VYPR

CVEs

345,119 total · page 55 of 6,903

  • CVE-2026-49276higJun 18, 2026
    risk 0.45cvss epss 0.00

    ### TL;DR This vulnerability affects Kirby sites that use the writer field in any blueprint. It was possible to include a scripting link as the target of a link (or email link). This link target would then be clickable by the user who entered it. A successful attack commonly…

  • CVE-2026-49274Jun 18, 2026
    risk 0.00cvss epss 0.00

    ### TL;DR This vulnerability affects all Kirby sites that use the `pages` field and where users of a particular role have no permission to access pages (`pages.access` permission is disabled). This can be due to configuration in the user blueprint(s), `options` in the model…

  • CVE-2026-47256Jun 18, 2026
    risk 0.00cvss epss

    Summary The Sentry exporter constructs Sentry API URLs by interpolating the span's service.name resource attribute into the URL path without validation. Because service.name is controlled by remote OTLP senders and the operator-configured bearer…

  • CVE-2026-44727criJun 18, 2026
    risk 0.52cvss epss 0.00

    The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`. Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML…

  • CVE-2026-55890Jun 18, 2026
    risk 0.00cvss epss 0.00

    ## Summary The fix for **GHSA-r7fx-8g49-7hhr / CVE-2026-42841** (Stored XSS via Markdown media `attribute()` action) is incomplete. The maintainer patched `MediaObjectTrait::attribute()` to deny dangerous attribute names (event handlers, `style`, `xmlns`, `srcdoc`,…

  • CVE-2026-44691Jun 18, 2026
    risk 0.00cvss epss 0.00

    In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to…

  • CVE-2026-22551Jun 18, 2026
    risk 0.00cvss epss 0.00

    In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to…

  • CVE-2026-55885Jun 18, 2026
    risk 0.00cvss epss 0.00

    ### Summary An authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including `user/accounts/admin.yaml` with the admin's bcrypt password hash and email, plus `user/config/` with all site configuration. The…

  • CVE-2026-55686Jun 18, 2026
    risk 0.00cvss epss 0.00

    ### Summary Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the…

  • CVE-2026-46580Jun 18, 2026
    risk 0.00cvss epss 0.00

    In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files…

  • CVE-2026-44688Jun 18, 2026
    risk 0.00cvss epss 0.00

    In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names…

  • CVE-2026-50141Jun 18, 2026
    risk 0.00cvss epss 0.00

    Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged `agent_id` value into outgoing gRPC…

  • CVE-2026-9158Jun 18, 2026
    risk 0.00cvss epss 0.00

    In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory (use-after-free).

  • CVE-2026-56012Jun 18, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35.

  • CVE-2026-12527Jun 18, 2026
    risk 0.00cvss epss 0.00

    A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and…

  • CVE-2026-55669Jun 18, 2026
    risk 0.00cvss epss 0.00

    ### Summary An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider (IdP) implementation. When validating JSON Web Tokens (JWTs) from an external provider, ZITADEL properly checks the token's cryptographic signature and issuer (`iss`),…

  • CVE-2026-55672higJun 18, 2026
    risk 0.38cvss epss 0.00

    ### Summary Zitadel's OAuth2 / OIDC `CodeExchange` and `RefreshToken` implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates…

  • CVE-2026-12539Jun 18, 2026
    risk 0.00cvss epss 0.00

    Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a…

  • CVE-2026-12039Jun 18, 2026
    risk 0.00cvss epss 0.00

    Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload…

  • CVE-2026-55670lowJun 18, 2026
    risk 0.00cvss epss 0.00

    ### Summary A flaw in the user lifecycle enforcement allowed deleted users to retain their original organization/tenant association. Recreating a deleted user under a distinct organization can cause the new user instance to be incorrectly provisioned within the original…

  • CVE-2026-55661Jun 18, 2026
    risk 0.00cvss epss 0.00

    TinaCMS rich-text parsing and the default link/image renderers did not sanitize the `url` field on Slate link/image nodes. Content containing `javascript:` or `data:text/html` URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is…

  • CVE-2026-55617Jun 18, 2026
    risk 0.00cvss epss

    ### Impact Hydro contains an insufficient session expiration vulnerability in its session recreation logic. When a session is recreated, including during logout or other session renewal flows, Hydro creates a new session token but does not delete the previous server-side…

  • CVE-2026-55603higJun 18, 2026
    risk 0.38cvss epss 0.00

    ## Summary `fixRequestBody()` is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the **outgoing** `Content-Type` is `multipart/form-data`, it rebuilds the body with `handlerFormDataBodyData()`, which interpolates…

  • CVE-2026-55602Jun 18, 2026
    risk 0.00cvss epss 0.00

    # Summary `http-proxy-middleware` documents `router` proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted `Host` header that is only a…

  • CVE-2026-55254Jun 18, 2026
    risk 0.00cvss epss

    ### Impact A denial-of-service (DoS) vulnerability exists in the factorial operator implementation of NCalc. Specially crafted expressions containing extremely large factorial operands can trigger excessive CPU consumption or cause evaluation to enter a non-terminating loop due…

  • CVE-2026-55388higJun 18, 2026
    risk 0.38cvss epss 0.00

    ## Summary `piscina`'s constructor and `run()` paths read the `filename` option via plain member access: ```js // dist/index.js line 92 (constructor) const filename = options.filename ? (0, common_1.maybeFileURLToPath)(options.filename) : null; this.options = {…

  • CVE-2026-55887higJun 18, 2026
    risk 0.38cvss epss

    ## Summary A maliciously crafted OCI image label can inject arbitrary arguments into the `docker run` command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via `docker://`, or that the victim's catalog pulls a snapshot from,…

  • CVE-2026-55886Jun 18, 2026
    risk 0.00cvss epss 0.00

    ### Summary `Jodit.modules.Helpers.set(chain, value, obj)` walks the dot-separated `chain`, creating and following each path segment, without filtering prototype-mutating keys. A chain that begins with (or contains) `__proto__`, `constructor`, or `prototype` lets the final…

  • CVE-2026-55229higJun 18, 2026
    risk 0.38cvss epss 0.00

    **Summary** Server-Side Request Forgery (SSRF) vulnerability affecting the `/forms/libreoffice/convert` endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically…

  • CVE-2026-55226Jun 18, 2026
    risk 0.00cvss epss

    ### Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the `Kafka` custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding…

  • CVE-2026-55671lowJun 18, 2026
    risk 0.00cvss epss 0.00

    ### Summary A Server-Side Request Forgery (SSRF) vulnerability was discovered in Zitadel affecting: * **HTTP Notification Channels:** Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. * **OIDC BackChannel…

  • CVE-2026-54224Jun 18, 2026
    risk 0.00cvss epss 0.00

    UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other…

  • CVE-2026-54223Jun 18, 2026
    risk 0.00cvss epss 0.01

    UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution.  Because vendor contact attempts were…

  • CVE-2026-54222Jun 18, 2026
    risk 0.00cvss epss 0.00

    UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by…

  • CVE-2026-54221Jun 18, 2026
    risk 0.00cvss epss 0.00

    UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link.  Because vendor contact…

  • CVE-2026-54220Jun 18, 2026
    risk 0.00cvss epss 0.00

    uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been…

  • CVE-2026-54219Jun 18, 2026
    risk 0.00cvss epss 0.00

    UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact…

  • CVE-2026-13316modJun 18, 2026
    risk 0.29cvss 4.4epss 0.00

    Foreman: SSRF to cloud metada service through unvalidated test_url parameters in Foreman config

  • CVE-2026-11719Jun 18, 2026
    risk 0.00cvss epss 0.00

    An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older…

  • CVE-2026-11718Jun 18, 2026
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), it decodes the response into an…

  • CVE-2026-11717Jun 18, 2026
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an…

  • CVE-2026-8461Jun 18, 2026
    risk 0.00cvss epss 0.00

    An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This…

  • CVE-2026-11958Jun 18, 2026
    risk 0.00cvss epss 0.00

    Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC…

  • CVE-2026-40457Jun 18, 2026
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject…

  • CVE-2026-40456Jun 18, 2026
    risk 0.00cvss epss 0.01

    An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

  • CVE-2026-40455Jun 18, 2026
    risk 0.00cvss epss 0.00

    An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using…

  • CVE-2026-56009Jun 18, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS. This issue affects Bricksable for Bricks Builder: from n/a through 1.6.83.

  • CVE-2026-54419Jun 18, 2026
    risk 0.00cvss epss 0.01

    claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes…

  • CVE-2026-44942Jun 18, 2026
    risk 0.00cvss epss 0.00

    A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

  • CVE-2026-56007Jun 18, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2.