VulnScope — package-centric CVE lookup

Search

649 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.8CVE-2026-11526GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle.6/10/2026
CRITICAL9.8Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification.6/9/2026
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…6/9/2026
CRITICAL9.1Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fi…6/9/2026
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…6/9/2026
CRITICAL9.1Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex…6/9/2026
CRITICAL9.8MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL6/7/2026
CRITICAL9.8MariaDB: mysql_real_escape_string() incorrectly handled big56/7/2026
LOW3.17-Zip is a file archiver with a high compression ratio.5/29/2026
CRITICAL9.0EPSS 0.39%A flaw was found in Samba.5/26/2026
CRITICAL9.8EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
CRITICAL10.0EPSS 0.03%NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.5/20/2026
CRITICAL9.8EPSS 0.32%NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and…5/20/2026
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
CRITICAL9.8EPSS 0.10%NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (fo…5/19/2026
CRITICAL9.8EPSS 0.13%A flaw was found in gnutls.5/7/2026
CRITICAL9.8EPSS 0.02%Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()5/5/2026
LOW3.7EPSS 0.02%A flaw was found in gnutls.4/30/2026
CRITICAL9.1EPSS 0.10%A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow du…4/30/2026
LOW3.7EPSS 0.04%A flaw was found in gnutls.4/30/2026
CRITICAL9.8EPSS 0.07%PJSIP is a free and open source multimedia communication library written in C.4/21/2026
CRITICAL9.8EPSS 0.02%Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption4/16/2026
LOW2.9EPSS 0.01%libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.4/16/2026
CRITICAL9.8EPSS 0.02%Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs4/8/2026
CRITICAL9.1EPSS 0.03%Botan is a C++ cryptography library.4/7/2026

Page 1 of 26Next →