VYPR
Vendor

Nuget

Products
17
CVEs
48
Across products
48
Status
Private

Products

17

Recent CVEs

48
View all 48 CVEs →
  • CVE-2024-55969CriDec 15, 2024
    risk 0.59cvss 9.1epss 0.01

    DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714.

  • CVE-2026-39399CriApr 14, 2026
    risk 0.55cvss 9.6epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package…

  • CVE-2026-34638HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2017-17762HigAug 29, 2018
    risk 0.49cvss 7.5epss 0.05

    XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.

  • CVE-2024-30172HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2024-29857HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during…

  • CVE-2025-40834MedNov 17, 2025
    risk 0.37cvss 5.7epss 0.00

    A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.

  • CVE-2024-32872MedApr 24, 2024
    risk 0.36cvss 5.5epss 0.00

    Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow…

  • CVE-2025-27802MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (text fields), which could…

  • CVE-2025-27801MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which…

  • CVE-2025-27800MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the…

  • CVE-2024-30171MedMay 14, 2024
    risk 0.31cvss 5.9epss 0.01

    An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

  • CVE-2026-48506Jun 22, 2026
    risk 0.00cvss epss 0.00

    MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses…

  • CVE-2025-62571Dec 9, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.

  • CVE-2024-54138Dec 6, 2024
    risk 0.00cvss epss 0.00

    NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.…

  • CVE-2024-47604Oct 1, 2024
    risk 0.00cvss epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.

  • CVE-2024-37304Jun 12, 2024
    risk 0.00cvss epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.…

  • CVE-2024-20746Mar 18, 2024
    risk 0.00cvss epss 0.00

    Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-20745Mar 18, 2024
    risk 0.00cvss epss 0.01

    Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2023-47056Nov 16, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…