VulnScope — package-centric CVE lookup
LOW3.4 CVE-2025-68467 EPSS 0.02% Dark Reader gives users the ability to request style sheets from local web servers 3/4/2026 LOW3.7 EPSS 0.04% OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups 3/3/2026 LOW3.3 EPSS 0.02% @tootallnate/once vulnerable to Incorrect Control Flow Scoping 3/3/2026 LOW2.6 EPSS 0.04% OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows 3/2/2026 LOW3.3 EPSS 0.02% OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read 3/2/2026 LOW3.7 EPSS 0.04% OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage 3/2/2026 LOW2.2 EPSS 0.01% Vim is an open source, command line text editor. 2/27/2026 LOW3.1 EPSS 0.01% Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass 2/27/2026 LOW3.3 EPSS 0.01% Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner 2/27/2026 LOW3.6 EPSS 0.02% OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags 2/19/2026 LOW3.8 EPSS 0.03% Keycloak: Missing Check on Disabled Client for Docker Registry Protocol 2/19/2026 LOW3.7 EPSS 0.16% Apache Tomcat - Security constraint bypass with HTTP/0.9 2/17/2026 LOW3.7 EPSS 0.04% OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions 2/17/2026 LOW3.7 EPSS 0.05% qs's arrayLimit bypass in comma parsing allows denial of service 2/12/2026 LOW2.9 EPSS 0.01% ajv has ReDoS when using `$data` option 2/11/2026 LOW2.5 EPSS 0.01% Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability 2/10/2026 LOW3.7 EPSS 0.01% webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior 2/5/2026 LOW3.7 EPSS 0.01% webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence 2/5/2026 LOW3.7 EPSS 0.02% Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream 2/2/2026 LOW2.7 EPSS 0.01% Keycloak Server-Side Request Forgery (SSRF) vulnerability 2/2/2026 LOW2.7 EPSS 0.01% Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes 2/2/2026 LOW2.9 EPSS 0.03% In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. 1/28/2026 LOW3.1 EPSS 0.02% Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods 1/26/2026 LOW3.7 EPSS 0.04% Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector 1/26/2026 LOW2.5 EPSS 0.01% In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. 1/23/2026