VYPR

CVEs

31,171 total · page 40 of 624

  • CVE-2026-26830CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.02

    pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are…

  • CVE-2025-59707CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.01

    In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability.

  • CVE-2025-59706CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.01

    In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.

  • CVE-2026-33322CriMar 24, 2026
    risk 0.57cvss 9.8epss 0.00

    MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary…

  • CVE-2026-33340CriMar 24, 2026
    risk 0.60cvss 9.1epss 0.22

    LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in all known existing versions of `lollms-webui`. The `@router.post("/api/proxy")` endpoint allows…

  • CVE-2026-4729CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and…

  • CVE-2026-4725CriMar 24, 2026
    risk 0.65cvss 10.0epss 0.00

    Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4724CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4723CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4721CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…

  • CVE-2026-4720CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2026-4717CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4716CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4715CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4711CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4710CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4705CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4702CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4701CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4700CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4698CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.01

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4696CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4692CriMar 24, 2026
    risk 0.65cvss 10.0epss 0.00

    Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4691CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4689CriMar 24, 2026
    risk 0.65cvss 10.0epss 0.01

    Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4688CriMar 24, 2026
    risk 0.65cvss 10.0epss 0.01

    Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4753CriMar 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.

  • CVE-2026-4750CriMar 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.

  • CVE-2026-4283CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthenticated users, which bypasses the…

  • CVE-2026-4739CriMar 24, 2026
    risk 0.54cvss epss 0.00

    Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.

  • CVE-2026-4734CriMar 24, 2026
    risk 0.54cvss epss 0.00

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C‎. This issue affects modizer: before…

  • CVE-2026-4001CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.01

    The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to…

  • CVE-2025-41008CriMar 23, 2026
    risk 0.60cvss epss 0.00

    SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint.

  • CVE-2026-31851CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling…

  • CVE-2026-31848CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can…

  • CVE-2025-41007CriMar 23, 2026
    risk 0.60cvss epss 0.00

    SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint.

  • CVE-2026-4585CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File…

  • CVE-2026-4567CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-4606CriMar 23, 2026
    risk 0.65cvss epss 0.00

    GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.  During installation, ERM creates a Windows service that runs under the LocalSystem account.  …

  • CVE-2019-25568CriMar 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable,…

  • CVE-2026-33186CriMar 20, 2026
    risk 0.52cvss 9.1epss 0.02

    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path`…

  • CVE-2026-29796CriMar 20, 2026
    risk 0.61cvss 9.4epss 0.00

    WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging…

  • CVE-2026-25192CriMar 20, 2026
    risk 0.61cvss 9.4epss 0.00

    WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging…

  • CVE-2026-21732CriMar 20, 2026
    risk 0.62cvss 9.6epss 0.00

    A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits…

  • CVE-2026-3584CriMar 20, 2026
    risk 0.59cvss 9.8epss 0.07

    The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into internal placeholder storage, combined…

  • CVE-2026-22898CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.01

    A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

  • CVE-2025-59383CriMar 20, 2026
    risk 0.59cvss 9.1epss 0.00

    A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and…

  • CVE-2025-15608CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.01

    This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote…

  • CVE-2025-15607CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and…

  • CVE-2024-44722CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.01

    SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.