VYPR

CVEs

11,223 total · page 6 of 225

  • CVE-2026-40128CriJun 9, 2026
    risk 0.59cvss 9.0epss 0.00

    SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the…

  • CVE-2026-27671CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This…

  • CVE-2026-11697CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11671CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11659CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11654CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11651CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11638CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11634CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-47724criJun 8, 2026
    risk 0.52cvss epss 0.00

    The `/api/v1/*` route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at `internal/api/hosts.go:384`: *"API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer."* The Web UI…

  • CVE-2026-47252criJun 8, 2026
    risk 0.52cvss epss 0.00

    # AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 (commit 0abd460) | | Vulnerability | CWE-94 — Improper Control of…

  • CVE-2026-45034criJun 8, 2026
    risk 0.52cvss epss 0.00

    ## Summary CVE-2026-34084 was patched by the helper `File::prohibitWrappers`. The helper calls `parse_url($filename, PHP_URL_SCHEME)` and then checks `is_string($scheme) && strlen($scheme) > 1` to reject stream wrappers such as `phar://`, `php://`, `data://` or `expect://`. The…

  • CVE-2026-52778CriJun 8, 2026
    risk 0.57cvss 9.8epss 0.01

    YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular…

  • CVE-2026-11393CriJun 8, 2026
    risk 0.59cvss 9.0epss 0.00

    Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local…

  • CVE-2026-46289CriJun 8, 2026
    risk 0.57cvss 9.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract_kvec_to_sg Patch series "Fix bugs in extract_iter_to_sg()", v3. Fix bugs in the kvec and user variants of extract_iter_to_sg. This series is growing due to…

  • CVE-2026-41448CriJun 8, 2026
    risk 0.61cvss 9.4epss 0.01

    AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the…

  • CVE-2026-39910CriJun 8, 2026
    risk 0.64cvss 9.8epss 0.00

    STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the…

  • CVE-2026-25555CriJun 8, 2026
    risk 0.64cvss 9.8epss 0.02

    OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison…

  • CVE-2026-46442CriJun 8, 2026
    risk 0.57cvss 9.9epss 0.01

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function…

  • CVE-2026-46441CriJun 8, 2026
    risk 0.55cvss 9.6epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties…

  • CVE-2026-46440CriJun 8, 2026
    risk 0.52cvss 9.1epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.

  • CVE-2026-44631CriJun 8, 2026
    risk 0.57cvss 9.8epss 0.00

    Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

  • CVE-2026-42861CriJun 8, 2026
    risk 0.55cvss 9.6epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties…

  • CVE-2026-42535CriJun 8, 2026
    risk 0.52cvss 9.1epss 0.01

    A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

  • CVE-2026-29167CriJun 8, 2026
    risk 0.57cvss 9.8epss 0.01

    Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

  • CVE-2026-50751CriKEVJun 8, 2026
    risk 0.80cvss 9.3epss 0.71

    A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

  • CVE-2026-47430CriJun 8, 2026
    risk 0.62cvss epss 0.01

    ## Summary The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`CDVWKInAppBrowser.m:560–574`). Any web content loaded inside the InAppBrowser…

  • CVE-2026-11499CriJun 8, 2026
    risk 0.64cvss 9.8epss 0.07

    A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from…

  • CVE-2024-58349CriJun 8, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme…

  • CVE-2024-58348CriJun 8, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to…

  • CVE-2023-54352CriJun 8, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to…

  • CVE-2026-11429CriJun 5, 2026
    risk 0.65cvss epss 0.01

    Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any…

  • CVE-2026-11423CriJun 5, 2026
    risk 0.61cvss epss 0.00

    A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted…

  • CVE-2026-45779CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or…

  • CVE-2026-45777CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This…

  • CVE-2026-45758CriJun 5, 2026
    risk 0.62cvss 9.6epss 0.00

    Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be…

  • CVE-2026-11420CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No…

  • CVE-2026-11414CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and…

  • CVE-2026-46496CriJun 5, 2026
    risk 0.60cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `` component. The component allows `javascript:` URIs in the `source`…

  • CVE-2026-46399CriJun 5, 2026
    risk 0.61cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code…

  • CVE-2026-46396CriJun 5, 2026
    risk 0.60cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `` elements. The application allows `javascript:` URIs in the `src` attribute, which…

  • CVE-2026-46395CriJun 5, 2026
    risk 0.60cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the…

  • CVE-2026-46389CriJun 5, 2026
    risk 0.65cvss 10.0epss 0.00

    UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the `client-kubernetes-secret` Keycloak client authenticator (shipped by…

  • CVE-2026-10580CriJun 5, 2026
    risk 0.57cvss 9.8epss 0.03

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user_permissions(), which returns…

  • CVE-2026-45750CriJun 5, 2026
    risk 0.59cvss 9.0epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into…

  • CVE-2026-45748CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.02

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (`endpointIP`,…

  • CVE-2026-45746CriJun 5, 2026
    risk 0.59cvss 9.0epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId…

  • CVE-2026-45744CriJun 5, 2026
    risk 0.64cvss 9.9epss 0.02

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for…

  • CVE-2026-36500CriJun 5, 2026
    risk 0.59cvss 9.1epss 0.01

    An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.

  • CVE-2025-71318CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.01

    NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive…