VulnScope — package-centric CVE lookup

Search

525 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.1CVE-2026-2366EPSS 0.01%Keycloak vulnerable to authorization bypass via the Admin API3/12/2026
LOW2.7EPSS 0.01%Keycloak: Information disclosure of disabled user attributes via administrative endpoint3/11/2026
LOW3.7EPSS 0.14%org.eclipse.jetty:jetty-http has different parsing of invalid URIs3/5/2026
LOW3.7EPSS 0.01%Potential incorrect permissions on newly created file system objects3/3/2026
LOW3.1EPSS 0.01%Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass2/27/2026
LOW3.3EPSS 0.01%Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner2/27/2026
LOW3.1EPSS 0.04%wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data2/26/2026
LOW3.8EPSS 0.03%Keycloak: Missing Check on Disabled Client for Docker Registry Protocol2/19/2026
LOW3.7EPSS 0.16%Apache Tomcat: Security constraint bypass with HTTP/0.92/17/2026
LOW3.7EPSS 0.02%LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages2/11/2026
LOW2.5EPSS 0.01%Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability2/10/2026
LOW2.7EPSS 0.01%Keycloak Server-Side Request Forgery (SSRF) vulnerability2/2/2026
LOW2.7EPSS 0.01%Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes2/2/2026
LOW3.2EPSS 0.01%Llama Stack exposes secret in initialization log1/30/2026
LOW3.1EPSS 0.02%Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods1/26/2026
LOW3.7EPSS 0.04%Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector1/26/2026
LOW3.7EPSS 0.07%FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection1/21/2026
LOW2.7EPSS 0.01%Keycloak Admin REST API exposes backend schema and rules1/21/2026
LOW3.1EPSS 0.01%Keycloak does not validate and update refresh token usage atomically1/21/2026
LOW3.7EPSS 0.01%Keycloak has an improper input validation vulnerability1/15/2026
LOW2.5EPSS 0.01%Weblate command-line client susceptible to SSL verification skip1/12/2026
LOW3.3EPSS 0.01%AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability1/11/2026
LOW3.3EPSS 0.01%LIEF is vulnerable to segmentation fault1/10/2026
LOW3.5EPSS 0.04%Jenkins has a CSRF vulnerability on the login form12/10/2025
LOW2.7EPSS 0.01%Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions12/10/2025

← PrevPage 3 of 21Next →