VYPR

CVEs

96,314 total · page 42 of 1,927

  • CVE-2026-45662HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.01

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${response.registryUrl} without shell escaping. In the same file, the docker login…

  • CVE-2026-39276HigMay 29, 2026
    risk 0.47cvss 7.2epss 0.01

    The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default…

  • CVE-2026-35674HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and…

  • CVE-2026-35630HigMay 29, 2026
    risk 0.45cvss 8.0epss 0.00

    OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper…

  • CVE-2026-32905HigMay 29, 2026
    risk 0.47cvss 8.3epss 0.00

    OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup…

  • CVE-2026-10069HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be launched remotely. This project is superseded by FreshTomato. This vulnerability…

  • CVE-2026-10068HigMay 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded…

  • CVE-2026-10067HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only…

  • CVE-2026-10066HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is…

  • CVE-2026-10065HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This…

  • CVE-2018-25404HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Attackers can send GET requests to add_facnote.php with crafted SQL payloads to…

  • CVE-2018-25403HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city_graph.php with crafted SQL payloads to extract…

  • CVE-2018-25402HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc_types_graph.php with crafted SQL payloads to…

  • CVE-2018-25401HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever_graph.php with crafted SQL payloads to…

  • CVE-2018-25400HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form_post.php endpoint with crafted SQL…

  • CVE-2018-25399HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL…

  • CVE-2018-25398HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to…

  • CVE-2018-25396HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username…

  • CVE-2018-25395HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into…

  • CVE-2018-25394HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into…

  • CVE-2018-25392HigMay 29, 2026
    risk 0.46cvss 7.1epss 0.00

    MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with…

  • CVE-2018-25391HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/mod_pengurus/aksi_pengurus.php…

  • CVE-2018-25390HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php. Attackers can send a crafted request with a time-based blind…

  • CVE-2018-25389HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based…

  • CVE-2018-25388HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.01

    HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php…

  • CVE-2018-25386HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module (module=desa&act=hapus), while…

  • CVE-2018-25385HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can send GET requests to monitor_nilai.php with crafted SQL…

  • CVE-2018-25383HigMay 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded…

  • CVE-2018-25382HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve…

  • CVE-2026-45609HigMay 29, 2026
    risk 0.40cvss 7.2epss 0.00

    mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it…

  • CVE-2026-39292HigMay 29, 2026
    risk 0.47cvss 7.3epss 0.00

    Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of…

  • CVE-2026-10063HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is…

  • CVE-2026-10062HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried…

  • CVE-2026-46510HigMay 29, 2026
    risk 0.46cvss 8.2epss 0.00

    form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, or prototype. A single HTTP form field whose name starts with __proto__[...]…

  • CVE-2026-45707HigMay 29, 2026
    risk 0.46cvss 8.1epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key…

  • CVE-2026-45615HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsing a maliciously crafted, zero-length OER payload for a variable-length,…

  • CVE-2026-45578HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsync() command line by string concatenation, single-quoting each argument but never…

  • CVE-2026-45555HigMay 29, 2026
    risk 0.51cvss 7.8epss 0.00

    Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get_diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist,…

  • CVE-2026-44698HigMay 29, 2026
    risk 0.47cvss 8.3epss 0.00

    Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on…

  • CVE-2026-44239HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST['rawname'] parameter is concatenated into an include() call with a .class.php…

  • CVE-2026-44238HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full…

  • CVE-2026-44237HigMay 29, 2026
    risk 0.53cvss 8.1epss 0.00

    FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in ClientRepository.php…

  • CVE-2026-10073HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.

  • CVE-2026-10072HigMay 29, 2026
    risk 0.47cvss 7.2epss 0.00

    DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

  • CVE-2026-9509HigMay 29, 2026
    risk 0.57cvss epss 0.00

    An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service (DoS) by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that…

  • CVE-2026-48527HigMay 29, 2026
    risk 0.57cvss 8.7epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the…

  • CVE-2026-9809HigMay 29, 2026
    risk 0.49cvss 7.6epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or forms), user-supplied project names are rendered without proper sanitization.…

  • CVE-2026-9808HigMay 29, 2026
    risk 0.46cvss 7.1epss 0.00

    An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or `editown`) are not properly enforced. This allows low-privilege authenticated…

  • CVE-2025-41281HigMay 29, 2026
    risk 0.51cvss 7.8epss 0.01

    Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a…

  • CVE-2025-41280HigMay 29, 2026
    risk 0.51cvss 7.8epss 0.00

    Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is…