VYPR

CVEs

96,314 total · page 40 of 1,927

  • CVE-2026-10183HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly…

  • CVE-2026-49490HigMay 31, 2026
    risk 0.53cvss 8.1epss 0.00

    OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable…

  • CVE-2026-49489HigMay 31, 2026
    risk 0.55cvss 8.5epss 0.00

    OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php…

  • CVE-2026-10181HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The…

  • CVE-2026-10179HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.03

    A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2026-10178HigMay 31, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is…

  • CVE-2026-10167HigMay 31, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a…

  • CVE-2026-10165HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The…

  • CVE-2026-10164HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed…

  • CVE-2026-10163HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of…

  • CVE-2026-10162HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file /goform/formSetPassword. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack may be launched remotely. The…

  • CVE-2026-10161HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument status_statistic results in stack-based buffer overflow. The attack may be initiated…

  • CVE-2026-10160HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument start_wizard leads to stack-based buffer overflow. The attack can be…

  • CVE-2026-10159HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current_page causes stack-based buffer overflow. The attack can be initiated remotely. The…

  • CVE-2026-10158HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit…

  • CVE-2026-10157HigMay 31, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely.…

  • CVE-2026-10126HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched…

  • CVE-2026-10125HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The…

  • CVE-2026-10124HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The…

  • CVE-2026-10123HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in…

  • CVE-2026-10122HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from…

  • CVE-2026-10121HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out…

  • CVE-2018-25426HigMay 30, 2026
    risk 0.49cvss 7.5epss 0.01

    WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a…

  • CVE-2018-25425HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid…

  • CVE-2018-25424HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection…

  • CVE-2018-25422HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id…

  • CVE-2018-25420HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive…

  • CVE-2018-25419HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre…

  • CVE-2018-25418HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter…

  • CVE-2018-25417HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality…

  • CVE-2018-25416HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country…

  • CVE-2018-25415HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the…

  • CVE-2018-25414HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor…

  • CVE-2018-25413HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive…

  • CVE-2018-25411HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the…

  • CVE-2018-25410HigMay 30, 2026
    risk 0.46cvss 7.1epss 0.00

    SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus…

  • CVE-2018-25409HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update…

  • CVE-2018-25408HigMay 30, 2026
    risk 0.49cvss 7.5epss 0.01

    The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename…

  • CVE-2018-25407HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid…

  • CVE-2018-25406HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid…

  • CVE-2018-25405HigMay 30, 2026
    risk 0.53cvss 8.2epss 0.00

    eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid…

  • CVE-2026-10120HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed…

  • CVE-2026-10119HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is…

  • CVE-2026-46242HigMay 30, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(),…

  • CVE-2026-9757HigMay 30, 2026
    risk 0.42cvss 7.5epss 0.00

    The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's wp_magic_quotes protection,…

  • CVE-2026-7465HigMay 30, 2026
    risk 0.57cvss 8.8epss 0.01

    The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to…

  • CVE-2026-7459HigMay 30, 2026
    risk 0.42cvss 7.5epss 0.01

    The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints…

  • CVE-2026-10111HigMay 30, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and…

  • CVE-2026-10110HigMay 30, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit…

  • CVE-2026-47409higMay 29, 2026
    risk 0.38cvss epss 0.00

    ## Summary **Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can remove any other member, including the…