Search Vulnerabilities

PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

CVE-2026-32319

Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

CVE-2026-3910

Inappropriate implementation in V8 in Google Chrome prior to 146

CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146

CVE-2026-32308

OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

CVE-2026-32302

OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode

CHROME-2026-03-12

Stable Channel Update for Desktop

AlmaLinux 10

CVE-2026-25076

Anchore Enterprise GraphQL Reports API SQL injection

CVE-2026-2229

undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

CVE-2026-1528

undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

CVE-2026-1526

undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

CVE-2026-32274

Black: Arbitrary file writes from unsanitized user input in cache file name

CVE-2026-32260

Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)

CVE-2026-32247

Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

CVE-2026-32246

Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint

CVE-2026-32138

NEXULEAN API Key Leak

CVE-2026-32232

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

CVE-2026-32231

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

CVE-2026-32141

flatted: Unbounded recursion DoS in parse() revive phase

CVE-2026-32129

Poseidon V1 variable-length input collision via implicit zero-padding

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-32597

PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

CVE-2026-32319

Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

CVE-2026-3910

Inappropriate implementation in V8 in Google Chrome prior to 146

CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146

CVE-2026-32308

OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

CVE-2026-32302

OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode

CHROME-2026-03-12

Stable Channel Update for Desktop

AlmaLinux 10

CVE-2026-25076

Anchore Enterprise GraphQL Reports API SQL injection

CVE-2026-2229

undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

CVE-2026-1528

undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

CVE-2026-1526

undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

CVE-2026-32274

Black: Arbitrary file writes from unsanitized user input in cache file name

CVE-2026-32260

Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)

CVE-2026-32247

Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

CVE-2026-32246

Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint

CVE-2026-32138

NEXULEAN API Key Leak

CVE-2026-32232

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink

CVE-2026-32231

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

CVE-2026-32141

flatted: Unbounded recursion DoS in parse() revive phase

CVE-2026-32129

Poseidon V1 variable-length input collision via implicit zero-padding