VYPR

CVEs

345,124 total · page 66 of 6,903

  • CVE-2026-54309higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact When `@n8n/mcp-browser` is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke…

  • CVE-2026-54305higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing…

  • CVE-2026-48616Jun 16, 2026
    risk 0.00cvss epss 0.00

    Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rc_room_type=l with rc_rid+rc_token, but the…

  • CVE-2026-48929Jun 16, 2026
    risk 0.00cvss epss 0.01

    Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an…

  • CVE-2026-54307higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances…

  • CVE-2026-54314Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact The Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing…

  • CVE-2026-48782Jun 16, 2026
    risk 0.00cvss epss 0.00

    Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous…

  • CVE-2026-54302higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious `webhookId`. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's…

  • CVE-2026-54303Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. ## Patches The…

  • CVE-2026-54312higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes `Object.prototype` process-wide for the lifetime of the n8n server…

  • CVE-2026-48788Jun 16, 2026
    risk 0.00cvss epss 0.00

    Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability exploitable through content-type spoofing. The Remark42 image proxy fetches an…

  • CVE-2026-48745Jun 16, 2026
    risk 0.00cvss epss 0.00

    Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an…

  • CVE-2026-47277Jun 16, 2026
    risk 0.00cvss epss 0.00

    Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path…

  • CVE-2026-48783Jun 16, 2026
    risk 0.00cvss epss 0.00

    Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's…

  • CVE-2026-48781Jun 16, 2026
    risk 0.00cvss epss 0.00

    Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT_SECRET, and the auth middleware trusted every claim in that JWT without…

  • CVE-2026-54322higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An…

  • CVE-2026-52846Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Summary Caddy’s `stripHTML` template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as `<<>img src=x onerror=alert()>`, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later…

  • CVE-2026-52845higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary `forward_auth copy_headers` deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through `php_fastcgi`, Caddy normalizes HTTP headers into CGI variables by replacing `-` with `_`. …

  • CVE-2026-52844higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary On Windows, Caddy `path` matchers treat `/private\secret.txt` as outside `/private/*`, but `file_server` later resolves the same request path as `private\secret.txt` on disk. An unauthenticated remote client can request `/private%5csecret.txt` and bypass Caddy…

  • CVE-2026-25470Jun 16, 2026
    risk 0.00cvss epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.

  • CVE-2026-39598Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.

  • CVE-2026-49073Jun 16, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.

  • CVE-2026-48055Jun 16, 2026
    risk 0.00cvss epss 0.01

    Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames…

  • CVE-2026-50574higJun 16, 2026
    risk 0.39cvss epss 0.00

    ### Summary If aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to…

  • CVE-2026-54321higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. ### Impact When a sandbox…

  • CVE-2026-53622higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Summary There is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS…

  • CVE-2026-11409Jun 16, 2026
    risk 0.00cvss epss 0.03

    An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated…

  • CVE-2026-11410Jun 16, 2026
    risk 0.00cvss epss 0.03

    An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with…

  • CVE-2026-53755higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and…

  • CVE-2026-53754higJun 16, 2026
    risk 0.38cvss epss 0.00

    ### Summary The Docker API server's SSRF protection (`validate_webhook_url` / `validate_url_destination` in `deploy/docker/utils.py`) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata…

  • CVE-2026-50023higJun 16, 2026
    risk 0.39cvss epss 0.01

    ### Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as `.desktop`, `.url`, `.webloc`) to the user's filesystem, bypassing the remediation for `CVE-2024-38519`. ### Details The fix for `CVE-2024-38519` enforced…

  • CVE-2026-49113Jun 16, 2026
    risk 0.00cvss epss 0.00

    Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

  • CVE-2026-49080Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

  • CVE-2026-49057Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.

  • CVE-2026-48869Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.

  • CVE-2026-40761Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

  • CVE-2026-40760Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

  • CVE-2026-40759Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

  • CVE-2026-40758Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

  • CVE-2026-40755Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

  • CVE-2026-40754Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

  • CVE-2026-40751Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

  • CVE-2026-40739Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

  • CVE-2026-40736Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

  • CVE-2026-39580Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

  • CVE-2026-39578Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

  • CVE-2026-39577Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

  • CVE-2026-39568Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

  • CVE-2026-39567Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

  • CVE-2026-39557Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.