Search

6,602 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.5CVE-2026-44022Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands6/3/2026
MEDIUM6.5CVE-2026-47411praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}6/1/2026
LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access6/1/2026
MEDIUM6.5CVE-2026-42360EPSS 0.05%Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking6/1/2026
MEDIUM5.9CVE-2026-41017EPSS 0.02%Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy6/1/2026
MEDIUM6.5CVE-2026-45192EPSS 0.04%Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response6/1/2026
MEDIUM6.5CVE-2026-47408praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership5/29/2026
MEDIUM5.5CVE-2026-47395PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context5/29/2026
MEDIUM5.5CVE-2026-47390PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings5/29/2026
MEDIUM6.5CVE-2026-47213BoxLite has a Timeout Bypass Vulnerability5/29/2026
MEDIUM6.5CVE-2026-47184zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood5/29/2026
MEDIUM6.5CVE-2026-47183zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion5/29/2026
MEDIUM6.5CVE-2026-47180zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service5/29/2026
MEDIUM5.5CVE-2026-47144Shamefile has an arbitrary file read via shamefile.yaml in shame next5/28/2026
MEDIUM5.0CVE-2026-46526EPSS 0.03%local-deep-research has an SSRF bypass in `safe_get`5/28/2026
MEDIUM6.7CVE-2026-46380compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem5/28/2026
MEDIUM5.3CVE-2026-48525EPSS 0.05%PyJWT is a JSON Web Token implementation in Python.5/28/2026
LOW3.7CVE-2026-48524EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.5/28/2026
MEDIUM5.4CVE-2026-48523EPSS 0.01%PyJWT is a JSON Web Token implementation in Python.5/28/2026
MEDIUM4.2CVE-2026-48522EPSS 0.03%PyJWT is a JSON Web Token implementation in Python.5/28/2026
MEDIUM6.5CVE-2026-2340EPSS 0.07%A flaw was found in Samba’s vfs_worm module.5/27/2026
MEDIUM6.5CVE-2026-44596Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3CVE-2026-44595Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3CVE-2026-42568Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
MEDIUM5.3CVE-2026-42015EPSS 0.25%A flaw was found in gnutls.5/26/2026

Page 1 of 265Next →