VulnScope — package-centric CVE lookup

Search

23,558 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.1CVE-2026-53765Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory6/17/2026
MEDIUM4.4Pi Agent: Pi loads project-local extensions without approval6/17/2026
LOW2.2Pi Agent: Race condition in Pi auth.json writes could expose stored credentials6/17/2026
LOW3.1Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage…6/17/2026
MEDIUM4.2Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromise…6/17/2026
MEDIUM6.5Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive in…6/17/2026
MEDIUM4.7Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the r…6/17/2026
MEDIUM4.2Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the rende…6/17/2026
MEDIUM6.5Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive…6/17/2026
MEDIUM4.3Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via…6/17/2026
MEDIUM4.2Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a m…6/17/2026
MEDIUM4.2Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised…6/17/2026
MEDIUM4.3Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a craf…6/17/2026
MEDIUM5.5Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensiti…6/17/2026
MEDIUM6.1Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HT…6/17/2026
LOW2.5Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass6/16/2026
MEDIUM5.9n8n: Denial of Service via ZIP decompression in webhook workflow6/16/2026
MEDIUM5.4OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints6/16/2026
MEDIUM6.3n8n: Merge Node SQL Mode Prototype Pollution6/16/2026
MEDIUM5.4n8n: Prototype Pollution enables confused-deputy execution via public webhooks6/16/2026
MEDIUM4.2Astro: XSS via Unescaped Attribute Names in Spread Props6/16/2026
MEDIUM5.3@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config6/16/2026
MEDIUM6.5hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`6/16/2026
MEDIUM4.8hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest6/16/2026
MEDIUM5.9hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)6/16/2026

← PrevPage 3 of 943Next →