VYPR

CVEs

345,060 total · page 53 of 6,902

  • CVE-2026-49252Jun 18, 2026
    risk 0.00cvss epss 0.00

    deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write…

  • CVE-2026-49248Jun 18, 2026
    risk 0.00cvss epss 0.00

    OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR entry getLinkName() without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses…

  • CVE-2026-43994Jun 18, 2026
    risk 0.00cvss epss 0.00

    Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token_gcm(). A uint16_t nonce_len field read from an attacker-supplied OAuth access token (0-65535) is passed directly to memcpy() as the…

  • CVE-2026-25865Jun 18, 2026
    risk 0.00cvss epss 0.00

    Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL…

  • CVE-2026-43915Jun 18, 2026
    risk 0.00cvss epss 0.00

    Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject…

  • CVE-2026-56099Jun 18, 2026
    risk 0.00cvss epss 0.00

    OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack…

  • CVE-2026-48980Jun 18, 2026
    risk 0.00cvss epss 0.00

    pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a…

  • CVE-2026-48983Jun 18, 2026
    risk 0.00cvss epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pam_usb uses a check-then-act pattern: it calls lstat() to test for existence and…

  • CVE-2026-48982Jun 18, 2026
    risk 0.00cvss epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the O_EXCL flag. Without O_EXCL, the create operation is not atomic: two concurrent…

  • CVE-2026-48981Jun 18, 2026
    risk 0.00cvss epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pam_usb calls xmlReadFile() with flags=0 when loading the configuration file, allowing libxml2 to process external entity references (XXE), potentially making outbound…

  • CVE-2026-48716Jun 18, 2026
    risk 0.00cvss epss 0.00

    nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media…

  • CVE-2026-47846Jun 18, 2026
    risk 0.00cvss epss 0.00

    Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop…

  • CVE-2026-47847Jun 18, 2026
    risk 0.00cvss epss 0.00

    Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor…

  • CVE-2026-47833Jun 18, 2026
    risk 0.00cvss epss 0.00

    setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the…

  • CVE-2026-48937Jun 18, 2026
    risk 0.00cvss epss 0.00

    A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.

  • CVE-2026-55392Jun 18, 2026
    risk 0.00cvss epss 0.00

    NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or…

  • CVE-2026-9692Jun 18, 2026
    risk 0.00cvss epss 0.00

    Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are…

  • CVE-2026-54390Jun 18, 2026
    risk 0.00cvss epss 0.00

    JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to…

  • CVE-2026-48985Jun 18, 2026
    risk 0.00cvss epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusb_is_loginctl_local() can cause a NULL dereference crash when parsing loginctl output. The function calls popen() and reads the result; if the Remote field is only…

  • CVE-2026-11752Jun 18, 2026
    risk 0.00cvss epss 0.00

    ## External Control of File Name or Path in xDS SDS DataSource ### Summary `DataSourceStream` in the `:xds` module resolves control-plane-supplied `filename` and `environment_variable` fields from SDS Secret resources without any allow-list or base-directory confinement. A…

  • CVE-2026-48986Jun 18, 2026
    risk 0.00cvss epss 0.00

    pam_usb provides hardware authentication for Linux using removable media. In pam_usb 0.9.1 and earlier, usb_get_process_parent_id() can cause an infinite loop DoS because it does not initialize *ppid on failure. In pusb_local_login(), the same variable is reused as input and…

  • CVE-2026-54683Jun 18, 2026
    risk 0.00cvss epss

    ## Summary A previous advisory (CVE-2026-49463 / GHSA-qpm9-h556-mwxm) reported that any logged-in user could download any document by its identifier, and stated this was fixed in 3.0.1. For the document-content part that fix was **incomplete**: documents remained downloadable…

  • CVE-2026-54319Jun 18, 2026
    risk 0.00cvss epss 0.00

    ## Summary A sandbox volume reference (`volumeId`, which may also be a volume name) was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source…

  • CVE-2026-48984Jun 18, 2026
    risk 0.00cvss epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree() memory release helper in calls free() without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including…

  • CVE-2026-11982Jun 18, 2026
    risk 0.00cvss epss 0.00

    Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

  • CVE-2026-55237Jun 18, 2026
    risk 0.00cvss epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. The application improperly trusts a URL…

  • CVE-2026-48617Jun 18, 2026
    risk 0.00cvss epss 0.00

    A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release…

  • CVE-2025-32437Jun 18, 2026
    risk 0.00cvss epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `MediaDurationBlock` will download and store the video in a temporary directory without deleting before all noded are done.…

  • CVE-2025-32436Jun 18, 2026
    risk 0.00cvss epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `AddAudioToVideoBlock` will download and store the video and audio in a temporary directory without deleting before all noded are done.…

  • CVE-2025-32424Jun 18, 2026
    risk 0.00cvss epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. `StepThroughItemsBlock` can be used to iterate…

  • CVE-2026-54106Jun 18, 2026
    risk 0.00cvss epss 0.00

    The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator…

  • CVE-2026-54105Jun 18, 2026
    risk 0.00cvss epss 0.00

    The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated…

  • CVE-2026-54104Jun 18, 2026
    risk 0.00cvss epss 0.00

    The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) trusts client-provided values for the 'epds_role_id' parameter without verification, allowing a remote,…

  • CVE-2025-32422Jun 18, 2026
    risk 0.00cvss epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `StepThroughItemsBlock` can iterate all the contents in a list and send them to `FileStoreBlock` for downloading one by one. Although…

  • CVE-2026-54103Jun 18, 2026
    risk 0.00cvss epss 0.00

    The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote,…

  • CVE-2026-56020Jun 18, 2026
    risk 0.00cvss epss 0.00

    The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641.

  • CVE-2026-56021Jun 18, 2026
    risk 0.00cvss epss 0.00

    Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.

  • CVE-2026-56022Jun 18, 2026
    risk 0.00cvss epss 0.00

    Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in 2.641.

  • CVE-2025-32392Jun 18, 2026
    risk 0.00cvss epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and…

  • CVE-2026-55204Jun 18, 2026
    risk 0.00cvss epss 0.00

    HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic…

  • CVE-2026-55203Jun 18, 2026
    risk 0.00cvss epss 0.00

    HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing…

  • CVE-2026-55205Jun 18, 2026
    risk 0.00cvss epss 0.00

    Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust…

  • CVE-2026-56024Jun 18, 2026
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.4.0.

  • CVE-2026-55170lowJun 18, 2026
    risk 0.00cvss epss 0.00

    ## Description In OpenFGA, when MySQL is being used as the datastore, two distinct check requests can return the same response. ## Preconditions This applies if the following preconditions are met: 1. You run OpenFGA with MySQL as the datastore 2. Your authorization…

  • CVE-2026-55093Jun 18, 2026
    risk 0.00cvss epss

    - **Component:** `tract-nnef` (`nnef/src/tensors.rs::read_tensor`) + `tract-data` (`data/src/tensor.rs`) - **Affected versions:** `< 0.21.16`, `0.22.0`–`0.22.2`, `0.23.0`–`0.23.1` — the dense `DatLoader` path was unguarded across all three release lines; patched in 0.21.16…

  • CVE-2026-54711lowJun 18, 2026
    risk 0.00cvss epss

    ### Impact When using .pgpass, database connection information including the username and password will be logged at the debug level. ### Patches Upgrade to version 2.7.1 or greater. ### Workarounds Filter out debug-level logs. ### References This issue was discovered by…

  • CVE-2026-54695higJun 18, 2026
    risk 0.38cvss epss 0.00

    ## Development Runner Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID ### Summary The pipecat development runner registers a `/ws` WebSocket endpoint for telephony testing that accepts connections without any authentication. An…

  • CVE-2026-55701Jun 18, 2026
    risk 0.00cvss epss

    ## githubreceiver Silently Ignores Configured required_headers Authentication ### Summary The githubreceiver webhook handler does not enforce the `required_headers` configuration. Headers are validated at startup (config rejects empty keys/values) but never checked on incoming…

  • CVE-2026-54005higJun 18, 2026
    risk 0.38cvss epss 0.00

    ### TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages (`pages.access` permission is disabled). This can be due to configuration in the user blueprint(s), `options` in the model blueprint(s), or a combination of…

  • CVE-2026-54004Jun 18, 2026
    risk 0.00cvss epss 0.00

    ### TL;DR This vulnerability affects Kirby 5 sites that have the `content.fileRedirects` option enabled (set to `true` or a custom closure) as well as all Kirby 4 sites that haven't explicitly disabled this option. It was possible to access clean file URLs of top-level drafts…