VYPR

CVEs

100,075 total · page 56 of 2,002

  • CVE-2026-9528HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection. The attack can be executed remotely. The exploit is publicly…

  • CVE-2026-9526HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made…

  • CVE-2026-9525HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2026-9523HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a…

  • CVE-2026-9538HigMay 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header…

  • CVE-2026-9521HigMay 26, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the…

  • CVE-2026-42497HigMay 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that…

  • CVE-2026-9517HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access…

  • CVE-2026-48837HigMay 25, 2026
    risk 0.48cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.

  • CVE-2026-45438HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0.

  • CVE-2026-45216HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.

  • CVE-2026-45209HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161.

  • CVE-2026-39436HigMay 25, 2026
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3.

  • CVE-2026-24937HigMay 25, 2026
    risk 0.47cvss 7.2epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.

  • CVE-2026-48848HigMay 25, 2026
    risk 0.40cvss 7.2epss 0.00

    Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.

  • CVE-2026-48844HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.00

    Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)

  • CVE-2026-48843HigMay 25, 2026
    risk 0.40cvss 7.2epss 0.00

    Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an…

  • CVE-2026-48842HigMay 25, 2026
    risk 0.46cvss 8.1epss 0.01

    Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.

  • CVE-2026-9482HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to…

  • CVE-2026-9481HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be…

  • CVE-2026-9480HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit…

  • CVE-2026-9479HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely.…

  • CVE-2026-9474HigMay 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirm_logged_in of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack…

  • CVE-2026-9470HigMay 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm_logged_in of the file student_trans.php. Such manipulation of the argument FIRST_NAME/Last_Name/EMAIL leads to sql…

  • CVE-2026-9469HigMay 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the…

  • CVE-2026-42782HigMay 25, 2026
    risk 0.47cvss 7.2epss 0.01

    Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. …

  • CVE-2026-9465HigMay 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the…

  • CVE-2026-9463HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-9462HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched…

  • CVE-2026-47077HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on…

  • CVE-2026-47075HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.00

    Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL query component before constructing the HTTP/1.1 request target. Characters…

  • CVE-2026-47073HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackney_ws.erl imposes no upper bound on memory consumption in three code paths. First, read_handshake_response/3 accumulates received bytes into a…

  • CVE-2026-47072HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.01

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host, path, headers (ExtraHeaders), and protocols options from the caller-supplied…

  • CVE-2026-47071HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.01

    Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form…

  • CVE-2026-47067HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM atom via binary_to_atom/2. BEAM atoms are never garbage-collected and the atom…

  • CVE-2026-47066HigMay 25, 2026
    risk 0.42cvss 7.5epss 0.01

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward progress. When parse_token/2 receives a non-token, non-whitespace,…

  • CVE-2018-25381HigMay 25, 2026
    risk 0.46cvss 7.1epss 0.00

    Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search…

  • CVE-2018-25380HigMay 25, 2026
    risk 0.46cvss 7.1epss 0.00

    Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view…

  • CVE-2018-25379HigMay 25, 2026
    risk 0.53cvss 8.2epss 0.00

    Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract…

  • CVE-2018-25377HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and…

  • CVE-2018-25376HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration…

  • CVE-2018-25375HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and…

  • CVE-2018-25374HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.01

    Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse…

  • CVE-2018-25373HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with…

  • CVE-2018-25372HigMay 25, 2026
    risk 0.53cvss 8.2epss 0.00

    MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint…

  • CVE-2018-25371HigMay 25, 2026
    risk 0.53cvss 8.2epss 0.00

    mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or…

  • CVE-2018-25368HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger…

  • CVE-2018-25366HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes…

  • CVE-2018-25365HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.01

    PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access…

  • CVE-2018-25364HigMay 25, 2026
    risk 0.53cvss 8.2epss 0.00

    Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information…