VulnScope — package-centric CVE lookup

Search

92 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2026-42768Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…6/9/2026
LOW3.7CVE-2026-42770Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…6/9/2026
LOW3.17-Zip is a file archiver with a high compression ratio.5/29/2026
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
LOW3.7EPSS 0.02%A flaw was found in gnutls.4/30/2026
LOW3.7EPSS 0.04%A flaw was found in gnutls.4/30/2026
LOW2.9EPSS 0.01%libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.4/16/2026
LOW3.3EPSS 0.01%An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissi…3/30/2026
LOW3.3EPSS 0.01%A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, wh…3/30/2026
LOW3.7EPSS 0.03%NGINX ngx_mail_proxy_module vulnerability3/24/2026
LOW2.2EPSS 0.01%Vim is an open source, command line text editor.2/27/2026
LOW2.9EPSS 0.03%In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run.1/28/2026
LOW2.5EPSS 0.01%In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.1/23/2026
LOW3.1EPSS 0.10%When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authen…1/8/2026
LOW3.1EPSS 0.06%PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege11/13/2025
LOW3.6EPSS 0.06%ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.10/6/2025
LOW3.6EPSS 0.01%ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leadi…10/6/2025
LOW3.1EPSS 0.05%PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table8/14/2025
LOW3.7EPSS 0.43%In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaint…7/20/2025
LOW3.6EPSS 0.04%git - security update7/10/2025
LOW2.5EPSS 0.04%A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.6/16/2025
LOW3.7EPSS 0.56%In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocate…5/19/2025
LOW2.5EPSS 0.04%In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequ…4/23/2025
LOW3.3EPSS 0.07%In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.4/23/2025
LOW3.8EPSS 0.23%openssh - security update4/10/2025

Page 1 of 4Next →