VYPR

CVEs

100,081 total · page 61 of 2,002

  • CVE-2026-44066HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption.

  • CVE-2026-44064HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.

  • CVE-2026-44062HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.

  • CVE-2026-44060HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.

  • CVE-2026-44058HigMay 21, 2026
    risk 0.40cvss 7.2epss 0.01

    An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.

  • CVE-2026-44055HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.

  • CVE-2026-44053HigMay 21, 2026
    risk 0.41cvss 7.4epss 0.00

    Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack.

  • CVE-2026-44052HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.

  • CVE-2026-44051HigMay 21, 2026
    risk 0.46cvss 8.1epss 0.00

    An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.

  • CVE-2026-44049HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.01

    An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data.

  • CVE-2026-44048HigMay 21, 2026
    risk 0.50cvss 8.8epss 0.00

    A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.

  • CVE-2026-44047HigMay 21, 2026
    risk 0.50cvss 8.8epss 0.00

    An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.

  • CVE-2026-40165HigMay 21, 2026
    risk 0.50cvss 8.7epss 0.00

    authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID value from a SAML assertion, it…

  • CVE-2026-40092HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.01

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a…

  • CVE-2026-8632HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.01

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.

  • CVE-2026-47373HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

  • CVE-2026-9144HigMay 20, 2026
    risk 0.49cvss 7.6epss 0.00

    Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple…

  • CVE-2026-9137HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.00

    The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and…

  • CVE-2026-9133HigMay 20, 2026
    risk 0.43cvss 7.7epss 0.00

    Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file…

  • CVE-2026-9126HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-9123HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-9121HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-9120HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9119HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9118HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9117HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)

  • CVE-2026-9114HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-9112HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9111HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-39850HigMay 20, 2026
    risk 0.41cvss 7.4epss 0.00

    Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls extract($_params_, EXTR_OVERWRITE) before the require statement that loads the view…

  • CVE-2026-39352HigMay 20, 2026
    risk 0.50cvss epss 0.01

    Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above.

  • CVE-2026-39310HigMay 20, 2026
    risk 0.49cvss 8.6epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment.…

  • CVE-2026-24218HigMay 20, 2026
    risk 0.53cvss 8.1epss 0.01

    NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host…

  • CVE-2026-24217HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.01

    NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

  • CVE-2026-24216HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

  • CVE-2026-24188HigMay 20, 2026
    risk 0.53cvss 8.2epss 0.00

    NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.

  • CVE-2026-20239HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain…

  • CVE-2026-7613HigMay 20, 2026
    risk 0.47cvss 7.2epss 0.00

    The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2026-44926HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    InfoScale CmdServer before 7.4.2 mishandles access control.

  • CVE-2026-44925HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's…

  • CVE-2026-5783HigMay 20, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0.

  • CVE-2026-39047HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100

  • CVE-2025-32750HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2026-45804higMay 20, 2026
    risk 0.38cvss epss 0.00

    ## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub. This function has a…

  • CVE-2026-8469HigMay 20, 2026
    risk 0.46cvss epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using…

  • CVE-2026-24425HigMay 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the…

  • CVE-2026-22554HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

  • CVE-2026-5947HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would…

  • CVE-2026-5946HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.02

    Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests…

  • CVE-2026-45584HigMay 20, 2026
    risk 0.53cvss 8.1epss 0.01

    Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.