VulnScope — package-centric CVE lookup

—CVE-2026-11527Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument i…6/14/2026

MEDIUM6.8CVE-2026-54421In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can retu…6/14/2026

—6/13/2026

MEDIUM6.3Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP…6/13/2026

—6/13/2026

MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature6/12/2026

HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion6/12/2026

HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification6/12/2026

HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length6/12/2026

MEDIUM4.8Netty: QUIC stateless reset token material exposed through header-visible connection IDs6/12/2026

MEDIUM5.3Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted6/12/2026

MEDIUM6.7A flaw was found in QEMU's virtio-blk device.6/12/2026