VYPR

CVEs

345,196 total · page 98 of 6,904

  • CVE-2026-46698MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.php) that verified a nonce ftf-fediverse-embeds-nonce and then called…

  • CVE-2026-46697HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.00

    Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy (includes/Media_Proxy.php) with permission_callback => __return_true that accepted a base64-encoded URL and forwarded it…

  • CVE-2026-3329HigJun 11, 2026
    risk 0.57cvss epss 0.01

    A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.

  • CVE-2026-11986MedJun 11, 2026
    risk 0.32cvss 4.9epss 0.00

    A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a…

  • CVE-2026-49982HigJun 11, 2026
    risk 0.46cvss 8.2epss 0.01

    tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value (Array, Buffer, or any…

  • CVE-2026-44705HigJun 11, 2026
    risk 0.46cvss 8.2epss 0.00

    tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal…

  • CVE-2026-44496HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser…

  • CVE-2026-44495HigJun 11, 2026
    risk 0.38cvss 7.0epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted…

  • CVE-2026-44494HigJun 11, 2026
    risk 0.50cvss 8.7epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full…

  • CVE-2026-44492HigJun 11, 2026
    risk 0.49cvss 8.6epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form…

  • CVE-2026-44490MedJun 11, 2026
    risk 0.24cvss 4.8epss 0.00

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process (e.g. lodash _.merge / CVE-2018-16487), axios…

  • CVE-2026-44489LowJun 11, 2026
    risk 0.17cvss 3.7epss 0.00

    Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Object.prototype in their chain. The setProxy() function at…

  • CVE-2026-44488HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments…

  • CVE-2026-44487HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an…

  • CVE-2026-44486HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a…

  • CVE-2026-11945MedJun 11, 2026
    risk 0.42cvss 6.4epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the…

  • CVE-2026-48062criJun 11, 2026
    risk 0.52cvss epss 0.00

    ### Impact The `ext_in` upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named `shell.php` containing GIF-like content could pass validation such as: ```…

  • CVE-2026-48053Jun 11, 2026
    risk 0.00cvss epss 0.00

    ## Summary Several Kolibri API endpoints accept an unvalidated `baseurl` parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the `RemoteFacilityUser*` viewsets;…

  • CVE-2026-48050higJun 11, 2026
    risk 0.39cvss epss 0.00

    ### Summary Arc registers Go's `net/http/pprof` handlers at `/debug/pprof/*` via `app.Use(pprof.New())` in `internal/api/server.go`, and `/debug/pprof` is added to `PublicPrefixes` in `cmd/arc/main.go`. The auth middleware short-circuits before the token check on prefix match,…

  • CVE-2026-48049Jun 11, 2026
    risk 0.00cvss epss 0.00

    ### Impact `@hapi/inert` serves static files from a directory configured with `path` (in the `directory` / `file` handlers) or `relativeTo` (for `h.file()`), with confinement enforced by the `confine` option (default `true`). Before the patch, the confinement check compared the…

  • CVE-2026-9648CriJun 11, 2026
    risk 0.52cvss 9.1epss 0.00

    The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a…

  • CVE-2026-7870HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2026-7787HigJun 11, 2026
    risk 0.42cvss 7.5epss 0.00

    IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

  • CVE-2026-53777HigJun 11, 2026
    risk 0.46cvss 8.1epss 0.00

    Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages.…

  • CVE-2026-4096MedJun 11, 2026
    risk 0.42cvss 6.5epss 0.00

    IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or…

  • CVE-2026-3341MedJun 11, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2026-11839CriJun 11, 2026
    risk 0.64cvss 9.9epss 0.00

    Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003.

  • CVE-2024-45636MedJun 11, 2026
    risk 0.27cvss 4.1epss 0.00

    IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.

  • CVE-2026-8406HigJun 11, 2026
    risk 0.39cvss epss 0.00

    openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.

  • CVE-2026-6338MedJun 11, 2026
    risk 0.32cvss epss 0.00

    A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.

  • CVE-2026-53723MedJun 11, 2026
    risk 0.31cvss 5.8epss 0.00

    Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element…

  • CVE-2026-53661HigJun 11, 2026
    risk 0.50cvss epss 0.00

    Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In…

  • CVE-2026-38581CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.00

    SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into…

  • CVE-2026-11816HigJun 11, 2026
    risk 0.46cvss 8.1epss 0.01

    Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `filter_safe_zipinfos()` validate archive member paths against the process current…

  • CVE-2026-10847HigJun 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process.…

  • CVE-2026-48045Jun 11, 2026
    risk 0.00cvss epss 0.00

    ### Impact `AsyncListener.handle_query_or_defer` retained every truncated (TC-bit) incoming query in `self._deferred[addr]` and armed a per-addr timer in `self._timers[addr]` that flushed the reassembled query within ~500 ms (RFC 6762 §18.5). Neither the per-addr list nor the…

  • CVE-2026-48039criJun 11, 2026
    risk 0.52cvss epss 0.00

    # Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 (commit 496c988 ~ 7d14226); Versions 1.0.102–1.0.105 lack git…

  • CVE-2026-48068higJun 11, 2026
    risk 0.45cvss epss 0.01

    ### Impact An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js. ### Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 …

  • CVE-2026-48069higJun 11, 2026
    risk 0.45cvss epss 0.01

    ### Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js ### Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 …

  • CVE-2026-48038Jun 11, 2026
    risk 0.00cvss epss 0.00

    ### Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: `validate()` called without `try/catch` in a request…

  • CVE-2026-48054higJun 11, 2026
    risk 0.39cvss epss 0.00

    ## Summary The OpenZeppelin Contracts Wizard generated Hardhat (`test/test.ts`) and Foundry (`test/.t.sol`) example test files that interpolated user-supplied strings (`opts.name`, `opts.uri`) into the test source without escaping. A crafted input could produce a…

  • CVE-2026-48022Jun 11, 2026
    risk 0.00cvss epss 0.00

    ### Impact Wreck strips credential headers (Authorization, Cookie, Proxy-Authorization) before following a cross-origin redirect, but the origin check compares hostnames only and ignores scheme and port. As a result, credentials are forwarded intact across same-host port changes…

  • CVE-2026-48020higJun 11, 2026
    risk 0.39cvss epss 0.01

    ## Summary There is a high severity vulnerability in Traefik's `StripPrefix` middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a `PathPrefix` rule and applies the `StripPrefix` middleware,…

  • CVE-2026-48007higJun 11, 2026
    risk 0.39cvss epss 0.00

    ### Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a `posthog` key in config.json or by the `posthogApiHost` and `posthogApiKey` URL parameters. Several fields of this data (`$initial_person_info`,…

  • CVE-2026-47781higJun 11, 2026
    risk 0.38cvss epss 0.00

    ## Summary PDM automatically loads project-local plugin paths from `.pdm-plugins` during `Core` initialization. Because this path is added via `site.addsitedir()`, attacker-controlled `.pth` files inside the project plugin directory are processed and can execute Python code…

  • CVE-2026-47780Jun 11, 2026
    risk 0.00cvss epss 0.00

    ### Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather…

  • CVE-2026-7852CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.00

    Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9.

  • CVE-2026-49214MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the…

  • CVE-2026-48998MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host…

  • CVE-2026-11956LowJun 11, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched…