Search

2,190 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.5CVE-2026-48048XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests5/26/2026
HIGH8.3CVE-2026-46481OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users5/21/2026
HIGH7.5CVE-2026-45799Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service5/19/2026
HIGH7.5CVE-2026-45367HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint5/18/2026
HIGH7.4CVE-2026-45300async-http-client: Cookie header not stripped on cross-origin redirect5/18/2026
HIGH7.2CVE-2026-45609EPSS 0.04%Spring AI MCP Security: Unvalidated URL Fetching (SSRF)5/18/2026
HIGH7.3CVE-2026-8771EPSS 0.04%org.linlinjava:litemall-wx-api has an Injection issue5/18/2026
HIGH7.3CVE-2026-8759EPSS 0.03%Beetl's SpELFunction extension function has an expression injection risk5/17/2026
HIGH7.4CVE-2026-45575EPSS 0.01%Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client5/15/2026
HIGH8.1CVE-2026-35194EPSS 0.07%Apache Flink: Remote code execution via SQL injection in code generation5/15/2026
HIGH8.1CVE-2026-45574EPSS 0.01%epa4all-client: TLS Certificate Validation Disabled in Production5/15/2026
HIGH8.1CVE-2026-8178EPSS 0.03%Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading5/14/2026
LOW3.7CVE-2026-43514EPSS 0.10%Apache Tomcat - AJP secret compared in non-constant time5/12/2026
HIGH7.5CVE-2026-43513EPSS 0.08%Apache Tomcat: LockOutRealm treats user names as case-sensitive5/12/2026
HIGH7.3CVE-2026-42498EPSS 0.05%Apache Tomcat - WebSocket authentication header exposure5/12/2026
HIGH7.5CVE-2026-41284EPSS 0.05%Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling5/12/2026
HIGH8.2CVE-2026-41713EPSS 0.04%Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor5/12/2026
HIGH7.5CVE-2026-41712EPSS 0.04%Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage5/12/2026
HIGH7.6CVE-2026-44516EPSS 0.04%Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer5/11/2026
HIGH8.6CVE-2026-41705EPSS 0.03%Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs5/9/2026
HIGH8.1CVE-2026-44900EPSS 0.01%epa4all-client has a VAU Signature bypass5/8/2026
HIGH7.5CVE-2026-44714EPSS 0.01%bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass5/8/2026
HIGH8.8CVE-2026-39816EPSS 0.02%Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission5/8/2026
HIGH7.5CVE-2023-42346EPSS 0.08%Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host5/8/2026
HIGH7.3CVE-2023-42344EPSS 13.7%Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information5/8/2026

Page 1 of 88Next →