VYPR

CVEs

345,196 total · page 91 of 6,904

  • CVE-2026-54056HigJun 12, 2026
    risk 0.42cvss 7.6epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote `text/uri-list` drops are staged in a temporary…

  • CVE-2026-53607LowJun 12, 2026
    risk 0.24cvss 3.7epss 0.00

    ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO feature for serving uploaded files at clean URLs), the public pretty-URL handler builds the…

  • CVE-2026-53606MedJun 12, 2026
    risk 0.35cvss 5.4epss 0.00

    ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use `allowedSchemesAppliedToAttributes` (default: `['href', 'src', 'cite']`) to gate the…

  • CVE-2026-4870HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.

  • CVE-2026-47264MedJun 12, 2026
    risk 0.27cvss 5.3epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#tag_group_names returned every tag group a tag belonged to without filtering…

  • CVE-2026-47263MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /web_hook_events/ in Jobs::RedeliverWebHookEvents did not pass…

  • CVE-2026-45775MedJun 12, 2026
    risk 0.37cvss 6.8epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator…

  • CVE-2026-45085MedJun 12, 2026
    risk 0.27cvss 5.3epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin (one also involving discourse-calendar):…

  • CVE-2026-45014MedJun 12, 2026
    risk 0.34cvss epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available.

  • CVE-2026-45013HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using `req.hostname`, which is derived directly from the attacker-controlled HTTP `Host` header when `apos.baseUrl` is…

  • CVE-2026-45012HigJun 12, 2026
    risk 0.49cvss 7.6epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause…

  • CVE-2026-45011HigJun 12, 2026
    risk 0.47cvss 7.3epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors…

  • CVE-2026-44990CriJun 12, 2026
    risk 0.53cvss 9.3epss 0.00

    ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` prior to 2.17.4 can turn attacker-controlled content inside a disallowed `xmp`…

  • CVE-2026-44786HigJun 12, 2026
    risk 0.42cvss 7.5epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any…

  • CVE-2026-44785MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks can_see? on the post being explained, not its reply_to_post, so any…

  • CVE-2026-44784MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP…

  • CVE-2026-44783MedJun 12, 2026
    risk 0.28cvss 5.4epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups…

  • CVE-2026-44782MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared include_user_long_name? as the predicate for its :name attribute, but AMS…

  • CVE-2026-44780MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload["raw_email"] for posts that arrived via…

  • CVE-2026-44779MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions…

  • CVE-2026-42853MedJun 12, 2026
    risk 0.42cvss 6.5epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a…

  • CVE-2026-24618MedJun 12, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4.

  • CVE-2026-12130LowJun 12, 2026
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack…

  • CVE-2026-12129LowJun 12, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting.…

  • CVE-2026-54096higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary This is similar vulnrability of **`CVE-2026-0035`**, which was fixed in Android `MediaProvider` with **high** severity. In the original Java issue, `MediaStore.createWriteRequest()` accepted attacker-controlled URIs and created a future grant even when the referenced…

  • CVE-2026-54097higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary A low-privileged authenticated user of filebrowser (with `create` + `delete` permissions in their own isolated scope) can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file…

  • CVE-2026-46371Jun 12, 2026
    risk 0.00cvss epss 0.00

    ### Summary A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service…

  • CVE-2026-46370Jun 12, 2026
    risk 0.00cvss epss 0.00

    ### Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets (`node_key`, `orbit_node_key`) through a cursor-based binary search oracle. The endpoint accepted a…

  • CVE-2026-44311Jun 12, 2026
    risk 0.00cvss epss 0.00

    ### Summary A potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the `toSVG()` method. Specifically, the `color` field within the `colorStops` array of a `fabric.Gradient` object…

  • CVE-2026-54361HigJun 12, 2026
    risk 0.50cvss epss 0.00

    MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers…

  • CVE-2026-54360HigJun 12, 2026
    risk 0.48cvss epss 0.00

    A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a…

  • CVE-2026-54359HigJun 12, 2026
    risk 0.39cvss epss 0.00

    MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site…

  • CVE-2026-54358HigJun 12, 2026
    risk 0.42cvss epss 0.00

    An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within…

  • CVE-2026-54357MedJun 12, 2026
    risk 0.26cvss epss 0.00

    An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by…

  • CVE-2026-54055MedJun 12, 2026
    risk 0.26cvss 5.0epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU…

  • CVE-2026-50552MedJun 12, 2026
    risk 0.34cvss 6.3epss 0.00

    Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in the radio station creation endpoint (POST /api/radio/stations). The url field validation rules are declared without the bail keyword,…

  • CVE-2026-50287HigJun 12, 2026
    risk 0.50cvss epss 0.00

    AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A…

  • CVE-2026-47260HigJun 12, 2026
    risk 0.43cvss 7.7epss 0.00

    Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode values extracted from the RSS XML are stored directly into…

  • CVE-2026-43872MedJun 12, 2026
    risk 0.27cvss epss 0.00

    Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.

  • CVE-2026-42890MedJun 12, 2026
    risk 0.31cvss epss 0.00

    Actual is an open-source personal finance application. In the macOS desktop application version 25.x (built on Electron 39.2.7), the ELECTRON_RUN_AS_NODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the…

  • CVE-2026-42851HigJun 12, 2026
    risk 0.44cvss 7.8epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an email body rendered in `less`, an issue body in a TUI, etc. — can cause kitty…

  • CVE-2026-42850HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the…

  • CVE-2026-42604MedJun 12, 2026
    risk 0.45cvss epss 0.00

    Actual is a local-first personal finance tool. The `POST /openid/config` endpoint in Actual Budget's sync-server versions <= 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 `client_secret`—to any caller who knows the bootstrap password. The endpoint…

  • CVE-2026-53999higJun 12, 2026
    risk 0.39cvss epss 0.00

    # Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) ## Summary A configuration-validation issue in the Radius Kubernetes controller can cause it to issue a `DELETE` for the container resource referenced by a…

  • CVE-2026-53726MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from…

  • CVE-2026-53725MedJun 12, 2026
    risk 0.31cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the _User class via Class-Level Permissions could expose sensitive user data through…

  • CVE-2026-53724LowJun 12, 2026
    risk 0.07cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would…

  • CVE-2026-53408HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.

  • CVE-2026-53407HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.

  • CVE-2026-50244MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the…