VulnScope — package-centric CVE lookup

Search

5,770 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0CVE-2026-55203HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module6/18/2026
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing6/18/2026
CRITICAL9.8python-statemachine SCXML <data expr> Eval Injection6/18/2026
LOW3.7Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets.6/17/2026
LOW3.7Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring,…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing value…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, fo…6/17/2026
CRITICAL9.3Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak6/17/2026
CRITICAL9.1Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory6/17/2026
CRITICAL9.1Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks6/17/2026
CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure6/17/2026
LOW3.1Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage…6/17/2026
CRITICAL9.6Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a…6/17/2026
CRITICAL9.8Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API6/16/2026
CRITICAL9.1vLLM: OpenAI auth bypass6/16/2026
CRITICAL9.6Langflow: Unauthenticated RCE in Shareable Playgrounds6/16/2026
CRITICAL9.1Mitigation bypass in the DOM: Security component.6/16/2026
CRITICAL9.1Same-origin policy bypass in the Networking: Cookies component.6/16/2026
CRITICAL9.6Sandbox escape due to incorrect boundary conditions in the Networking component.6/16/2026
CRITICAL9.6Sandbox escape in the DOM: Navigation component.6/16/2026
CRITICAL9.6Sandbox escape in the DOM: Workers component.6/16/2026
CRITICAL9.1Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.6/15/2026
CRITICAL9.1Socket versions before 2.041 for Perl have an out-of-bounds heap read.6/15/2026

Page 1 of 231Next →