VulnScope — package-centric CVE lookup

Search

18,047 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0CVE-2026-55203HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026
HIGH7.5Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a l…6/17/2026
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent6/17/2026
LOW3.7Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets.6/17/2026
LOW3.7Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring,…6/17/2026
HIGH7.5Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's orig…6/17/2026
HIGH8.2Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthent…6/17/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
LOW3.1Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage…6/17/2026
HIGH8.8Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corrup…6/17/2026
HIGH8.8Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corrup…6/17/2026
HIGH8.8Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corru…6/17/2026
HIGH8.3Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer p…6/17/2026
HIGH7.8Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege esc…6/17/2026
HIGH8.3Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer proce…6/17/2026
HIGH8.8Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege…6/17/2026
HIGH8.8Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via…6/17/2026
HIGH8.3Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to po…6/17/2026
HIGH8.8Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a c…6/17/2026
HIGH8.8Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a cra…6/17/2026

Page 1 of 722Next →