VYPR

CVEs

100,082 total · page 92 of 2,002

  • CVE-2026-30923HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string…

  • CVE-2026-7851HigMay 5, 2026
    risk 0.47cvss 7.2epss 0.04

    A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and…

  • CVE-2026-25589HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.01

    RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a…

  • CVE-2026-25588HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.01

    RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server…

  • CVE-2026-25243HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.03

    Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid…

  • CVE-2026-23631HigMay 5, 2026
    risk 0.46cvss 8.1epss 0.02

    Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled,…

  • CVE-2026-23479HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.01

    Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated…

  • CVE-2026-7865HigMay 5, 2026
    risk 0.48cvss epss 0.01

    A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument.  A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with…

  • CVE-2026-7412HigMay 5, 2026
    risk 0.56cvss 8.6epss 0.01

    In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP…

  • CVE-2026-43070HigMay 5, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPF_END value tracking When a register undergoes a BPF_END (byte swap) operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another…

  • CVE-2026-43063HigMay 5, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that.

  • CVE-2026-43062HigMay 5, 2026
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() l2cap_ecred_reconf_rsp() casts the incoming data to struct l2cap_ecred_conn_rsp (the ECRED *connection* response, 8 bytes with result at offset…

  • CVE-2026-43060HigMay 5, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates that specify the conntrack zone, because a percpu area is used and module…

  • CVE-2026-43059HigMay 5, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs") introduced mgmt_pending_valid(), which not only validates the pending…

  • CVE-2026-32689HigMay 5, 2026
    risk 0.50cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:…

  • CVE-2026-31196HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.01

    OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system() call, allowing…

  • CVE-2026-31195HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.01

    OS command injection vulnerability in the ping diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system() call, allowing authenticated…

  • CVE-2025-66369HigMay 5, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a…

  • CVE-2026-4304HigMay 5, 2026
    risk 0.49cvss 7.5epss 0.00

    The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2026-36355HigMay 5, 2026
    risk 0.53cvss 7.7epss 0.01

    The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the…

  • CVE-2026-29168HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

  • CVE-2026-7833HigMay 5, 2026
    risk 0.47cvss 7.2epss 0.02

    A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be…

  • CVE-2026-7832HigMay 5, 2026
    risk 0.46cvss 7.0epss 0.00

    A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It…

  • CVE-2026-6918HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.01

    In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.

  • CVE-2026-6261HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.01

    The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file…

  • CVE-2026-43573HigMay 5, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.

  • CVE-2026-43571HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust…

  • CVE-2026-43569HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are…

  • CVE-2026-43533HigMay 5, 2026
    risk 0.49cvss 8.6epss 0.00

    OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local…

  • CVE-2026-43532HigMay 5, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

  • CVE-2026-43531HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to…

  • CVE-2026-43530HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval…

  • CVE-2026-43527HigMay 5, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.

  • CVE-2026-43526HigMay 5, 2026
    risk 0.46cvss 8.2epss 0.00

    OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes…

  • CVE-2026-42439HigMay 5, 2026
    risk 0.48cvss 8.5epss 0.00

    OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab…

  • CVE-2026-42438HigMay 5, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media…

  • CVE-2026-42437HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for…

  • CVE-2026-42436HigMay 5, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or…

  • CVE-2026-42435HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables…

  • CVE-2026-42434HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.

  • CVE-2023-54348HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.00

    ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas…

  • CVE-2023-54347HigMay 5, 2026
    risk 0.49cvss 7.5epss 0.01

    OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically…

  • CVE-2023-54346HigMay 5, 2026
    risk 0.49cvss 7.5epss 0.00

    WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and…

  • CVE-2023-54345HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.01

    Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script…

  • CVE-2026-6322HigMay 5, 2026
    risk 0.49cvss 7.5epss 0.00

    fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a…

  • CVE-2026-43870HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue…

  • CVE-2026-3359HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2026-43869HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.01

    Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-6180HigMay 5, 2026
    risk 0.53cvss 8.1epss 0.00

    A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence…

  • CVE-2026-5192HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.01

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path]' parameter. This makes it possible for unauthenticated attackers to read the…