Search

6,417 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

—CVE-2026-47695CC-Tweaked has an SSRF Protection Bypass with NAT645/29/2026
CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
CRITICAL9.1CVE-2026-44632Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
MEDIUM6.5CVE-2026-44596Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3CVE-2026-44595Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3CVE-2026-42568Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
—CVE-2026-41207netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures5/26/2026
HIGH7.5CVE-2026-48048XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests5/26/2026
—CVE-2026-48047XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin5/26/2026
—CVE-2026-33137EPSS 0.02%XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}5/26/2026
—CVE-2026-23734EPSS 0.05%XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash5/26/2026
HIGH8.3CVE-2026-46481OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users5/21/2026
HIGH7.5CVE-2026-45799Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service5/19/2026
MEDIUM5.5CVE-2026-45581fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode5/19/2026
CRITICAL9.6CVE-2026-2587GlassFish's gadget handler is vulnerable to RCE5/19/2026
MEDIUM6.5CVE-2026-37979Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass5/19/2026
HIGH7.5CVE-2026-45367HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint5/18/2026
HIGH7.4CVE-2026-45300async-http-client: Cookie header not stripped on cross-origin redirect5/18/2026
HIGH7.2CVE-2026-45609EPSS 0.04%Spring AI MCP Security: Unvalidated URL Fetching (SSRF)5/18/2026
HIGH7.3CVE-2026-8771EPSS 0.04%org.linlinjava:litemall-wx-api has an Injection issue5/18/2026
HIGH7.3CVE-2026-8759EPSS 0.03%Beetl's SpELFunction extension function has an expression injection risk5/17/2026
HIGH7.4CVE-2026-45575EPSS 0.01%Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client5/15/2026
HIGH8.1CVE-2026-35194EPSS 0.07%Apache Flink: Remote code execution via SQL injection in code generation5/15/2026
HIGH8.1CVE-2026-45574EPSS 0.01%epa4all-client: TLS Certificate Validation Disabled in Production5/15/2026

Page 1 of 257Next →