VYPR
Vendor

Heymrun

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-45227HigMay 12, 2026
    risk 0.50cvss 8.8epss 0.00

    Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover…

  • CVE-2026-45225HigMay 12, 2026
    risk 0.42cvss 7.6epss 0.00

    Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated…

  • CVE-2026-45226HigMay 12, 2026
    risk 0.39cvss 7.1epss 0.00

    Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or…