VulnScope — package-centric CVE lookup

Search

5,284 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.1CVE-2026-48152Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL6/12/2026
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema6/12/2026
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection6/12/2026
HIGH7.3Vim is an open source, command line text editor.6/11/2026
HIGH7.5Vim is an open source, command line text editor.6/11/2026
HIGH7.1WsgiDAV encoded dot segments can escape filesystem share roots6/11/2026
HIGH7.5@grpc/grpc-js: A malformed request can cause a server crash6/11/2026
HIGH7.5@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash6/11/2026
HIGH8.8OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri6/11/2026
HIGH8.1Litestar has HTML Injection Through its CSRF Token6/10/2026
HIGH7.5Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied i…6/9/2026
HIGH7.5Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…6/9/2026
HIGH7.5Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen str…6/9/2026
HIGH7.5Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…6/9/2026
HIGH7.4Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentic…6/9/2026
HIGH7.5Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frame…6/9/2026
HIGH8.1Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…6/9/2026
HIGH8.2FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading6/8/2026
HIGH8.0MariaDB server is a community developed fork of MySQL server.6/7/2026
HIGH8.0MariaDB server is a community developed fork of MySQL server.6/7/2026
HIGH8.0MariaDB server is a community developed fork of MySQL server.6/7/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection6/5/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments6/5/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes6/5/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs6/5/2026

Page 1 of 212Next →