VYPR
Vendor

GitHub

Products
43
CVEs
201
Across products
199
Status
Private

Products

43
View all 43 products →

Recent CVEs

201
View all 201 CVEs →
  • CVE-2017-17632CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.02

    Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

  • CVE-2024-46627CriSep 26, 2024
    risk 0.66cvss 9.1epss 0.04

    Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.

  • CVE-2026-8034CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname…

  • CVE-2024-25825CriOct 9, 2024
    risk 0.64cvss 9.8epss 0.01

    FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.

  • CVE-2018-18075CriOct 9, 2018
    risk 0.64cvss 9.8epss 0.02

    WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.

  • CVE-2017-18215CriMar 5, 2018
    risk 0.64cvss 9.8epss 0.02

    xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.

  • CVE-2026-5845CriApr 21, 2026
    risk 0.62cvss 9.6epss 0.00

    An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an…

  • CVE-2026-44451CriMay 26, 2026
    risk 0.60cvss 9.3epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator…

  • CVE-2026-5921HigApr 21, 2026
    risk 0.58cvss 8.9epss 0.00

    A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was…

  • CVE-2026-41109HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-4296HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious…

  • CVE-2026-3854HigMar 10, 2026
    risk 0.57cvss 8.8epss 0.24

    An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were…

  • CVE-2024-43653HigJan 9, 2025
    risk 0.57cvss 8.8epss 0.02

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability  allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The binary does not…

  • CVE-2024-43649HigJan 9, 2025
    risk 0.57cvss 8.8epss 0.02

    Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command…

  • CVE-2026-4931HigApr 7, 2026
    risk 0.56cvss 8.6epss 0.00

    Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost.

  • CVE-2025-53367HigJul 3, 2025
    risk 0.55cvss epss 0.01

    DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the…

  • CVE-2026-9312HigMay 27, 2026
    risk 0.53cvss 8.2epss 0.07

    A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal…

  • CVE-2025-71216HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2026-34676HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2018-10778HigMay 7, 2018
    risk 0.51cvss 7.8epss 0.01

    Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and…