VulnScope — package-centric CVE lookup

Search

5,885 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.9CVE-2026-54051Network-AI: Improper Neutralization of Special Elements used in an OS Command6/19/2026
CRITICAL9.1Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests6/19/2026
CRITICAL9.0HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
CRITICAL9.8gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)6/18/2026
LOW3.7undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse6/17/2026
LOW3.7undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing value…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, fo…6/17/2026
CRITICAL9.1Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks6/17/2026
CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure6/17/2026
LOW2.2Pi Agent: Race condition in Pi auth.json writes could expose stored credentials6/17/2026
LOW3.1Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage…6/17/2026
CRITICAL9.6Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a…6/17/2026
LOW2.5Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass6/16/2026
CRITICAL10.0n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions6/16/2026
CRITICAL9.9n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints6/16/2026
CRITICAL9.6n8n: Credential Exfiltration via Permission Bypass6/16/2026
CRITICAL9.0LobeHub: Unauthenticated SSRF in `/webapi/proxy`6/16/2026
CRITICAL9.9n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes6/16/2026
CRITICAL9.1Mitigation bypass in the DOM: Security component.6/16/2026
CRITICAL9.1Same-origin policy bypass in the Networking: Cookies component.6/16/2026
CRITICAL9.6Sandbox escape due to incorrect boundary conditions in the Networking component.6/16/2026
CRITICAL9.6Sandbox escape in the Security: Process Sandboxing component.6/16/2026
CRITICAL9.6Sandbox escape in the DOM: Navigation component.6/16/2026

Page 1 of 236Next →