VYPR

Nova

by Aimeos

CVEs (2)

  • CVE-2026-29203HigMay 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled…

  • CVE-2020-36950MedJan 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.