VYPR

CVEs

345,051 total · page 42 of 6,902

  • CVE-2026-44584medJun 22, 2026
    risk 0.26cvss epss

    ### Summary The email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain its verified status after switching to an unverified or unowned email address. ### Technical Details…

  • CVE-2026-44583medJun 22, 2026
    risk 0.26cvss epss

    ### Summary The PayPal webhook endpoint `/extensions/paypal/webhook` processes the `PAYPAL-CERT-URL` HTTP header without validation, allowing attackers to control server-side HTTP request destinations. ### Technical details: The `/extensions/paypal/webhook` endpoint processes…

  • CVE-2026-54651Jun 22, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1.

  • CVE-2026-44517medJun 22, 2026
    risk 0.26cvss epss

    ### Impact When processing a build contexts or `add`/`copy` instructions, a malicious server serving a Git repository or a tar archive file can cause files outside of the build context directory to be included in the build context or copied into the build. ### Patches Fixed…

  • CVE-2026-44203criJun 22, 2026
    risk 0.59cvss epss

    ### Summary The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the `form_post` response mode. This may allow an attacker to inject content into the…

  • CVE-2026-39904Jun 22, 2026
    risk 0.00cvss epss 0.00

    Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function in models/attachment.go processes…

  • CVE-2026-44202medJun 22, 2026
    risk 0.26cvss epss

    OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway. The…

  • CVE-2026-44179criJun 22, 2026
    risk 0.59cvss epss

    ### Summary The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code…

  • CVE-2026-55599Jun 22, 2026
    risk 0.00cvss epss 0.00

    phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature() reads a URL out of that certificate's Authority Information Access (AIA)…

  • CVE-2026-41573higJun 22, 2026
    risk 0.45cvss epss

    OpenAM (Open Identity Platform) is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under `/json/{realm}/users`. In `IdentityResourceV1.queryCollection()`, the HTTP query parameter…

  • CVE-2026-33731medJun 22, 2026
    risk 0.19cvss epss

    ## Summary The Authorize.Net webhook handler at `plugin/AuthorizeNet/webhook.php` contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small…

  • CVE-2026-33692higJun 22, 2026
    risk 0.38cvss epss

    ## Vulnerability Details **CWE**: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official `docker-compose.yml` (line 61) mounts the entire project root directory as the Apache document root: ```yaml volumes: -…

  • CVE-2026-10852Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.

  • CVE-2026-44271Jun 22, 2026
    risk 0.00cvss epss 0.00

    Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2026-44272Jun 22, 2026
    risk 0.00cvss epss 0.00

    Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2026-44273Jun 22, 2026
    risk 0.00cvss epss 0.00

    Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

  • CVE-2026-44274Jun 22, 2026
    risk 0.00cvss epss 0.00

    Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

  • CVE-2026-53779Jun 22, 2026
    risk 0.00cvss epss 0.00

    WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in…

  • CVE-2026-11834Jun 22, 2026
    risk 0.00cvss epss 0.00

    A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP…

  • CVE-2026-33684medJun 22, 2026
    risk 0.19cvss epss

    ## Summary The `set_api_signUp` method in the API plugin accepts `emailVerified`, `canUpload`, `canStream`, and `canCreateMeet` parameters from user-supplied input and applies them to newly created accounts without verifying that the request was authenticated with a valid…

  • CVE-2026-55443Jun 22, 2026
    risk 0.00cvss epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors…

  • CVE-2026-33646criJun 22, 2026
    risk 0.59cvss epss 0.01

    ## Summary Mise processes `.tool-versions` files through the Tera template engine during parsing, with the `exec()` function registered, enabling arbitrary command execution. Unlike `.mise.toml` files, `.tool-versions` files are **not subject to trust verification** in…

  • CVE-2026-10789Jun 22, 2026
    risk 0.00cvss epss 0.00

    A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the…

  • CVE-2026-32315medJun 22, 2026
    risk 0.26cvss epss 0.03

    # Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye ## Summary motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r--r--`), making it readable by any local…

  • CVE-2026-31978medJun 22, 2026
    risk 0.26cvss epss 0.00

    ### Summary motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the…

  • CVE-2026-25119higJun 22, 2026
    risk 0.38cvss epss 0.01

    ## Summary When `ENABLE_REVERSE_PROXY_AUTHENTICATION` is enabled, Gogs accepts the configured authentication header (default: `X-WEBAUTH-USER`) directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can…

  • CVE-2025-64719medJun 22, 2026
    risk 0.19cvss epss 0.00

    ### Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. …

  • CVE-2026-42127Jun 22, 2026
    risk 0.00cvss epss 0.00

    The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid…

  • CVE-2026-56109Jun 22, 2026
    risk 0.00cvss epss 0.00

    The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array…

  • CVE-2026-12249Jun 22, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py),…

  • CVE-2026-11994Jun 22, 2026
    risk 0.00cvss epss 0.00

    Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report.

  • CVE-2026-41049Jun 22, 2026
    risk 0.00cvss epss 0.00

    Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.

  • CVE-2026-41048Jun 22, 2026
    risk 0.00cvss epss 0.00

    Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".

  • CVE-2026-11943Jun 22, 2026
    risk 0.00cvss epss 0.00

    Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name.

  • CVE-2026-41047Jun 22, 2026
    risk 0.00cvss epss 0.00

    Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.

  • CVE-2026-7253Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating…

  • CVE-2026-12479Jun 22, 2026
    risk 0.00cvss epss 0.00

    A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to…

  • CVE-2026-50178Jun 22, 2026
    risk 0.00cvss epss 0.00

    The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option (located in client/src/client.ts). This…

  • CVE-2026-41046Jun 22, 2026
    risk 0.00cvss epss 0.00

    A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.

  • CVE-2026-8934Jun 22, 2026
    risk 0.00cvss epss 0.00

    A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This…

  • CVE-2026-11942Jun 22, 2026
    risk 0.00cvss epss 0.00

    Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name.

  • CVE-2026-41045Jun 22, 2026
    risk 0.00cvss epss 0.00

    A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.

  • CVE-2026-49241Jun 22, 2026
    risk 0.00cvss epss 0.00

    The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace…

  • CVE-2026-9320Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to…

  • CVE-2026-9071Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to…

  • CVE-2026-9006Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

  • CVE-2026-8646Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to…

  • CVE-2026-10845Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

  • CVE-2024-51454Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to…

  • CVE-2023-33854Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.