VYPR

CVEs

100,081 total · page 64 of 2,002

  • CVE-2026-7571HigMay 19, 2026
    risk 0.39cvss 7.1epss 0.00

    A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can…

  • CVE-2026-7507HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.00

    A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the…

  • CVE-2026-7504HigMay 19, 2026
    risk 0.46cvss 8.1epss 0.01

    A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or…

  • CVE-2026-7307HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS)…

  • CVE-2026-8827HigMay 19, 2026
    risk 0.53cvss epss 0.00

    The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom…

  • CVE-2026-8727HigMay 19, 2026
    risk 0.46cvss epss 0.00

    The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation…

  • CVE-2026-8726HigMay 19, 2026
    risk 0.46cvss epss 0.00

    The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news…

  • CVE-2026-46586HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version…

  • CVE-2026-31910HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-31909HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-29226HigMay 19, 2026
    risk 0.47cvss 7.3epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-47314HigMay 19, 2026
    risk 0.44cvss 7.8epss 0.00

    Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-8813HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.01

    This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array…

  • CVE-2026-47311HigMay 19, 2026
    risk 0.44cvss 7.8epss 0.00

    Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47310HigMay 19, 2026
    risk 0.44cvss 7.8epss 0.00

    Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2025-15609HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

  • CVE-2026-27648HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2026-25781HigMay 19, 2026
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

  • CVE-2026-24792HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2026-22069HigMay 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

  • CVE-2026-33233HigMay 19, 2026
    risk 0.49cvss 7.6epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path…

  • CVE-2026-33232HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption.…

  • CVE-2026-32323HigMay 19, 2026
    risk 0.40cvss 7.3epss 0.00

    Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying…

  • CVE-2026-30950HigMay 18, 2026
    risk 0.39cvss 7.1epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of…

  • CVE-2026-27891HigMay 18, 2026
    risk 0.40cvss 7.2epss 0.01

    FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a…

  • CVE-2026-8851HigMay 18, 2026
    risk 0.53cvss 8.1epss 0.00

    SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls…

  • CVE-2026-4137HigMay 18, 2026
    risk 0.44cvss 7.8epss 0.00

    In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py`…

  • CVE-2026-26978HigMay 18, 2026
    risk 0.49cvss epss 0.01

    FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX…

  • CVE-2026-22810HigMay 18, 2026
    risk 0.46cvss 8.2epss 0.00

    Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the…

  • CVE-2026-45367higMay 18, 2026
    risk 0.38cvss epss 0.00

    ## Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions `matches()`, `matchesFull()`, and `replaceMatches()` pass user-controlled regular expressions directly to Java's…

  • CVE-2026-47092HigMay 18, 2026
    risk 0.44cvss 7.8epss 0.01

    Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud…

  • CVE-2026-45245HigMay 18, 2026
    risk 0.41cvss 7.4epss 0.00

    Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying…

  • CVE-2026-45242HigMay 18, 2026
    risk 0.39cvss 7.1epss 0.00

    Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter.…

  • CVE-2026-45495HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2026-29963HigMay 18, 2026
    risk 0.49cvss 7.5epss 0.01

    HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote…

  • CVE-2026-29962HigMay 18, 2026
    risk 0.49cvss 7.5epss 0.00

    HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate…

  • CVE-2026-45363higMay 18, 2026
    risk 0.39cvss epss 0.00

    `JWT.decode(token, '', true, algorithm: 'HS256')` accepts an attacker-forged token. `OpenSSL::HMAC.digest('SHA256', '', payload)` returns a valid digest under an empty key, and no `raise InvalidKeyError if key.empty?` precondition exists in the HMAC algorithm. ```…

  • CVE-2026-41085HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.00

    Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces.

  • CVE-2026-45325higMay 18, 2026
    risk 0.39cvss epss 0.00

    ### Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath(). ### Patches A fix is available in versions 20260509.0340.15 and up.

  • CVE-2026-45270higMay 18, 2026
    risk 0.45cvss epss 0.00

    ## Summary The `Pages` backend module registers the `html_purify` validation rule on language-keyed page content but persists the raw, un-purified POST value into the database. The public renderer for pages (`Home::index()` → `app/Views/templates/default/pages.php`) emits…

  • CVE-2025-57282HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.01

    ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.

  • CVE-2025-56352HigMay 18, 2026
    risk 0.42cvss 7.5epss 0.00

    In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a…

  • CVE-2026-39079HigMay 18, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components

  • CVE-2026-26462HigMay 18, 2026
    risk 0.47cvss 7.3epss 0.00

    Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs…

  • CVE-2026-45135higMay 18, 2026
    risk 0.38cvss epss 0.00

    ### Summary The FastCGI transport's `splitPos()` in [`modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go`](https://github.com/caddyserver/caddy/blob/master/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase` when the…

  • CVE-2026-42009HigMay 18, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate…

  • CVE-2026-0983HigMay 18, 2026
    risk 0.46cvss epss 0.00

    Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

  • CVE-2026-7498HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025.

  • CVE-2026-6902HigMay 18, 2026
    risk 0.50cvss epss 0.00

    A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks.

  • CVE-2026-6347HigMay 18, 2026
    risk 0.42cvss 7.6epss 0.00

    Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present…