Search

28,831 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.8CVE-2026-49298Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments6/5/2026
HIGH7.3CVE-2026-45360Apache Airflow: Arbitrary import in custom deadline-reference deserialization6/5/2026
HIGH8.8CVE-2026-42359Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator6/5/2026
CRITICAL9.1CVE-2026-42252Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern6/5/2026
HIGH7.5CVE-2026-41084Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation6/5/2026
HIGH7.2CVE-2026-40961Apache Airflow: Open Redirect Bypass Vulnerability6/5/2026
CRITICAL9.8CVE-2026-49448authentik: SourceStage bypass via empty POST6/5/2026
HIGH8.8CVE-2026-49443authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API6/5/2026
CRITICAL9.3CVE-2026-42849authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover6/5/2026
HIGH7.5CVE-2026-34077React Router vulnerable to Denial of Service via reflected user input in single-fetch6/4/2026
HIGH7.6CVE-2026-45337Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending6/4/2026
HIGH7.5CVE-2026-44496Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection6/4/2026
HIGH7.5CVE-2026-44488Allocation of Resources Without Limits or Throttling in Axios6/4/2026
HIGH7.5CVE-2026-44486Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection6/4/2026
HIGH8.8CVE-2026-49143EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler6/3/2026
HIGH7.5CVE-2026-42342EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint6/3/2026
HIGH8.1CVE-2026-42211EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE6/3/2026
HIGH7.6CVE-2026-41234Froxlor: BIND Zone File Injection via TXT Record Content6/3/2026
HIGH8.0CVE-2026-33245EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets6/3/2026
HIGH7.5CVE-2026-50031ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages.6/3/2026
HIGH7.5CVE-2026-42504EPSS 0.04%Quadratic complexity in WordDecoder.DecodeHeader in mime6/2/2026
HIGH8.8CVE-2026-49157EPSS 0.06%Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default6/1/2026
HIGH8.1CVE-2026-42588EPSS 0.06%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector6/1/2026
HIGH8.8CVE-2026-45505EPSS 0.10%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass6/1/2026
HIGH7.8CVE-2026-43958EPSS 0.01%A flaw was found in rrdcached, a component of rrdtool.6/1/2026

Page 1 of 1154Next →