VulnScope — package-centric CVE lookup- CRITICAL9.1CVE-2026-32967Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
- CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
- CRITICAL9.1Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
- CRITICAL9.8Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
- CRITICAL9.1Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
- CRITICAL9.6GlassFish's gadget handler is vulnerable to RCE
- CRITICAL9.1GlassFish's Administration Console is Vulnerable to RCE
- CRITICAL9.8Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
- CRITICAL9.8EPSS 0.05%Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy
- CRITICAL9.1EPSS 0.03%Security feature bypass vulnerability in Azure Key Vault Keys library for Java
- CRITICAL9.1EPSS 0.10%Apache Tomcat: Security constraints not correctly applied
- LOW3.7EPSS 0.10%Apache Tomcat: AJP secret compared in non-constant time
- CRITICAL9.8EPSS 0.14%Apache Tomcat: Digest authenticator will authenticate any unknown user
- CRITICAL9.8EPSS 0.25%Apache Tomcat: HTTP/2 request headers not validated
- CRITICAL9.1EPSS 0.01%sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
- CRITICAL9.1EPSS 0.03%Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
- CRITICAL9.1EPSS 0.14%Spring Cloud Config vulnerable to Path Traversal
- CRITICAL9.1EPSS 0.30%Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users
- LOW3.7EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
- CRITICAL9.1EPSS 0.11%Apache Wicket has a Session Fixation issue
- CRITICAL9.0EPSS 0.01%ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases
- LOW2.4EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
- CRITICAL10.0EPSS 0.13%Eclipse BaSyx Java Server SDK vulnerable to Path Traversal
- CRITICAL9.0EPSS 0.10%Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
- CRITICAL9.1EPSS 0.06%OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange