VYPR

CVEs

100,082 total · page 75 of 2,002

  • CVE-2026-23821HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on…

  • CVE-2026-23820HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary…

  • CVE-2026-23819HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an…

  • CVE-2026-44184HigMay 12, 2026
    risk 0.52cvss 8.0epss 0.00

    Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials(). When…

  • CVE-2026-44167HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and…

  • CVE-2026-44166HigMay 12, 2026
    risk 0.42cvss 7.6epss 0.00

    Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers,…

  • CVE-2026-43929HigMay 12, 2026
    risk 0.53cvss 8.2epss 0.00

    ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The…

  • CVE-2026-43892HigMay 12, 2026
    risk 0.50cvss 8.8epss 0.00

    AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.

  • CVE-2026-43891HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored,…

  • CVE-2026-42899HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.02

    Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2026-42896HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42893HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-42832HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-42831HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-42825HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42141HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.00

    Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make…

  • CVE-2026-41895HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading,…

  • CVE-2026-41613HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-41611HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

  • CVE-2026-41109HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-41107HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.01

    External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-41102HigMay 12, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

  • CVE-2026-41101HigMay 12, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

  • CVE-2026-41095HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

  • CVE-2026-41094HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

  • CVE-2026-41088HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-41086HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-40420HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40419HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40418HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40417HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40415HigMay 12, 2026
    risk 0.53cvss 8.1epss 0.01

    Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

  • CVE-2026-40414HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.01

    Windows TCP/IP Denial of Service Vulnerability

  • CVE-2026-40413HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Windows TCP/IP Denial of Service Vulnerability

  • CVE-2026-40410HigMay 12, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40408HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40407HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40406HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-40405HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

  • CVE-2026-40403HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

  • CVE-2026-40401HigMay 12, 2026
    risk 0.46cvss 7.1epss 0.00

    Windows TCP/IP Denial of Service Vulnerability

  • CVE-2026-40399HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40398HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40397HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40382HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40381HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40377HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40370HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

  • CVE-2026-40369HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40368HigMay 12, 2026
    risk 0.52cvss 8.0epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.