VulnScope — package-centric CVE lookup- HIGH7.1CVE-2026-47214Docling: Unsafe URI and Path Handling in HTML Backend
- MEDIUM5.5Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
- HIGH7.5Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
- MEDIUM5.5Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
- HIGH8.2Docling: Unsafe Playwright-based HTML Rendering
- MEDIUM6.3malla: Stored XSS via Meshtastic node names in multiple frontend pages
- MEDIUM6.4AIOHTTP is Vulnerable to Deserialization of Untrusted Data
- HIGH7.5Docling: Unsafe Zip Extraction in EasyOCR Model Download
- MEDIUM5.3Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware
- MEDIUM4.3Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie
- MEDIUM5.3Potential exposure of private data via whitespace padding in Vary header
- MEDIUM6.1OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
- HIGH7.5AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
- HIGH8.1praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}
- HIGH8.3praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR
- MEDIUM6.5praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}
- HIGH8.1praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR
- HIGH8.1praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR
- LOW3.1EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access
- MEDIUM6.5EPSS 0.05%Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
- MEDIUM5.9EPSS 0.02%Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy
- MEDIUM6.5EPSS 0.04%Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response
- HIGH8.1praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
- HIGH7.6praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)
- HIGH8.1praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks
← PrevPage 2 of 163Next →