VYPR

CVEs

100,082 total · page 81 of 2,002

  • CVE-2026-42315HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to…

  • CVE-2026-42313HigMay 11, 2026
    risk 0.54cvss 8.3epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist…

  • CVE-2026-41431HigMay 11, 2026
    risk 0.45cvss 8.0epss 0.00

    Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero…

  • CVE-2026-3609HigMay 11, 2026
    risk 0.51cvss 7.8epss 0.00

    Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cross reference to KVE 2023-5589 (https://krcert.or.kr)

  • CVE-2026-38568HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is…

  • CVE-2026-38566HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add) are vulnerable…

  • CVE-2026-36983HigMay 11, 2026
    risk 0.48cvss 7.3epss 0.01

    D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection.

  • CVE-2026-36962HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword…

  • CVE-2026-30635HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.01

    Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE_BASE_URL.

  • CVE-2026-2393HigMay 11, 2026
    risk 0.39cvss 7.1epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webhook_request()` function in…

  • CVE-2026-2291HigMay 11, 2026
    risk 0.48cvss 7.3epss 0.01

    dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

  • CVE-2026-44738HigMay 11, 2026
    risk 0.50cvss 7.7epss 0.00

    Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration — including all plugin secrets (SMTP passwords, AWS…

  • CVE-2026-42845HigMay 11, 2026
    risk 0.43cvss epss 0.01

    The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload (GHSA-w4rc-p66m-x6qq). Public form uploads now strip path components from the POST-supplied filename and hard-block page-content…

  • CVE-2026-42843HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin…

  • CVE-2026-42603HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.00

    OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged trigger) but checks out and executes code directly from the…

  • CVE-2026-42349HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when…

  • CVE-2026-33362HigMay 11, 2026
    risk 0.56cvss 8.6epss 0.00

    In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service…

  • CVE-2026-33361HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model.

  • CVE-2026-33359HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected…

  • CVE-2026-33357HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root…

  • CVE-2026-33356HigMay 11, 2026
    risk 0.50cvss 7.7epss 0.00

    In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent…

  • CVE-2026-31254HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python eval() function as a Hydra configuration resolver under the name eval. This…

  • CVE-2026-31253HigMay 11, 2026
    risk 0.40cvss 7.3epss 0.00

    The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and the checkpoint loading…

  • CVE-2026-31251HigMay 11, 2026
    risk 0.40cvss 7.3epss 0.00

    CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load()…

  • CVE-2026-31250HigMay 11, 2026
    risk 0.40cvss 7.3epss 0.00

    CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for model averaging using torch.load()…

  • CVE-2026-31249HigMay 11, 2026
    risk 0.40cvss 7.3epss 0.00

    CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens)…

  • CVE-2026-31248HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested…

  • CVE-2026-7819HigMay 11, 2026
    risk 0.46cvss 8.1epss 0.00

    Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link…

  • CVE-2026-7818HigMay 11, 2026
    risk 0.39cvss 7.0epss 0.00

    Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing any HMAC integrity check. Any file dropped…

  • CVE-2026-7816HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.01

    OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'" to break out of the \copy…

  • CVE-2026-7815HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An…

  • CVE-2026-42612HigMay 11, 2026
    risk 0.48cvss 8.5epss 0.00

    Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss() function when handling…

  • CVE-2026-42611HigMay 11, 2026
    risk 0.51cvss 8.9epss 0.00

    Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever…

  • CVE-2026-42609HigMay 11, 2026
    risk 0.46cvss 8.1epss 0.00

    Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary administrator. By creating a new user with a…

  • CVE-2026-34092HigMay 11, 2026
    risk 0.42cvss 7.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

  • CVE-2026-34091HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

  • CVE-2026-34090HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2.

  • CVE-2026-34088HigMay 11, 2026
    risk 0.42cvss 7.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

  • CVE-2026-34087HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.

  • CVE-2026-31247HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb).…

  • CVE-2025-65418HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.01

    docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.

  • CVE-2025-61314HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an…

  • CVE-2025-61313HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an…

  • CVE-2025-61312HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an…

  • CVE-2025-61311HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an…

  • CVE-2026-4802HigMay 11, 2026
    risk 0.45cvss 8.0epss 0.01

    A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell…

  • CVE-2025-10470HigMay 11, 2026
    risk 0.56cvss 8.6epss 0.00

    The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability…

  • CVE-2026-41951HigMay 11, 2026
    risk 0.40cvss 7.2epss 0.01

    Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.

  • CVE-2026-32658HigMay 11, 2026
    risk 0.52cvss 8.0epss 0.00

    Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2025-10908HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This…