LOW2.2CVE-2026-54327Pi Agent: Race condition in Pi auth.json writes could expose stored credentials
LOW2.5Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass
LOW3.1React Router: Potential CSRF via PUT/PATCH/DELETE document requests
LOW3.2@babel/core: Arbitrary File Read via sourceMappingURL Comment
LOW3.5Papra HTTP redirect bypass can lead to SSRF via webhook delivery system
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
LOW3.17-Zip is a file archiver with a high compression ratio.
LOW2.0NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…
LOW3.7EPSS 0.10%Apache Tomcat: AJP secret compared in non-constant time
LOW3.7EPSS 0.01%Next.js's Middleware / Proxy redirects can be cache-poisoned
LOW3.7EPSS 0.01%Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
LOW3.8EPSS 0.02%Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()