VulnScope — package-centric CVE lookup

Search

14,418 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-54683NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module6/18/2026
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module6/18/2026
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing6/18/2026
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102846/18/2026
CRITICAL9.8python-statemachine SCXML <data expr> Eval Injection6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026
MEDIUM6.1marimo contains a reflected cross-site scripting vulnerability in the notebook page6/18/2026
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names6/17/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
CRITICAL9.3Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
HIGH8.4pdfkit: Path traversal in from_string6/17/2026
CRITICAL9.1Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory6/17/2026
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6/17/2026
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6/17/2026
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects6/17/2026
CRITICAL9.1Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks6/17/2026
CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure6/17/2026
MEDIUM5.3Open WebUI: Any authenticated user can read other users' private notes via Socket.IO6/17/2026
MEDIUM6.3Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter6/17/2026
MEDIUM6.5Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode6/17/2026

Page 1 of 577Next →