VYPR

CVEs

345,149 total · page 69 of 6,903

  • CVE-2026-0155Jun 16, 2026
    risk 0.00cvss epss 0.00

    In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0154Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0153Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0152Jun 16, 2026
    risk 0.00cvss epss 0.00

    In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2026-0151Jun 16, 2026
    risk 0.00cvss epss 0.00

    In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0150Jun 16, 2026
    risk 0.00cvss epss 0.00

    In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0149Jun 16, 2026
    risk 0.00cvss epss 0.00

    In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0148Jun 16, 2026
    risk 0.00cvss epss 0.00

    In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0147Jun 16, 2026
    risk 0.00cvss epss 0.00

    In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0146Jun 16, 2026
    risk 0.00cvss epss 0.00

    In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0145Jun 16, 2026
    risk 0.00cvss epss 0.00

    In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0144Jun 16, 2026
    risk 0.00cvss epss 0.00

    In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0143Jun 16, 2026
    risk 0.00cvss epss 0.00

    In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0142Jun 16, 2026
    risk 0.00cvss epss 0.00

    In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0141Jun 16, 2026
    risk 0.00cvss epss 0.00

    In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0140Jun 16, 2026
    risk 0.00cvss epss 0.00

    In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-0139Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0138Jun 16, 2026
    risk 0.00cvss epss 0.00

    In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0137Jun 16, 2026
    risk 0.00cvss epss 0.00

    In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0136Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0135Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0134Jun 16, 2026
    risk 0.00cvss epss 0.00

    In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0133Jun 16, 2026
    risk 0.00cvss epss 0.00

    In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2026-0132Jun 16, 2026
    risk 0.00cvss epss 0.00

    In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0131Jun 16, 2026
    risk 0.00cvss epss 0.00

    In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-0130Jun 16, 2026
    risk 0.00cvss epss 0.00

    In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-0129Jun 16, 2026
    risk 0.00cvss epss 0.00

    In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-0128Jun 16, 2026
    risk 0.00cvss epss 0.00

    In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2026-0127Jun 16, 2026
    risk 0.00cvss epss 0.00

    In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User…

  • CVE-2026-0126Jun 16, 2026
    risk 0.00cvss epss 0.00

    In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0125Jun 16, 2026
    risk 0.00cvss epss 0.00

    In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-54157criJun 16, 2026
    risk 0.52cvss epss 0.02

    ## Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com ## Summary The `/webapi/proxy` endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy…

  • CVE-2026-53753criJun 16, 2026
    risk 0.52cvss epss 0.00

    ### Summary The `_safe_eval_expression()` function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (`gi_frame`, `f_back`, `f_builtins`) do NOT start with underscore, enabling…

  • CVE-2026-50135Jun 16, 2026
    risk 0.00cvss epss 0.00

    **Commit:** [f8b5fa09a6](https://github.com/gohugoio/hugo/commit/f8b5fa09a6) — _Fix prevention of direct symlink reads in resources.Get_ **Affected versions:** v0.123.0 through v0.161.1. Earlier versions are not affected. **Fixed in:** v0.162.0. **Severity:** Medium. Requires…

  • CVE-2026-48294Jun 16, 2026
    risk 0.00cvss epss 0.01

    Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires…

  • CVE-2026-12348Jun 16, 2026
    risk 0.00cvss epss 0.00

    Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.

  • CVE-2026-48776Jun 16, 2026
    risk 0.00cvss epss 0.00

    LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request…

  • CVE-2026-46979Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS…

  • CVE-2026-46978Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris.…

  • CVE-2026-46977Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2026-46976Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to…

  • CVE-2026-46974Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2026-46973Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2026-46972Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2026-46971Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2026-46970Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise…

  • CVE-2026-46969Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to…

  • CVE-2026-46967Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2026-46966Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network…

  • CVE-2026-46965Jun 16, 2026
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access…