VulnScope — package-centric CVE lookup

Search

3,715 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-54683NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6/17/2026
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6/17/2026
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects6/17/2026
CRITICAL9.1Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks6/17/2026
CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure6/17/2026
MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature6/12/2026
MEDIUM4.8Netty: QUIC stateless reset token material exposed through header-visible connection IDs6/12/2026
MEDIUM5.3Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted6/12/2026
MEDIUM6.5GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6/12/2026
MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion6/11/2026
MEDIUM6.5In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header6/10/2026
MEDIUM5.3Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced6/8/2026
MEDIUM6.8Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port6/8/2026
MEDIUM4.0Netty: Unix-socket fd receive leaks descriptors when peer sends two at once6/8/2026
MEDIUM6.5epa4all-client: Unauthenticated REST API for Patient Record Writes6/4/2026
CRITICAL9.1Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
CRITICAL9.1Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
MEDIUM6.5Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
MEDIUM6.4Keycloak: Insufficient verification proof scoping enables identity provider account linking attack and account compromise5/20/2026
MEDIUM5.5fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode5/19/2026

Page 1 of 149Next →