VYPR

CVEs

11,223 total · page 9 of 225

  • CVE-2026-36576CriJun 3, 2026
    risk 0.64cvss 9.8epss 0.01

    An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.

  • CVE-2026-5241CriJun 3, 2026
    risk 0.55cvss 9.6epss 0.00

    A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent…

  • CVE-2026-35075CriJun 3, 2026
    risk 0.64cvss 9.8epss 0.00

    An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

  • CVE-2026-47065CriJun 3, 2026
    risk 0.64cvss 9.8epss 0.00

    ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the marker for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc()…

  • CVE-2025-14771CriJun 3, 2026
    risk 0.64cvss 9.9epss 0.00

    Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2026-32625CriJun 2, 2026
    risk 0.55cvss 9.6epss 0.03

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders against the server's process.env during Zod schema validation of user-supplied MCP…

  • CVE-2026-49448CriJun 2, 2026
    risk 0.57cvss 9.8epss 0.00

    authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1.

  • CVE-2026-42849CriJun 2, 2026
    risk 0.53cvss 9.3epss 0.00

    authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the…

  • CVE-2026-5076CriJun 2, 2026
    risk 0.64cvss 9.8epss 0.00

    The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a…

  • CVE-2026-38967CriJun 2, 2026
    risk 0.57cvss 9.8epss 0.00

    CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.

  • CVE-2026-42074CriJun 2, 2026
    risk 0.57cvss 9.8epss 0.01

    OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM (an untrusted principal per the project's own…

  • CVE-2026-0611CriJun 2, 2026
    risk 0.64cvss 9.8epss 0.01

    Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write…

  • CVE-2026-47117CriJun 2, 2026
    risk 0.57cvss 9.8epss 0.01

    OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to…

  • CVE-2026-7312CriJun 2, 2026
    risk 0.65cvss 10.0epss 0.00

    CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote…

  • CVE-2026-7198CriJun 2, 2026
    risk 0.64cvss 9.8epss 0.00

    CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected…

  • CVE-2026-10611CriJun 2, 2026
    risk 0.58cvss 10.0epss 0.00

    An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may…

  • CVE-2026-42684CriJun 2, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1.

  • CVE-2026-34906CriJun 2, 2026
    risk 0.60cvss epss 0.01

    Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template…

  • CVE-2025-53209CriJun 2, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.

  • CVE-2026-8206CriJun 2, 2026
    risk 0.57cvss 9.8epss 0.01

    The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the…

  • CVE-2026-25879CriJun 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or…

  • CVE-2026-40965CriJun 1, 2026
    risk 0.65cvss 10.0epss 0.00

    Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide…

  • CVE-2018-25427CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.01

    Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the…

  • CVE-2026-9319CriJun 1, 2026
    risk 0.59cvss 9.0epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.

  • CVE-2026-9311CriJun 1, 2026
    risk 0.59cvss 9.0epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

  • CVE-2026-8644CriJun 1, 2026
    risk 0.59cvss 9.1epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

  • CVE-2026-22872CriJun 1, 2026
    risk 0.52cvss 9.1epss 0.00

    Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version…

  • CVE-2026-45132CriJun 1, 2026
    risk 0.58cvss 10.0epss 0.00

    CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access Token and SSH signing key) to fork-controlled code due to unsafe checkout and credential…

  • CVE-2026-45131CriJun 1, 2026
    risk 0.58cvss 10.0epss 0.00

    CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub…

  • CVE-2026-44211CriJun 1, 2026
    risk 0.62cvss 9.6epss 0.00

    Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.

  • CVE-2026-42672CriJun 1, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1.

  • CVE-2026-8931CriJun 1, 2026
    risk 0.61cvss epss 0.01

    A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.

  • CVE-2026-48879CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17.

  • CVE-2026-48866CriJun 1, 2026
    risk 0.62cvss 9.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1.

  • CVE-2026-42682CriJun 1, 2026
    risk 0.59cvss 9.1epss 0.00

    Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6.

  • CVE-2026-42680CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1.

  • CVE-2026-0826CriJun 1, 2026
    risk 0.60cvss epss 0.26

    In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform.

  • CVE-2026-47413criJun 1, 2026
    risk 0.52cvss epss 0.00

    ## Summary **Type:** Privilege escalation / cross-tenant member injection. The `POST /workspaces/{workspace_id}/members` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`) and forwards the request body's `user_id` and `role`…

  • CVE-2026-47428criJun 1, 2026
    risk 0.52cvss epss 0.00

    ## Summary Vitest browser mode served `/__vitest_test__/` with the `otelCarrier` query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes…

  • CVE-2026-47429criJun 1, 2026
    risk 0.59cvss epss 0.00

    ### Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. ### Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network (using…

  • CVE-2026-7858CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.01

    A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code…

  • CVE-2026-42252CriJun 1, 2026
    risk 0.52cvss 9.1epss 0.00

    Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}")` example without any quoting / sanitization warning. Dag authors who copied…

  • CVE-2026-48188CriJun 1, 2026
    risk 0.59cvss 9.1epss 0.00

    An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the…

  • CVE-2026-10187CriMay 31, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer…

  • CVE-2018-25412CriMay 30, 2026
    risk 0.64cvss 9.8epss 0.01

    Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload…

  • CVE-2026-47416criMay 29, 2026
    risk 0.52cvss epss 0.00

    ## Summary **Type:** Vertical privilege escalation. The `PATCH /workspaces/{workspace_id}/members/{user_id}` endpoint is gated by `require_workspace_member(workspace_id)`, which defaults to `min_role="member"` and is never overridden by the route. The handler then calls…

  • CVE-2026-47410criMay 29, 2026
    risk 0.52cvss epss 0.00

    ## Summary **Type:** Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal `"dev-secret-change-me"` when `PLATFORM_JWT_SECRET` is unset. A safety check exists but only fires when `PLATFORM_ENV != "dev"`; the default value of `PLATFORM_ENV`…

  • CVE-2026-47407criMay 29, 2026
    risk 0.52cvss epss 0.00

    ## Summary The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/...` and protects them with a `require_workspace_member(workspace_id)` FastAPI dependency. The dependency only checks that the caller is a member of the workspace_id in the URL prefix. The…

  • CVE-2026-47391criMay 29, 2026
    risk 0.52cvss epss 0.00

    ## Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring `auth_token`. 2. The same example binds the server to `0.0.0.0`. 3. The example registers a…

  • CVE-2026-47392criMay 29, 2026
    risk 0.52cvss epss 0.00

    ## Summary `execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__` to retrieve the real Python `builtins` module, from which `__import__` can be extracted via `vars()` and runtime string…