Search

337 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2026-45232EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
LOW3.7CVE-2026-43514EPSS 0.10%Apache Tomcat - AJP secret compared in non-constant time5/12/2026
LOW3.7CVE-2026-44242EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header5/6/2026
LOW2.4CVE-2026-42188EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser5/5/2026
LOW3.7CVE-2026-3832EPSS 0.02%A flaw was found in gnutls.4/30/2026
LOW3.7CVE-2026-5419EPSS 0.04%A flaw was found in gnutls.4/30/2026
LOW3.7CVE-2026-7303EPSS 0.07%xxl-job has a Resource Injection issue4/29/2026
LOW3.7CVE-2026-40969EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client4/28/2026
LOW3.7CVE-2026-22746EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider4/22/2026
LOW3.7CVE-2026-37977EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim4/6/2026
LOW3.3CVE-2026-21716EPSS 0.01%An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissi…3/30/2026
LOW3.3CVE-2026-21715EPSS 0.01%A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, wh…3/30/2026
LOW3.1CVE-2026-4874EPSS 0.01%Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation3/26/2026
LOW3.7CVE-2026-28753EPSS 0.03%NGINX ngx_mail_proxy_module vulnerability3/24/2026
LOW3.7CVE-2026-4633EPSS 0.02%Keycloak's identity-first login flow exposes user information3/23/2026
LOW2.6CVE-2026-22735EPSS 0.09%Spring MVC and WebFlux has Server Sent Event stream corruption3/20/2026
LOW3.1CVE-2026-2366EPSS 0.01%Keycloak vulnerable to authorization bypass via the Admin API3/12/2026
LOW2.7CVE-2026-3911EPSS 0.01%Keycloak: Information disclosure of disabled user attributes via administrative endpoint3/11/2026
LOW3.7CVE-2025-11143EPSS 0.14%org.eclipse.jetty:jetty-http has different parsing of invalid URIs3/5/2026
LOW2.2CVE-2026-28422EPSS 0.01%Vim is an open source, command line text editor.2/27/2026
LOW3.1CVE-2025-12150EPSS 0.01%Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass2/27/2026
LOW3.3CVE-2026-3293EPSS 0.01%Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner2/27/2026
LOW3.8CVE-2026-2733EPSS 0.03%Keycloak: Missing Check on Disabled Client for Docker Registry Protocol2/19/2026
LOW3.7CVE-2026-24733EPSS 0.16%Apache Tomcat: Security constraint bypass with HTTP/0.92/17/2026
LOW2.5CVE-2026-23901EPSS 0.01%Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability2/10/2026

Page 1 of 14Next →