VulnScope — package-centric CVE lookup
LOW3.7 CVE-2026-40969 EPSS 0.06% Spring gRPC AuthenticationException messages are reflected to remote client 4/28/2026 LOW2.2 EPSS 0.05% Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4) 4/23/2026 LOW3.7 EPSS 0.07% Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider 4/22/2026 LOW3.7 EPSS 0.03% ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint 4/16/2026 LOW2.9 EPSS 0.01% libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. 4/16/2026 LOW3.5 EPSS 0.04% DbGate has cross site scripting via the SVG Icon String Handler component 4/13/2026 LOW3.7 EPSS 0.08% OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths 4/9/2026 LOW3.7 EPSS 0.02% LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter 4/8/2026 LOW3.7 EPSS 0.03% Parse Server has a login timing side-channel reveals user existence 4/8/2026 LOW3.7 EPSS 0.04% OpenClaw: Shared-secret comparison call sites leaked length information through timing 4/7/2026 LOW2.8 EPSS 0.01% Electron: Crash in clipboard.readImage() on malformed clipboard image data 4/7/2026 LOW3.7 EPSS 0.01% Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim 4/6/2026 LOW2.3 EPSS 0.02% Electron: Use-after-free in offscreen shared texture release() callback 4/3/2026 LOW3.7 EPSS 0.08% OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting 4/3/2026 LOW3.9 EPSS 0.01% Electron: Unquoted executable path in app.setLoginItemSettings on Windows 4/3/2026 LOW3.3 EPSS 0.01% Electron: USB device selection not validated against filtered device list 4/3/2026 LOW3.3 EPSS 0.01% An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissi… 3/30/2026 LOW3.3 EPSS 0.01% A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, wh… 3/30/2026 LOW3.7 EPSS 0.03% OpenClaw may have stale policy enforcement for queued node actions 3/26/2026 LOW3.1 EPSS 0.01% Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation 3/26/2026 LOW3.7 EPSS 0.03% NGINX ngx_mail_proxy_module vulnerability 3/24/2026 LOW3.7 EPSS 0.02% Keycloak's identity-first login flow exposes user information 3/23/2026 LOW3.7 EPSS 0.02% h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes 3/20/2026 LOW2.6 EPSS 0.09% Spring MVC and WebFlux has Server Sent Event stream corruption 3/20/2026 LOW2.7 EPSS 0.03% StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens 3/16/2026