VulnScope — package-centric CVE lookup

Search

1,499 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0CVE-2026-48150Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign6/12/2026
LOW3.5Papra HTTP redirect bypass can lead to SSRF via webhook delivery system6/10/2026
CRITICAL9.8Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification.6/9/2026
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…6/9/2026
CRITICAL9.1Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fi…6/9/2026
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…6/9/2026
CRITICAL9.1Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex…6/9/2026
CRITICAL10.0DbGate: Unauthenticated Remote Code Execution via JSON Script Runner6/5/2026
CRITICAL9.6Vitest browser mode serves unsanitized otelCarrier query parameter as inline script6/1/2026
CRITICAL9.8When Vitest UI server is listening, arbitrary file can be read and executed6/1/2026
CRITICAL10.0NodeVM builtin denylist bypass via process and inspector/promises allows host code execution5/29/2026
CRITICAL9.8vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass5/29/2026
CRITICAL10.0vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE5/29/2026
CRITICAL10.0vm2 is Vulnerable to Sandbox Breakout Through Promise Species5/29/2026
CRITICAL10.0vm2 has a Sandbox Escape issue5/29/2026
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix5/29/2026
CRITICAL10.0LiquidJS is Vulnerable to Remote Code Execution5/27/2026
CRITICAL9.0EPSS 0.39%A flaw was found in Samba.5/26/2026
CRITICAL9.6OCI layer symlink escape → arbitrary host write5/21/2026
CRITICAL10.0Read-only volume remount bypass via guest CAP_SYS_ADMIN5/21/2026
LOW2.0NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation5/21/2026
CRITICAL9.8EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
CRITICAL10.0EPSS 0.03%NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.5/20/2026
CRITICAL9.8EPSS 0.32%NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and…5/20/2026
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026

Page 1 of 60Next →