VulnScope — package-centric CVE lookup

Search

18,270 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.5CVE-2026-53869Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation6/17/2026
HIGH8.2Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthent…6/17/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
HIGH8.4pdfkit: Path traversal in from_string6/17/2026
HIGH7.7Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects6/17/2026
HIGH7.7Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal6/17/2026
HIGH7.6Open WebUI: Stored XSS to Account Takeover via Model Profile Images6/17/2026
HIGH7.1Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion6/17/2026
HIGH8.7Open WebUI: Stored XSS in Mermaid Markdown Preview6/17/2026
HIGH8.3Open WebUI: Forged chat-file link allows cross-user file read and deletion6/17/2026
HIGH8.5Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)6/17/2026
HIGH7.5A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP serv…6/17/2026
HIGH8.8Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corrup…6/17/2026
HIGH8.8Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corrup…6/17/2026
HIGH8.8Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corru…6/17/2026
HIGH8.3Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer p…6/17/2026
HIGH7.8Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege esc…6/17/2026
HIGH8.3Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer proce…6/17/2026
HIGH8.8Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege…6/17/2026
HIGH8.8Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via…6/17/2026
HIGH8.3Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to po…6/17/2026
HIGH8.8Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a c…6/17/2026
HIGH8.8Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a cra…6/17/2026

← PrevPage 2 of 731Next →