VulnScope — package-centric CVE lookup

Search

4,788 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2025-58175GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6/12/2026
HIGH7.2GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page6/12/2026
HIGH7.2GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection6/11/2026
MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion6/11/2026
HIGH7.5Acknowledgement extension out of memory6/10/2026
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description6/10/2026
HIGH8.1In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization6/10/2026
MEDIUM6.5In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header6/10/2026
HIGH8.7Netty has Insufficient Bailiwick Validation for NS Records6/8/2026
MEDIUM5.3Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced6/8/2026
HIGH7.5Netty: SCTP reassembly nests buffers without bound6/8/2026
HIGH8.7Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records6/8/2026
MEDIUM6.8Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port6/8/2026
MEDIUM4.0Netty: Unix-socket fd receive leaks descriptors when peer sends two at once6/8/2026
HIGH7.5Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes6/8/2026
HIGH7.5Netty's Default QUIC token handler accepts any client-supplied token6/8/2026
HIGH7.5Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length6/8/2026
HIGH7.5Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size6/8/2026
HIGH7.5Netty has Unbounded Direct Memory Consumption in its RedisDecoder6/8/2026
HIGH7.5Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays6/8/2026
HIGH8.1Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking6/8/2026
MEDIUM6.5epa4all-client: Unauthenticated REST API for Patient Record Writes6/4/2026
MEDIUM6.5Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026

Page 1 of 192Next →