VYPR

Vendor CVEs

Jqhph

All CVEs

58 total · sorted by risk
  • CVE-2026-35193LowJun 3, 2026
    risk 0.20cvss 3.1epss 0.00

    An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requests bearing that header without `Cache-Control: public`, which allows remote…

  • CVE-2026-9712LowMay 27, 2026
    risk 0.18cvss epss 0.00

    When creating an export through the pretix API, API clients are returned an UUID value for their export job (a long, random string like 35742818-c375-4d15-839f-d49aecce94d6). Using this UUID, the API client can then request the actual file for download. The same kind of UUID…

  • CVE-2026-48524LowMay 28, 2026
    risk 0.17cvss 3.7epss 0.00

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can…

  • CVE-2025-0709LowJan 24, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The…

  • CVE-2025-65656Dec 2, 2025
    risk 0.00cvss epss 0.00

    dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.

  • CVE-2023-0593MedJan 31, 2023
    risk 0.00cvss 5.5epss 0.00

    A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at…

  • CVE-2013-7258Jan 3, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI."

  • CVE-2013-2311May 22, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 2 of 2