VYPR
Vendor

Alloy Rs

Products
1
CVEs
19
Across products
19
Status
Private

Products

1

Recent CVEs

19
  • CVE-2026-48899CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.00

    An improper access check allows privilege escalation through the com_users batch task.

  • CVE-2025-62370HigOct 15, 2025
    risk 0.42cvss 7.5epss 0.00

    Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements…

  • CVE-2022-29776Jun 1, 2022
    risk 0.01cvss epss 0.07

    Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.

  • CVE-2022-33269Apr 4, 2023
    risk 0.00cvss epss 0.00

    Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

  • CVE-2022-40516Jan 6, 2023
    risk 0.00cvss epss 0.01

    Memory corruption in Core due to stack-based buffer overflow.

  • CVE-2010-1433Jun 21, 2021
    risk 0.00cvss epss 0.01

    Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This…

  • CVE-2010-1432Jun 21, 2021
    risk 0.00cvss epss 0.01

    Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.

  • CVE-2020-28645Feb 9, 2021
    risk 0.00cvss epss 0.01

    Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.

  • CVE-2020-28644Feb 9, 2021
    risk 0.00cvss epss 0.00

    The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.

  • CVE-2020-35269Dec 23, 2020
    risk 0.00cvss epss 0.02

    Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.

  • CVE-2020-15235Oct 5, 2020
    risk 0.00cvss epss 0.01

    In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.

  • CVE-2020-11933Jul 29, 2020
    risk 0.00cvss epss 0.00

    cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass…

  • CVE-2020-15506Jul 7, 2020
    risk 0.00cvss epss 0.03

    An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.

  • CVE-2020-15507Jul 7, 2020
    risk 0.00cvss epss 0.02

    An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors.

  • CVE-2014-6262Feb 12, 2020
    risk 0.00cvss epss 0.07

    Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph…

  • CVE-2012-1562Jan 15, 2020
    risk 0.00cvss epss 0.01

    Joomla! core before 2.5.3 allows unauthorized password change.

  • CVE-2019-16752Dec 4, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can…

  • CVE-2012-5665Jan 3, 2013
    risk 0.00cvss epss 0.02

    ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

  • CVE-2009-4371Dec 21, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the…