Search

4,126 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-2340EPSS 0.07%A flaw was found in Samba’s vfs_worm module.5/27/2026
MEDIUM6.5CVE-2026-44596Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3CVE-2026-44595Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3CVE-2026-42568Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
MEDIUM5.3CVE-2026-42015EPSS 0.25%A flaw was found in gnutls.5/26/2026
MEDIUM5.3CVE-2026-5223EPSS 0.07%Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…5/25/2026
MEDIUM6.5CVE-2026-5222EPSS 0.03%Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.5/25/2026
MEDIUM5.3CVE-2026-5950EPSS 0.14%An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenti…5/20/2026
MEDIUM5.9CVE-2026-5947EPSS 0.04%Undefined behavior may result due to a race condition leading to a use-after-free violation.5/20/2026
MEDIUM5.3CVE-2026-3592EPSS 0.02%BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.5/20/2026
MEDIUM5.5CVE-2026-43620EPSS 0.02%Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…5/20/2026
MEDIUM6.3CVE-2026-43619EPSS 0.01%Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…5/20/2026
MEDIUM4.8CVE-2026-43617EPSS 0.01%Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…5/20/2026
MEDIUM5.5CVE-2026-45581fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode5/19/2026
MEDIUM6.5CVE-2026-23557EPSS 0.01%Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.5/19/2026
MEDIUM6.5CVE-2026-37979Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass5/19/2026
MEDIUM5.3CVE-2026-45292EPSS 0.06%OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation5/14/2026
MEDIUM4.3CVE-2026-6575EPSS 0.03%PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array5/14/2026
MEDIUM6.5CVE-2026-6478EPSS 0.08%PostgreSQL discloses MD5-hashed passwords via covert timing channel5/14/2026
MEDIUM4.3CVE-2026-6474EPSS 0.03%PostgreSQL timeofday() can disclose portions of server memory5/14/2026
MEDIUM5.4CVE-2026-6472EPSS 0.03%PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege5/14/2026
MEDIUM5.3CVE-2026-45205EPSS 0.13%Apache Commons Configuration: StackOverflowError for YAML input with cycles5/14/2026
MEDIUM6.5CVE-2026-42946EPSS 0.07%NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability5/13/2026
MEDIUM4.8CVE-2026-42934EPSS 0.04%NGINX ngx_http_charset_module vulnerability5/13/2026
MEDIUM4.8CVE-2026-40701EPSS 0.04%NGINX ngx_http_ssl_module vulnerability5/13/2026

Page 1 of 166Next →