VYPR

CVEs

345,149 total · page 68 of 6,903

  • CVE-2025-69150Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Medeus <= 1.14 versions.

  • CVE-2025-69149Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions.

  • CVE-2025-69147Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Putter <= 1.17 versions.

  • CVE-2025-69146Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Dom <= 1.24 versions.

  • CVE-2025-69143Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Mission <= 1.22 versions.

  • CVE-2025-69142Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Abelle <= 1.22 versions.

  • CVE-2025-69141Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.

  • CVE-2025-69139Jun 16, 2026
    risk 0.00cvss epss 0.01

    Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.

  • CVE-2025-69137Jun 16, 2026
    risk 0.00cvss epss 0.00

    Subscriber Broken Access Control in Genemy <= 1.6.6 versions.

  • CVE-2025-69136Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.

  • CVE-2025-69131Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.

  • CVE-2025-69125Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.

  • CVE-2025-69124Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Especio <= 1.0 versions.

  • CVE-2025-69122Jun 16, 2026
    risk 0.00cvss epss 0.01

    Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.

  • CVE-2025-69121Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.

  • CVE-2025-69119Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.

  • CVE-2025-69118Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.

  • CVE-2025-69116Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.

  • CVE-2025-69114Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.

  • CVE-2025-69113Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.

  • CVE-2025-69112Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions.

  • CVE-2025-69109Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.

  • CVE-2025-69108Jun 16, 2026
    risk 0.00cvss epss 0.01

    Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.

  • CVE-2025-69107Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.

  • CVE-2025-69105Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.

  • CVE-2025-69104Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.

  • CVE-2025-69103Jun 16, 2026
    risk 0.00cvss epss 0.00

    Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.

  • CVE-2025-60085Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.

  • CVE-2025-58924Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Local File Inclusion in Geya <= 1.15 versions.

  • CVE-2026-54194Jun 16, 2026
    risk 0.00cvss epss 0.00

    Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

  • CVE-2026-50019Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Summary If curl is used an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. This is the equivalent to [GHSA-v8mc-9377-rwjj](<https://github.com/yt-dlp/…

  • CVE-2026-48777CriJun 16, 2026
    risk 0.53cvss epss 0.00

    FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields…

  • CVE-2026-47750HigJun 16, 2026
    risk 0.44cvss 7.8epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in…

  • CVE-2026-47747HigJun 16, 2026
    risk 0.44cvss 7.8epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in…

  • CVE-2026-46448MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

  • CVE-2026-22313CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.01

    The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by…

  • CVE-2026-22312HigJun 16, 2026
    risk 0.56cvss 8.6epss 0.00

    The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot).

  • CVE-2026-12425MedJun 16, 2026
    risk 0.37cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after…

  • CVE-2026-12117Jun 16, 2026
    risk 0.00cvss epss 0.00

    Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

  • CVE-2026-12105Jun 16, 2026
    risk 0.00cvss epss 0.00

    Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

  • CVE-2026-11890Jun 16, 2026
    risk 0.00cvss epss 0.00

    Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

  • CVE-2026-10303HigJun 16, 2026
    risk 0.41cvss 7.4epss 0.01

    In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An…

  • CVE-2026-0165Jun 16, 2026
    risk 0.00cvss epss 0.00

    In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-0164Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0162Jun 16, 2026
    risk 0.00cvss epss 0.00

    In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0161Jun 16, 2026
    risk 0.00cvss epss 0.00

    In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0160Jun 16, 2026
    risk 0.00cvss epss 0.00

    In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2026-0158Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0157Jun 16, 2026
    risk 0.00cvss epss 0.00

    In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0156Jun 16, 2026
    risk 0.00cvss epss 0.00

    In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.