 9.3epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject…

  • CVE-2026-2287CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.

  • CVE-2026-2286CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

  • CVE-2026-2275CriMar 30, 2026
    risk 0.62cvss 9.6epss 0.00

    The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.