Search
628 results- LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access
- LOW3.7CVE-2026-44489Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
- LOW3.7CVE-2026-48524EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.
- LOW2.0CVE-2026-46549NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
- LOW3.1CVE-2026-45739Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
- LOW3.5CVE-2026-45316EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
- LOW3.1CVE-2026-44970dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction
- LOW2.5CVE-2026-44969dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled
- LOW3.7CVE-2026-43514EPSS 0.10%Apache Tomcat - AJP secret compared in non-constant time
- LOW3.7CVE-2026-44572EPSS 0.01%Next.js's Middleware / Proxy redirects can be cache-poisoned
- LOW3.7CVE-2026-44582EPSS 0.01%Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
- LOW3.8CVE-2026-44459EPSS 0.02%Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
- LOW3.3CVE-2026-8088EPSS 0.01%OSGeo gdal GDapi.c GDfieldinfo out-of-bounds
- LOW3.7CVE-2026-44589EPSS 0.04%nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)
- LOW3.5CVE-2026-42448EPSS 0.04%Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed
- LOW3.7CVE-2026-44242EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
- LOW3.7CVE-2026-8026EPSS 0.02%Flowise: Bcrypt Password Hash Exposure
- LOW3.4CVE-2026-44405EPSS 0.00%Paramiko rsakey.py allows the SHA-1 algorithm
- LOW3.0CVE-2026-44218EPSS 0.01%ciguard: Container image runs as root (no USER directive)
- LOW3.7CVE-2026-44219EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap
- LOW2.4CVE-2026-42188EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
- LOW3.7CVE-2026-42874EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()
- LOW2.6CVE-2026-7847EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values
- LOW2.6CVE-2026-7846EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
- LOW2.6CVE-2026-7845EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
Page 1 of 26Next →