Search

2,136 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script6/1/2026
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed6/1/2026
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution5/29/2026
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass5/29/2026
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE5/29/2026
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species5/29/2026
CRITICAL10.0CVE-2026-47131vm2 has a Sandbox Escape issue5/29/2026
CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
CRITICAL10.0CVE-2026-45618LiquidJS is Vulnerable to Remote Code Execution5/27/2026
CRITICAL9.1CVE-2026-44632Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
CRITICAL9.0CVE-2026-4408EPSS 0.39%A flaw was found in Samba.5/26/2026
CRITICAL9.6CVE-2026-46703OCI layer symlink escape → arbitrary host write5/21/2026
CRITICAL10.0CVE-2026-46695Read-only volume remount bypass via guest CAP_SYS_ADMIN5/21/2026
CRITICAL9.8CVE-2026-3593EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
CRITICAL10.0CVE-2026-46412Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm5/19/2026
CRITICAL9.8CVE-2026-45772EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection5/19/2026
CRITICAL10.0CVE-2026-463399router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes5/19/2026
CRITICAL9.6CVE-2026-2587GlassFish's gadget handler is vulnerable to RCE5/19/2026
CRITICAL9.8CVE-2026-45411EPSS 0.08%vm2 Has a Sandbox Breakout Using Async Generator5/14/2026
CRITICAL9.6CVE-2026-45311EPSS 0.05%DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval5/14/2026
CRITICAL9.3CVE-2026-44990Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`5/14/2026
CRITICAL9.8CVE-2026-45083EPSS 0.05%Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy5/13/2026
CRITICAL9.1CVE-2026-44650EPSS 0.10%SillyTavern has a Path Traversal issue5/12/2026
CRITICAL9.8CVE-2026-44649EPSS 0.09%SillyTavern has Authentication Bypass via SSO Header Injection5/12/2026

Page 1 of 86Next →