Search

28,811 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.8CVE-2026-49143browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler6/3/2026
HIGH7.5CVE-2026-42342React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint6/3/2026
HIGH8.1CVE-2026-42211React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE6/3/2026
HIGH8.0CVE-2026-33245React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets6/3/2026
HIGH8.8CVE-2026-49157EPSS 0.07%Incorrect Default Permissions vulnerability in Apache ActiveMQ.6/1/2026
HIGH8.1CVE-2026-42588EPSS 0.06%Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache Active…6/1/2026
HIGH8.8CVE-2026-45505EPSS 0.10%Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache Active…6/1/2026
HIGH7.8CVE-2026-43958EPSS 0.01%A flaw was found in rrdcached, a component of rrdtool.6/1/2026
HIGH7.8CVE-2026-46243EPSS 0.02%In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key…6/1/2026
HIGH7.8CVE-2026-10118EPSS 0.07%A flaw was found in Poppler's Splash backend.6/1/2026
HIGH8.1CVE-2026-47412praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}6/1/2026
HIGH8.3CVE-2026-47415praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR6/1/2026
CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members6/1/2026
HIGH8.1CVE-2026-47417praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR6/1/2026
HIGH8.1CVE-2026-47418praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR6/1/2026
CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script6/1/2026
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed6/1/2026
HIGH8.2CVE-2026-47423DOMPurify XSS via selectedcontent re-clone6/1/2026
HIGH7.1CVE-2026-48119Nezha's authenticated agents can forge service-monitor results for other users' services6/1/2026
HIGH7.7CVE-2026-42398EPSS 0.03%Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access6/1/2026
HIGH7.3CVE-2026-33462EPSS 0.03%Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts6/1/2026
HIGH8.1CVE-2026-40172EPSS 0.01%authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser6/1/2026
HIGH7.1CVE-2026-48827EPSS 0.10%Path traversal vulnerability in Apache MINA SSHD bundle sshd-git.6/1/2026
HIGH8.1CVE-2026-8796EPSS 0.01%Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input.5/31/2026
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}5/29/2026

Page 1 of 1153Next →