Search

10,036 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

—CVE-2026-47708MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper6/4/2026
MEDIUM5.3CVE-2026-47676Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths6/4/2026
MEDIUM5.3CVE-2026-47674Hono: IP Restriction bypasses static deny rules for non-canonical IPv66/4/2026
MEDIUM4.3CVE-2026-47675Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection6/4/2026
MEDIUM4.8CVE-2026-47673Hono: JWT middleware accepts any Authorization scheme, not only Bearer6/4/2026
HIGH7.5CVE-2026-34077React Router vulnerable to Denial of Service via reflected user input in single-fetch6/4/2026
HIGH7.6CVE-2026-45337Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending6/4/2026
HIGH7.5CVE-2026-44496Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection6/4/2026
HIGH7.5CVE-2026-44488Allocation of Resources Without Limits or Throttling in Axios6/4/2026
—CVE-2026-44487Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter6/4/2026
HIGH7.5CVE-2026-44486Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection6/4/2026
HIGH8.8CVE-2026-49143EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler6/3/2026
MEDIUM6.5CVE-2026-49144EPSS 0.02%browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server6/3/2026
MEDIUM5.5CVE-2026-44022Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands6/3/2026
HIGH7.5CVE-2026-42342EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint6/3/2026
HIGH8.1CVE-2026-42211EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE6/3/2026
—CVE-2026-40181EPSS 0.04%React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation6/3/2026
HIGH8.0CVE-2026-33245EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets6/3/2026
MEDIUM5.4CVE-2026-33244EPSS 0.03%React Router has stored XSS via unescaped Location header in prerendered redirect HTML6/3/2026
—CVE-2024-52011EPSS 0.06%launch-editor vulnerable to command injection via the crafted request on Windows6/3/2026
—CVE-2026-47191kas checks out SHA-like git branches as valid commits6/1/2026
HIGH8.1CVE-2026-47412praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}6/1/2026
HIGH8.3CVE-2026-47415praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR6/1/2026
CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members6/1/2026
MEDIUM6.5CVE-2026-47411praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}6/1/2026

Page 1 of 402Next →