Search

5,540 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
MEDIUM6.5CVE-2026-2340EPSS 0.07%A flaw was found in Samba’s vfs_worm module.5/27/2026
CRITICAL9.1CVE-2026-44632Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
MEDIUM6.5CVE-2026-44596Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3CVE-2026-44595Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3CVE-2026-42568Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
MEDIUM5.3CVE-2026-42015EPSS 0.25%A flaw was found in gnutls.5/26/2026
CRITICAL9.0CVE-2026-4408EPSS 0.39%A flaw was found in Samba.5/26/2026
MEDIUM5.3CVE-2026-5223EPSS 0.07%Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…5/25/2026
MEDIUM6.5CVE-2026-5222EPSS 0.03%Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.5/25/2026
MEDIUM5.3CVE-2026-5950EPSS 0.14%An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenti…5/20/2026
MEDIUM5.9CVE-2026-5947EPSS 0.04%Undefined behavior may result due to a race condition leading to a use-after-free violation.5/20/2026
CRITICAL9.8CVE-2026-3593EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
MEDIUM5.3CVE-2026-3592EPSS 0.02%BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.5/20/2026
MEDIUM5.5CVE-2026-43620EPSS 0.02%Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…5/20/2026
MEDIUM6.3CVE-2026-43619EPSS 0.01%Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…5/20/2026
MEDIUM4.8CVE-2026-43617EPSS 0.01%Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…5/20/2026
MEDIUM5.5CVE-2026-45581fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode5/19/2026
CRITICAL9.6CVE-2026-2587GlassFish's gadget handler is vulnerable to RCE5/19/2026
MEDIUM6.5CVE-2026-23557EPSS 0.01%Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.5/19/2026
MEDIUM6.5CVE-2026-37979Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass5/19/2026
MEDIUM5.3CVE-2026-45292EPSS 0.06%OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation5/14/2026
MEDIUM4.3CVE-2026-6575EPSS 0.03%PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array5/14/2026
MEDIUM6.5CVE-2026-6478EPSS 0.08%PostgreSQL discloses MD5-hashed passwords via covert timing channel5/14/2026

Page 1 of 222Next →