VYPR

CVEs

100,082 total · page 97 of 2,002

  • CVE-2026-31729HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsi_notify_common() The connector number extracted from CCI via UCSI_CCI_CONNECTOR() is a 7-bit field (0-127) that is used to index into the connector array in…

  • CVE-2026-31720HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variable: u32 data = 0; memcpy(&data, req->buf, req->length); req->length is…

  • CVE-2026-31719HigMay 1, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher…

  • CVE-2026-31717HigMay 1, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any…

  • CVE-2026-31716HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate rec->used in journal-replay file record check check_file_record() validates rec->total against the record size but never validates rec->used. The do_action() journal-replay handlers read…

  • CVE-2026-31715HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the…

  • CVE-2026-31712HigMay 1, 2026
    risk 0.47cvss 8.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against an under-sized remaining buffer, not against an ACE whose declared `ace->size` is…

  • CVE-2026-31711HigMay 1, 2026
    risk 0.42cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()") addressed the kthread_run() failure path. …

  • CVE-2026-31709HigMay 1, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild…

  • CVE-2026-31708HigMay 1, 2026
    risk 0.46cvss 8.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL and the default QUERY_INFO path. The QUERY_INFO branch clamps…

  • CVE-2026-31707HigMay 1, 2026
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type by adding (or multiplying) attacker-controlled fields from the daemon response…

  • CVE-2026-31706HigMay 1, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value from the parent directory's DACL xattr and uses it to size a heap allocation: …

  • CVE-2026-31703HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inode_switch_wbs_work_fn() inode_switch_wbs_work_fn() has a loop like: wb_get(new_wb); while (1) { list = llist_del_all(&new_wb->switch_wbs_ctxs); /* Nothing to…

  • CVE-2026-31702HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() In f2fs_compress_write_end_io(), dec_page_count(sbi, type) can bring the F2FS_WB_CP_DATA counter to zero, unblocking f2fs_wait_on_all_pages() in…

  • CVE-2026-31700HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel…

  • CVE-2026-31699HigMay 1, 2026
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an…

  • CVE-2026-31698HigMay 1, 2026
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due…

  • CVE-2026-31697HigMay 1, 2026
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was…

  • CVE-2026-31696HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are two paths for parsing key payloads: the XDR path (for large payloads) and the non-XDR path (for payloads…

  • CVE-2026-31695HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for the virt_wifi net devices. However, unregistering a virt_wifi device in…

  • CVE-2026-31694HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The…

  • CVE-2026-7579HigMay 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the…

  • CVE-2026-3772HigMay 1, 2026
    risk 0.50cvss 8.8epss 0.00

    The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and 'add_themes_page' functions. This makes it possible for unauthenticated attackers…

  • CVE-2026-43003HigMay 1, 2026
    risk 0.45cvss 8.0epss 0.01

    An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.

  • CVE-2026-43001HigMay 1, 2026
    risk 0.44cvss 7.9epss 0.00

    An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted…

  • CVE-2026-42403HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause…

  • CVE-2026-42402HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory…

  • CVE-2026-7584HigMay 1, 2026
    risk 0.51cvss 7.8epss 0.00

    The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any…

  • CVE-2026-7555HigMay 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available…

  • CVE-2026-7550HigMay 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2026-7549HigMay 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The…

  • CVE-2026-7548HigMay 1, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The…

  • CVE-2026-7545HigMay 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoint. This manipulation causes sql injection. Remote exploitation of the attack is…

  • CVE-2026-7519HigMay 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has…

  • CVE-2026-7513HigMay 1, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public…

  • CVE-2026-7512HigMay 1, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

  • CVE-2026-5656HigMay 1, 2026
    risk 0.39cvss 7.0epss 0.00

    Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2026-5405HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2026-5403HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2026-7506HigApr 30, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection. The attack may be launched remotely. The exploit has been…

  • CVE-2026-7505HigApr 30, 2026
    risk 0.40cvss 7.3epss 0.00

    A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used.…

  • CVE-2026-7551HigApr 30, 2026
    risk 0.50cvss 8.8epss 0.01

    HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text…

  • CVE-2026-7503HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow.…

  • CVE-2026-6543HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks…

  • CVE-2026-6389HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate…

  • CVE-2026-7435HigApr 30, 2026
    risk 0.47cvss 7.2epss 0.00

    SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic…

  • CVE-2026-4503HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.

  • CVE-2026-40912HigApr 30, 2026
    risk 0.46cvss 8.2epss 0.01

    Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The…

  • CVE-2026-33451HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

  • CVE-2026-33449HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a …