VYPR

CVEs

11,223 total · page 8 of 225

  • CVE-2026-11009CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11002CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10990CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10983CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10974CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10972CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10971CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10966CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)

  • CVE-2026-10931CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10892CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10886CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10881CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2024-27892CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

  • CVE-2024-27890CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.04

    Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

  • CVE-2026-47708criJun 4, 2026
    risk 0.52cvss epss 0.01

    ### Summary The `log_file_name` parameter in the `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (`GuardValidator`) only scans the do-file content but does not validate this parameter. An attacker can inject…

  • CVE-2025-71316CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file…

  • CVE-2026-54458criJun 4, 2026
    risk 0.52cvss epss

    # Unauthenticated Stored DOM XSS via `page_title` Broadcast in AVideo YPTSocket Plugin ## Summary A stored DOM Cross-Site Scripting vulnerability (CWE-79) in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated…

  • CVE-2026-48040CriJun 4, 2026
    risk 0.52cvss 9.1epss 0.00

    The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback…

  • CVE-2026-25550CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.01

    Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for…

  • CVE-2026-10880CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator…

  • CVE-2025-67447CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.01

    The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject…

  • CVE-2026-50076CriJun 4, 2026
    risk 0.52cvss 9.1epss 0.01

    Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present…

  • CVE-2025-67446CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication…

  • CVE-2026-43986CriJun 4, 2026
    risk 0.57cvss 9.9epss 0.00

    Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/` route that resolves attacker-controlled entries from `image_hash_lookup` and replays them through the same server-side image fetch logic used…

  • CVE-2026-36182CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.

  • CVE-2026-10868CriJun 4, 2026
    risk 0.52cvss epss 0.00

    A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the application accepted a user-controlled User.id value from request data. An…

  • CVE-2026-35906CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string.

  • CVE-2026-35905CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.

  • CVE-2026-35904CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component.

  • CVE-2026-8037CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

  • CVE-2019-25741CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.01

    Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data…

  • CVE-2019-25738CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can send POST requests to the admin-ajax.php endpoint with the…

  • CVE-2019-25729CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection…

  • CVE-2019-25727CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a…

  • CVE-2026-4104CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429.

  • CVE-2026-50225CriJun 4, 2026
    risk 0.59cvss 9.1epss 0.00

    The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.

  • CVE-2026-50214CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

  • CVE-2026-50211CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.

  • CVE-2026-50208CriJun 4, 2026
    risk 0.61cvss 9.4epss 0.00

    High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.

  • CVE-2026-49191CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

  • CVE-2026-49188CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

  • CVE-2026-49186CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.

  • CVE-2026-49185CriJun 4, 2026
    risk 0.64cvss 9.8epss 0.00

    The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

  • CVE-2026-41283CriJun 4, 2026
    risk 0.64cvss 9.9epss 0.01

    OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

  • CVE-2026-44182criJun 3, 2026
    risk 0.52cvss epss 0.00

    ### Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like `securityContext` and inject multi-document YAML to create additional unintended Kubernetes resources. ###…

  • CVE-2026-44181criJun 3, 2026
    risk 0.52cvss epss 0.01

    ### Summary The environment variables (`KERNEL_XXX`) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise…

  • CVE-2026-44180criJun 3, 2026
    risk 0.52cvss epss 0.00

    ### Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root). This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted `KERNEL_UID` or…

  • CVE-2026-46266CriJun 3, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO_RAW (255) was dangerous. socket(AF_INET, SOCK_RAW, 255); A malicious…

  • CVE-2026-46244CriJun 3, 2026
    risk 0.52cvss 9.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header offset traversing all extension headers,…

  • CVE-2026-36748CriJun 3, 2026
    risk 0.59cvss 9.0epss 0.00

    RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.