VulnScope — package-centric CVE lookup

Search

11,048 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.3CVE-2026-42769Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CM…6/9/2026
CRITICAL9.1Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex…6/9/2026
MEDIUM6.3FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions6/8/2026
MEDIUM5.3FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString6/8/2026
MEDIUM5.3Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced6/8/2026
MEDIUM6.8Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port6/8/2026
MEDIUM4.0Netty: Unix-socket fd receive leaks descriptors when peer sends two at once6/8/2026
MEDIUM5.4Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type6/8/2026
MEDIUM4.3MariaDB server is a community developed fork of MySQL server.6/7/2026
MEDIUM6.3MariaDB server is a community developed fork of MySQL server.6/7/2026
MEDIUM5.0MariaDB server is a community developed fork of MySQL server.6/7/2026
MEDIUM4.3Bugsink: DOS using large numbers of event tags6/5/2026
MEDIUM4.3Bugsink: Project scoping missing in sourcemap and debug-file lookup6/5/2026
LOW3.1Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known6/5/2026
LOW3.1Bugsink: Issue event views can show an event from another project if its UUID is known6/5/2026
CRITICAL9.1NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)6/5/2026
CRITICAL10.0DbGate: Unauthenticated Remote Code Execution via JSON Script Runner6/5/2026
MEDIUM6.0NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`6/5/2026
MEDIUM6.1MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration6/5/2026
MEDIUM6.5Authorization Bypass in SearchModelVersions in mlflow/mlflow6/5/2026
MEDIUM6.5Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path6/5/2026
CRITICAL9.1Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern6/5/2026
MEDIUM4.3Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints6/5/2026
MEDIUM6.5Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler6/5/2026
MEDIUM5.3Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths6/4/2026

← PrevPage 2 of 442Next →