VYPR
Vendor

L3montree Dev

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2026-42300CriMay 12, 2026
    risk 0.53cvss epss 0.00

    DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An…

  • CVE-2026-48089higJun 11, 2026
    risk 0.39cvss epss 0.00

    ### Impact On a DevGuard API instance with one or more **public assets**, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete **VEX rules** on those public…