VYPR
Vendor

Bpsoft

Products
4
CVEs
12
Across products
15
Status
Private

Products

4

Recent CVEs

12
  • CVE-2026-21622CriMar 5, 2026
    risk 0.57cvss 9.8epss 0.00

    Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email…

  • CVE-2024-0429HigJan 11, 2024
    risk 0.47cvss 7.3epss 0.00

    A denial service vulnerability has been found on  Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown.

  • CVE-2026-21619HigFeb 27, 2026
    risk 0.42cvss 7.5epss 0.01

    Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with…

  • CVE-2026-23939HigFeb 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Store.Local' module) allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines…

  • CVE-2026-23940MedMar 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result…

  • CVE-2026-21618MedJan 19, 2026
    risk 0.33cvss 6.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated with program files…

  • CVE-2026-32148MedApr 30, 2026
    risk 0.31cvss 5.9epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked…

  • CVE-2026-21621MedMar 5, 2026
    risk 0.27cvss 5.3epss 0.00

    Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' module) allows Privilege Escalation. An API key created with read-only permissions (domain: "api", resource: "read") can be escalated to full write access under specific…

  • CVE-2009-0812Mar 4, 2009
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5756Dec 30, 2008
    risk 0.03cvss epss 0.05

    Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.

  • CVE-2019-1000013HigFeb 4, 2019
    risk 0.00cvss 8.8epss 0.01

    Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from…

  • CVE-2019-1000012HigFeb 4, 2019
    risk 0.00cvss 8.8epss 0.01

    Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from…