VYPR

CVEs

100,075 total · page 49 of 2,002

  • CVE-2026-45137HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential…

  • CVE-2026-45136HigMay 27, 2026
    risk 0.44cvss 7.8epss 0.00

    claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any…

  • CVE-2026-44713HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen(). Because the…

  • CVE-2026-44712HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this)…

  • CVE-2026-44711HigMay 27, 2026
    risk 0.44cvss 7.9epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

  • CVE-2026-44709HigMay 27, 2026
    risk 0.44cvss 7.8epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly without any validation. Any process that can set environment variables before…

  • CVE-2026-44660HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each…

  • CVE-2026-8361HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome

  • CVE-2026-8360HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not…

  • CVE-2026-8359HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that module. However,…

  • CVE-2026-48064HigMay 27, 2026
    risk 0.46cvss 8.1epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local…

  • CVE-2026-47272HigMay 27, 2026
    risk 0.39cvss 7.1epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() function in src/pad.c only verified that the user-side pad (~/.pamusb/device.pad) could be read, but did not enforce that the system-side pad (the pad file…

  • CVE-2026-47161HigMay 27, 2026
    risk 0.50cvss epss 0.00

    RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host…

  • CVE-2026-45134HigMay 27, 2026
    risk 0.39cvss 7.1epss 0.00

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and…

  • CVE-2026-45108HigMay 27, 2026
    risk 0.48cvss 8.4epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to…

  • CVE-2026-45104HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any carrying — it assumes msSLDParseRule added one class. When the rule has no…

  • CVE-2026-44886HigMay 27, 2026
    risk 0.57cvss epss 0.00

    Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL…

  • CVE-2026-44724HigMay 27, 2026
    risk 0.44cvss 7.8epss 0.01

    systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable…

  • CVE-2026-42197HigMay 27, 2026
    risk 0.50cvss 8.7epss 0.00

    RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially…

  • CVE-2026-44982higMay 27, 2026
    risk 0.38cvss epss 0.00

    ## Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1 requests using `Transfer-Encoding: chunked` and HTTP/2 requests sent without a `content-length` header. Coraza is then…

  • CVE-2026-44726higMay 27, 2026
    risk 0.38cvss epss 0.00

    ## Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When `autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a…

  • CVE-2026-4868HigMay 27, 2026
    risk 0.53cvss 8.2epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's…

  • CVE-2026-44635HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').key(input) or .at(input) — including…

  • CVE-2026-5509HigMay 27, 2026
    risk 0.47cvss 7.2epss 0.02

    An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can…

  • CVE-2026-48153HigMay 27, 2026
    risk 0.48cvss 8.5epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the…

  • CVE-2026-48152HigMay 27, 2026
    risk 0.46cvss 8.1epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE…

  • CVE-2026-48151HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller…

  • CVE-2026-48149HigMay 27, 2026
    risk 0.46cvss 8.1epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/src/Markdown/MarkdownViewer.svelte:22). Any column a builder binds to a Text…

  • CVE-2026-48146HigMay 27, 2026
    risk 0.43cvss 7.7epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection. The safe wrapper fetchWithBlacklist() exists in the same codebase and is used…

  • CVE-2026-46427HigMay 27, 2026
    risk 0.43cvss 7.7epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey…

  • CVE-2026-46426HigMay 27, 2026
    risk 0.42cvss 7.6epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if (isPublicUser)…

  • CVE-2026-45717HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the…

  • CVE-2026-45716HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured (the default for self-hosted…

  • CVE-2026-45715HigMay 27, 2026
    risk 0.43cvss 7.7epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services (cloud metadata,…

  • CVE-2026-45548HigMay 27, 2026
    risk 0.43cvss 7.7epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetch(fileUrl) directly without the IP blacklist validation that is consistently applied to all other automation steps. This…

  • CVE-2026-45090HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first…

  • CVE-2026-45089HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then…

  • CVE-2026-45088HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated…

  • CVE-2026-45061HigMay 27, 2026
    risk 0.43cvss 7.7epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). Any URL containing .tar.gz anywhere in the string — in the path, query string,…

  • CVE-2026-45047HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&request) without restricting the maximum read size. An unauthenticated remote…

  • CVE-2026-44521HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolumeMySQL) allows any logged-in user, including users with read-only access to the…

  • CVE-2026-44460HigMay 27, 2026
    risk 0.41cvss 7.4epss 0.00

    FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the password check (state pending_login_user). When the target account already has TOTP…

  • CVE-2026-44378HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded…

  • CVE-2026-44346HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When…

  • CVE-2026-44345HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or…

  • CVE-2026-42553HigMay 27, 2026
    risk 0.39cvss epss 0.00

    Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's client to send their Matrix access token to an attacker-controlled server. This…

  • CVE-2026-38807HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.00

    Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component

  • CVE-2025-69600HigMay 27, 2026
    risk 0.51cvss 7.8epss 0.01

    Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options.

  • CVE-2026-45617higMay 27, 2026
    risk 0.38cvss epss 0.00

    ## Summary The built-in `strip_html` filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many `<script`, `<style`, or `<!--` opener tokens without matching closers, the V8 regex engine performs O(N²) backtracking, blocking the…

  • CVE-2026-45368higMay 27, 2026
    risk 0.38cvss epss 0.00

    ### TL;DR This vulnerability affects all Kirby sites that allow the use of the `(link: …)` KirbyTag, the `link:` parameter of the `(image: …)` KirbyTag, the built-in `image` block with a link or the HTML importer for blocks, when content is authored by users who may not be…