VYPR

CVEs

345,196 total · page 90 of 6,904

  • CVE-2026-53825MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify…

  • CVE-2026-53824MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token…

  • CVE-2026-53823HigJun 12, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access…

  • CVE-2026-53822HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.01

    OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security…

  • CVE-2026-53821HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket…

  • CVE-2026-53820MedJun 12, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions…

  • CVE-2026-53609CriJun 12, 2026
    risk 0.59cvss 9.1epss 0.00

    ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation paths without sanitizing `__proto__`, allowing an authenticated editor to write arbitrary values to `Object.prototype` via the…

  • CVE-2026-53608HigJun 12, 2026
    risk 0.57cvss 8.7epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingId`) and Google Tag Manager ID (`seoGoogleTagManager`) directly into ``…

  • CVE-2026-53523MedJun 12, 2026
    risk 0.37cvss 6.8epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed…

  • CVE-2026-53522MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal →…

  • CVE-2026-53521MedJun 12, 2026
    risk 0.35cvss 6.4epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS…

  • CVE-2026-53520MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version…

  • CVE-2026-53519CriJun 12, 2026
    risk 0.52cvss 9.1epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check…

  • CVE-2026-49397MedJun 12, 2026
    risk 0.27cvss 5.3epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data. This issue has been…

  • CVE-2026-49396HigJun 12, 2026
    risk 0.39cvss 7.1epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.

  • CVE-2026-48119HigJun 12, 2026
    risk 0.39cvss 7.1epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12.

  • CVE-2026-47268MedJun 12, 2026
    risk 0.35cvss 6.4epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhook_url,…

  • CVE-2026-47124MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers…

  • CVE-2026-47120HigJun 12, 2026
    risk 0.39cvss 7.1epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check). This issue has been patched in version…

  • CVE-2026-46717HigJun 12, 2026
    risk 0.43cvss 7.7epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role==0) and RoleMember (Role==1). The notification routes POST /api/v1/notification…

  • CVE-2026-46716CriJun 12, 2026
    risk 0.57cvss 9.9epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbitrary Command. At every tick of the…

  • CVE-2026-41158HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the…

  • CVE-2026-41157CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from…

  • CVE-2026-41155MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption /…

  • CVE-2026-34195HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping.

  • CVE-2026-12131MedJun 12, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection.…

  • CVE-2025-7019MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS,…

  • CVE-2025-7018MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.

  • CVE-2025-7017HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine…

  • CVE-2025-7011HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast…

  • CVE-2025-7010MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on…

  • CVE-2025-7009HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast…

  • CVE-2025-7008HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus,…

  • CVE-2025-7006MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on…

  • CVE-2025-7005MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows,…

  • CVE-2025-7004HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast…

  • CVE-2025-7003HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…

  • CVE-2025-7002HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…

  • CVE-2020-2521Jun 12, 2026
    risk 0.00cvss epss

    Rejected reason: This candidate was issued in error.

  • CVE-2026-54091higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's…

  • CVE-2026-54093Jun 12, 2026
    risk 0.00cvss epss 0.00

    ### Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with `filepath.ToSlash`, which on a Linux host is a no-op for backslashes (`\` is only a path separator on Windows). A file whose name contains Windows-style traversal (`..\..\..\evil.txt`)…

  • CVE-2026-54094Jun 12, 2026
    risk 0.00cvss epss 0.00

    ## Summary File Browser enforces per-user scope with `afero.NewBasePathFs(afero.NewOsFs(), scope)`, set up in `users/users.go`. This blocks lexical `../` traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share,…

  • CVE-2026-54092higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code…

  • CVE-2026-54397MedJun 12, 2026
    risk 0.33cvss epss 0.00

    A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharing_group_id to a sharing group they were not authorized to use. When distribution was set to sharing…

  • CVE-2026-54396MedJun 12, 2026
    risk 0.27cvss epss 0.00

    An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.user_id value from the submitted request data. An…

  • CVE-2026-54395MedJun 12, 2026
    risk 0.27cvss epss 0.00

    MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before…

  • CVE-2026-54394MedJun 12, 2026
    risk 0.27cvss epss 0.00

    MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended…

  • CVE-2026-54393MedJun 12, 2026
    risk 0.26cvss epss 0.00

    A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), bypassing the normal setSetting() validation logic, including validate_homepage,…

  • CVE-2026-54362MedJun 12, 2026
    risk 0.27cvss epss 0.00

    An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the…

  • CVE-2026-54057HigJun 12, 2026
    risk 0.44cvss 7.8epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue.