VYPR

CVEs

100,082 total · page 86 of 2,002

  • CVE-2026-8126HigMay 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may…

  • CVE-2026-6411HigMay 7, 2026
    risk 0.47cvss 7.3epss 0.00

    This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data…

  • CVE-2026-7541HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled…

  • CVE-2026-41105HigMay 7, 2026
    risk 0.53cvss 8.1epss 0.01

    Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-40213HigMay 7, 2026
    risk 0.48cvss 7.4epss 0.00

    OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role…

  • CVE-2026-35435HigMay 7, 2026
    risk 0.56cvss 8.6epss 0.01

    Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-34327HigMay 7, 2026
    risk 0.53cvss 8.2epss 0.01

    Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33111HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-32207HigMay 7, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-26164HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-26129HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-8098HigMay 7, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-42449HigMay 7, 2026
    risk 0.48cvss 8.5epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstanceContext()), the synchronous…

  • CVE-2026-42047HigMay 7, 2026
    risk 0.56cvss 8.6epss 0.00

    Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host…

  • CVE-2026-43510HigMay 7, 2026
    risk 0.42cvss 7.6epss 0.00

    manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

  • CVE-2026-42501HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.00

    A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can…

  • CVE-2026-42499HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

  • CVE-2026-42239HigMay 7, 2026
    risk 0.46cvss 8.1epss 0.00

    Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every…

  • CVE-2026-39836HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

  • CVE-2026-39820HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

  • CVE-2026-33814HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

  • CVE-2026-33811HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

  • CVE-2026-8083HigMay 7, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made…

  • CVE-2026-44742HigMay 7, 2026
    risk 0.40cvss 7.2epss 0.00

    Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.

  • CVE-2026-44244HigMay 7, 2026
    risk 0.44cvss 7.8epss 0.00

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines…

  • CVE-2026-44243HigMay 7, 2026
    risk 0.39cvss 7.1epss 0.00

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the…

  • CVE-2026-42284HigMay 7, 2026
    risk 0.46cvss 8.1epss 0.01

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation…

  • CVE-2026-42215HigMay 7, 2026
    risk 0.50cvss 8.8epss 0.01

    GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass…

  • CVE-2026-42214HigMay 7, 2026
    risk 0.44cvss 7.8epss 0.00

    Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains…

  • CVE-2026-41906HigMay 7, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts…

  • CVE-2026-41905HigMay 7, 2026
    risk 0.43cvss 7.7epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final…

  • CVE-2026-41904HigMay 7, 2026
    risk 0.42cvss 7.6epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every…

  • CVE-2026-41653HigMay 7, 2026
    risk 0.39cvss epss 0.00

    BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been…

  • CVE-2026-7413HigMay 7, 2026
    risk 0.47cvss 7.2epss 0.01

    A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary…

  • CVE-2026-7821HigMay 7, 2026
    risk 0.48cvss 7.4epss 0.01

    Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance…

  • CVE-2026-6973HigKEVMay 7, 2026
    risk 0.59cvss 7.2epss 0.34

    An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

  • CVE-2026-5788HigMay 7, 2026
    risk 0.46cvss 7.0epss 0.01

    An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.

  • CVE-2026-5787HigMay 7, 2026
    risk 0.58cvss 8.9epss 0.01

    An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

  • CVE-2026-5786HigMay 7, 2026
    risk 0.57cvss 8.8epss 0.01

    An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.

  • CVE-2025-65122HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.00

    Regex Denial of Service in youtube-regex npm package through version 1.0.5.

  • CVE-2026-44349HigMay 7, 2026
    risk 0.39cvss epss 0.00

    Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resource_findallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.L(fmt.Sprintf("LOWER(%s) LIKE ?",…

  • CVE-2026-42011HigMay 7, 2026
    risk 0.41cvss 7.4epss 0.00

    A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during…

  • CVE-2026-41688HigMay 7, 2026
    risk 0.43cvss 7.7epss 0.00

    Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP…

  • CVE-2026-41654HigMay 7, 2026
    risk 0.46cvss 8.1epss 0.00

    Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/.json…

  • CVE-2026-41505HigMay 7, 2026
    risk 0.50cvss 8.7epss 0.00

    RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.

  • CVE-2026-41422HigMay 7, 2026
    risk 0.47cvss 8.3epss 0.00

    Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL literal expression builder — without any validation. This bypassed all…

  • CVE-2025-63705HigMay 7, 2026
    risk 0.57cvss 8.8epss 0.01

    NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.

  • CVE-2026-41554HigMay 7, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2.

  • CVE-2026-41490HigMay 7, 2026
    risk 0.47cvss 8.3epss 0.00

    Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by…

  • CVE-2026-30495HigMay 7, 2026
    risk 0.57cvss 8.8epss 0.00

    The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally,…