VYPR

Vendor CVEs

Nuget

All CVEs

48 total · sorted by risk
  • CVE-2024-55969CriDec 15, 2024
    risk 0.59cvss 9.1epss 0.01

    DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714.

  • CVE-2026-39399CriApr 14, 2026
    risk 0.55cvss 9.6epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package…

  • CVE-2026-34638HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2017-17762HigAug 29, 2018
    risk 0.49cvss 7.5epss 0.05

    XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.

  • CVE-2024-30172HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2024-29857HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during…

  • CVE-2025-40834MedNov 17, 2025
    risk 0.37cvss 5.7epss 0.00

    A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.

  • CVE-2024-32872MedApr 24, 2024
    risk 0.36cvss 5.5epss 0.00

    Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow…

  • CVE-2025-27802MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (text fields), which could…

  • CVE-2025-27801MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which…

  • CVE-2025-27800MedJul 28, 2025
    risk 0.31cvss 4.8epss 0.00

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the…

  • CVE-2024-30171MedMay 14, 2024
    risk 0.31cvss 5.9epss 0.01

    An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

  • CVE-2026-48506Jun 22, 2026
    risk 0.00cvss epss 0.00

    MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses…

  • CVE-2025-62571Dec 9, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.

  • CVE-2024-54138Dec 6, 2024
    risk 0.00cvss epss 0.00

    NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.…

  • CVE-2024-47604Oct 1, 2024
    risk 0.00cvss epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.

  • CVE-2024-37304Jun 12, 2024
    risk 0.00cvss epss 0.01

    NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.…

  • CVE-2024-20746Mar 18, 2024
    risk 0.00cvss epss 0.00

    Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-20745Mar 18, 2024
    risk 0.00cvss epss 0.01

    Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2023-47056Nov 16, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…

  • CVE-2023-47060Nov 16, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation…

  • CVE-2023-47058Nov 16, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to…

  • CVE-2023-47059Nov 16, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to…

  • CVE-2023-47055Nov 16, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2023-47057Nov 16, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2021-40790Sep 7, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue…

  • CVE-2021-40791Sep 7, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this…

  • CVE-2021-42265Sep 7, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this…

  • CVE-2021-40795Sep 7, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of…

  • CVE-2021-43751Sep 7, 2023
    risk 0.00cvss epss 0.00

    Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this…

  • CVE-2021-46816Jun 13, 2022
    risk 0.00cvss epss 0.01

    Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2022-0749Mar 17, 2022
    risk 0.00cvss epss 0.02

    This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for…

  • CVE-2021-42264Mar 16, 2022
    risk 0.00cvss epss 0.01

    Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user.…

  • CVE-2021-40793Mar 16, 2022
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-40794Mar 16, 2022
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-40792Mar 16, 2022
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-42263Mar 16, 2022
    risk 0.00cvss epss 0.01

    Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user.…

  • CVE-2021-40796Mar 16, 2022
    risk 0.00cvss epss 0.01

    Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user.…

  • CVE-2021-40710Sep 29, 2021
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim…

  • CVE-2021-40715Sep 29, 2021
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim…

  • CVE-2021-35997Aug 20, 2021
    risk 0.00cvss epss 0.03

    Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2020-24424Oct 21, 2020
    risk 0.00cvss epss 0.01

    Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2020-9616Jun 26, 2020
    risk 0.00cvss epss 0.03

    Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2020-9652Jun 25, 2020
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9654Jun 25, 2020
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9653Jun 25, 2020
    risk 0.00cvss epss 0.02

    Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-7931Aug 14, 2019
    risk 0.00cvss epss 0.03

    Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7644Apr 11, 2019
    risk 0.00cvss epss 0.02

    Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable…