Search

4,307 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.3CVE-2026-5223EPSS 0.07%Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…5/25/2026
MEDIUM6.5CVE-2026-5222EPSS 0.03%Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.5/25/2026
MEDIUM5.3CVE-2026-8723EPSS 0.04%qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set5/22/2026
CRITICAL9.6CVE-2026-46703OCI layer symlink escape → arbitrary host write5/21/2026
CRITICAL10.0CVE-2026-46695Read-only volume remount bypass via guest CAP_SYS_ADMIN5/21/2026
MEDIUM5.8CVE-2026-46552NocoDB: Shared-base link access can invite arbitrary users as persistent base members5/21/2026
MEDIUM6.5CVE-2026-46551NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion5/21/2026
MEDIUM5.4CVE-2026-46550NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags5/21/2026
MEDIUM4.3CVE-2026-46548NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)5/21/2026
MEDIUM6.1CVE-2026-46547NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL5/21/2026
MEDIUM5.3CVE-2026-5950EPSS 0.14%An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenti…5/20/2026
MEDIUM5.9CVE-2026-5947EPSS 0.04%Undefined behavior may result due to a race condition leading to a use-after-free violation.5/20/2026
CRITICAL9.8CVE-2026-3593EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
MEDIUM5.3CVE-2026-3592EPSS 0.02%BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.5/20/2026
MEDIUM5.5CVE-2026-43620EPSS 0.02%Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…5/20/2026
MEDIUM6.3CVE-2026-43619EPSS 0.01%Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…5/20/2026
MEDIUM4.8CVE-2026-43617EPSS 0.01%Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…5/20/2026
CRITICAL10.0CVE-2026-46412Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm5/19/2026
MEDIUM6.5CVE-2026-46357HAX CMS: Denial of Service using Malicious Import Request5/19/2026
CRITICAL9.8CVE-2026-45772EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection5/19/2026
CRITICAL10.0CVE-2026-463399router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes5/19/2026
MEDIUM6.1CVE-2026-46341Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching5/19/2026
MEDIUM4.2CVE-2026-46424EPSS 0.04%Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour5/19/2026
MEDIUM5.3CVE-2026-45740EPSS 0.06%protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion5/19/2026
MEDIUM6.5CVE-2026-23557EPSS 0.01%Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.5/19/2026

← PrevPage 2 of 173Next →