VYPR

CVEs

100,075 total · page 46 of 2,002

  • CVE-2026-44655HigMay 28, 2026
    risk 0.49cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page. This vulnerability is…

  • CVE-2026-42398HigMay 28, 2026
    risk 0.43cvss 7.7epss 0.00

    Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound…

  • CVE-2026-42071HigMay 28, 2026
    risk 0.40cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to download attachments on private bugnotes they should not be able to access, via…

  • CVE-2026-35277HigMay 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of…

  • CVE-2026-35266HigMay 28, 2026
    risk 0.51cvss 7.9epss 0.00

    Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks…

  • CVE-2026-9039HigMay 28, 2026
    risk 0.56cvss epss 0.00

    A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and…

  • CVE-2026-9038HigMay 28, 2026
    risk 0.56cvss epss 0.00

    A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory…

  • CVE-2026-49128HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.01

    Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain…

  • CVE-2026-49127HigMay 28, 2026
    risk 0.49cvss 8.6epss 0.01

    Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin.…

  • CVE-2026-33590HigMay 28, 2026
    risk 0.48cvss epss 0.00

    Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root…

  • CVE-2026-32847HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /{full_path:path} endpoint. Attackers…

  • CVE-2026-4944HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.01

    vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This bypasses the user's explicit…

  • CVE-2026-47333HigMay 28, 2026
    risk 0.51cvss 7.8epss 0.00

    Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can…

  • CVE-2026-47331HigMay 28, 2026
    risk 0.51cvss 7.8epss 0.00

    Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.

  • CVE-2026-46509HigMay 28, 2026
    risk 0.53cvss 8.2epss 0.00

    deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3.

  • CVE-2026-45332HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The…

  • CVE-2026-45044HigMay 28, 2026
    risk 0.57cvss epss 0.00

    RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials.…

  • CVE-2026-45042HigMay 28, 2026
    risk 0.46cvss epss 0.00

    RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation…

  • CVE-2026-45041HigMay 28, 2026
    risk 0.50cvss epss 0.00

    RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses it in production via parse_license() to "verify" license tokens. Because the key…

  • CVE-2026-30761HigMay 28, 2026
    risk 0.40cvss 7.3epss 0.00

    An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file.

  • CVE-2026-30760HigMay 28, 2026
    risk 0.40cvss 7.3epss 0.00

    An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.

  • CVE-2026-46439higMay 28, 2026
    risk 0.39cvss epss 0.00

    A High severity Server-Side Template Injection (SSTI) vulnerability exists in the `trestle author jinja` command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting…

  • CVE-2026-45373HigMay 28, 2026
    risk 0.41cvss 7.4epss 0.00

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://[::1], the SSRF defenses do not work. This vulnerability is fixed in…

  • CVE-2026-45353HigMay 28, 2026
    risk 0.44cvss 7.8epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.

  • CVE-2026-45348HigMay 28, 2026
    risk 0.57cvss 8.7epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then…

  • CVE-2026-45310HigMay 28, 2026
    risk 0.41cvss 7.4epss 0.00

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to prevent SSRF attacks against internal services (cloud metadata endpoints,…

  • CVE-2026-45296HigMay 28, 2026
    risk 0.50cvss 7.7epss 0.00

    OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization…

  • CVE-2026-44798HigMay 28, 2026
    risk 0.39cvss 7.1epss 0.00

    Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable.…

  • CVE-2026-44797HigMay 28, 2026
    risk 0.48cvss 8.5epss 0.00

    Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be…

  • CVE-2026-34126HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker…

  • CVE-2026-46345higMay 28, 2026
    risk 0.39cvss epss 0.00

    **Relevant Products/Components:** * `trestle/core/commands/author/jinja.py` * `trestle author jinja` --- ## Detailed Description: The `-o/--output` argument in `trestle author jinja` allows writing files outside the intended workspace. The application does not properly…

  • CVE-2026-45808higMay 28, 2026
    risk 0.39cvss epss 0.00

    # Impact OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying credential revoked or renewed by a user in another tenant via the legacy, undocumented `sys/revoke` and `sys/renew` endpoints. …

  • CVE-2026-9096HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse() never reads this field, meaning…

  • CVE-2026-9095HigMay 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immediately maps the result to a user session. There is no assertion ID cache,…

  • CVE-2026-8697HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.01

    Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. …

  • CVE-2026-6720HigMay 28, 2026
    risk 0.40cvss epss 0.00

    When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig…

  • CVE-2026-44543HigMay 28, 2026
    risk 0.50cvss 8.7epss 0.00

    Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used…

  • CVE-2026-44466HigMay 28, 2026
    risk 0.49cvss 8.6epss 0.00

    Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0.

  • CVE-2026-44465HigMay 28, 2026
    risk 0.49cvss 8.6epss 0.00

    Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder…

  • CVE-2026-44463HigMay 28, 2026
    risk 0.49cvss 8.6epss 0.00

    Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.

  • CVE-2026-44461HigMay 28, 2026
    risk 0.49cvss 8.6epss 0.00

    Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key (for example…

  • CVE-2026-48526HigMay 28, 2026
    risk 0.41cvss 7.4epss 0.00

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer…

  • CVE-2026-47762HigMay 28, 2026
    risk 0.50cvss 8.7epss 0.00

    TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the…

  • CVE-2026-47761HigMay 28, 2026
    risk 0.50cvss 8.7epss 0.00

    TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is rendered. Impacts users of TinyMCE…

  • CVE-2026-47760HigMay 28, 2026
    risk 0.50cvss 8.7epss 0.00

    TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary…

  • CVE-2026-47759HigMay 28, 2026
    risk 0.50cvss 8.7epss 0.00

    TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values that override safe attributes…

  • CVE-2026-45017HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.00

    Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template…

  • CVE-2026-44594HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.00

    esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, a Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to…

  • CVE-2026-44593HigMay 28, 2026
    risk 0.50cvss epss 0.00

    esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates…

  • CVE-2026-44358HigMay 28, 2026
    risk 0.46cvss 8.2epss 0.00

    Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path…