Search

4,914 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.8CVE-2026-49143browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler6/3/2026
MEDIUM6.5CVE-2026-49144browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server6/3/2026
HIGH7.5CVE-2026-42342React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint6/3/2026
HIGH8.1CVE-2026-42211React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE6/3/2026
—CVE-2026-40181React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation6/3/2026
HIGH8.0CVE-2026-33245React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets6/3/2026
MEDIUM5.4CVE-2026-33244React Router has stored XSS via unescaped Location header in prerendered redirect HTML6/3/2026
—CVE-2024-52011launch-editor vulnerable to command injection via the crafted request on Windows6/3/2026
CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script6/1/2026
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed6/1/2026
HIGH8.2CVE-2026-47423DOMPurify XSS via selectedcontent re-clone6/1/2026
—CVE-2026-47255AgenticMail API/storage and outbound relay hardening fixes5/29/2026
—CVE-2026-47248Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers5/29/2026
—CVE-2026-47141NodeVM observability builtins leak host process and HTTP request data5/29/2026
HIGH8.6CVE-2026-47139NodeVM network builtin exclusions bypass via internal _http_client and _http_server5/29/2026
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution5/29/2026
HIGH7.5CVE-2026-8813EPSS 0.06%ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag5/29/2026
MEDIUM5.3CVE-2026-8814EPSS 0.06%ExifReader is vulnerable to denial of service via unbounded decompression of image metadata5/29/2026
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass5/29/2026
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE5/29/2026
HIGH8.6CVE-2026-47209vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain5/29/2026
HIGH8.7CVE-2026-47135vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks5/29/2026
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species5/29/2026
CRITICAL10.0CVE-2026-47131vm2 has a Sandbox Escape issue5/29/2026
—CVE-2026-47200Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`5/29/2026

Page 1 of 197Next →