VulnScope — package-centric CVE lookup

Search

6,083 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM4.4CVE-2026-55650Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure6/19/2026
MEDIUM6.1Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering6/19/2026
MEDIUM6.2Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read6/19/2026
MEDIUM5.3NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)6/19/2026
CRITICAL9.9Network-AI: Improper Neutralization of Special Elements used in an OS Command6/19/2026
CRITICAL9.1Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests6/19/2026
MEDIUM5.3ts-deepmerge: Prototype Method Override leads to DoS6/19/2026
MEDIUM5.8Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints6/18/2026
CRITICAL9.8gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)6/18/2026
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment6/18/2026
MEDIUM4.2OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers6/18/2026
MEDIUM6.5OpenClaw: memory-wiki shared search could miss session visibility checks6/18/2026
MEDIUM5.5OpenClaw: Config recovery could restore openclaw.json with broad file permissions6/18/2026
MEDIUM4.3OpenClaw: Skill-command dispatch could skip before-tool-call hooks6/18/2026
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links6/18/2026
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings6/18/2026
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes6/18/2026
MEDIUM6.5OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently6/18/2026
MEDIUM4.3OpenClaw: Exec allowlist could miss side effects from transparent command wrappers6/18/2026
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM6.6OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
MEDIUM5.9undici vulnerable to HTTP header injection via Set-Cookie percent-decoding6/17/2026
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass6/17/2026
LOW3.7undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse6/17/2026

Page 1 of 244Next →