VulnScope — package-centric CVE lookup

Search

5,604 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.5CVE-2026-55446Langflow: Unauthenticated DoS through multipart form boundary file upload6/19/2026
HIGH7.1jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories6/19/2026
HIGH7.5Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders6/19/2026
HIGH7.6Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN6/19/2026
HIGH8.0py7zr: Arbitrary File Write Vulnerability6/19/2026
HIGH7.3Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()6/19/2026
HIGH8.8CedarJava has policy injection vulnerability6/19/2026
HIGH8.8CedarJava has type confusion vulnerability6/19/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026
HIGH7.5Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation6/17/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
HIGH8.4pdfkit: Path traversal in from_string6/17/2026
HIGH7.7Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects6/17/2026
HIGH7.7Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal6/17/2026
HIGH7.6Open WebUI: Stored XSS to Account Takeover via Model Profile Images6/17/2026
HIGH7.1Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion6/17/2026
HIGH8.7Open WebUI: Stored XSS in Mermaid Markdown Preview6/17/2026
HIGH8.3Open WebUI: Forged chat-file link allows cross-user file read and deletion6/17/2026
HIGH8.5Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)6/17/2026
HIGH8.3yt-dlp: Arbitrary code execution via manifest downloads with aria2c6/16/2026
HIGH8.6Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check6/16/2026
HIGH7.5Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)6/16/2026

Page 1 of 225Next →