Search

348 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access6/1/2026
LOW3.7CVE-2026-48524EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.5/28/2026
LOW3.7CVE-2026-45232EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
LOW3.1CVE-2026-45739Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs5/19/2026
LOW3.5CVE-2026-45316EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)5/14/2026
LOW3.1CVE-2026-44970dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction5/14/2026
LOW2.5CVE-2026-44969dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled5/14/2026
LOW3.3CVE-2026-8088EPSS 0.01%OSGeo gdal GDapi.c GDfieldinfo out-of-bounds5/7/2026
LOW3.5CVE-2026-42448EPSS 0.04%Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed5/6/2026
LOW3.4CVE-2026-44405EPSS 0.00%Paramiko rsakey.py allows the SHA-1 algorithm5/6/2026
LOW3.0CVE-2026-44218EPSS 0.01%ciguard: Container image runs as root (no USER directive)5/5/2026
LOW3.7CVE-2026-44219EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap5/5/2026
LOW3.7CVE-2026-42874EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()5/5/2026
LOW2.6CVE-2026-7847EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values5/5/2026
LOW2.6CVE-2026-7846EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API5/5/2026
LOW2.6CVE-2026-7845EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm5/5/2026
LOW3.7CVE-2026-3832EPSS 0.02%A flaw was found in gnutls.4/30/2026
LOW3.7CVE-2026-5419EPSS 0.04%A flaw was found in gnutls.4/30/2026
LOW2.7CVE-2026-6597EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction4/20/2026
LOW3.7CVE-2026-32690EPSS 0.11%Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=14/18/2026
LOW3.1CVE-2026-41488EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding4/16/2026
LOW3.1CVE-2026-33212EPSS 0.01%Weblate: Improper access control for pending tasks in API4/16/2026
LOW3.5CVE-2026-33551EPSS 0.03%OpenStack Keystone: Restricted application credentials can create EC2 credentials4/10/2026
LOW2.7CVE-2026-4292EPSS 0.01%Privilege abuse in ModelAdmin.list_editable4/7/2026
LOW2.7CVE-2026-34203EPSS 0.01%Nautobot: Management of users via REST API does not apply configured password validators3/31/2026

Page 1 of 14Next →