VYPR

CVEs

345,196 total · page 88 of 6,904

  • CVE-2026-34021HigJun 15, 2026
    risk 0.56cvss epss 0.00

    The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the…

  • CVE-2026-12057HigJun 15, 2026
    risk 0.56cvss 8.6epss 0.00

    When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution.

  • CVE-2026-50100HigJun 15, 2026
    risk 0.51cvss 7.8epss 0.00

    Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using…

  • CVE-2026-44188MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth (Open Authorization) access token before a…

  • CVE-2026-11860HigJun 15, 2026
    risk 0.49cvss epss 0.00

    Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation…

  • CVE-2026-9278MedJun 15, 2026
    risk 0.35cvss 5.4epss 0.00

    The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site…

  • CVE-2026-8935CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting…

  • CVE-2026-8386MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII…

  • CVE-2026-8385MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display,…

  • CVE-2026-12223MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command…

  • CVE-2026-12222HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer…

  • CVE-2026-12221HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The…

  • CVE-2026-12220HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer…

  • CVE-2026-12219MedJun 15, 2026
    risk 0.41cvss 6.3epss 0.01

    A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be…

  • CVE-2026-12218HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow.…

  • CVE-2026-12217HigJun 15, 2026
    risk 0.51cvss 7.8epss 0.00

    A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The…

  • CVE-2026-12216MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk_api_bytecode.c. Executing a manipulation of the argument count_instr can lead to memory corruption. The attack requires local access. The exploit has been…

  • CVE-2026-12214HigJun 15, 2026
    risk 0.51cvss 7.8epss 0.00

    A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure.…

  • CVE-2026-12213MedJun 15, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The…

  • CVE-2026-12212MedJun 15, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated…

  • CVE-2026-12211LowJun 15, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The…

  • CVE-2026-12210MedJun 15, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is…

  • CVE-2026-12209MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype…

  • CVE-2026-12208MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype…

  • CVE-2026-12207MedJun 15, 2026
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of…

  • CVE-2026-12206MedJun 15, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried…

  • CVE-2026-12204HigJun 15, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to…

  • CVE-2026-12203MedJun 15, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of…

  • CVE-2026-12202LowJun 15, 2026
    risk 0.09cvss 2.4epss 0.00

    A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The…

  • CVE-2026-12201MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The…

  • CVE-2026-12200HigJun 15, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The…

  • CVE-2026-11820modJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    community.general: community.general nexmo — API credentials exposed in GET URL query string[SECURITY] community.general nexmo — API credentials exposed in GET URL query string

  • CVE-2026-12198HigJun 15, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Microweber up to 2.0.20. This affects the function userfiles_path of the file /api_nosession/thumbnail_img of the component API Endpoint. Executing a manipulation of the argument cache_path_relative can lead to path traversal. It is possible to…

  • CVE-2026-12197HigJun 15, 2026
    risk 0.47cvss 7.2epss 0.02

    A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection.…

  • CVE-2026-12193HigJun 15, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out…

  • CVE-2026-12192HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The…

  • CVE-2026-59089modJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    gimp: GIMP: Denial of service via integer overflow in PlayStation TIM loader

  • CVE-2026-12191HigJun 14, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The…

  • CVE-2026-12190MedJun 14, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a…

  • CVE-2026-12189MedJun 14, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The…

  • CVE-2026-12188MedJun 14, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController. Performing a manipulation results…

  • CVE-2026-12187HigJun 14, 2026
    risk 0.57cvss 8.8epss 0.02

    A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The…

  • CVE-2026-12186HigJun 14, 2026
    risk 0.57cvss 8.8epss 0.02

    A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated…

  • CVE-2026-54413HigJun 14, 2026
    risk 0.53cvss 8.2epss 0.00

    driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer…

  • CVE-2026-54412HigJun 14, 2026
    risk 0.53cvss 8.2epss 0.00

    LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_response() function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an…

  • CVE-2026-54411MedJun 14, 2026
    risk 0.38cvss 5.9epss 0.00

    Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling…

  • CVE-2026-54410HigJun 14, 2026
    risk 0.56cvss 8.6epss 0.01

    nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP…

  • CVE-2026-11527HigJun 14, 2026
    risk 0.49cvss 8.6epss 0.01

    Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or…

  • CVE-2026-11526CriJun 14, 2026
    risk 0.57cvss 9.8epss 0.01

    GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Image::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or ends with a pipe ("| cmd",…

  • CVE-2025-15546Jun 14, 2026
    risk 0.00cvss epss 0.00

    The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file…