VYPR

CVEs

345,178 total · page 79 of 6,904

  • CVE-2026-42014MedJun 16, 2026
    risk 0.36cvss 6.6epss 0.00

    A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected…

  • CVE-2026-1767MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This…

  • CVE-2026-1766MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment)…

  • CVE-2026-1765MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3…

  • CVE-2026-1764MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability…

  • CVE-2026-12162MedJun 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.

  • CVE-2026-12161HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials…

  • CVE-2026-9262MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9261MedJun 16, 2026
    risk 0.44cvss 6.8epss 0.00

    Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9260MedJun 16, 2026
    risk 0.40cvss 6.2epss 0.00

    Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9259MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9258MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-12505impJun 16, 2026
    risk 0.51cvss 7.8epss 0.00

    cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

  • CVE-2026-46655impJun 16, 2026
    risk 0.51cvss 7.8epss

    virtio-win: viosock.sys: integer overflow in VIOSockSelect leads to heap-based buffer overflow

  • CVE-2026-53430HigJun 15, 2026
    risk 0.50cvss epss 0.00

    Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files…

  • CVE-2026-48854HigJun 15, 2026
    risk 0.50cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_fu…

  • CVE-2026-48853CriJun 15, 2026
    risk 0.53cvss epss 0.01

    Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it,…

  • CVE-2026-48723HigJun 15, 2026
    risk 0.44cvss 7.8epss 0.01

    The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function…

  • CVE-2026-48599HigJun 15, 2026
    risk 0.42cvss epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In…

  • CVE-2026-12205CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later…

  • CVE-2026-5064HigJun 15, 2026
    risk 0.55cvss epss 0.00

    Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities.

  • CVE-2026-48714CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys __proto__, constructor, and prototype (added in 3.9.3, see…

  • CVE-2026-48713CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input). Backend.writeFile() splits each queued missing-key…

  • CVE-2026-48157MedJun 15, 2026
    risk 0.40cvss 6.1epss 0.00

    Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to include untrusted/request-derived data in the error title or description (e.g.…

  • CVE-2026-48017HigJun 15, 2026
    risk 0.50cvss 8.8epss 0.01

    DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user…

  • CVE-2026-12087CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both…

  • CVE-2026-11832CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

  • CVE-2026-9691CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

  • CVE-2026-52703CriJun 15, 2026
    risk 0.62cvss 9.6epss 0.00

    Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

  • CVE-2026-52702HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

  • CVE-2026-52700HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

  • CVE-2026-52699HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

  • CVE-2026-52697HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

  • CVE-2026-52695HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

  • CVE-2026-52694HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

  • CVE-2026-52693CriJun 15, 2026
    risk 0.60cvss 9.3epss 0.00

    Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

  • CVE-2026-52692HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

  • CVE-2026-49781CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.

  • CVE-2026-49780HigJun 15, 2026
    risk 0.50cvss 8.8epss 0.00

    Customer Privilege Escalation in Dokan <= 5.0.2 versions.

  • CVE-2026-49776CriJun 15, 2026
    risk 0.60cvss 9.3epss 0.00

    Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

  • CVE-2026-49775MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

  • CVE-2026-49773MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

  • CVE-2026-49770CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

  • CVE-2026-49769CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

  • CVE-2026-49768CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

  • CVE-2026-49766CriJun 15, 2026
    risk 0.64cvss 9.9epss 0.01

    Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

  • CVE-2026-49765CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.

  • CVE-2026-49764CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

  • CVE-2026-49763CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.

  • CVE-2026-49112HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.