VYPR

CVEs

100,082 total · page 67 of 2,002

  • CVE-2021-47964HigMay 15, 2026
    risk 0.57cvss 8.8epss 0.01

    Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the…

  • CVE-2021-47963HigMay 15, 2026
    risk 0.47cvss 7.2epss 0.00

    Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that…

  • CVE-2021-47959HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.00

    WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field…

  • CVE-2026-46474HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

  • CVE-2026-8695HigMay 15, 2026
    risk 0.42cvss 7.5epss 0.01

    radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability…

  • CVE-2026-45539HigMay 15, 2026
    risk 0.41cvss 7.4epss 0.01

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rglob() calls and read each match with Path.read_text(), transparently following…

  • CVE-2026-45038HigMay 15, 2026
    risk 0.44cvss 7.8epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233.

  • CVE-2026-45037HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to…

  • CVE-2026-45036HigMay 15, 2026
    risk 0.39cvss 7.0epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays…

  • CVE-2026-45035HigMay 15, 2026
    risk 0.50cvss 8.8epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation,…

  • CVE-2026-44714HigMay 15, 2026
    risk 0.42cvss 7.5epss 0.00

    The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both…

  • CVE-2026-44641HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are…

  • CVE-2026-46508HigMay 15, 2026
    risk 0.51cvss 7.8epss 0.00

    Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo…

  • CVE-2026-35194HigMay 15, 2026
    risk 0.46cvss 8.1epss 0.00

    Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions…

  • CVE-2026-39054HigMay 15, 2026
    risk 0.48cvss 7.3epss 0.01

    Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result…

  • CVE-2026-38728HigMay 15, 2026
    risk 0.42cvss 7.5epss 0.01

    An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components

  • CVE-2026-34253HigMay 15, 2026
    risk 0.53cvss 8.2epss 0.01

    A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow…

  • CVE-2026-46333HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when…

  • CVE-2026-41552HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.01

    PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This…

  • CVE-2026-41964HigMay 15, 2026
    risk 0.55cvss 8.4epss 0.00

    Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-6403HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.01

    The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which appends a user-controlled 'stylesheet' parameter directly to the theme root…

  • CVE-2026-6228HigMay 15, 2026
    risk 0.50cvss 8.8epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the…

  • CVE-2026-44088HigMay 15, 2026
    risk 0.56cvss epss 0.00

    SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing…

  • CVE-2026-8654HigMay 15, 2026
    risk 0.57cvss epss 0.00

    Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.

  • CVE-2026-4094HigMay 15, 2026
    risk 0.46cvss 8.1epss 0.00

    The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers,…

  • CVE-2026-41702HigMay 15, 2026
    risk 0.51cvss 7.8epss 0.00

    VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system…

  • CVE-2026-43490HigMay 15, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it,…

  • CVE-2026-28761HigMay 15, 2026
    risk 0.53cvss 8.1epss 0.00

    Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done.

  • CVE-2025-54518HigMay 15, 2026
    risk 0.47cvss epss 0.00

    Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

  • CVE-2024-36334HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution.

  • CVE-2024-36333HigMay 15, 2026
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2024-36323HigMay 15, 2026
    risk 0.57cvss epss 0.00

    Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim…

  • CVE-2026-7373HigMay 15, 2026
    risk 0.55cvss epss 0.00

    Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL…

  • CVE-2026-2652HigMay 15, 2026
    risk 0.49cvss 8.6epss 0.01

    A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces…

  • CVE-2025-54517HigMay 15, 2026
    risk 0.55cvss epss 0.00

    Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.

  • CVE-2025-29938HigMay 15, 2026
    risk 0.46cvss epss 0.00

    An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution.

  • CVE-2025-29936HigMay 15, 2026
    risk 0.55cvss epss 0.00

    Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality.

  • CVE-2025-29935HigMay 15, 2026
    risk 0.55cvss epss 0.00

    An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability.

  • CVE-2025-0028HigMay 15, 2026
    risk 0.54cvss epss 0.00

    An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.

  • CVE-2024-21962HigMay 15, 2026
    risk 0.56cvss epss 0.00

    Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.

  • CVE-2023-31317HigMay 15, 2026
    risk 0.57cvss epss 0.00

    Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.

  • CVE-2023-31316HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next…

  • CVE-2026-0432HigMay 15, 2026
    risk 0.55cvss epss 0.00

    Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

  • CVE-2025-52540HigMay 15, 2026
    risk 0.55cvss epss 0.00

    An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.

  • CVE-2025-48519HigMay 15, 2026
    risk 0.55cvss epss 0.00

    An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation

  • CVE-2025-48512HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

  • CVE-2026-44671HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search…

  • CVE-2026-45370HigMay 14, 2026
    risk 0.50cvss 7.7epss 0.00

    python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single…

  • CVE-2026-45369HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed…

  • CVE-2026-44700HigMay 14, 2026
    risk 0.50cvss epss 0.00

    Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for…