VulnScope — package-centric CVE lookup

Search

875 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
CRITICAL9.1Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
CRITICAL9.6GlassFish's gadget handler is vulnerable to RCE5/19/2026
CRITICAL9.1GlassFish's Administration Console is Vulnerable to RCE5/19/2026
CRITICAL9.8Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering5/19/2026
CRITICAL9.8EPSS 0.05%Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy5/13/2026
CRITICAL9.1EPSS 0.03%Security feature bypass vulnerability in Azure Key Vault Keys library for Java5/12/2026
CRITICAL9.1EPSS 0.10%Apache Tomcat: Security constraints not correctly applied5/12/2026
CRITICAL9.8EPSS 0.14%Apache Tomcat: Digest authenticator will authenticate any unknown user5/12/2026
CRITICAL9.8EPSS 0.25%Apache Tomcat: HTTP/2 request headers not validated5/12/2026
CRITICAL9.1EPSS 0.01%sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)5/12/2026
CRITICAL9.1EPSS 0.03%Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation5/11/2026
CRITICAL9.1EPSS 0.14%Spring Cloud Config vulnerable to Path Traversal5/7/2026
CRITICAL9.1EPSS 0.30%Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users5/6/2026
CRITICAL9.1EPSS 0.11%Apache Wicket has a Session Fixation issue5/6/2026
CRITICAL9.0EPSS 0.01%ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases5/5/2026
CRITICAL10.0EPSS 0.13%Eclipse BaSyx Java Server SDK vulnerable to Path Traversal5/5/2026
CRITICAL9.0EPSS 0.10%Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns5/4/2026
CRITICAL9.1EPSS 0.06%OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange5/4/2026
CRITICAL9.9EPSS 0.12%Apache Polaris has an Improper Input Validation issue5/4/2026
CRITICAL9.9EPSS 0.11%Apache Polaris has an Improper Input Validation issue5/4/2026
CRITICAL9.9EPSS 0.11%Apache Polaris has an Improper Input Validation Issue5/4/2026
CRITICAL9.9EPSS 0.10%Apache Polaris has an Improper Input Validation Issue5/4/2026
CRITICAL9.8EPSS 0.64%Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest5/4/2026

Page 1 of 35Next →