VYPR

CVEs

11,223 total · page 5 of 225

  • CVE-2026-53470CriJun 10, 2026
    risk 0.55cvss 9.6epss 0.00

    A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual…

  • CVE-2026-53469CriJun 10, 2026
    risk 0.52cvss 9.1epss 0.00

    A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents,…

  • CVE-2026-45558CriJun 10, 2026
    risk 0.64cvss 9.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option…

  • CVE-2026-45556CriJun 10, 2026
    risk 0.64cvss 9.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to…

  • CVE-2026-45552CriJun 10, 2026
    risk 0.64cvss 9.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/routes/install/routes.py:36-39). The individual endpoints install_exporter,…

  • CVE-2026-45550CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() — which validates that the caller has some group,…

  • CVE-2026-48031criJun 10, 2026
    risk 0.52cvss epss 0.00

    ## Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation ### Affected Component - `github.com/dhax/go-base` — Go REST API boilerplate (go-chi/jwtauth/v5, Viper, PostgreSQL/Bun) - 1,685 stars on GitHub ### Vulnerability Locations | File | Line | Role |…

  • CVE-2025-6254CriJun 10, 2026
    risk 0.64cvss 9.8epss 0.00

    The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for…

  • CVE-2026-9067CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users…

  • CVE-2026-26241CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later

  • CVE-2026-26240CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later

  • CVE-2025-66276CriJun 10, 2026
    risk 0.64cvss 9.8epss 0.00

    QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later

  • CVE-2026-45328CriJun 10, 2026
    risk 0.53cvss 9.3epss 0.00

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to…

  • CVE-2026-44963CriJun 9, 2026
    risk 0.61cvss epss 0.02

    A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

  • CVE-2026-48030criJun 9, 2026
    risk 0.52cvss epss 0.00

    ### Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL_COMMANDS whitelist and achieving…

  • CVE-2026-48303CriJun 9, 2026
    risk 0.65cvss 10.0epss 0.01

    Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is…

  • CVE-2026-47938CriJun 9, 2026
    risk 0.65cvss 10.0epss 0.00

    Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.

  • CVE-2026-47928CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.09

    ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

  • CVE-2026-36727CriJun 9, 2026
    risk 0.59cvss 9.1epss 0.00

    An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

  • CVE-2026-36721CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

  • CVE-2026-30141CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.

  • CVE-2026-10045CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify…

  • CVE-2026-34691CriJun 9, 2026
    risk 0.60cvss 9.3epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a…

  • CVE-2026-49841CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a…

  • CVE-2026-49840CriJun 9, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the…

  • CVE-2026-47643CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47291CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.22

    Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47281CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-45657CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.15

    Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45602CriJun 9, 2026
    risk 0.59cvss 9.1epss 0.00

    No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-44815CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42904CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

  • CVE-2026-38615CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

  • CVE-2026-34182CriJun 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these…

  • CVE-2026-26142CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.02

    Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

  • CVE-2026-8025CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026.  NOTE: The vendor was contacted and it was learned…

  • CVE-2026-25089CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.23

    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS…

  • CVE-2026-10523CriJun 9, 2026
    risk 0.64cvss 9.9epss 0.47

    An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

  • CVE-2026-10520CriKEVJun 9, 2026
    risk 0.77cvss 10.0epss 0.99

    An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

  • CVE-2026-7486CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2.

  • CVE-2026-46325CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles memory regions (MRs) with page sizes different from the system PAGE_SIZE. The core issue is…

  • CVE-2026-46316CriJun 9, 2026
    risk 0.53cvss 9.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each…

  • CVE-2017-20251CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the…

  • CVE-2026-10731CriJun 9, 2026
    risk 0.60cvss epss 0.00

    SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated…

  • CVE-2025-10263CriJun 9, 2026
    risk 0.59cvss 9.1epss 0.00

    Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher…

  • CVE-2009-10007CriJun 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to…

  • CVE-2026-9698CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.00

    DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an…

  • CVE-2026-44083CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later

  • CVE-2026-5067CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.01

    A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL…

  • CVE-2026-44748CriJun 9, 2026
    risk 0.64cvss 9.9epss 0.00

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to…