VYPR

CVEs

11,223 total · page 1 of 225

  • CVE-2026-40702criJun 25, 2026
    risk 0.61cvss 9.4epss 0.00

    WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is…

  • CVE-2026-45052criJun 24, 2026
    risk 0.59cvss epss

    ## Summary **Description** An Improper Authorization (CWE-285) issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm…

  • CVE-2026-45051criJun 24, 2026
    risk 0.59cvss epss

    ## Summary **Description** A deserialization of untrusted data vulnerability (CWE-502) exists in OpenAM's WebAuthn authentication module. Under certain conditions, this may allow an attacker to achieve arbitrary code execution in the context of the application server. This…

  • CVE-2026-54350criJun 23, 2026
    risk 0.59cvss epss 0.00

    ## Summary `enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:…

  • CVE-2026-52813criJun 23, 2026
    risk 0.52cvss epss 0.01

    ### Summary Organization names containing path traversal sequences (`../`) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By…

  • CVE-2026-52811criJun 23, 2026
    risk 0.52cvss epss 0.00

    Summary `(*Repository).UploadRepoFiles` checks for symlinks only on the **leaf** of the upload target (`osx.IsSymlink(targetPath)`). The siblings `UpdateRepoFile`, `DeleteRepoFile`, and `GetDiffPreview` use `hasSymlinkInPath`, which lstats every component — `UploadRepoFiles`…

  • CVE-2026-52806criJun 23, 2026
    risk 0.52cvss epss 0.01

    # Gogs: RCE via `git rebase --exec` Argument Injection in PR Merge ## Summary Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially crafted branch name that injects the `--exec` flag into the `git…

  • CVE-2026-11807criJun 23, 2026
    risk 0.62cvss 9.6epss 0.00

    eda-server: websocket missing authorization allows credential theft via activation_id spoofing

  • CVE-2026-54352criJun 22, 2026
    risk 0.59cvss epss 0.00

    ## Summary `POST /api/pwa/process-zip` at `packages/server/src/api/routes/static.ts:24` accepts a builder-uploaded `.zip`, extracts it with `extract-zip@2.0.1` into a temp directory, then for each entry listed in `icons.json` validates the icon path, opens it, and streams the…

  • CVE-2026-48170criJun 22, 2026
    risk 0.52cvss epss

    ## Summary `scim-patch` performs prototype pollution when applying a SCIM PATCH operation whose `value` object contains a key like `"__proto__.someProp"`. After one such patch, `Object.prototype.someProp` is set process-wide, affecting every plain object in the Node process. …

  • CVE-2026-46495criJun 22, 2026
    risk 0.59cvss epss

    ## Summary **Description** A Deserialization of Untrusted Data (CWE-502) issue in OpenDJ's JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The vulnerability exists because the platform reads and processes…

  • CVE-2026-46488criJun 22, 2026
    risk 0.59cvss epss

    ### Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set…

  • CVE-2026-44203criJun 22, 2026
    risk 0.59cvss epss

    ### Summary The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the `form_post` response mode. This may allow an attacker to inject content into the…

  • CVE-2026-44179criJun 22, 2026
    risk 0.59cvss epss

    ### Summary The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code…

  • CVE-2026-33646criJun 22, 2026
    risk 0.59cvss epss 0.01

    ## Summary Mise processes `.tool-versions` files through the Tera template engine during parsing, with the `exec()` function registered, enabling arbitrary command execution. Unlike `.mise.toml` files, `.tool-versions` files are **not subject to trust verification** in…

  • CVE-2026-55447criJun 19, 2026
    risk 0.52cvss epss 0.00

    ### Summary All components based on `BaseFileComponent` are vulnerable to the following vulnerability: 1. Docling (`DoclingInlineComponent`) 2. Docling Serve (`DoclingRemoteComponent`) 3. Read File (`FileComponent`) 4. NVIDIA Retriever Extraction (`NvidiaIngestComponent`) 5.…

  • CVE-2026-55255criJun 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary Insecure Direct Object Reference (IDOR) vulnerability in `/api/v1/responses` endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. ## Details The vulnerability exists in the…

  • CVE-2026-55791criJun 19, 2026
    risk 0.52cvss epss

    **1. Overview** Craft CMS is vulnerable to Server-Side Request Forgery (SSRF) and Arbitrary JavaScript Injection through the `/actions/app/resource-js` endpoint. By exploiting the default permissive `trustedHosts` configuration, an attacker can poison the `Host` or…

  • CVE-2026-54782criJun 19, 2026
    risk 0.52cvss epss

    ### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. #### Preconditions Relying-party service is hosted…

  • CVE-2026-55884criJun 19, 2026
    risk 0.52cvss epss

    ## Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read…

  • CVE-2026-54051criJun 19, 2026
    risk 0.52cvss epss

    ## Summary The agent sandbox gates shell commands behind an allowlist (`SandboxPolicy.isCommandAllowed`), which THREAT_MODEL.md calls the main control against a compromised agent (Adversary 3.2). The allowlist glob-matches the whole command string, but `ShellExecutor` runs that…

  • CVE-2026-54003criJun 18, 2026
    risk 0.52cvss epss

    ### TL;DR This vulnerability affects Kirby sites that have no configured user accounts and are running on publicly accessible servers behind a reverse proxy that sets the `Forwarded: for=...`, `X-Client-IP`, or `X-Real-IP` request header. It was possible to install the Panel…

  • CVE-2026-44727criJun 18, 2026
    risk 0.52cvss epss 0.00

    The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`. Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML…

  • CVE-2026-40624criJun 18, 2026
    risk 0.64cvss 9.8epss 0.01

    Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

  • CVE-2026-55518criJun 17, 2026
    risk 0.52cvss epss

    ## Summary A critical missing authorization flaw exists in Avo's association attach workflow. The UI and `GET /resources/:resource/:id/:related/new` path can check `attach_?`, but the actual write endpoint, `POST /resources/:resource/:id/:related`, does not run the…

  • CVE-2026-55471criJun 17, 2026
    risk 0.52cvss epss

    ### Summary `org.hl7.fhir.utilities.XsltUtilities` exposes two parallel families of XSLT transform helpers. The `transform(...)` overloads obtain their `TransformerFactory` from the project's hardened helper `XMLUtil.newXXEProtectedTransformerFactory()` (which sets…

  • CVE-2026-55450criJun 17, 2026
    risk 0.52cvss epss 0.00

    ### Summary Unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the server. In adition, in the response, the absolute path of the…

  • CVE-2026-49980criJun 16, 2026
    risk 0.52cvss epss 0.01

    ## Summary `rclone rcd --rc-serve` accepts unauthenticated `GET` and `HEAD` requests to paths of the form: ```text /[remote:path]/object ``` The `remote` value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend…

  • CVE-2026-49468criJun 16, 2026
    risk 0.52cvss epss 0.00

    ### Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()…

  • CVE-2026-48777CriJun 16, 2026
    risk 0.53cvss epss 0.00

    FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields…

  • CVE-2026-22313CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.01

    The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by…

  • CVE-2026-54157criJun 16, 2026
    risk 0.52cvss epss 0.02

    ## Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com ## Summary The `/webapi/proxy` endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy…

  • CVE-2026-53753criJun 16, 2026
    risk 0.52cvss epss 0.00

    ### Summary The `_safe_eval_expression()` function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (`gi_frame`, `f_back`, `f_builtins`) do NOT start with underscore, enabling…

  • CVE-2026-48746criJun 16, 2026
    risk 0.52cvss epss 0.01

    ### Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API `AuthenticationMiddleware`, which was discovered during @x41sec's source code audit. It allows to use the API without providing the…

  • CVE-2026-48519criJun 16, 2026
    risk 0.52cvss epss 0.01

    ### Summary The "Shareable Playground" (or "Public Flows" in code) contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe ### Details Shareable Playground…

  • CVE-2026-53776CriJun 16, 2026
    risk 0.52cvss 9.1epss 0.00

    Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_decode helper within the stdlib JWT verification path. Attackers in possession of a…

  • CVE-2025-13036CriJun 16, 2026
    risk 0.60cvss epss 0.00

    An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.

  • CVE-2026-12316CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12315CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12304CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.00

    Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-40750CriJun 16, 2026
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9.

  • CVE-2026-52715CriJun 16, 2026
    risk 0.60cvss 9.3epss 0.00

    Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

  • CVE-2026-49774CriJun 16, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.

  • CVE-2026-49772CriJun 16, 2026
    risk 0.53cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2.

  • CVE-2026-39574CriJun 16, 2026
    risk 0.60cvss 9.3epss 0.00

    Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

  • CVE-2026-48853CriJun 15, 2026
    risk 0.53cvss epss 0.01

    Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it,…

  • CVE-2026-12205CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later…

  • CVE-2026-48714CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys __proto__, constructor, and prototype (added in 3.9.3, see…

  • CVE-2026-48713CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input). Backend.writeFile() splits each queued missing-key…

  • CVE-2026-12087CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both…