VulnScope — package-centric CVE lookup

Search

6,136 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-54683NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module6/18/2026
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102846/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
MEDIUM6.1marimo contains a reflected cross-site scripting vulnerability in the notebook page6/18/2026
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names6/17/2026
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6/17/2026
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6/17/2026
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects6/17/2026
MEDIUM5.3Open WebUI: Any authenticated user can read other users' private notes via Socket.IO6/17/2026
MEDIUM6.3Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter6/17/2026
MEDIUM6.5Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode6/17/2026
MEDIUM4.3Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration6/17/2026
MEDIUM6.4Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion6/17/2026
MEDIUM4.3Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}6/17/2026
MEDIUM6.5Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field6/17/2026
MEDIUM4.3Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar6/17/2026
MEDIUM6.5vLLM: OOM Denial of Service via Audio Decompression Bomb6/17/2026
MEDIUM4.8vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations6/17/2026
MEDIUM5.4OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints6/16/2026
MEDIUM6.1yt-dlp: File Downloader cookie leak with curl6/16/2026
MEDIUM6.1Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read6/16/2026
MEDIUM6.5Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint6/16/2026
MEDIUM5.3Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`6/15/2026
MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature6/12/2026

Page 1 of 246Next →