Search

2,566 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-44596Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3CVE-2026-44595Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3CVE-2026-42568Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
MEDIUM5.5CVE-2026-45581fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode5/19/2026
MEDIUM5.3CVE-2026-45292EPSS 0.04%OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation5/14/2026
MEDIUM5.3CVE-2026-45205EPSS 0.13%Apache Commons Configuration: StackOverflowError for YAML input with cycles5/14/2026
MEDIUM5.3CVE-2026-6860EPSS 0.01%Vert.x has a DoS via unbounded server-side SNI SslContext cache growth5/9/2026
MEDIUM6.1CVE-2023-42345EPSS 0.07%Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp5/8/2026
MEDIUM6.1CVE-2023-42343EPSS 0.19%Alkacon OpenCms is vulnerable to XSS via cmis-online/type5/8/2026
MEDIUM4.4CVE-2026-41004EPSS 0.01%Spring Cloud Config Server Logged Sensitive Information5/7/2026
MEDIUM5.3CVE-2026-44248EPSS 0.02%Netty MQTT: Resource exhaustion in MqttDecoder5/7/2026
MEDIUM6.8CVE-2026-42586EPSS 0.01%Netty Redis Codec Encoder has a CRLF Injection Issue5/7/2026
MEDIUM6.5CVE-2026-42585EPSS 0.01%Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding5/7/2026
MEDIUM5.8CVE-2026-42581EPSS 0.02%Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization5/7/2026
MEDIUM6.5CVE-2026-42580EPSS 0.02%Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing5/7/2026
MEDIUM6.5CVE-2026-43975EPSS 0.62%Apache Wicket has a Path Traversal issue5/6/2026
MEDIUM6.1CVE-2026-42509EPSS 0.18%Apache Wicket has a Cross-site Scripting issue5/6/2026
MEDIUM4.4CVE-2026-42140EPSS 0.03%XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter5/5/2026
MEDIUM5.3CVE-2026-41417EPSS 0.02%Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection5/5/2026
MEDIUM6.5CVE-2026-42404EPSS 0.04%Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API5/1/2026
MEDIUM5.4CVE-2026-36766EPSS 0.03%Shopizer is vulnerable to Cross-site Scripting4/30/2026
MEDIUM5.4CVE-2026-7500EPSS 0.03%Keycloak has a Forced Browsing issue4/30/2026
MEDIUM4.3CVE-2026-42525EPSS 0.04%Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability4/29/2026
MEDIUM4.3CVE-2026-42522EPSS 0.02%Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test4/29/2026
MEDIUM6.5CVE-2026-42521EPSS 0.08%Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors4/29/2026

Page 1 of 103Next →