VulnScope — package-centric CVE lookup

Search

3,931 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0CVE-2026-55203HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing value…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, fo…6/17/2026
CRITICAL9.1Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks6/17/2026
CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure6/17/2026
CRITICAL9.6Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a…6/17/2026
CRITICAL9.1Mitigation bypass in the DOM: Security component.6/16/2026
CRITICAL9.1Same-origin policy bypass in the Networking: Cookies component.6/16/2026
CRITICAL9.6Sandbox escape due to incorrect boundary conditions in the Networking component.6/16/2026
CRITICAL9.6Sandbox escape in the DOM: Navigation component.6/16/2026
CRITICAL9.6Sandbox escape in the DOM: Workers component.6/16/2026
CRITICAL9.1Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.6/15/2026
CRITICAL9.1Socket versions before 2.041 for Perl have an out-of-bounds heap read.6/15/2026
CRITICAL9.6Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the rendere…6/11/2026
CRITICAL9.8GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle.6/10/2026
CRITICAL9.8Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification.6/9/2026
CRITICAL9.1Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fi…6/9/2026
CRITICAL9.3In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the…6/9/2026
CRITICAL9.8In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The…6/9/2026
CRITICAL9.1Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex…6/9/2026
CRITICAL9.1EPSS 0.40%Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks.6/9/2026
CRITICAL9.6Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform…6/9/2026
CRITICAL9.6Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via…6/9/2026
CRITICAL9.6Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape…6/9/2026
CRITICAL9.6Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox…6/9/2026

Page 1 of 158Next →