VYPR

CVEs

345,196 total · page 93 of 6,904

  • CVE-2026-50560MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification…

  • CVE-2026-50091CriJun 12, 2026
    risk 0.59cvss 9.1epss 0.00

    Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of…

  • CVE-2026-50090CriJun 12, 2026
    risk 0.60cvss 9.3epss 0.00

    The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of…

  • CVE-2026-50089MedJun 12, 2026
    risk 0.40cvss 6.1epss 0.00

    The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

  • CVE-2026-50088HigJun 12, 2026
    risk 0.53cvss 8.2epss 0.00

    The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS…

  • CVE-2026-50087HigJun 12, 2026
    risk 0.53cvss 8.2epss 0.00

    The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).

  • CVE-2026-50086CriJun 12, 2026
    risk 0.65cvss 10.0epss 0.00

    The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic…

  • CVE-2026-50085HigJun 12, 2026
    risk 0.56cvss 8.6epss 0.00

    The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS…

  • CVE-2026-50084CriJun 12, 2026
    risk 0.62cvss 9.6epss 0.00

    The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N (9.6 Critical).…

  • CVE-2026-50083CriJun 12, 2026
    risk 0.59cvss 9.1epss 0.00

    The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical). When combined with…

  • CVE-2026-50082MedJun 12, 2026
    risk 0.42cvss 6.5epss 0.00

    The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N…

  • CVE-2026-50026MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

  • CVE-2026-50020MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, `HttpObjectDecoder` skips every byte for which `Character.isISOControl(b)` is `true` (0x00–0x1F…

  • CVE-2026-50011HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That…

  • CVE-2026-50010HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509TrustManager in…

  • CVE-2026-50009MedJun 12, 2026
    risk 0.31cvss 4.8epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The…

  • CVE-2026-48748HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version…

  • CVE-2026-48059HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid…

  • CVE-2026-48043MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.01

    Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the `DelegatingDecompressorFrameListener` class orchestrates HTTP/2 decompression by embedding a per-stream…

  • CVE-2026-48006HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array…

  • CVE-2026-47691HigJun 12, 2026
    risk 0.57cvss 8.7epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an…

  • CVE-2026-47190MedJun 12, 2026
    risk 0.22cvss 4.4epss 0.00

    IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, list, patch, update, watch) on core/v1 Secrets. The controller never accesses…

  • CVE-2026-47182MedJun 12, 2026
    risk 0.27cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.

  • CVE-2026-46690MedJun 12, 2026
    risk 0.38cvss 5.8epss 0.00

    unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.

  • CVE-2026-45833HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/default_tenant/databases…

  • CVE-2026-45832HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

  • CVE-2026-45831HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform…

  • CVE-2026-45830HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

  • CVE-2026-44976MedJun 12, 2026
    risk 0.27cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.

  • CVE-2026-44975MedJun 12, 2026
    risk 0.27cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versions 15.107.2 and 16.17.4.

  • CVE-2026-44967MedJun 12, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured…

  • CVE-2026-44208MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.

  • CVE-2026-44207MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0.

  • CVE-2026-44206MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4.

  • CVE-2026-40677HigJun 12, 2026
    risk 0.50cvss epss 0.00

    The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.

  • CVE-2026-8694MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.

  • CVE-2026-7368HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.00

    The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any…

  • CVE-2026-6853CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5.

  • CVE-2026-6211HigJun 12, 2026
    risk 0.57cvss 8.7epss 0.00

    Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33.

  • CVE-2026-54133CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when…

  • CVE-2026-53787CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.05

    Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint…

  • CVE-2026-53722MedJun 12, 2026
    risk 0.28cvss 5.4epss 0.00

    Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application…

  • CVE-2026-53721HigJun 12, 2026
    risk 0.46cvss 8.2epss 0.00

    Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in…

  • CVE-2026-47739MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0.

  • CVE-2026-47244MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2Settings never inserts…

  • CVE-2026-47210CriJun 12, 2026
    risk 0.57cvss 9.8epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising /…

  • CVE-2026-47209HigJun 12, 2026
    risk 0.49cvss 8.6epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy (e.g., when…

  • CVE-2026-47208CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in…

  • CVE-2026-47141MedJun 12, 2026
    risk 0.38cvss epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnostics_channel, async_hooks, and perf_hooks builtins are not blocked by the dangerous builtin…

  • CVE-2026-47140CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed…