VulnScope — package-centric CVE lookup

Search

1,202 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.1CVE-2026-48039Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token6/11/2026
CRITICAL9.8Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification.6/9/2026
CRITICAL9.1Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fi…6/9/2026
CRITICAL9.1Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex…6/9/2026
CRITICAL9.1NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)6/5/2026
CRITICAL9.1Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern6/5/2026
CRITICAL9.8Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass6/3/2026
CRITICAL9.6praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members6/1/2026
CRITICAL9.6praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}5/29/2026
CRITICAL9.8praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset5/29/2026
CRITICAL9.8PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution5/29/2026
CRITICAL9.9PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)5/29/2026
CRITICAL9.8PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default5/29/2026
CRITICAL9.8PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset5/29/2026
CRITICAL9.8EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection5/29/2026
CRITICAL9.6EPSS 0.04%Improper Origin Validation in mlflow/mlflow5/29/2026
CRITICAL9.8EPSS 0.08%Langroid has Prompt to SQL Injection, Leading to RCE5/27/2026
CRITICAL9.0EPSS 0.39%A flaw was found in Samba.5/26/2026
CRITICAL9.6OCI layer symlink escape → arbitrary host write5/21/2026
CRITICAL10.0Read-only volume remount bypass via guest CAP_SYS_ADMIN5/21/2026
CRITICAL9.8EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
CRITICAL10.0EPSS 0.03%NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.5/20/2026
CRITICAL9.8EPSS 0.32%NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and…5/20/2026
CRITICAL9.8EPSS 0.18%APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization5/19/2026
CRITICAL9.6Malicious code in guardrails-ai 0.10.1 (supply chain compromise)5/19/2026

Page 1 of 49Next →