VulnScope — package-centric CVE lookup

Search

3,454 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2025-58175GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6/12/2026
MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion6/11/2026
MEDIUM6.5In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header6/10/2026
MEDIUM5.3Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced6/8/2026
MEDIUM6.8Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port6/8/2026
MEDIUM4.0Netty: Unix-socket fd receive leaks descriptors when peer sends two at once6/8/2026
MEDIUM6.5epa4all-client: Unauthenticated REST API for Patient Record Writes6/4/2026
CRITICAL9.1Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
CRITICAL9.1Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
MEDIUM6.5Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
MEDIUM6.4Keycloak: Insufficient verification proof scoping enables identity provider account linking attack and account compromise5/20/2026
MEDIUM5.5fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode5/19/2026
CRITICAL9.6GlassFish's gadget handler is vulnerable to RCE5/19/2026
CRITICAL9.1GlassFish's Administration Console is Vulnerable to RCE5/19/2026
CRITICAL9.8Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering5/19/2026
MEDIUM6.8Keycloak: Unauthorized account takeover via WebAuthn token replay5/19/2026
MEDIUM6.5Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass5/19/2026
MEDIUM4.9Keycloak: Information Disclosure via evaluate-scopes Admin API5/19/2026
MEDIUM5.4Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured5/19/2026
MEDIUM4.3Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation5/19/2026
MEDIUM5.3EPSS 0.06%OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation5/14/2026
MEDIUM5.3EPSS 0.13%Apache Commons Configuration: StackOverflowError for YAML input with cycles5/14/2026

Page 1 of 139Next →