VYPR

CVEs

345,051 total · page 38 of 6,902

  • CVE-2026-54323Jun 23, 2026
    risk 0.00cvss epss 0.00

    Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic…

  • CVE-2026-54134higJun 23, 2026
    risk 0.45cvss epss

    ### Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload…

  • CVE-2020-9695Jun 23, 2026
    risk 0.00cvss epss 0.00

    Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2026-53925higJun 23, 2026
    risk 0.39cvss epss 0.00

    ### Summary The `secure_popen()` function in `glances/secure.py` interprets `>` (file redirection), `|` (pipe), and `&&` (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained…

  • CVE-2020-9711Jun 23, 2026
    risk 0.00cvss epss 0.00

    Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive…

  • CVE-2020-9713Jun 23, 2026
    risk 0.00cvss epss 0.00

    Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this…

  • CVE-2026-54350criJun 23, 2026
    risk 0.52cvss epss 0.01

    ## Summary `enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:…

  • CVE-2026-55173higJun 23, 2026
    risk 0.38cvss epss

    ### Summary The fix for CVE-2026-33482 (GHSA-pmj8-r2j7-xg6c) is incomplete. That advisory reported that `sanitizeFFmpegCommand()` (`plugin/API/standAlone/functions.php`) failed to strip `$(...)` command substitution, allowing OS command injection at the `execAsync()` `sh -c`…

  • CVE-2026-0864Jun 23, 2026
    risk 0.00cvss epss 0.00

    When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

  • CVE-2026-54318Jun 23, 2026
    risk 0.00cvss epss 0.00

    Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play…

  • CVE-2026-53662Jun 23, 2026
    risk 0.00cvss epss 0.00

    immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single…

  • CVE-2026-52816medJun 23, 2026
    risk 0.19cvss epss 0.01

    ## Summary The Jupyter Notebook (ipynb) sanitizer endpoint at `POST /-/api/sanitize_ipynb` allows arbitrary `data:` URIs without proper restrictions, potentially leading to Cross-Site Scripting (XSS). The endpoint uses `bluemonday.UGCPolicy()` with `p.AllowURLSchemes("data")`…

  • CVE-2026-45049higJun 23, 2026
    risk 0.45cvss epss

    ## Summary **Description** An Information Exposure Through Sent Data (CWE-201) issue in OpenAM's Cross-Domain Single Sign-On (CDSSO) servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition…

  • CVE-2026-45048higJun 23, 2026
    risk 0.45cvss epss

    ## Summary Description An insufficient authorization (CWE-285) and information exposure (CWE-200) issue in OpenAM's session management endpoint allows a low-privileged authenticated user to retrieve active session credentials belonging to other users, including those with…

  • CVE-2026-57062Jun 23, 2026
    risk 0.00cvss epss 0.00

    CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.

  • CVE-2025-71382Jun 23, 2026
    risk 0.00cvss epss 0.00

    MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function…

  • CVE-2026-35163medJun 23, 2026
    risk 0.26cvss epss

    ### Impact OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer. An attacker who successfully…

  • CVE-2026-52815medJun 23, 2026
    risk 0.19cvss epss 0.02

    ## Summary Gogs has an unauthenticated information disclosure vulnerability. The `GET /api/v1/orgs/:orgname/teams` endpoint at `internal/route/api/v1/org_team.go:8` returns all teams for any organization without requiring authentication. The route group at…

  • CVE-2026-52814medJun 23, 2026
    risk 0.19cvss epss 0.01

    The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack. The application accepts inbound TCP connections and passes them to `golang.org/x/crypto/ssh.NewServerConn` inside a new goroutine without enforcing any read/write…

  • CVE-2026-52813criJun 23, 2026
    risk 0.52cvss epss 0.01

    ### Summary Organization names containing path traversal sequences (`../`) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By…

  • CVE-2026-52812higJun 23, 2026
    risk 0.38cvss epss 0.00

    Summary Git LFS storage is content-addressed by OID alone (`/<oid[0]>/<oid[1]>/`) but per-repo authorization lives in the `lfs_object` table keyed `(repo_id, oid)`. `serveUpload` skips re-uploading when the OID file already exists on disk and inserts a new…

  • CVE-2026-52811criJun 23, 2026
    risk 0.52cvss epss 0.00

    Summary `(*Repository).UploadRepoFiles` checks for symlinks only on the **leaf** of the upload target (`osx.IsSymlink(targetPath)`). The siblings `UpdateRepoFile`, `DeleteRepoFile`, and `GetDiffPreview` use `hasSymlinkInPath`, which lstats every component — `UploadRepoFiles`…

  • CVE-2026-52810higJun 23, 2026
    risk 0.38cvss epss 0.00

    ### Summary Git smart HTTP authorizes `POST …/git-receive-pack` using the client-supplied service query string (so `?service=git-upload-pack` is evaluated as read access) while routing still runs git receive-pack, allowing push where only read should be allowed. ### Details …

  • CVE-2026-50221Jun 23, 2026
    risk 0.00cvss epss 0.00

    In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authenticated user with write access can inject…

  • CVE-2026-52809medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary Password-reset tokens are generated using `conf.Auth.ActivateCodeLives` (the account-activation lifetime), not `conf.Auth.ResetPasswordCodeLives`. The token lifetime is baked into the token itself at generation time and is re-extracted from the token at verification…

  • CVE-2026-52808higJun 23, 2026
    risk 0.38cvss epss 0.00

    ## Summary Three API endpoints — `PATCH /api/v1/repos/:owner/:repo/issue-tracker`, `PATCH /api/v1/repos/:owner/:repo/wiki`, and `POST /api/v1/repos/:owner/:repo/mirror-sync` — are gated by `reqRepoWriter()` rather than `reqRepoAdmin()`. The equivalent operations in the web…

  • CVE-2026-52807higJun 23, 2026
    risk 0.38cvss epss 0.00

    ### Summary The fix for GHSA-vgjm-2cpf-4g7c (DOM-based XSS via milestone selection) was only applied to `templates/repo/issue/view_content.tmpl` but not to `templates/repo/issue/new_form.tmpl`. An attacker can store an HTML/JavaScript payload in a milestone name, and when any…

  • CVE-2026-52806criJun 23, 2026
    risk 0.52cvss epss 0.01

    # Gogs: RCE via `git rebase --exec` Argument Injection in PR Merge ## Summary Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially crafted branch name that injects the `--exec` flag into the `git…

  • CVE-2026-52805higJun 23, 2026
    risk 0.38cvss epss 0.00

    # Migration URL validation bypass via HTTP redirect to blocked internal endpoints ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but `git clone…

  • CVE-2026-52804medJun 23, 2026
    risk 0.19cvss epss 0.01

    ## Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the `ChangeCollaborationAccessMode` function. ## Vulnerable Code In `internal/database/repo_collaboration.go`, line 129: ```go func (r…

  • CVE-2026-52802medJun 23, 2026
    risk 0.19cvss epss 0.01

    ### Summary An open redirect vulnerability exists in Gogs where attacker-controlled `redirect_to` parameters can bypass validation, allowing redirection to arbitrary external sites. ### Details All redirects in Gogs that are validated via the `IsSameSite` function are…

  • CVE-2026-57053Jun 23, 2026
    risk 0.00cvss epss 0.00

    GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

  • CVE-2026-56968Jun 23, 2026
    risk 0.00cvss epss 0.00

    GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

  • CVE-2026-34913Jun 23, 2026
    risk 0.00cvss epss 0.00

    A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in…

  • CVE-2026-34917Jun 23, 2026
    risk 0.00cvss epss 0.00

    Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session…

  • CVE-2026-44956Jun 23, 2026
    risk 0.00cvss epss 0.00

    Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would…

  • CVE-2026-34916Jun 23, 2026
    risk 0.00cvss epss 0.01

    A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during…

  • CVE-2026-34914Jun 23, 2026
    risk 0.00cvss epss 0.00

    A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters…

  • CVE-2026-44958Jun 23, 2026
    risk 0.00cvss epss 0.00

    An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit…

  • CVE-2026-44961Jun 23, 2026
    risk 0.00cvss epss 0.00

    The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.

  • CVE-2026-44960Jun 23, 2026
    risk 0.00cvss epss 0.00

    A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping…

  • CVE-2026-44957Jun 23, 2026
    risk 0.00cvss epss 0.00

    A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only…

  • CVE-2026-34912Jun 23, 2026
    risk 0.00cvss epss 0.00

    A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same…

  • CVE-2026-44959Jun 23, 2026
    risk 0.00cvss epss 0.00

    A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed…

  • CVE-2026-34915Jun 23, 2026
    risk 0.00cvss epss 0.00

    A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all…

  • CVE-2026-56117Jun 23, 2026
    risk 0.00cvss epss 0.00

    dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to…

  • CVE-2025-13162Jun 23, 2026
    risk 0.00cvss epss 0.00

    Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.

  • CVE-2026-56116Jun 23, 2026
    risk 0.00cvss epss 0.00

    dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can…

  • CVE-2026-56115Jun 23, 2026
    risk 0.00cvss epss 0.00

    dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603…

  • CVE-2026-56114Jun 23, 2026
    risk 0.00cvss epss 0.00

    dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603…