VYPR

CVEs

100,082 total · page 98 of 2,002

  • CVE-2025-56568HigApr 30, 2026
    risk 0.42cvss 7.5epss 0.00

    Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length…

  • CVE-2025-46115HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request

  • CVE-2026-7461HigApr 30, 2026
    risk 0.40cvss 7.2epss 0.01

    Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the…

  • CVE-2026-40904HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead…

  • CVE-2026-40601HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does…

  • CVE-2026-40600HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different…

  • CVE-2026-40595HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level…

  • CVE-2026-36765HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.

  • CVE-2026-36762HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.

  • CVE-2026-33845HigApr 30, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of…

  • CVE-2025-51846HigApr 30, 2026
    risk 0.42cvss 7.5epss 0.01

    CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.

  • CVE-2022-50992HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.01

    Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the…

  • CVE-2026-5174HigApr 30, 2026
    risk 0.50cvss 7.7epss 0.03

    Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

  • CVE-2026-36960HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An…

  • CVE-2026-36340HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.01

    An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function

  • CVE-2026-36959HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and…

  • CVE-2026-36958HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP…

  • CVE-2026-36957HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file…

  • CVE-2026-36956HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for…

  • CVE-2026-7246HigApr 30, 2026
    risk 0.40cvss 7.2epss 0.01

    Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

  • CVE-2026-2892HigApr 30, 2026
    risk 0.42cvss 7.5epss 0.00

    The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned 'o_stripe_data' cookie to determine Stripe product ownership for unauthenticated…

  • CVE-2026-7402HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

  • CVE-2026-7399HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

  • CVE-2025-14576HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead…

  • CVE-2024-13971HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

  • CVE-2026-41882HigApr 30, 2026
    risk 0.48cvss 7.4epss 0.00

    In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

  • CVE-2026-31693HigApr 30, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were…

  • CVE-2026-31787HigApr 30, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits…

  • CVE-2026-31786HigApr 30, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in…

  • CVE-2026-42800HigApr 30, 2026
    risk 0.48cvss 7.4epss 0.00

    NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.

  • CVE-2026-42799HigApr 30, 2026
    risk 0.48cvss 7.4epss 0.00

    Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10.

  • CVE-2026-42512HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.01

    As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet…

  • CVE-2026-39457HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application…

  • CVE-2026-35547HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an…

  • CVE-2026-22070HigApr 30, 2026
    risk 0.46cvss 7.1epss 0.00

    ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

  • CVE-2026-7164HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process…

  • CVE-2026-7270HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges.

  • CVE-2026-5402HigApr 30, 2026
    risk 0.50cvss 8.8epss 0.00

    TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

  • CVE-2026-42511HigApr 30, 2026
    risk 0.46cvss 8.1epss 0.00

    The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the…

  • CVE-2024-39847HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

  • CVE-2025-13030HigApr 30, 2026
    risk 0.39cvss 7.1epss 0.00

    All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper…

  • CVE-2026-7470HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2026-7468HigApr 30, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely.…

  • CVE-2026-7446HigApr 30, 2026
    risk 0.41cvss 7.3epss 0.01

    A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID…

  • CVE-2026-7443HigApr 29, 2026
    risk 0.48cvss 7.3epss 0.01

    A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The…

  • CVE-2026-7420HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.00

    A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has…

  • CVE-2026-7419HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The…

  • CVE-2026-7418HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The…

  • CVE-2026-7417HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. The attack may…

  • CVE-2026-7416HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.02

    A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched…