VYPR

CVEs

344,996 total · page 6 of 6,900

  • CVE-2026-14684Jul 6, 2026
    risk 0.00cvss epss 0.00

    A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes…

  • CVE-2026-14683Jul 6, 2026
    risk 0.00cvss epss 0.00

    A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument…

  • CVE-2026-14686Jul 6, 2026
    risk 0.00cvss epss 0.00

    A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect…

  • CVE-2026-14685Jul 6, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state…

  • CVE-2026-14790Jul 6, 2026
    risk 0.00cvss epss 0.00

    A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been…

  • CVE-2026-9165impJul 6, 2026
    risk 0.50cvss 7.7epss 0.00

    stackrox: stackrox: Unbounded GraphQL query depth allows authenticated denial of service

  • CVE-2026-43866impJul 6, 2026
    risk 0.46cvss 8.1epss 0.01

    camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection

  • CVE-2026-56140lowJul 6, 2026
    risk 0.00cvss epss 0.00

    org.apache.camel/camel-aws2-sns: Apache Camel AWS SNS Component: Defense-in-depth hardening due to improper input validation

  • CVE-2026-56139modJul 6, 2026
    risk 0.27cvss 5.3epss 0.00

    org.apache.camel/camel-undertow: Apache Camel Undertow: Information disclosure via error messages containing sensitive data

  • CVE-2026-49365impJul 6, 2026
    risk 0.27cvss 5.3epss 0.00

    org.apache.camel/camel-netty-http: Apache Camel Netty HTTP: Information disclosure via error messages containing sensitive data

  • CVE-2026-49098modJul 6, 2026
    risk 0.35cvss 6.5epss 0.00

    camel-kafka: Apache Camel Kafka Component: Message redirection and injection via header manipulation

  • CVE-2026-46726impJul 6, 2026
    risk 0.46cvss 8.2epss 0.01

    camel-vertx-websocket: Apache Camel Vertx Websocket: Server-Side Request Forgery and sensitive data exposure

  • CVE-2026-46592impJul 6, 2026
    risk 0.42cvss 7.5epss 0.00

    org.apache.camel/camel-cxf: Apache Camel CXF SOAP: Remote attacker can execute unintended operations via header manipulation

  • CVE-2026-46584modJul 6, 2026
    risk 0.42cvss 7.5epss 0.00

    org.apache.camel/camel-mail: Apache Camel Mail Component: Credential exposure and information disclosure via improper input validation of mail headers

  • CVE-2026-40859impJul 6, 2026
    risk 0.46cvss 8.1epss 0.01

    org.apache.camel/camel-vertx-http: Apache Camel (camel-vertx-http): Remote Code Execution via Deserialization of Untrusted Data

  • CVE-2026-40047modJul 6, 2026
    risk 0.35cvss 6.5epss 0.02

    camel-docling: Apache Camel Docling: CLI argument injection and path traversal

  • CVE-2026-14788lowJul 6, 2026
    risk 0.14cvss 3.3epss 0.00

    radare2: radare2: Denial of Service via use-after-free in r_core_bin_load function

  • CVE-2026-14760lowJul 5, 2026
    risk 0.14cvss 3.3epss 0.00

    radare2: radare2: Denial of Service via local use-after-free vulnerability

  • CVE-2026-14759lowJul 5, 2026
    risk 0.14cvss 3.3epss 0.00

    radare2: radare2: Denial of Service via heap-based buffer overflow

  • CVE-2026-14757modJul 5, 2026
    risk 0.27cvss 5.3epss 0.00

    radare2: Radare2: Integer overflow allows local impact

  • CVE-2026-14742lowJul 5, 2026
    risk 0.20cvss 3.1epss 0.00

    langgraph: Langgraph: Information Disclosure via Weak Hash in Task Result Cache

  • CVE-2026-12481Jul 5, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set…

  • CVE-2026-12252Jul 5, 2026
    risk 0.00cvss epss 0.00

    In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable…

  • CVE-2026-14570Jul 5, 2026
    risk 0.00cvss epss 0.01

    Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search.…

  • CVE-2026-14610Jul 5, 2026
    risk 0.00cvss epss 0.00

    A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is…

  • CVE-2026-53361Jul 5, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 …

  • CVE-2026-53362Jul 5, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as …

  • CVE-2026-53359Jul 5, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and…

  • CVE-2026-53360Jul 5, 2026
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State…

  • CVE-2025-71385Jul 5, 2026
    risk 0.00cvss epss 0.00

    Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document (into a text element) without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An…

  • CVE-2026-14647Jul 5, 2026
    risk 0.00cvss epss 0.00

    A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely.…

  • CVE-2026-14781modJul 5, 2026
    risk 0.31cvss 4.8epss 0.00

    keycloak-services: keycloak-services: OIDC email_verified claim incorrectly applied to userinfo email

  • CVE-2026-14651lowJul 4, 2026
    risk 0.21cvss 3.3epss 0.00

    grass: Grass: Denial of Service vulnerability via local manipulation of compiler functions

  • CVE-2026-14650lowJul 4, 2026
    risk 0.21cvss 3.3epss 0.00

    grass: Grass: Denial of Service in UTF-8 Character Handler

  • CVE-2026-14535impJul 4, 2026
    risk 0.50cvss 8.8epss 0.00

    fickling: Fickling: Arbitrary code execution via pickle deserialization bypass

  • CVE-2026-14534impJul 4, 2026
    risk 0.50cvss 8.8epss 0.00

    fickling: python: fickling: Arbitrary code execution due to incomplete denylist in deserialization

  • CVE-2026-58379Jul 4, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The…

  • CVE-2026-44941Jul 4, 2026
    risk 0.00cvss epss 0.01

    A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.

  • CVE-2026-14604Jul 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be…

  • CVE-2026-8804Jul 4, 2026
    risk 0.00cvss epss 0.00

    Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache.…

  • CVE-2026-52868Jul 4, 2026
    risk 0.00cvss epss 0.00

    An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.

  • CVE-2026-50003Jul 4, 2026
    risk 0.00cvss epss 0.00

    A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

  • CVE-2026-44628Jul 4, 2026
    risk 0.00cvss epss 0.00

    An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.

  • CVE-2026-35505Jul 4, 2026
    risk 0.00cvss epss 0.00

    An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

  • CVE-2026-50254Jul 4, 2026
    risk 0.00cvss epss 0.00

    An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator…

  • CVE-2026-14355Jul 4, 2026
    risk 0.00cvss epss 0.00

    In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the…

  • CVE-2026-33592Jul 4, 2026
    risk 0.00cvss epss 0.00

    An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered…

  • CVE-2026-14631modJul 3, 2026
    risk 0.21cvss 4.3epss 0.00

    webpack-dev-server: webpack-dev-server: Denial of Service via malformed headers

  • CVE-2026-14620modJul 3, 2026
    risk 0.24cvss 4.7epss 0.00

    webpack-dev-server: webpack-dev-server: Arbitrary file opening and denial of service via exposed developer endpoints

  • CVE-2026-14615modJul 3, 2026
    risk 0.28cvss 4.3epss 0.00

    keycloak-services: keycloak: FGAP v2 parent group children endpoint bypasses per-child view permission filter