VYPR

CVEs

345,051 total · page 39 of 6,902

  • CVE-2026-56113Jun 23, 2026
    risk 0.00cvss epss 0.00

    dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to…

  • CVE-2026-12958Jun 23, 2026
    risk 0.00cvss epss 0.00

    Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust…

  • CVE-2026-12957Jun 23, 2026
    risk 0.00cvss epss 0.00

    Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be…

  • CVE-2026-13007Jun 23, 2026
    risk 0.00cvss epss 0.00

    Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers.…

  • CVE-2026-56696Jun 23, 2026
    risk 0.00cvss epss 0.00

    OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and…

  • CVE-2026-56695Jun 23, 2026
    risk 0.00cvss epss 0.00

    OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials,…

  • CVE-2026-56694Jun 23, 2026
    risk 0.00cvss epss 0.00

    NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire…

  • CVE-2026-56693Jun 23, 2026
    risk 0.00cvss epss 0.00

    NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent…

  • CVE-2026-56692Jun 23, 2026
    risk 0.00cvss epss 0.00

    NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which…

  • CVE-2026-56402Jun 23, 2026
    risk 0.00cvss epss 0.00

    NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting…

  • CVE-2025-15619Jun 23, 2026
    risk 0.00cvss epss 0.00

    HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.

  • CVE-2025-62180Jun 23, 2026
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

  • CVE-2026-12112impJun 23, 2026
    risk 0.51cvss 7.8epss 0.00

    foreman-mcp-server: MCP Server: Active Session Hijacking via Insecure Session State Reuse

  • CVE-2026-11807criJun 23, 2026
    risk 0.62cvss 9.6epss 0.00

    eda-server: websocket missing authorization allows credential theft via activation_id spoofing

  • CVE-2026-27604Jun 23, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to the…

  • CVE-2026-28496Jun 23, 2026
    risk 0.00cvss epss 0.02

    FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators with access to features that render Twig templates (email templates, mass…

  • CVE-2026-56815Jun 23, 2026
    risk 0.00cvss epss 0.00

    pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.

  • CVE-2026-35019Jun 23, 2026
    risk 0.00cvss epss 0.00

    NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface.…

  • CVE-2026-35018Jun 23, 2026
    risk 0.00cvss epss 0.01

    NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the…

  • CVE-2026-11772Jun 23, 2026
    risk 0.00cvss epss 0.00

    DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However,…

  • CVE-2026-12969Jun 23, 2026
    risk 0.00cvss epss 0.00

    An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker…

  • CVE-2026-9073modJun 23, 2026
    risk 0.40cvss 6.2epss 0.00

    foreman-mcp-server: MCP Server: Insecure Sensitive HTTP Header Sanitization

  • CVE-2026-4610Jun 23, 2026
    risk 0.00cvss epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function in all versions up to, and including, 5.9.9.2 due to insufficient input…

  • CVE-2026-54892Jun 23, 2026
    risk 0.00cvss epss 0.01

    Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded request bodies. When…

  • CVE-2026-10857Jun 23, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06.

  • CVE-2026-56784Jun 23, 2026
    risk 0.00cvss epss 0.00

    OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms() method in…

  • CVE-2026-56762Jun 23, 2026
    risk 0.00cvss epss 0.00

    Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r or \n) when an application passes a user-controlled cookie name. This can…

  • CVE-2026-56701Jun 23, 2026
    risk 0.00cvss epss 0.00

    Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexml_load_string without disabling external entity loading, enabling attackers to…

  • CVE-2026-56379Jun 23, 2026
    risk 0.00cvss epss 0.01

    ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during…

  • CVE-2026-56376Jun 23, 2026
    risk 0.00cvss epss 0.00

    ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.

  • CVE-2026-56371Jun 23, 2026
    risk 0.00cvss epss 0.00

    ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture…

  • CVE-2026-56322Jun 23, 2026
    risk 0.00cvss epss 0.00

    Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state.…

  • CVE-2026-56315Jun 23, 2026
    risk 0.00cvss epss 0.01

    picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files…

  • CVE-2026-56301Jun 23, 2026
    risk 0.00cvss epss 0.00

    Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident…

  • CVE-2026-56275Jun 23, 2026
    risk 0.00cvss epss 0.00

    Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses,…

  • CVE-2026-56274Jun 23, 2026
    risk 0.00cvss epss 0.03

    Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with…

  • CVE-2026-56263Jun 23, 2026
    risk 0.00cvss epss 0.00

    Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's…

  • CVE-2026-56258Jun 23, 2026
    risk 0.00cvss epss 0.01

    Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use (TOCTOU) attacks on the output_path parameter.…

  • CVE-2026-56248Jun 23, 2026
    risk 0.00cvss epss 0.00

    Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-Level Security (RLS) policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic…

  • CVE-2026-56243Jun 23, 2026
    risk 0.00cvss epss 0.00

    Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext…

  • CVE-2026-56234Jun 23, 2026
    risk 0.00cvss epss 0.00

    Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance…

  • CVE-2026-56225Jun 23, 2026
    risk 0.00cvss epss 0.00

    Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a single app via limited_to_apps are only checked for limited_to_orgs and not for…

  • CVE-2026-56222Jun 23, 2026
    risk 0.00cvss epss 0.00

    Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting…

  • CVE-2025-71376Jun 23, 2026
    risk 0.00cvss epss 0.00

    picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.

  • CVE-2025-71370Jun 23, 2026
    risk 0.00cvss epss 0.00

    picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().

  • CVE-2025-71365Jun 23, 2026
    risk 0.00cvss epss 0.00

    picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when…

  • CVE-2025-71341Jun 23, 2026
    risk 0.00cvss epss 0.00

    picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote…

  • CVE-2025-71337Jun 23, 2026
    risk 0.00cvss epss 0.00

    Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without…

  • CVE-2023-54365Jun 23, 2026
    risk 0.00cvss epss 0.01

    Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create…

  • CVE-2026-10711Jun 23, 2026
    risk 0.00cvss epss 0.00

    Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CafePlus: from 12.05.03 before 12.05.04.