VYPR

CVEs

345,054 total · page 48 of 6,902

  • CVE-2026-42895Jun 19, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-45480Jun 19, 2026
    risk 0.00cvss epss 0.01

    Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-32208Jun 19, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-48794Jun 19, 2026
    risk 0.00cvss epss 0.00

    Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an…

  • CVE-2026-48129Jun 19, 2026
    risk 0.00cvss epss 0.00

    Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task `inputFiles` writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an…

  • CVE-2026-49346Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the…

  • CVE-2026-49295Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate…

  • CVE-2026-49337Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object that has no active image…

  • CVE-2026-48787Jun 19, 2026
    risk 0.00cvss epss 0.00

    gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST…

  • CVE-2026-54898higJun 19, 2026
    risk 0.45cvss epss 0.00

    ### Summary `Oj::Parser#parse` is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw `const byte *` pointer into the Ruby string's internal buffer. If a callback (e.g. `hash_start`) resizes the…

  • CVE-2026-54897higJun 19, 2026
    risk 0.45cvss epss 0.00

    ### Summary `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls `doc.close` or `d.close`, the document's heap memory is freed while the C iterator is still running. When control…

  • CVE-2026-54896higJun 19, 2026
    risk 0.45cvss epss 0.00

    ### Summary `Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With…

  • CVE-2026-55778lowJun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact Parse Server's default `fileUpload.fileExtensions` blocklist is intended to prevent uploading files that browsers render as active content (such as HTML and SVG), which can be used to perform stored cross-site scripting (XSS) attacks against other users. The…

  • CVE-2026-54592higJun 19, 2026
    risk 0.45cvss epss 0.00

    ### Summary `Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. ### Details Two-step chain in `ext/oj/fast.c`: 1.…

  • CVE-2026-54528higJun 19, 2026
    risk 0.38cvss epss 0.00

    ## Summary `jupyterlab-git` 0.53.0 (latest, 2026-04-30) uses `fnmatch.fnmatchcase()` in `GitHandler.prepare()` (`jupyterlab_git/handlers.py:91`) to enforce the admin-configured `excluded_paths` security control. Because `fnmatchcase` is unconditionally case-sensitive, an…

  • CVE-2026-54527higJun 19, 2026
    risk 0.38cvss epss 0.00

    Overview Amazon Web Services (AWS) Security has identified a stored cross-site scripting (XSS) issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution (RCE). The issue exists in the PlainTextDiff.ts component, where the createHeader() method…

  • CVE-2026-54500Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In…

  • CVE-2026-54499higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using `torch.load(..., weights_only=True)`, but automatically falls back to the fully unsafe `torch.load(..., weights_only=False)` when the safe load raises `pickle.UnpicklingError`. Because the…

  • CVE-2026-54317higJun 19, 2026
    risk 0.45cvss epss 0.00

    ### Summary The Konnected integration registers an HTTP endpoint, `KonnectedView` (`homeassistant/components/konnected/__init__.py`), that is marked as **not requiring authentication** (`requires_auth = False`). A comment next to that line says auth is instead handled "via the…

  • CVE-2026-54297higJun 19, 2026
    risk 0.38cvss epss 0.00

    # Uncontrolled Recursion in NestedParamsEncoder Allows Stack Exhaustion DoS via Deeply Nested Query Parameters ## Summary `Faraday::NestedParamsEncoder`, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum…

  • CVE-2026-53492higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations…

  • CVE-2026-53489higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact A bug was found in containerd where the CRI plugin restores `container.log` from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via `kubectl logs`. ### Patches This bug has been fixed in the…

  • CVE-2026-53488higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels…

  • CVE-2026-54502higJun 19, 2026
    risk 0.45cvss epss 0.00

    ### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX`…

  • CVE-2026-50195Jun 19, 2026
    risk 0.00cvss epss 0.00

    ## Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd…

  • CVE-2026-49216Jun 19, 2026
    risk 0.00cvss epss

    ### Description The Stimulus controller shipped with `symfony/ux-autocomplete` renders AJAX response items into the dropdown by interpolating the `text` field directly into HTML template literals (`${item[labelField]}`) inside `_createAutocompleteWithRemoteData()`.…

  • CVE-2026-49215lowJun 19, 2026
    risk 0.00cvss epss

    ### Description When using `symfony/ux-live-component`, methods annotated with `#[LiveAction]` are invokable from the browser and mutate server-side state via AJAX. `Symfony\UX\LiveComponent\EventListener\LiveComponentSubscriber::isLiveComponentRequest()` gated these…

  • CVE-2026-49212lowJun 19, 2026
    risk 0.00cvss epss

    ### Description In `symfony/ux-live-component`, a component's server-side state is exposed to the browser as a set of props (`#[LiveProp]`-annotated properties). Props marked `writable: true` can be freely changed by the client. Read-only props are round-tripped to the browser…

  • CVE-2026-49211Jun 19, 2026
    risk 0.00cvss epss

    ### Description `Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause()` builds the `LIKE` expression used by the autocomplete endpoint by wrapping the client-supplied query in `%...%` without escaping the SQL `LIKE` wildcards (`%`, `_`, `\`). The value is passed…

  • CVE-2026-49210Jun 19, 2026
    risk 0.00cvss epss

    ### Description `Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml()` interpolates the `$childTag` argument directly into the HTML output as a tag name, without escaping or validation. The value originates from client-controlled JSON (`children[id].tag`)…

  • CVE-2026-49209lowJun 19, 2026
    risk 0.00cvss epss

    ### Description `Symfony\UX\LiveComponent\Controller\BatchActionController::__invoke()` iterates over the client-supplied `actions` array and issues a full `HttpKernel` sub-request for each entry (event subscribers, validators, Doctrine, rendering). The array size is never…

  • CVE-2026-48774Jun 19, 2026
    risk 0.00cvss epss 0.00

    ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring…

  • CVE-2026-47262Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the…

  • CVE-2026-54899higJun 19, 2026
    risk 0.45cvss epss 0.00

    ### Summary Disabling `symbol_keys` on a reused `Oj::Parser` instance triggers a heap use-after-free. When `symbol_keys` is toggled from `true` to `false`, `opt_symbol_keys_set` frees the internal key cache (`cache_free`) but does not clear the pointer. The next `parse` call…

  • CVE-2026-48772Jun 19, 2026
    risk 0.00cvss epss 0.00

    ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN \r\n` PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1…

  • CVE-2026-48773Jun 19, 2026
    risk 0.00cvss epss 0.00

    ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first…

  • CVE-2026-49208Jun 19, 2026
    risk 0.00cvss epss

    ### Description When a `#[LiveProp]` is typed as a `DateTimeInterface` and no explicit `format` is configured, `Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue()` falls back to `new $className($value)`. The `DateTime` / `DateTimeImmutable` constructors accept…

  • CVE-2026-49345Jun 19, 2026
    risk 0.00cvss epss 0.01

    Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE configuration panel (`/admin/config/parameters`). The `testProvider()` method in…

  • CVE-2026-23879higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Summary There exists an **arbitrary file write vulnerability** in `py7zr` (1.1.0, latest), which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using `extractall` to extract an archive, the library…

  • CVE-2026-49344Jun 19, 2026
    risk 0.00cvss epss 0.00

    Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` / `select` / `filters` / `traverse` / `output`), translates it into an Eloquent…

  • CVE-2026-49342Jun 19, 2026
    risk 0.00cvss epss 0.00

    YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as…

  • CVE-2026-49340Jun 19, 2026
    risk 0.00cvss epss 0.00

    gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdatePlaylist` allows any authenticated Subsonic user (including non-admin) to write playlist M3U content to an attacker-controlled…

  • CVE-2026-49338Jun 19, 2026
    risk 0.00cvss epss 0.00

    gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/deletePlaylist.view` and `/rest/getPlaylist.view` perform no per-resource authorization. Once authenticated as any user (admin or…

  • CVE-2026-27878Jun 19, 2026
    risk 0.00cvss epss 0.00

    A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.

  • CVE-2026-9375Jun 19, 2026
    risk 0.00cvss epss 0.00

    urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The issue arises due to three independent code paths in `response.py` that bypass the `max_length` protection introduced in version 2.6.0…

  • CVE-2026-12238Jun 19, 2026
    risk 0.00cvss epss 0.00

    The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…

  • CVE-2026-49339Jun 19, 2026
    risk 0.00cvss epss 0.00

    gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6dd71e6a3c966867ef8c900d359a7df75789f410` added an ownership check based on `playlist.UserID`. However, `playlist.UserID` is derived from the first path segment…

  • CVE-2026-49336Jun 19, 2026
    risk 0.00cvss epss 0.01

    @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `Authorization` and `Cookie` from…

  • CVE-2026-49293Jun 19, 2026
    risk 0.00cvss epss 0.00

    js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accumulator by the radix once per input…

  • CVE-2026-49288Jun 19, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other…