VulnScope — package-centric CVE lookup- HIGH8.7CVE-2026-47760TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs
- HIGH8.8DbGate: Remote Code Execution via functionName injection in loadReader endpoint
- HIGH7.7Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
- HIGH7.5React Router vulnerable to Denial of Service via reflected user input in single-fetch
- HIGH7.6Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending
- HIGH7.5Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
- HIGH7.5Allocation of Resources Without Limits or Throttling in Axios
- HIGH7.5Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection
- HIGH8.8EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler
- HIGH7.5EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
- HIGH8.1EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
- HIGH8.0EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
- HIGH7.5Apache HTTP Server: mod_http2 denial of service
- HIGH8.2DOMPurify XSS via selectedcontent re-clone
- HIGH8.6NodeVM network builtin exclusions bypass via internal _http_client and _http_server
- HIGH7.5EPSS 0.06%ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
- HIGH8.6vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
- HIGH8.7vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
- HIGH7.0axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
- HIGH8.7axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
- HIGH8.6axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
- LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
- HIGH8.7EPSS 0.03%HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint
- HIGH7.5FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations
- HIGH7.5LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
← PrevPage 2 of 151Next →