CVE search

363,383 results
CVE-2026-54092MEDIUMFile Browser: DoS Vulnerability on Public Login APIEPSS 0.5%CVE-2026-54097HIGHFile Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefixEPSS 0.4%CVE-2026-54093MEDIUMFile Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenamesEPSS 0.2%CVE-2026-54094HIGHFile Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scopeEPSS 0.5%CVE-2026-54096HIGHFile Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent PathEPSS 0.2%CVE-2026-55667HIGHFile Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanupEPSS 0.4%CVE-2026-57700CRITICALWordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2026-47770MEDIUMjq: stack overflow in deep structural equalityEPSS 0.1%CVE-2026-49839HIGHjq --rawfile invalid-state reuse after String too long causes heap-buffer-overflowEPSS 0.2%CVE-2026-54679MEDIUMjq: potential integer overflow in jvp_string_appendEPSS 0.1%CVE-2026-55180MEDIUMpnpm: Repository config can expand victim environment secrets into registry requests before scripts runEPSS 0.2%CVE-2026-48995MEDIUMpnpm: Tarball hash of GitHub git dependencies is not stored in lockfileEPSS 0.1%CVE-2026-11999HIGHX.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()EPSS 0.1%CVE-2026-50017MEDIUMpnpm binds unscoped user-level npm auth credentials to a repository-selected registryEPSS 0.3%CVE-2026-50016HIGHpnpm: Transitive dependency alias path traversal allows project path override via symlink replacementEPSS 0.3%CVE-2026-55967LOWAES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuseEPSS 0.1%CVE-2026-50015HIGHpnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)EPSS 0.3%CVE-2026-55961HIGHwolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signerEPSS 0.1%CVE-2026-50014MEDIUMpnpm: Git Fetch Argument Injection via Lockfile resolution.commitEPSS 0.2%CVE-2026-50573MEDIUMpnpm: Unsafe default behavior breaks integrity checkEPSS 0.1%