VYPR

CVEs

11,223 total · page 4 of 225

  • CVE-2026-47208CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in…

  • CVE-2026-47140CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed…

  • CVE-2026-47137CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality (options.require…

  • CVE-2026-47131CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the host's TypeError constructor…

  • CVE-2026-10557CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud…

  • CVE-2026-11849CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.

  • CVE-2026-50628CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.01

    A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to…

  • CVE-2026-50627CriJun 12, 2026
    risk 0.59cvss 9.1epss 0.00

    The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token…

  • CVE-2026-49875CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix…

  • CVE-2026-11535CriJun 12, 2026
    risk 0.61cvss epss 0.00

    An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.

  • CVE-2026-48611CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.01

    Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

  • CVE-2026-47370CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

  • CVE-2026-47369CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.00

    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

  • CVE-2026-47367CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.

  • CVE-2026-47365CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.00

    Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account.

  • CVE-2026-45060CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.00

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This…

  • CVE-2026-42846CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.01

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is…

  • CVE-2026-49060CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.

  • CVE-2026-42647CriJun 11, 2026
    risk 0.60cvss 9.3epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7.

  • CVE-2026-39494CriJun 11, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2.

  • CVE-2026-12027CriJun 11, 2026
    risk 0.62cvss 9.6epss 0.00

    Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-41005CriJun 11, 2026
    risk 0.59cvss 9.0epss 0.00

    Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when…

  • CVE-2026-49973CriJun 11, 2026
    risk 0.54cvss 9.4epss 0.01

    Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter to the settings API endpoint without any network origin restriction. Attackers on…

  • CVE-2026-47174CriJun 11, 2026
    risk 0.62cvss epss 0.00

    In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull…

  • CVE-2026-47172CriJun 11, 2026
    risk 0.62cvss epss 0.00

    Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy…

  • CVE-2026-45177CriJun 11, 2026
    risk 0.59cvss epss 0.01

    Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow…

  • CVE-2026-49261CriJun 11, 2026
    risk 0.65cvss 10.0epss 0.00

    MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner…

  • CVE-2026-48062criJun 11, 2026
    risk 0.52cvss epss 0.00

    ### Impact The `ext_in` upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named `shell.php` containing GIF-like content could pass validation such as: ```…

  • CVE-2026-9648CriJun 11, 2026
    risk 0.52cvss 9.1epss 0.00

    The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a…

  • CVE-2026-11839CriJun 11, 2026
    risk 0.64cvss 9.9epss 0.00

    Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003.

  • CVE-2026-38581CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.00

    SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into…

  • CVE-2026-48039criJun 11, 2026
    risk 0.52cvss epss 0.00

    # Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 (commit 496c988 ~ 7d14226); Versions 1.0.102–1.0.105 lack git…

  • CVE-2026-7852CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.00

    Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9.

  • CVE-2026-11561CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0…

  • CVE-2026-4764CriJun 11, 2026
    risk 0.61cvss epss 0.00

    A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. …

  • CVE-2026-35273CriKEVJun 11, 2026
    risk 0.64cvss 9.8epss 0.92

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…

  • CVE-2026-46703CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when…

  • CVE-2026-46695CriJun 10, 2026
    risk 0.58cvss 10.0epss 0.00

    Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can…

  • CVE-2026-48063criJun 10, 2026
    risk 0.52cvss epss 0.00

    ### Impact Any baileys session under the latest version (< 7.0.0-rc12, and < 6.7.22) can be sent a malicious payload via the placeholderResendMessage and trigger a fake `messages.upsert` event with a **fake message key and payload**. This allows anyone to spoof messages. The…

  • CVE-2026-50638CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends…

  • CVE-2026-50566CriJun 10, 2026
    risk 0.57cvss 9.9epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation /…

  • CVE-2026-50564CriJun 10, 2026
    risk 0.57cvss 9.9epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the…

  • CVE-2026-50563CriJun 10, 2026
    risk 0.57cvss 9.9epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it…

  • CVE-2026-50545CriJun 10, 2026
    risk 0.57cvss 9.9epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec…

  • CVE-2026-46614CriJun 10, 2026
    risk 0.57cvss 9.8epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/ and…

  • CVE-2026-20253CriKEVJun 10, 2026
    risk 0.76cvss 9.8epss 0.88

    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks…

  • CVE-2026-53476CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary…

  • CVE-2026-53475CriJun 10, 2026
    risk 0.53cvss 9.3epss 0.00

    A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials.…

  • CVE-2026-53474CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are…

  • CVE-2026-53471CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim within these tokens against the requested source ID. This…