VulnScope — package-centric CVE lookup

Search

11,714 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.8CVE-2026-55591Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints6/18/2026
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment6/18/2026
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
MEDIUM4.2OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers6/18/2026
MEDIUM6.5OpenClaw: memory-wiki shared search could miss session visibility checks6/18/2026
MEDIUM5.5OpenClaw: Config recovery could restore openclaw.json with broad file permissions6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
MEDIUM4.3OpenClaw: Skill-command dispatch could skip before-tool-call hooks6/18/2026
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links6/18/2026
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings6/18/2026
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
MEDIUM6.5OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently6/18/2026
MEDIUM4.3OpenClaw: Exec allowlist could miss side effects from transparent command wrappers6/18/2026
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM6.6OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass6/18/2026
HIGH7.5http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`6/18/2026
HIGH8.1piscina: Prototype Pollution Gadget → RCE via inherited options.filename6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026

Page 1 of 469Next →