Search Vulnerabilities

@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

CVE-2026-41239

DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

CVE-2026-39972

Mercure has a Topic Selector Cache Key Collision

Apr 9, 2026

CVE-2026-34080

xdg-dbus-proxy has an eavesdrop filter bypass allowing message interception

Apr 7, 2026

CVE-2026-35039

fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

Apr 6, 2026

CVE-2026-22569

Incorrect startup configuration in ZCC

Mar 31, 2026

CVE-2026-33729

OpenFGA has an Authorization Bypass through cached keys

Mar 27, 2026

CVE-2026-33496

Ory Oathkeeper has an authentication bypass by cache key confusion

CVE-2026-33515

Squid has issues in ICP message handling

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026

Mar 17, 2026

CVE-2026-27610

Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Feb 25, 2026

CVE-2026-1094

Improper Validation of Unsafe Equivalence in Input in GitLab

Feb 11, 2026

CVE-2024-12224

idna accepts Punycode labels that do not produce any non-ASCII when decoded

May 30, 2025

CVE-2024-8372

AngularJS improper sanitization in 'srcset' attribute

Sep 9, 2024

CVE-2024-45308

MySQL & free URL mode allows to hide existing notes in hedgedoc

Sep 2, 2024

CVE-2022-0675

Puppet Firewall Module May Leave Unmanaged Rules

Mar 2, 2022

Searching...

Filters

16 vulnerabilities found

CVE-2026-41213

@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

CVE-2026-41239

DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

CVE-2026-39972

Mercure has a Topic Selector Cache Key Collision

Apr 9, 2026

CVE-2026-34080

xdg-dbus-proxy has an eavesdrop filter bypass allowing message interception

Apr 7, 2026

CVE-2026-35039

fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

Apr 6, 2026

CVE-2026-22569

Incorrect startup configuration in ZCC

Mar 31, 2026

CVE-2026-33729

OpenFGA has an Authorization Bypass through cached keys

Mar 27, 2026

CVE-2026-33496

Ory Oathkeeper has an authentication bypass by cache key confusion

CVE-2026-33515

Squid has issues in ICP message handling

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026

Mar 17, 2026

CVE-2026-27610

Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Feb 25, 2026

CVE-2026-1094

Improper Validation of Unsafe Equivalence in Input in GitLab

Feb 11, 2026

CVE-2024-12224

idna accepts Punycode labels that do not produce any non-ASCII when decoded

May 30, 2025

CVE-2024-8372

AngularJS improper sanitization in 'srcset' attribute

Sep 9, 2024

CVE-2024-45308

MySQL & free URL mode allows to hide existing notes in hedgedoc

Sep 2, 2024

CVE-2022-0675