LOW3.7CVE-2026-42768Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…
LOW3.7EPSS 0.10%Apache Tomcat: AJP secret compared in non-constant time
LOW3.7EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
LOW2.4EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
LOW3.7EPSS 0.02%A flaw was found in gnutls.
LOW3.7EPSS 0.04%A flaw was found in gnutls.
LOW3.7EPSS 0.07%xxl-job has a Resource Injection issue
LOW3.7EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client
LOW3.7EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
LOW2.9EPSS 0.01%libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
LOW3.7EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim
LOW3.3EPSS 0.01%An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissi…
LOW3.3EPSS 0.01%A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, wh…
LOW3.1EPSS 0.01%Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation