VulnScope — package-centric CVE lookup

Search

4,806 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-54683NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6/17/2026
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6/17/2026
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects6/17/2026
MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature6/12/2026
HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion6/12/2026
HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification6/12/2026
HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length6/12/2026
MEDIUM4.8Netty: QUIC stateless reset token material exposed through header-visible connection IDs6/12/2026
MEDIUM5.3Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted6/12/2026
MEDIUM6.5GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6/12/2026
HIGH7.2GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page6/12/2026
HIGH7.2GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection6/11/2026
HIGH7.5Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion6/11/2026
MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion6/11/2026
HIGH7.5Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator6/11/2026
HIGH7.5Acknowledgement extension out of memory6/10/2026
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description6/10/2026
HIGH8.1In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization6/10/2026
MEDIUM6.5In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header6/10/2026

Page 1 of 193Next →