VYPR

CVEs

100,082 total · page 99 of 2,002

  • CVE-2026-7404HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It…

  • CVE-2025-50328HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the…

  • CVE-2026-7426HigApr 29, 2026
    risk 0.46cvss 8.1epss 0.00

    Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the…

  • CVE-2026-7400HigApr 29, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched…

  • CVE-2026-34965HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.01

    Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can…

  • CVE-2018-25315HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode…

  • CVE-2018-25314HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with…

  • CVE-2018-25309HigApr 29, 2026
    risk 0.47cvss 7.2epss 0.00

    MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary…

  • CVE-2018-25308HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.01

    BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during…

  • CVE-2018-25307HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during…

  • CVE-2018-25304HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the…

  • CVE-2018-25303HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with…

  • CVE-2018-25302HigApr 29, 2026
    risk 0.51cvss 7.8epss 0.00

    Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with…

  • CVE-2018-25301HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain…

  • CVE-2018-25300HigApr 29, 2026
    risk 0.53cvss 8.2epss 0.00

    XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive…

  • CVE-2018-25299HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection…

  • CVE-2026-7466HigApr 29, 2026
    risk 0.50cvss 8.8epss 0.00

    AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the…

  • CVE-2026-7424HigApr 29, 2026
    risk 0.46cvss 8.1epss 0.00

    Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze…

  • CVE-2026-7398HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes…

  • CVE-2026-5712HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

  • CVE-2026-0204HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

  • CVE-2026-7389HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads to sql injection. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-7386HigApr 29, 2026
    risk 0.40cvss 7.3epss 0.00

    A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the argument message_ids can lead to path traversal. The attack can be executed remotely. The exploit has been…

  • CVE-2026-6849HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from <=0.7.5 before…

  • CVE-2026-42198HigApr 29, 2026
    risk 0.49cvss 7.5epss 0.01

    pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very…

  • CVE-2026-38991HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension…

  • CVE-2026-37555HigApr 29, 2026
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication…

  • CVE-2026-30769HigApr 29, 2026
    risk 0.51cvss 7.8epss 0.00

    An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

  • CVE-2026-7384HigApr 29, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path…

  • CVE-2026-7111HigApr 29, 2026
    risk 0.48cvss 8.4epss 0.00

    Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example…

  • CVE-2026-5161HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2.

  • CVE-2026-5141HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2…

  • CVE-2026-41952HigApr 29, 2026
    risk 0.51cvss 7.8epss 0.00

    Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

  • CVE-2026-41220HigApr 29, 2026
    risk 0.51cvss 7.8epss 0.00

    Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

  • CVE-2026-36837HigApr 29, 2026
    risk 0.49cvss 7.5epss 0.00

    TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.

  • CVE-2026-5140HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4.

  • CVE-2026-42524HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

  • CVE-2026-42520HigApr 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code…

  • CVE-2026-42652HigApr 29, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.

  • CVE-2026-42646HigApr 29, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through <= 3.44.0.

  • CVE-2026-42518HigApr 29, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information…

  • CVE-2026-42517HigApr 29, 2026
    risk 0.46cvss epss 0.00

    This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to…

  • CVE-2026-42516HigApr 29, 2026
    risk 0.46cvss epss 0.00

    This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted…

  • CVE-2026-42515HigApr 29, 2026
    risk 0.46cvss epss 0.00

    This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on…

  • CVE-2026-42514HigApr 29, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to…

  • CVE-2026-42513HigApr 29, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful…

  • CVE-2026-42377HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0.

  • CVE-2026-35155HigApr 29, 2026
    risk 0.46cvss 7.1epss 0.00

    Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.

  • CVE-2026-42615HigApr 29, 2026
    risk 0.40cvss 7.2epss 0.00

    GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.

  • CVE-2026-40560HigApr 29, 2026
    risk 0.42cvss 7.5epss 0.00

    Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must…