VYPR

CVEs

345,060 total · page 49 of 6,902

  • CVE-2026-9375Jun 19, 2026
    risk 0.00cvss epss 0.00

    urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The issue arises due to three independent code paths in `response.py` that bypass the `max_length` protection introduced in version 2.6.0…

  • CVE-2026-12238Jun 19, 2026
    risk 0.00cvss epss 0.00

    The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…

  • CVE-2026-49339Jun 19, 2026
    risk 0.00cvss epss 0.00

    gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6dd71e6a3c966867ef8c900d359a7df75789f410` added an ownership check based on `playlist.UserID`. However, `playlist.UserID` is derived from the first path segment…

  • CVE-2026-49336Jun 19, 2026
    risk 0.00cvss epss 0.01

    @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `Authorization` and `Cookie` from…

  • CVE-2026-49293Jun 19, 2026
    risk 0.00cvss epss 0.00

    js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accumulator by the radix once per input…

  • CVE-2026-49288Jun 19, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other…

  • CVE-2026-49291Jun 19, 2026
    risk 0.00cvss epss 0.00

    mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only…

  • CVE-2023-54357Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with…

  • CVE-2019-25762Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=c…

  • CVE-2019-25761Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with…

  • CVE-2019-25760Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task…

  • CVE-2019-25759Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with…

  • CVE-2026-49287Jun 19, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort…

  • CVE-2019-25758Jun 19, 2026
    risk 0.00cvss epss 0.01

    Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee…

  • CVE-2019-25757Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL…

  • CVE-2026-49290Jun 19, 2026
    risk 0.00cvss epss 0.01

    Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction…

  • CVE-2019-25756Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with…

  • CVE-2019-25755Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with…

  • CVE-2019-25754Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint…

  • CVE-2019-25753Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the…

  • CVE-2026-49271Jun 19, 2026
    risk 0.00cvss epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then…

  • CVE-2019-25752Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the…

  • CVE-2019-25751Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch,…

  • CVE-2019-25750Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id parameter. Attackers can send POST requests to the search-hotels…

  • CVE-2026-49359Jun 19, 2026
    risk 0.00cvss epss 0.00

    PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the content of option values server-side via `file_get_contents()` when the value looks like a URL, without restricting the URL scheme.…

  • CVE-2019-25749Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL…

  • CVE-2026-49286Jun 19, 2026
    risk 0.00cvss epss 0.01

    PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so…

  • CVE-2019-25748Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL…

  • CVE-2026-49260Jun 19, 2026
    risk 0.00cvss epss 0.00

    PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for WeasyPrint by passing the binary path through `escapeshellarg()` first and then checking the *quoted* result with…

  • CVE-2017-20282Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20281Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch…

  • CVE-2017-20280Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the…

  • CVE-2017-20279Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to…

  • CVE-2017-20278Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL…

  • CVE-2017-20277Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL…

  • CVE-2017-20276Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy,…

  • CVE-2017-20275Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with…

  • CVE-2017-20274Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking,…

  • CVE-2017-20273Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with…

  • CVE-2017-20272Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sf_selectuser_id parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20271Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20270Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with…

  • CVE-2017-20269Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and…

  • CVE-2017-20268Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with…

  • CVE-2017-20267Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id…

  • CVE-2017-20266Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL…

  • CVE-2017-20265Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the…

  • CVE-2026-12620Jun 19, 2026
    risk 0.00cvss epss 0.00

    The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

  • CVE-2017-20264Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20263Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with…