Search

24,513 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.8CVE-2026-49298Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments6/5/2026
HIGH7.3CVE-2026-45360Apache Airflow: Arbitrary import in custom deadline-reference deserialization6/5/2026
HIGH8.8CVE-2026-42359Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator6/5/2026
HIGH7.5CVE-2026-41084Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation6/5/2026
LOW3.1CVE-2026-40963Apache Airflow: DAG authorization bypass on /ui/structure/structure_data6/5/2026
HIGH7.2CVE-2026-40961Apache Airflow: Open Redirect Bypass Vulnerability6/5/2026
HIGH8.8CVE-2026-49443authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API6/5/2026
LOW3.7CVE-2026-48011Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames6/4/2026
HIGH7.5CVE-2026-34077React Router vulnerable to Denial of Service via reflected user input in single-fetch6/4/2026
HIGH7.6CVE-2026-45337Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending6/4/2026
HIGH7.5CVE-2026-44496Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection6/4/2026
HIGH7.5CVE-2026-44488Allocation of Resources Without Limits or Throttling in Axios6/4/2026
HIGH7.5CVE-2026-44486Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection6/4/2026
HIGH8.8CVE-2026-49143EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler6/3/2026
HIGH7.5CVE-2026-42342EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint6/3/2026
HIGH8.1CVE-2026-42211EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE6/3/2026
HIGH7.6CVE-2026-41234Froxlor: BIND Zone File Injection via TXT Record Content6/3/2026
HIGH8.0CVE-2026-33245EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets6/3/2026
LOW3.7CVE-2026-44546daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processi…6/3/2026
HIGH7.5CVE-2026-50031ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages.6/3/2026
HIGH7.5CVE-2026-42504EPSS 0.04%Quadratic complexity in WordDecoder.DecodeHeader in mime6/2/2026
LOW3.3CVE-2026-10528EPSS 0.01%A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11.6/2/2026
LOW3.3CVE-2026-10298EPSS 0.01%A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2.6/1/2026
HIGH8.8CVE-2026-49157EPSS 0.06%Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default6/1/2026
HIGH8.1CVE-2026-42588EPSS 0.06%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector6/1/2026

Page 1 of 981Next →