VYPR

CVEs

345,196 total · page 84 of 6,904

  • CVE-2025-59133HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.

  • CVE-2026-48988Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule (enabled via the `typographer: true` option). An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time,…

  • CVE-2026-54283higJun 15, 2026
    risk 0.38cvss epss 0.00

    ### Summary `request.form()` accepts `max_fields` and `max_part_size` to bound resource consumption while parsing form data. These limits are enforced for `multipart/form-data`, but silently ignored for `application/x-www-form-urlencoded`. An unauthenticated attacker can…

  • CVE-2026-54285Jun 15, 2026
    risk 0.00cvss epss 0.00

    ## Overview `W3CBaggagePropagator.extract()` in `@opentelemetry/core` does not enforce size limits when parsing inbound `baggage` HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound…

  • CVE-2026-54282lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary In affected versions, the HTTP request path is not validated before being used to reconstruct `request.url`. Because `request.url` is rebuilt by concatenating `{scheme}://{host}{path}` and re-parsing the result, a path that does not begin with `/` (for example…

  • CVE-2026-54281higJun 15, 2026
    risk 0.38cvss epss 0.00

    ### Impact An authentication bypass vulnerability exists in `@nestjs/platform-fastify` (confirmed on version `11.1.24`, the latest available release at time of report). When middleware is registered through NestJS's `MiddlewareConsumer.forRoutes()` API on the Fastify adapter,…

  • CVE-2026-53539higJun 15, 2026
    risk 0.38cvss epss 0.00

    ### Summary When parsing `application/x-www-form-urlencoded` bodies, `QuerystringParser` located the field separator with a two step lookup: it first scanned the entire remaining buffer for `&`, and only when no `&` existed anywhere ahead did it fall back to scanning for `;`.…

  • CVE-2026-53540lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `parse_form()` did not validate the `Content-Length` header before using it to bound its chunked read of the request body. A negative `Content-Length` turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead…

  • CVE-2026-53538lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `QuerystringParser` treated `;` as a field separator in `application/x-www-form-urlencoded` bodies, in addition to `&`. The [WHATWG URL standard](https://url.spec.whatwg.org/#urlencoded-parsing), modern browsers, and Python's `urllib.parse` (since the CVE-2021-23336…

  • CVE-2026-53537lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `parse_options_header` parsed `Content-Disposition` (and `Content-Type`) headers with [`email.message.Message`](https://docs.python.org/3/library/email.compat32-message.html#email.message.Message), which transparently applies [RFC…

  • CVE-2026-54257criJun 15, 2026
    risk 0.52cvss epss 0.00

    ### Impact Most apps will crash and some may perform incorrect buffer allocations in the Node.js `Buffer` API resulting in unexpected truncation or allocation. ### Workarounds No workarounds. Do not use these impacted Electron releases ### Fixed Versions * `42.3.3` ### For…

  • CVE-2026-49853higJun 15, 2026
    risk 0.38cvss epss 0.00

    ## Summary When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements max_redirects, and removes only the Host header. It does not clear Authorization, auth_username, auth_password, or auth_mode when the redirect…

  • CVE-2026-49855higJun 15, 2026
    risk 0.38cvss epss 0.01

    Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate (There has always been a limit for the total *compressed* size). This allows a malicious server to consume effectively…

  • CVE-2026-54444Jun 15, 2026
    risk 0.00cvss epss

    Rejected reason: ]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49489. Reason: This candidate is a duplicate of CVE-2026-49489. Notes: All CVE users should reference CVE-2026-49489 instead of this candidate.

  • CVE-2026-54296Jun 15, 2026
    risk 0.00cvss epss

    Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12075. Reason: This candidate is a duplicate of CVE-2026-12075. Notes: All CVE users should reference CVE-2026-12075 instead of this candidate.

  • CVE-2026-54295Jun 15, 2026
    risk 0.00cvss epss

    Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12061. Reason: This candidate is a duplicate of CVE-2026-12061. Notes: All CVE users should reference CVE-2026-12061 instead of this candidate.

  • CVE-2026-54294Jun 15, 2026
    risk 0.00cvss epss

    Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12072. Reason: This candidate is a duplicate of CVE-2026-12072. Notes: All CVE users should reference CVE-2026-12072 instead of this candidate.

  • CVE-2026-54292Jun 15, 2026
    risk 0.00cvss epss

    Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12074. Reason: This candidate is a duplicate of CVE-2026-12074. Notes: All CVE users should reference CVE-2026-12074 instead of this candidate.

  • CVE-2026-53705HigJun 15, 2026
    risk 0.49cvss 7.6epss 0.00

    A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation.…

  • CVE-2026-53704HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without…

  • CVE-2026-53703HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec…

  • CVE-2026-52722HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a…

  • CVE-2026-52721MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local…

  • CVE-2026-52720HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.01

    A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote…

  • CVE-2026-52719HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially…

  • CVE-2026-52718MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a…

  • CVE-2026-50892MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request.

  • CVE-2026-50891HigJun 15, 2026
    risk 0.53cvss 8.1epss 0.00

    Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.

  • CVE-2026-50890CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

  • CVE-2026-50889HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header.

  • CVE-2026-50888HigJun 15, 2026
    risk 0.53cvss 8.1epss 0.00

    An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL.

  • CVE-2026-50887CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.

  • CVE-2026-50886CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.

  • CVE-2026-50885HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request.

  • CVE-2026-50884HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.

  • CVE-2026-50883CriJun 15, 2026
    risk 0.62cvss 9.6epss 0.00

    An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload.

  • CVE-2026-50882HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2026-50881HigJun 15, 2026
    risk 0.53cvss 8.1epss 0.00

    Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.

  • CVE-2026-50880CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request.

  • CVE-2026-50879HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2026-50878HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2026-50877HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.01

    An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters.

  • CVE-2026-50876MedJun 15, 2026
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2026-50875HigJun 15, 2026
    risk 0.53cvss 8.1epss 0.00

    Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.

  • CVE-2026-50874HigJun 15, 2026
    risk 0.53cvss 8.1epss 0.01

    An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.

  • CVE-2026-50873CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.

  • CVE-2026-48818higJun 15, 2026
    risk 0.38cvss epss 0.00

    ### Summary When serving static files on Windows, `StaticFiles` resolves the requested path with [`os.path.realpath`](https://docs.python.org/3/library/os.path.html#os.path.realpath). If a UNC path (such as `\\attacker.com\share`) reaches the resolver, `realpath` causes the…

  • CVE-2026-50872CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.

  • CVE-2026-50871CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.02

    An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.

  • CVE-2026-50870HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.