Search

121 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW2.0CVE-2026-29184EPSS 0.01%@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass3/5/2026
LOW2.7CVE-2026-29185EPSS 0.01%Backstage vulnerable to potential reading of SCM URLs using built in token3/5/2026
LOW3.7CVE-2026-32067EPSS 0.04%OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access3/4/2026
LOW3.4CVE-2025-68467EPSS 0.02%Dark Reader gives users the ability to request style sheets from local web servers3/4/2026
LOW3.7CVE-2026-32028EPSS 0.04%OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups3/3/2026
LOW3.3CVE-2026-3449EPSS 0.02%@tootallnate/once vulnerable to Incorrect Control Flow Scoping3/3/2026
LOW2.6CVE-2026-32058EPSS 0.04%OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows3/2/2026
LOW3.3CVE-2026-32020EPSS 0.02%OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read3/2/2026
LOW3.7CVE-2026-31991EPSS 0.04%OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage3/2/2026
LOW3.6CVE-2026-31996EPSS 0.02%OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags2/19/2026
LOW3.7CVE-2026-24764EPSS 0.04%OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions2/17/2026
LOW3.7CVE-2026-2391EPSS 0.05%qs's arrayLimit bypass in comma parsing allows denial of service2/12/2026
LOW2.9CVE-2025-69873EPSS 0.01%ajv has ReDoS when using `$data` option2/11/2026
LOW3.7CVE-2025-68458EPSS 0.01%webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior2/5/2026
LOW3.7CVE-2025-68157EPSS 0.01%webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence2/5/2026
LOW3.7CVE-2026-25224EPSS 0.02%Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream2/2/2026
LOW3.5CVE-2026-24048EPSS 0.04%Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`1/21/2026
LOW3.7CVE-2026-23522EPSS 0.07%Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion1/20/2026
LOW3.7CVE-2026-22820EPSS 0.06%Outray cli is vulnerable to race conditions in tunnels creation1/13/2026
LOW3.5CVE-2026-0824EPSS 0.08%QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting1/10/2026
LOW3.7CVE-2025-15284EPSS 0.04%qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion12/30/2025
LOW3.3CVE-2025-13321EPSS 0.02%Mattermost Desktop App exposes sensitive information in its application logs12/17/2025
LOW3.7CVE-2025-67716EPSS 0.04%Improper Validation of Query Parameters in Auth0 Next.js SDK12/10/2025
LOW3.5CVE-2025-64757EPSS 0.02%Astro Development Server has Arbitrary Local File Read11/19/2025
LOW2.7CVE-2025-64745EPSS 0.03%Astro development server error page is vulnerable to reflected Cross-site Scripting11/13/2025

← PrevPage 2 of 5Next →