VYPR
Vendor

Projectdiscovery

Products
3
CVEs
16
Across products
16
Status
Private

Products

3

Recent CVEs

16
  • CVE-2025-34046CriJun 26, 2025
    risk 0.65cvss epss 0.01

    An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters…

  • CVE-2025-71284CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.06

    Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated…

  • CVE-2023-7330CriNov 24, 2025
    risk 0.61cvss epss 0.01

    Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation…

  • CVE-2025-34044CriJun 26, 2025
    risk 0.61cvss epss 0.05

    A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS…

  • CVE-2021-4461CriOct 30, 2025
    risk 0.60cvss epss 0.01

    Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling…

  • CVE-2025-34047HigJun 26, 2025
    risk 0.57cvss epss 0.00

    A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient…

  • CVE-2023-42344HigMay 8, 2026
    risk 0.42cvss 7.3epss 0.02

    Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.

  • CVE-2024-40641HigJul 17, 2024
    risk 0.41cvss 7.4epss 0.00

    Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute…

  • CVE-2026-41646MedMay 8, 2026
    risk 0.29cvss 5.5epss 0.00

    Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the…

  • CVE-2026-41645MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.00

    Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens…

  • CVE-2026-41282MedApr 20, 2026
    risk 0.19cvss 4.0epss 0.00

    ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).

  • CVE-2024-43405Sep 4, 2024
    risk 0.00cvss epss 0.01

    Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code…

  • CVE-2024-5262Jun 5, 2024
    risk 0.00cvss epss 0.01

    Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.

  • CVE-2024-27920Mar 15, 2024
    risk 0.00cvss epss 0.00

    projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects…

  • CVE-2023-37896Aug 4, 2023
    risk 0.00cvss epss 0.01

    Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading…

  • CVE-2023-36474Jun 28, 2023
    risk 0.00cvss epss 0.00

    Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing…