VYPR

CVEs

345,119 total · page 57 of 6,903

  • CVE-2026-38716Jun 18, 2026
    risk 0.00cvss epss 0.01

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a…

  • CVE-2026-38717Jun 18, 2026
    risk 0.00cvss epss 0.01

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input.

  • CVE-2026-38718Jun 18, 2026
    risk 0.00cvss epss 0.00

    InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote…

  • CVE-2026-8805higJun 18, 2026
    risk 0.49cvss 7.5epss 0.00

    An integer overflow or wraparound vulnerability exists in the EtherNet/IP function of MELSEC iQ-F Series EtherNet/IP module. This vulnerability could allow a remote attacker to cause a denial-of-service condition in the affected product by rapidly establishing a large number of…

  • CVE-2026-8806higJun 18, 2026
    risk 0.49cvss 7.5epss 0.00

    Expected Behavior Violation (CWE-440) vulnerability exists in MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP. This vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number…

  • CVE-2026-48764Jun 17, 2026
    risk 0.00cvss epss 0.00

    TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap…

  • CVE-2026-48768Jun 17, 2026
    risk 0.00cvss epss 0.00

    TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a…

  • CVE-2026-53676Jun 17, 2026
    risk 0.00cvss epss 0.01

    ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN).

  • CVE-2026-50268Jun 17, 2026
    risk 0.00cvss epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring `encrypt:rsa:algorithm=OAEP` does not enable OAEP encryption. Due to an incorrect…

  • CVE-2026-50267Jun 17, 2026
    risk 0.00cvss epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from `VCAP_SERVICES` include TLS client credentials,…

  • CVE-2026-48759Jun 17, 2026
    risk 0.00cvss epss 0.00

    TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the…

  • CVE-2026-12568Jun 17, 2026
    risk 0.00cvss epss 0.00

    The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory,…

  • CVE-2026-50202Jun 17, 2026
    risk 0.00cvss epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and…

  • CVE-2026-12567Jun 17, 2026
    risk 0.00cvss epss 0.00

    The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an…

  • CVE-2026-12566Jun 17, 2026
    risk 0.00cvss epss 0.00

    The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the…

  • CVE-2026-50201Jun 17, 2026
    risk 0.00cvss epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints…

  • CVE-2026-12565Jun 17, 2026
    risk 0.00cvss epss 0.00

    The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the…

  • CVE-2026-50200Jun 17, 2026
    risk 0.00cvss epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the `Sanitizer` component in the…

  • CVE-2026-48997Jun 17, 2026
    risk 0.00cvss epss 0.01

    e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize_image(), the source path is escaped with escapeshellarg(), but the destination path is inserted inside raw…

  • CVE-2026-54386Jun 17, 2026
    risk 0.00cvss epss 0.00

    marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript…

  • CVE-2026-48991Jun 17, 2026
    risk 0.00cvss epss 0.00

    XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-initiated login under certain local attack conditions. Affected versions relied on a fixed localhost redirect URI without PKCE or…

  • CVE-2026-48820Jun 17, 2026
    risk 0.00cvss epss 0.00

    CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin…

  • CVE-2026-50196Jun 17, 2026
    risk 0.00cvss epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, `DataCenterInfo.FromJson` throws `ArgumentException` for any `name` value other than…

  • CVE-2026-48990Jun 17, 2026
    risk 0.00cvss epss 0.00

    joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.max_payload_length, which can lead…

  • CVE-2026-8050Jun 17, 2026
    risk 0.00cvss epss 0.00

    In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash.

  • CVE-2026-8049Jun 17, 2026
    risk 0.00cvss epss 0.00

    In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle…

  • CVE-2026-12530Jun 17, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name…

  • CVE-2026-50194Jun 17, 2026
    risk 0.00cvss epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port (`Management:Endpoints:Port` is…

  • CVE-2026-48979Jun 17, 2026
    risk 0.00cvss epss 0.00

    PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the Psl\H2\ServerConnection does not validate that the total bytes received in DATA frames match the content-length header…

  • CVE-2026-49133Jun 17, 2026
    risk 0.00cvss epss 0.00

    Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an…

  • CVE-2026-48821Jun 17, 2026
    risk 0.00cvss epss 0.00

    Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX…

  • CVE-2026-11407Jun 17, 2026
    risk 0.00cvss epss 0.01

    Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed() and checkPropertyAllowed() implementations in the custom Twig…

  • CVE-2026-48823Jun 17, 2026
    risk 0.00cvss epss 0.00

    Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark…

  • CVE-2026-32682Jun 17, 2026
    risk 0.00cvss epss 0.00

    When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef…

  • CVE-2026-50107Jun 17, 2026
    risk 0.00cvss epss 0.00

    When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition…

  • CVE-2026-48822Jun 17, 2026
    risk 0.00cvss epss 0.00

    Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a…

  • CVE-2026-54388Jun 17, 2026
    risk 0.00cvss epss 0.00

    Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote…

  • CVE-2026-54387Jun 17, 2026
    risk 0.00cvss epss 0.00

    Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can…

  • CVE-2026-48814Jun 17, 2026
    risk 0.00cvss epss 0.00

    Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing…

  • CVE-2026-55202Jun 17, 2026
    risk 0.00cvss epss 0.00

    Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers…

  • CVE-2026-55201Jun 17, 2026
    risk 0.00cvss epss 0.00

    Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences…

  • CVE-2026-55200Jun 17, 2026
    risk 0.00cvss epss 0.01

    libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt…

  • CVE-2026-10741Jun 17, 2026
    risk 0.00cvss epss 0.00

    Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

  • CVE-2026-55590Jun 17, 2026
    risk 0.00cvss epss 0.00

    ### Impact The `getLoginRedirect()` method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. ### Patches 3.3.6 and 4.1.1 contain a fix for this issue. ### Workarounds If you are unable to upgrade, you should consider adding…

  • CVE-2026-55518criJun 17, 2026
    risk 0.52cvss epss

    ## Summary A critical missing authorization flaw exists in Avo's association attach workflow. The UI and `GET /resources/:resource/:id/:related/new` path can check `attach_?`, but the actual write endpoint, `POST /resources/:resource/:id/:related`, does not run the…

  • CVE-2026-55517Jun 17, 2026
    risk 0.00cvss epss 0.00

    ## Summary A Deno program that opens a client `WebSocket` connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the `Sec-WebSocket-Protocol` and `Sec-WebSocket-Extensions` response headers in a way that assumed their…

  • CVE-2026-55471criJun 17, 2026
    risk 0.52cvss epss 0.00

    ### Summary `org.hl7.fhir.utilities.XsltUtilities` exposes two parallel families of XSLT transform helpers. The `transform(...)` overloads obtain their `TransformerFactory` from the project's hardened helper `XMLUtil.newXXEProtectedTransformerFactory()` (which sets…

  • CVE-2026-55470higJun 17, 2026
    risk 0.38cvss epss 0.00

    ## Summary The fix for CVE-2026-45367 added `RegexTimeout` protection to the `matches()` function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In `org.hl7.fhir.dstu2`, `replaceMatches()` was updated while `matches()` at line 2462 still…

  • CVE-2026-55199Jun 17, 2026
    risk 0.00cvss epss 0.00

    libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A…

  • CVE-2026-10696Jun 17, 2026
    risk 0.00cvss epss 0.00

    Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to…