VYPR

CVEs

344,989 total · page 4 of 6,900

  • CVE-2026-0282lowJul 8, 2026
    risk 0.07cvss epss 0.00

    Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0282

  • CVE-2026-0283medJul 8, 2026
    risk 0.26cvss epss 0.01

    Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0283

  • CVE-2026-0284medJul 8, 2026
    risk 0.26cvss epss 0.01

    Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0284

  • CVE-2026-0285medJul 8, 2026
    risk 0.26cvss epss 0.00

    Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0285

  • CVE-2026-0286medJul 8, 2026
    risk 0.26cvss epss 0.01

    Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0286

  • CVE-2026-0287medJul 8, 2026
    risk 0.26cvss epss 0.01

    Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0287

  • CVE-2026-0288higJul 8, 2026
    risk 0.45cvss epss 0.01

    Palo Alto Networks security advisory: https://security.paloaltonetworks.com/CVE-2026-0288

  • CVE-2026-59262modJul 8, 2026
    risk 0.35cvss 6.5epss 0.00

    AFFiNE: AFFiNE: Information disclosure via histories GraphQL field

  • CVE-2026-59725impJul 8, 2026
    risk 0.42cvss 7.5epss 0.00

    socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests

  • CVE-2026-59724impJul 8, 2026
    risk 0.42cvss 7.5epss 0.00

    engine.io: Engine.IO: Denial of Service via crafted WebTransport session ID

  • CVE-2026-59876modJul 8, 2026
    risk 0.24cvss 4.8epss 0.00

    protobufjs: protobufjs: Prototype pollution vulnerability in Text Format extension

  • CVE-2026-44918impJul 8, 2026
    risk 0.57cvss 8.7epss 0.00

    openstack-ironic: Prevent rehoming resources to nodes with different owner

  • CVE-2026-54423modJul 8, 2026
    risk 0.42cvss 6.5epss 0.01

    openstack-ironic: openstack-ironic: Arbitrary IPMI command execution via send_raw deployment step

  • CVE-2026-56297modJul 8, 2026
    risk 0.29cvss 5.6epss 0.00

    FreeRDP: FreeRDP: Remote code execution or denial of service via use-after-free race condition

  • CVE-2026-15028lowJul 8, 2026
    risk 0.25cvss 3.9epss 0.00

    libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header

  • CVE-2026-15041lowJul 8, 2026
    risk 0.24cvss 3.7epss 0.00

    389-ds-base: 389-ds-base: Non-constant-time comparison in PBKDF2-SHA256 password verification

  • CVE-2011-10043Jul 8, 2026
    risk 0.00cvss epss 0.00

    Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug…

  • CVE-2026-14895Jul 8, 2026
    risk 0.00cvss epss 0.00

    String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails whenever a non-whitespace character follows the…

  • CVE-2026-14740Jul 8, 2026
    risk 0.00cvss epss 0.00

    DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an…

  • CVE-2026-14739Jul 8, 2026
    risk 0.00cvss epss 0.00

    DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of…

  • CVE-2026-14380Jul 8, 2026
    risk 0.00cvss epss 0.01

    DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no…

  • CVE-2026-58472Jul 8, 2026
    risk 0.00cvss epss 0.00

    GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters…

  • CVE-2026-58470Jul 8, 2026
    risk 0.00cvss epss 0.00

    GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range…

  • CVE-2026-58469Jul 8, 2026
    risk 0.00cvss epss 0.00

    GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only…

  • CVE-2026-58471Jul 8, 2026
    risk 0.00cvss epss 0.00

    GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When…

  • CVE-2026-53763Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM…

  • CVE-2026-41516Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS#1 v1.5 decryption implementation in the Hisilicon…

  • CVE-2026-41434Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS#11 TA. Version…

  • CVE-2026-44362Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection…

  • CVE-2026-41515Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto…

  • CVE-2026-41514Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE…

  • CVE-2026-42546Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup…

  • CVE-2026-40257Jul 8, 2026
    risk 0.00cvss epss 0.00

    OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation…

  • CVE-2026-53878Jul 8, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses values with newlines in an HTTP response, header…

  • CVE-2026-53877Jul 8, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault…

  • CVE-2026-48588Jul 8, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from…

  • CVE-2026-59153Jul 8, 2026
    risk 0.00cvss epss 0.00

    Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially…

  • CVE-2026-43825Jul 8, 2026
    risk 0.00cvss epss 0.09

    Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected:   before 3.0.0-M4 (libsvm document categorization module; introduced in   OPENNLP-1808 and only present on the 3.x line) Description: SvmDoccatModel.deserialize(InputStream) reads an…

  • CVE-2026-60001Jul 8, 2026
    risk 0.00cvss epss 0.00

    sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.

  • CVE-2026-60002Jul 8, 2026
    risk 0.00cvss epss 0.00

    ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

  • CVE-2026-60000Jul 8, 2026
    risk 0.00cvss epss 0.00

    sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.

  • CVE-2026-59997Jul 8, 2026
    risk 0.00cvss epss 0.00

    internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.

  • CVE-2026-59999Jul 8, 2026
    risk 0.00cvss epss 0.00

    In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.

  • CVE-2026-59995Jul 8, 2026
    risk 0.00cvss epss 0.00

    sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.

  • CVE-2026-59996Jul 8, 2026
    risk 0.00cvss epss 0.00

    scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.

  • CVE-2026-59998Jul 8, 2026
    risk 0.00cvss epss 0.00

    sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.

  • CVE-2026-7017Jul 8, 2026
    risk 0.00cvss epss 0.00

    HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new…

  • CVE-2026-15044modJul 8, 2026
    risk 0.41cvss 6.3epss 0.00

    trustyai-service-operator: TrustyAI Service Operator: Unauthenticated access to AI guardrails and orchestrator APIs

  • CVE-2026-15063modJul 8, 2026
    risk 0.41cvss 6.3epss 0.00

    trustyai-service-operator: TrustyAI Service Operator: Gorch port bypass when auth IS enabled

  • CVE-2026-59691impJul 8, 2026
    risk 0.46cvss 7.1epss 0.00

    gstreamer: gstreamer: rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer