VYPR

CVEs

100,082 total · page 82 of 2,002

  • CVE-2026-43500HigMay 11, 2026
    risk 0.50cvss 7.8epss 0.93

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one…

  • CVE-2026-6433HigMay 11, 2026
    risk 0.48cvss 7.3epss 0.01

    The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execute arbitrary PHP code on the server.

  • CVE-2026-8260HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can…

  • CVE-2026-8177HigMay 10, 2026
    risk 0.42cvss 7.5epss 0.01

    XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into…

  • CVE-2026-45180HigMay 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an…

  • CVE-2022-50944HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with…

  • CVE-2021-47949HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in…

  • CVE-2021-47945HigMay 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be…

  • CVE-2021-47944HigMay 10, 2026
    risk 0.49cvss 7.5epss 0.00

    memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note…

  • CVE-2021-47943HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content…

  • CVE-2021-47941HigMay 10, 2026
    risk 0.53cvss 8.2epss 0.00

    WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract…

  • CVE-2021-47939HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with…

  • CVE-2021-47938HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request…

  • CVE-2021-47937HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.01

    e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that…

  • CVE-2021-47935HigMay 10, 2026
    risk 0.50cvss 8.8epss 0.01

    Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin…

  • CVE-2021-47930HigMay 10, 2026
    risk 0.53cvss 8.2epss 0.00

    Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in…

  • CVE-2021-47928HigMay 10, 2026
    risk 0.53cvss 8.2epss 0.00

    Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id parameter. Attackers can craft malicious SQL queries using time-based or content-based…

  • CVE-2026-8234HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated…

  • CVE-2026-7263HigMay 10, 2026
    risk 0.49cvss 7.5epss 0.00

    In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter…

  • CVE-2026-7568HigMay 10, 2026
    risk 0.42cvss 7.5epss 0.00

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647…

  • CVE-2026-7262HigMay 10, 2026
    risk 0.42cvss 7.5epss 0.01

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element.  This leads…

  • CVE-2026-7258HigMay 10, 2026
    risk 0.42cvss 7.5epss 0.00

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype…

  • CVE-2026-8216HigMay 10, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched…

  • CVE-2026-42606HigMay 9, 2026
    risk 0.46cvss 8.1epss 0.00

    AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password…

  • CVE-2026-42605HigMay 9, 2026
    risk 0.50cvss 8.8epss 0.01

    AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) is not sanitized for path traversal sequences. When combined with…

  • CVE-2026-42575HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.00

    apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is…

  • CVE-2026-42574HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.00

    apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write…

  • CVE-2026-42562HigMay 9, 2026
    risk 0.47cvss 8.3epss 0.00

    Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and…

  • CVE-2026-42246HigMay 9, 2026
    risk 0.41cvss 7.4epss 0.00

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched…

  • CVE-2026-42245HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send…

  • CVE-2026-41893HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints (POST /login and POST /signalk/v1/auth/login) are protected by express-rate-limit (default: 100 attempts per 10-minute window, configurable via…

  • CVE-2026-3828HigMay 9, 2026
    risk 0.47cvss 7.2epss 0.01

    Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to…

  • CVE-2026-42311HigMay 9, 2026
    risk 0.44cvss 7.8epss 0.00

    Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.

  • CVE-2026-8208HigMay 9, 2026
    risk 0.58cvss epss 0.00

    Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation…

  • CVE-2026-42461HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list…

  • CVE-2026-42301HigMay 9, 2026
    risk 0.44cvss 7.8epss 0.00

    pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those…

  • CVE-2026-42297HigMay 9, 2026
    risk 0.47cvss 8.3epss 0.01

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD…

  • CVE-2026-42296HigMay 9, 2026
    risk 0.46cvss 8.1epss 0.00

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts,…

  • CVE-2026-42294HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.01

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature.…

  • CVE-2026-41311HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.00

    LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loop, consuming all available memory (~4GB) and crashing the Node.js process with…

  • CVE-2026-41163HigMay 9, 2026
    risk 0.57cvss epss 0.00

    bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the…

  • CVE-2026-8207HigMay 9, 2026
    risk 0.46cvss epss 0.00

    Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation…

  • CVE-2026-6665HigMay 9, 2026
    risk 0.46cvss 8.1epss 0.00

    The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.

  • CVE-2026-6664HigMay 9, 2026
    risk 0.42cvss 7.5epss 0.01

    An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

  • CVE-2026-41705HigMay 9, 2026
    risk 0.49cvss 8.6epss 0.00

    Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest…

  • CVE-2026-42455HigMay 9, 2026
    risk 0.50cvss epss 0.00

    Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript…

  • CVE-2026-42556HigMay 8, 2026
    risk 0.51cvss 8.9epss 0.00

    Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to…

  • CVE-2026-42453HigMay 8, 2026
    risk 0.57cvss epss 0.01

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file…

  • CVE-2026-42452HigMay 8, 2026
    risk 0.53cvss 8.1epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for…

  • CVE-2026-42352HigMay 8, 2026
    risk 0.49cvss 8.6epss 0.00

    pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3.