VYPR

CVEs

100,081 total · page 60 of 2,002

  • CVE-2026-47101HigMay 21, 2026
    risk 0.50cvss 8.8epss 0.01

    LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions.…

  • CVE-2026-47114HigMay 21, 2026
    risk 0.50cvss 8.8epss 0.01

    IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via…

  • CVE-2026-46473HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

  • CVE-2026-48242HigMay 21, 2026
    risk 0.46cvss 8.1epss 0.00

    Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid…

  • CVE-2026-48241HigMay 21, 2026
    risk 0.46cvss 8.1epss 0.00

    Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the…

  • CVE-2026-48240HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers…

  • CVE-2026-48239HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests…

  • CVE-2026-48238HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft…

  • CVE-2026-48237HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that…

  • CVE-2026-48236HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli connection arguments and dynamic SQL operating against an…

  • CVE-2026-48235HigMay 21, 2026
    risk 0.46cvss 8.2epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and Google Latitude integration) are…

  • CVE-2026-48234HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that…

  • CVE-2026-48233HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics…

  • CVE-2026-48232HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query…

  • CVE-2026-48231HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization.…

  • CVE-2026-48989higMay 21, 2026
    risk 0.38cvss epss 0.00

    HTTP transports expose unauthenticated PowerShell control with wildcard CORS There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add…

  • CVE-2026-9089HigMay 21, 2026
    risk 0.57cvss 8.8epss 0.00

    The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.

  • CVE-2026-45208HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2026-45207HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must…

  • CVE-2026-45206HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must…

  • CVE-2026-34930HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the…

  • CVE-2026-34929HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first…

  • CVE-2026-34928HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain…

  • CVE-2026-34927HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2026-2740HigMay 21, 2026
    risk 0.55cvss 8.4epss 0.02

    Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

  • CVE-2025-71217HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2025-71216HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-71215HigMay 21, 2026
    risk 0.46cvss 7.0epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2025-71214HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-71213HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2025-71212HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.01

    A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…

  • CVE-2025-13479HigMay 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did…

  • CVE-2025-13477HigMay 21, 2026
    risk 0.46cvss 7.1epss 0.00

    Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted…

  • CVE-2026-45760HigMay 21, 2026
    risk 0.46cvss 8.1epss 0.00

    (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their…

  • CVE-2026-43502HigMay 21, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently…

  • CVE-2026-43499HigMay 21, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from…

  • CVE-2026-43498HigMay 21, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_handle_to_fd callback that checks if the object is imported and returns -EOPNOTSUPP…

  • CVE-2026-43497HigMay 21, 2026
    risk 0.40cvss 7.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free dlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebuffer pages to userspace but sets no vm_ops on the VMA. This means the kernel…

  • CVE-2026-43495HigMay 21, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the modem-supplied port_count field as a loop bound over port_msg->data[] without…

  • CVE-2026-43494HigMay 21, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. …

  • CVE-2026-45255HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to…

  • CVE-2026-45253HigMay 21, 2026
    risk 0.48cvss 8.4epss 0.00

    ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. …

  • CVE-2026-45251HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains…

  • CVE-2026-42001HigMay 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient Validation of Autoprimary SOA Queries

  • CVE-2026-39461HigMay 21, 2026
    risk 0.57cvss 8.8epss 0.00

    libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). An…

  • CVE-2026-28764HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

  • CVE-2026-9157HigMay 21, 2026
    risk 0.55cvss 8.4epss 0.00

    Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.

  • CVE-2026-4858HigMay 21, 2026
    risk 0.45cvss 8.0epss 0.00

    Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal…

  • CVE-2026-45250HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied…

  • CVE-2026-44068HigMay 21, 2026
    risk 0.42cvss 7.6epss 0.00

    Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.