VulnScope — package-centric CVE lookup

Search

22,823 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0CVE-2026-55203HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
MEDIUM5.3A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame.6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
MEDIUM5.3joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.6/17/2026
MEDIUM5.9Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00,…6/17/2026
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass6/17/2026
LOW3.7Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets.6/17/2026
LOW3.7Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring,…6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.9libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO hand…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing value…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, fo…6/17/2026
MEDIUM4.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names6/17/2026
LOW3.1Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage…6/17/2026
MEDIUM4.2Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromise…6/17/2026
MEDIUM6.5Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive in…6/17/2026
MEDIUM4.7Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the r…6/17/2026
MEDIUM4.2Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the rende…6/17/2026
MEDIUM6.5Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive…6/17/2026
MEDIUM4.3Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via…6/17/2026
MEDIUM4.2Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a m…6/17/2026
MEDIUM4.2Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised…6/17/2026
MEDIUM4.3Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a craf…6/17/2026

Page 1 of 913Next →