VYPR

CVEs

100,082 total · page 93 of 2,002

  • CVE-2026-7812HigMay 5, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command…

  • CVE-2026-7811HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to…

  • CVE-2026-7810HigMay 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack…

  • CVE-2026-4803HigMay 5, 2026
    risk 0.40cvss 7.2epss 0.00

    The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output…

  • CVE-2026-3456HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2026-35228HigMay 5, 2026
    risk 0.57cvss 8.7epss 0.00

    Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2026-5100HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2026-44028HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack…

  • CVE-2026-7788HigMay 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of…

  • CVE-2026-7785HigMay 5, 2026
    risk 0.48cvss 7.3epss 0.01

    A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack…

  • CVE-2026-7784HigMay 5, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the…

  • CVE-2026-7791HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission…

  • CVE-2026-7776HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.00

    Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold…

  • CVE-2026-42222HigMay 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.

  • CVE-2026-42221HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint…

  • CVE-2026-7768HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually…

  • CVE-2026-6321HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.01

    fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same…

  • CVE-2026-41927HigMay 4, 2026
    risk 0.54cvss epss 0.00

    WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a…

  • CVE-2025-67796HigMay 4, 2026
    risk 0.53cvss 8.1epss 0.00

    IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or…

  • CVE-2026-42237HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table…

  • CVE-2026-42236HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could…

  • CVE-2026-42234HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner…

  • CVE-2026-42232HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes…

  • CVE-2026-42231HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission…

  • CVE-2026-42229HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or…

  • CVE-2026-42226HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared…

  • CVE-2026-42154HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.01

    Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated…

  • CVE-2026-42151HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.00

    Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type…

  • CVE-2026-38751HigMay 4, 2026
    risk 0.47cvss 7.2epss 0.00

    OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)

  • CVE-2026-25863HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied…

  • CVE-2026-43616HigMay 4, 2026
    risk 0.39cvss 7.1epss 0.00

    Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization…

  • CVE-2026-42084HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by…

  • CVE-2026-41471HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over…

  • CVE-2026-37459HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.00

    An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2026-32834HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter.…

  • CVE-2026-29004HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a…

  • CVE-2026-0073HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.01

    In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction…

  • CVE-2026-42440HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.01

    OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed…

  • CVE-2026-42372HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir605l" read from /etc/alpha_config/image_sign.…

  • CVE-2026-42079HigMay 4, 2026
    risk 0.49cvss 8.6epss 0.00

    PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

  • CVE-2026-42075HigMay 4, 2026
    risk 0.53cvss 8.1epss 0.01

    Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths…

  • CVE-2026-37461HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.00

    An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2026-29514HigMay 4, 2026
    risk 0.50cvss 8.8epss 0.01

    NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python…

  • CVE-2026-24082HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

  • CVE-2025-47408HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

  • CVE-2025-47407HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

  • CVE-2025-47405HigMay 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

  • CVE-2026-40563HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access…

  • CVE-2026-36365HigMay 4, 2026
    risk 0.44cvss 7.8epss 0.00

    An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp

  • CVE-2026-29169HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.01

    A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from…