VYPR

CVEs

100,082 total · page 71 of 2,002

  • CVE-2026-42561HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.01

    Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the…

  • CVE-2026-42304HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can…

  • CVE-2026-39358HigMay 13, 2026
    risk 0.40cvss 7.2epss 0.00

    CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters (sort[price], sort_activity, sort_admin, and sort_customer) of the Products and Logs endpoints in CubeCart v6.x.…

  • CVE-2026-21821HigMay 13, 2026
    risk 0.54cvss 8.3epss 0.00

    The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk…

  • CVE-2025-27853HigMay 13, 2026
    risk 0.47cvss 7.3epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any…

  • CVE-2025-27850HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a…

  • CVE-2026-42552HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::_error() writes the full exception message, exception code, and stack trace (including absolute filesystem paths) directly into the HTTP 500 response, with no debug gating.…

  • CVE-2026-42551HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb (including safe verbs such as GET), with no opt-in and no whitelist of…

  • CVE-2026-42550HigMay 13, 2026
    risk 0.50cvss 8.8epss 0.00

    Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::update(), and SimplePdo::delete() build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and…

  • CVE-2026-42548HigMay 13, 2026
    risk 0.49cvss epss 0.00

    Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary…

  • CVE-2026-33377HigMay 13, 2026
    risk 0.46cvss 7.1epss 0.00

    An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.

  • CVE-2026-33376HigMay 13, 2026
    risk 0.48cvss 7.4epss 0.00

    When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are…

  • CVE-2026-8466HigMay 13, 2026
    risk 0.46cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary…

  • CVE-2026-43970HigMay 13, 2026
    risk 0.46cvss epss 0.01

    Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output…

  • CVE-2026-42587HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced…

  • CVE-2026-42584HigMay 13, 2026
    risk 0.47cvss 7.3epss 0.01

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the…

  • CVE-2026-42583HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload…

  • CVE-2026-42582HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before…

  • CVE-2026-42579HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS…

  • CVE-2026-42578HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage() method creates headers using…

  • CVE-2026-42577HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some…

  • CVE-2026-41132HigMay 13, 2026
    risk 0.41cvss 7.4epss 0.00

    CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This…

  • CVE-2026-33583HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform:…

  • CVE-2026-30906HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

  • CVE-2026-30905HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.

  • CVE-2026-0236HigMay 13, 2026
    risk 0.47cvss epss 0.00

    A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser.

  • CVE-2026-45109HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6.

  • CVE-2026-44579HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In…

  • CVE-2026-44578HigMay 13, 2026
    risk 0.49cvss 8.6epss 0.39

    Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker…

  • CVE-2026-44004HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single…

  • CVE-2026-44001HigMay 13, 2026
    risk 0.56cvss 8.6epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for…

  • CVE-2026-43998HigMay 13, 2026
    risk 0.55cvss 8.5epss 0.01

    vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve()…

  • CVE-2026-0265HigMay 13, 2026
    risk 0.47cvss epss 0.00

    An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management…

  • CVE-2026-0264HigMay 13, 2026
    risk 0.47cvss epss 0.00

    A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or…

  • CVE-2026-0263HigMay 13, 2026
    risk 0.47cvss epss 0.00

    A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud…

  • CVE-2026-0237HigMay 13, 2026
    risk 0.47cvss epss 0.00

    An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send…

  • CVE-2026-44575HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used…

  • CVE-2026-44574HigMay 13, 2026
    risk 0.46cvss 8.1epss 0.00

    Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters…

  • CVE-2026-44573HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through…

  • CVE-2026-6282HigMay 13, 2026
    risk 0.53cvss 8.1epss 0.00

    A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

  • CVE-2026-6281HigMay 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.

  • CVE-2026-45033HigMay 13, 2026
    risk 0.44cvss 7.8epss 0.00

    GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution…

  • CVE-2026-44470HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real…

  • CVE-2026-44432HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2)…

  • CVE-2026-44295HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain…

  • CVE-2026-44293HigMay 13, 2026
    risk 0.57cvss 8.8epss 0.00

    protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a…

  • CVE-2026-44291HigMay 13, 2026
    risk 0.53cvss 8.1epss 0.01

    protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been…

  • CVE-2026-44290HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause…

  • CVE-2026-44289HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.01

    protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message…

  • CVE-2026-43481HigMay 13, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on…