CVE search
367,068 resultsCVE-2026-12891MEDIUMGstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parserEPSS 0.3%CVE-2026-11820MEDIUMCommunity.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query stringEPSS 0.3%CVE-2026-11819MEDIUMCommunity.general: community.general keyring_info — os keyring passphrase returned in plaintextEPSS 0.1%CVE-2026-9073MEDIUMForeman-mcp-server: mcp server: insecure sensitive http header sanitizationEPSS 0.2%CVE-2025-64105MEDIUMFOSSBilling: IDOR Vulnerability in Support Ticket CreationEPSS 0.3%CVE-2026-53929MEDIUMNocoDB: Stored Cross-Site Scripting via Secure AttachmentEPSS 0.3%CVE-2026-53930MEDIUMNocoDB: Server-Side Request Forgery via Base Migration URLEPSS 0.3%CVE-2026-53931MEDIUMNocoDB: Server-Side Request Forgery via Spreadsheet Import EndpointEPSS 0.3%CVE-2026-12112HIGHForeman-mcp-server: mcp server: active session hijacking via insecure session state reuseEPSS 0.2%CVE-2026-11807CRITICALEda-server: websocket missing authorization allows credential theft via activation_id spoofingEPSS 0.4%CVE-2026-54327LOWPi: Race condition in auth.json writes could expose stored credentialsEPSS 0.1%CVE-2026-54326LOWPi: Potential XSS in HTML session exports via Markdown URL sanitization bypassEPSS 0.1%CVE-2026-54328HIGHPi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hostsEPSS 0.1%CVE-2026-54325MEDIUMPi loads project-local extensions without approvalEPSS 0.1%CVE-2026-54762MEDIUMTraefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution failsEPSS 0.4%CVE-2026-54761MEDIUMTraefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik servicesEPSS 0.3%CVE-2026-53622HIGHTraefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hostsEPSS 0.2%CVE-2026-48491HIGHTraefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypassEPSS 0.2%CVE-2026-48020HIGHTraefik StripPrefix Route-Level Auth Bypass via Path NormalizationEPSS 0.6%CVE-2026-54555HIGHrtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separatorsEPSS 0.1%