VulnScope — package-centric CVE lookup

Search

3,084 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.2CVE-2025-52465GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page6/12/2026
HIGH7.2GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection6/11/2026
HIGH7.5Acknowledgement extension out of memory6/10/2026
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description6/10/2026
HIGH8.1In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization6/10/2026
HIGH8.7Netty has Insufficient Bailiwick Validation for NS Records6/8/2026
HIGH7.5Netty: SCTP reassembly nests buffers without bound6/8/2026
HIGH8.7Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records6/8/2026
HIGH7.5Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes6/8/2026
HIGH7.5Netty's Default QUIC token handler accepts any client-supplied token6/8/2026
HIGH7.5Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length6/8/2026
HIGH7.5Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size6/8/2026
HIGH7.5Netty has Unbounded Direct Memory Consumption in its RedisDecoder6/8/2026
HIGH7.5Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays6/8/2026
HIGH8.1Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking6/8/2026
CRITICAL9.1Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
CRITICAL9.1Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
HIGH7.5XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests5/26/2026
HIGH8.3OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users5/21/2026
HIGH7.5Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service5/19/2026
CRITICAL9.6GlassFish's gadget handler is vulnerable to RCE5/19/2026
CRITICAL9.1GlassFish's Administration Console is Vulnerable to RCE5/19/2026
CRITICAL9.8Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering5/19/2026
HIGH7.1Keycloak: Access token disclosure and implicit flow bypass via forged client data5/19/2026

Page 1 of 124Next →