VYPR

CVEs

345,196 total · page 94 of 6,904

  • CVE-2026-47139HigJun 12, 2026
    risk 0.49cvss 8.6epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However,…

  • CVE-2026-47137CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality (options.require…

  • CVE-2026-47135HigJun 12, 2026
    risk 0.50cvss 8.7epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol…

  • CVE-2026-47131CriJun 12, 2026
    risk 0.58cvss 10.0epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the host's TypeError constructor…

  • CVE-2026-46340HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does `fragments.put(streamId,…

  • CVE-2026-45674HigJun 12, 2026
    risk 0.57cvss 8.7epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and…

  • CVE-2026-45673MedJun 12, 2026
    risk 0.44cvss 6.8epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination…

  • CVE-2026-45536MedJun 12, 2026
    risk 0.26cvss 4.0epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) — 24 bytes on 64-bit Linux. A peer-sent…

  • CVE-2026-45416HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly…

  • CVE-2026-44894HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken() returns false (server will not send Retry — acceptable),…

  • CVE-2026-44893HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex()…

  • CVE-2026-44205MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0.

  • CVE-2026-41581MedJun 12, 2026
    risk 0.38cvss epss 0.00

    Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions 15.106.0 and 16.16.0.

  • CVE-2026-10557CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud…

  • CVE-2026-28898lowJun 12, 2026
    risk 0.07cvss epss 0.00

    swift-nio-http2's HTTP/2-to-HTTP/1.1 codec (`HTTP2FramePayloadToHTTP1ServerCodec` / `HTTP2ToHTTP1ServerCodec`) did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request…

  • CVE-2026-28975Jun 12, 2026
    risk 0.00cvss epss 0.00

    ### Impact When `NIOHTTPRequestDecompressor` is configured with `.ratio(N)`, the decompression limit is enforced using the `Content-Length` header value from the incoming request rather than the actual number of compressed bytes received. Since `Content-Length` is…

  • CVE-2026-28980higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary The `HTTPDecoder` in `NIOHTTP1` enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all…

  • CVE-2026-43671higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding `UInt32.max` are passed to some `ByteBuffer` methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in…

  • CVE-2026-28970Jun 12, 2026
    risk 0.00cvss epss 0.00

    Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is…

  • CVE-2026-48121Jun 12, 2026
    risk 0.00cvss epss 0.00

    ## Summary A NoSQL injection vulnerability existed in `MongoDBSaver` where checkpoint identifier fields from `config.configurable` were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads (for example MongoDB…

  • CVE-2026-48113higJun 12, 2026
    risk 0.38cvss epss 0.00

    ### Summary Authenticated chisel clients can bypass `--authfile` ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that…

  • CVE-2026-54102Jun 12, 2026
    risk 0.00cvss epss

    Rejected reason: Reserved but no longer needed.

  • CVE-2026-54101Jun 12, 2026
    risk 0.00cvss epss

    Rejected reason: Reserved but no longer needed.

  • CVE-2026-49993MedJun 12, 2026
    risk 0.30cvss 5.7epss 0.00

    Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when…

  • CVE-2026-47200MedJun 12, 2026
    risk 0.27cvss 5.3epss 0.00

    Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled…

  • CVE-2026-46342MedJun 12, 2026
    risk 0.28cvss 5.4epss 0.00

    Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /__nuxt_island/* endpoint accepts…

  • CVE-2026-45670MedJun 12, 2026
    risk 0.28cvss 5.4epss 0.00

    Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using…

  • CVE-2026-45669MedJun 12, 2026
    risk 0.28cvss 5.4epss 0.00

    Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML redirect body containing a tag. The destination URL is…

  • CVE-2026-1836MedJun 12, 2026
    risk 0.34cvss epss 0.00

    The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

  • CVE-2026-12066HigJun 12, 2026
    risk 0.40cvss 7.3epss 0.00

    A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in…

  • CVE-2026-12065LowJun 12, 2026
    risk 0.12cvss 1.8epss 0.00

    A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the…

  • CVE-2026-11967HigJun 12, 2026
    risk 0.55cvss epss 0.00

    MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location…

  • CVE-2026-11879HigJun 12, 2026
    risk 0.55cvss epss 0.00

    MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this…

  • CVE-2017-20240MedJun 12, 2026
    risk 0.38cvss 5.9epss 0.00

    Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

  • CVE-2026-49347MedJun 12, 2026
    risk 0.34cvss epss 0.00

    Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without…

  • CVE-2026-48485LowJun 12, 2026
    risk 0.14cvss epss 0.00

    Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a…

  • CVE-2026-47197HigJun 12, 2026
    risk 0.47cvss epss 0.00

    Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role…

  • CVE-2026-47196HigJun 12, 2026
    risk 0.55cvss epss 0.00

    Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes(""), which is always…

  • CVE-2026-47195HigJun 12, 2026
    risk 0.46cvss epss 0.00

    Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level…

  • CVE-2026-9266HigJun 12, 2026
    risk 0.45cvss epss 0.00

    A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a…

  • CVE-2026-11849CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.

  • CVE-2026-11848MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information.

  • CVE-2026-50645HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which…

  • CVE-2026-50634MedJun 12, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted `Content-Type` or protected HTTP-header metadata…

  • CVE-2026-50633HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.01

    A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Users are recommended to upgrade to…

  • CVE-2026-50632HigJun 12, 2026
    risk 0.53cvss 8.1epss 0.01

    A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended…

  • CVE-2026-50631HigJun 12, 2026
    risk 0.48cvss 7.4epss 0.00

    A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by…

  • CVE-2026-50630MedJun 12, 2026
    risk 0.42cvss 6.5epss 0.00

    A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return (CR) and Line Feed (LF) characters. If an attacker can control the realm…

  • CVE-2026-50629MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are…

  • CVE-2026-50628CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.01

    A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to…