VYPR

CVEs

100,075 total · page 58 of 2,002

  • CVE-2026-9346HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote.…

  • CVE-2026-9345HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is…

  • CVE-2026-9344HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can…

  • CVE-2018-25358HigMay 23, 2026
    risk 0.49cvss 7.5epss 0.01

    D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like…

  • CVE-2018-25356HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or…

  • CVE-2018-25355HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow,…

  • CVE-2018-25353HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or…

  • CVE-2018-25352HigMay 23, 2026
    risk 0.46cvss 7.1epss 0.00

    WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the…

  • CVE-2018-25351HigMay 23, 2026
    risk 0.53cvss 8.2epss 0.00

    Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL…

  • CVE-2018-25348HigMay 23, 2026
    risk 0.53cvss 8.2epss 0.00

    Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values…

  • CVE-2018-25347HigMay 23, 2026
    risk 0.46cvss 7.1epss 0.00

    WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and…

  • CVE-2018-25346HigMay 23, 2026
    risk 0.46cvss 7.1epss 0.00

    WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with…

  • CVE-2018-25345HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the…

  • CVE-2018-25344HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious…

  • CVE-2018-25342HigMay 23, 2026
    risk 0.53cvss 8.2epss 0.00

    Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP…

  • CVE-2018-25341HigMay 23, 2026
    risk 0.53cvss 8.2epss 0.00

    Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id…

  • CVE-2018-25340HigMay 23, 2026
    risk 0.53cvss 8.2epss 0.00

    Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id…

  • CVE-2026-46300HigMay 23, 2026
    risk 0.47cvss 7.8epss 0.04

    In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same…

  • CVE-2026-43503HigMay 23, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when…

  • CVE-2026-9295HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be…

  • CVE-2026-9294HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to…

  • CVE-2026-9284HigMay 23, 2026
    risk 0.46cvss 8.2epss 0.00

    The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-get-order` WC-AJAX endpoints in all versions up to, and including, 4.0.1. The…

  • CVE-2026-6898HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated…

  • CVE-2026-6897HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in all versions up to, and including, 3.30.1. This makes it possible for…

  • CVE-2026-6895HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'export_settings' function. This…

  • CVE-2026-6419HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajax_get_screen() function. This makes it possible for authenticated…

  • CVE-2026-45659HigKEVMay 22, 2026
    risk 0.69cvss 8.8epss 0.03

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-35430HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-26147HigMay 22, 2026
    risk 0.50cvss 7.7epss 0.01

    Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

  • CVE-2026-23663HigMay 22, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-41147HigMay 22, 2026
    risk 0.50cvss 8.7epss 0.00

    NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to…

  • CVE-2026-41076HigMay 22, 2026
    risk 0.46cvss 8.1epss 0.00

    RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server…

  • CVE-2026-41075HigMay 22, 2026
    risk 0.50cvss 8.8epss 0.00

    RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation,…

  • CVE-2026-41074HigMay 22, 2026
    risk 0.39cvss 7.1epss 0.00

    RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing…

  • CVE-2026-41071HigMay 22, 2026
    risk 0.53cvss 8.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the…

  • CVE-2026-3294HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to…

  • CVE-2026-5843HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file…

  • CVE-2026-5817HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included…

  • CVE-2026-40607HigMay 22, 2026
    risk 0.42cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. Note…

  • CVE-2026-40597HigMay 22, 2026
    risk 0.42cvss epss 0.01

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that,…

  • CVE-2026-40596HigMay 22, 2026
    risk 0.40cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging…

  • CVE-2026-9291HigMay 22, 2026
    risk 0.46cvss 7.1epss 0.00

    Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We…

  • CVE-2026-6406HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket…

  • CVE-2026-40172HigMay 22, 2026
    risk 0.46cvss 8.1epss 0.00

    authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/{pk}/ API allows a caller with change_user on a target user to assign arbitrary groups through UserSerializer, including groups with…

  • CVE-2026-40166HigMay 22, 2026
    risk 0.39cvss epss 0.00

    authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the client_secret of confidential OAuth2 providers they have previously authenticated…

  • CVE-2026-39970HigMay 22, 2026
    risk 0.55cvss epss 0.00

    TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the…

  • CVE-2026-39968HigMay 22, 2026
    risk 0.39cvss 7.1epss 0.00

    TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace…

  • CVE-2026-46727HigMay 22, 2026
    risk 0.46cvss 8.1epss 0.00

    An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash…

  • CVE-2026-39965HigMay 22, 2026
    risk 0.50cvss 7.7epss 0.00

    TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients…

  • CVE-2026-9255HigMay 22, 2026
    risk 0.51cvss 7.8epss 0.00

    Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade…