VulnScope — package-centric CVE lookup

Search

8,127 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.1CVE-2026-48152Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL6/12/2026
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema6/12/2026
CRITICAL9.0Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign6/12/2026
HIGH7.2GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page6/12/2026
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection6/12/2026
HIGH7.3Vim is an open source, command line text editor.6/11/2026
HIGH7.5Vim is an open source, command line text editor.6/11/2026
HIGH7.2GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection6/11/2026
HIGH7.5@grpc/grpc-js: A malformed request can cause a server crash6/11/2026
HIGH7.5@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash6/11/2026
HIGH8.8OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri6/11/2026
HIGH7.5Acknowledgement extension out of memory6/10/2026
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description6/10/2026
LOW3.5Papra HTTP redirect bypass can lead to SSRF via webhook delivery system6/10/2026
HIGH8.1In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization6/10/2026
CRITICAL9.8Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification.6/9/2026
HIGH7.5Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied i…6/9/2026
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…6/9/2026
HIGH7.5Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…6/9/2026
HIGH7.5Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen str…6/9/2026
CRITICAL9.1Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fi…6/9/2026
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…6/9/2026
HIGH7.5Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…6/9/2026
HIGH7.4Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentic…6/9/2026
HIGH7.5Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frame…6/9/2026

Page 1 of 326Next →