Search

64 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.6CVE-2026-45321⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys5/12/2026
HIGH8.8CVE-2026-34197⚠ KEVEPSS 83.5%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans4/7/2026
CRITICAL9.9CVE-2025-68613⚠ KEVEPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection12/22/2025
CRITICAL10.0CVE-2025-55182⚠ KEVEPSS 84.5%React Server Components are Vulnerable to RCE12/3/2025
HIGH8.2CVE-2025-58360⚠ KEVEPSS 81.4%GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature11/25/2025
CRITICAL9.8CVE-2025-11953⚠ KEVEPSS 27.9%@react-native-community/cli has arbitrary OS command injection11/3/2025
HIGH7.5CVE-2025-54313⚠ KEVEPSS 14.7%eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code7/19/2025
MEDIUM5.3CVE-2025-31125⚠ KEVEPSS 83.2%Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query3/31/2025
CRITICAL9.8CVE-2025-24813⚠ KEVEPSS 94.1%tomcat9 - security update3/10/2025
CRITICAL9.8CVE-2025-24893⚠ KEVEPSS 93.7%XWiki Platform allows remote code execution as guest via SolrSearchMacros request2/20/2025
CRITICAL9.8CVE-2024-36401⚠ KEVEPSS 94.4%Remote Code Execution (RCE) vulnerability in geoserver7/1/2024
CRITICAL9.8CVE-2024-27348⚠ KEVEPSS 94.3%Apache HugeGraph-Server: Command execution in gremlin4/22/2024
CRITICAL9.8CVE-2024-23897⚠ KEVEPSS 94.5%Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE1/24/2024
CRITICAL10.0CVE-2023-46604⚠ KEVEPSS 94.4%Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack10/27/2023
MEDIUM5.3CVE-2023-44487⚠ KEVEPSS 94.4%github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset10/10/2023
HIGH8.8CVE-2023-5217⚠ KEVEPSS 5.0%Electron affected by libvpx's heap buffer overflow in vp8 encoding9/28/2023
CRITICAL9.8CVE-2022-24816⚠ KEVEPSS 94.0%Improper Control of Generation of Code ('Code Injection') in jai-ext9/19/2023
HIGH8.8CVE-2023-4863⚠ KEVEPSS 93.3%libwebp: OOB write in BuildHuffmanTable9/12/2023
CRITICAL9.8CVE-2023-33246⚠ KEVEPSS 94.4%Apache RocketMQ may have remote code execution vulnerability when using update configuration function7/6/2023
HIGH8.6CVE-2023-32315⚠ KEVEPSS 94.4%Administration Console authentication bypass in openfire xmppserver5/23/2023
CRITICAL9.6CVE-2022-4135⚠ KEVEPSS 0.08%Heap buffer overflow in GPU11/25/2022
HIGH7.5CVE-2022-36537⚠ KEVEPSS 93.9%ZK Framework vulnerable to malicious POST8/27/2022
HIGH8.8CVE-2022-33891⚠ KEVEPSS 93.5%Apache Spark UI can allow impersonation if ACLs enabled7/19/2022
CRITICAL9.8CVE-2020-7961⚠ KEVEPSS 94.4%Deserialization of Untrusted Data in Liferay Portal5/24/2022
HIGH8.1CVE-2014-3120⚠ KEVEPSS 84.2%Elasticsearch Improper Access Control vulnerability5/17/2022

Page 1 of 3Next →