VulnScope — package-centric CVE lookup

Search

3,095 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.0CVE-2026-55225Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
CRITICAL9.1Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks6/17/2026
CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure6/17/2026
HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion6/12/2026
HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification6/12/2026
HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length6/12/2026
HIGH7.2GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page6/12/2026
HIGH7.2GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection6/11/2026
HIGH7.5Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion6/11/2026
HIGH7.5Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator6/11/2026
HIGH7.5Acknowledgement extension out of memory6/10/2026
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description6/10/2026
HIGH8.1In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization6/10/2026
HIGH8.7Netty has Insufficient Bailiwick Validation for NS Records6/8/2026
HIGH7.5Netty: SCTP reassembly nests buffers without bound6/8/2026
HIGH8.7Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records6/8/2026
HIGH7.5Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes6/8/2026
HIGH7.5Netty's Default QUIC token handler accepts any client-supplied token6/8/2026
HIGH7.5Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length6/8/2026
HIGH7.5Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size6/8/2026
HIGH7.5Netty has Unbounded Direct Memory Consumption in its RedisDecoder6/8/2026
HIGH7.5Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays6/8/2026

Page 1 of 124Next →