VYPR
Vendor

Pypi

Products
22
CVEs
24
Across products
24
Status
Private

Products

22

Recent CVEs

24
View all 24 CVEs →
  • CVE-2026-12205CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later…

  • CVE-2026-45832HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

  • CVE-2026-13676impJun 29, 2026
    risk 0.49cvss 7.5epss

    fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization

  • CVE-2026-4870HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.

  • CVE-2026-3840HigJun 12, 2026
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization.…

  • CVE-2026-54421MedJun 14, 2026
    risk 0.44cvss 6.8epss 0.00

    In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security…

  • CVE-2026-36725MedJun 9, 2026
    risk 0.40cvss 6.1epss 0.00

    A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.

  • CVE-2026-48099higJun 11, 2026
    risk 0.39cvss epss 0.00

    ### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends…

  • CVE-2026-9641MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm,…

  • CVE-2026-11625Jun 27, 2026
    risk 0.00cvss epss 0.00

    Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random…

  • CVE-2026-12844Jun 26, 2026
    risk 0.00cvss epss 0.00

    List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling…

  • CVE-2026-49851Jun 24, 2026
    risk 0.00cvss epss 0.00

    Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When parsing Markdown containing many consecutive [ characters, parse_link_text…

  • CVE-2026-54555Jun 23, 2026
    risk 0.00cvss epss 0.00

    rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command…

  • CVE-2025-71358Jun 22, 2026
    risk 0.00cvss epss 0.00

    picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().

  • CVE-2025-71357Jun 21, 2026
    risk 0.00cvss epss 0.00

    picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

  • CVE-2025-71351Jun 21, 2026
    risk 0.00cvss epss 0.00

    picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade…

  • CVE-2026-12799Jun 21, 2026
    risk 0.00cvss epss 0.00

    A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to…

  • CVE-2026-12798Jun 21, 2026
    risk 0.00cvss epss 0.00

    A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of…

  • CVE-2026-12795Jun 21, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed…

  • CVE-2026-56340Jun 20, 2026
    risk 0.00cvss epss 0.00

    vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor…