CVE search
361,778 resultsCVE-2026-6091MEDIUMPartial-chain verification accepts untrusted intermediate as trust anchorEPSS 0.1%CVE-2026-55699MEDIUMpnpm: reserved bin name deletes PNPM_HOME during global removeEPSS 0.3%CVE-2026-55698HIGHpnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytesEPSS 0.2%CVE-2026-55697HIGHpnpm: Repository-controlled configDependencies can select a pacquet native install engineEPSS 0.1%CVE-2026-6291MEDIUMBleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryptionEPSS 0.2%CVE-2026-55487HIGHpnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycleEPSS 0.1%CVE-2026-6094MEDIUMHeap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedDataEPSS 0.3%CVE-2026-54448MEDIUMTrivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parserEPSS 0.3%CVE-2026-13351HIGHnet: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packetsEPSS 0.3%CVE-2026-55092HIGHTrivy: Path traversal via a crafted vulnerability database or other downloaded artifactsEPSS 0.3%CVE-2026-9083MEDIUMKeycloak: keycloak: information disclosure through arbitrary filesystem path probingEPSS 0.5%CVE-2026-9799MEDIUMKeycloak: keycloak: unauthorized access to resources via uma permission ticket bypassEPSS 0.2%CVE-2026-9705MEDIUMKeycloak: keycloak: attacker can re-enable and take over disabled clients via registration access tokenEPSS 0.3%CVE-2026-9086HIGHKeycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypassEPSS 0.4%CVE-2026-9099HIGHKeycloak: group-admin escalation to realm-adminEPSS 0.3%CVE-2026-9800HIGHKeycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparisonEPSS 0.3%CVE-2026-55411MEDIUMToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secretsEPSS 0.1%CVE-2026-55412HIGHToolJet Cloud - SSRF to Azure Cloud Infrastructure CompromiseEPSS 0.2%CVE-2026-13350LOWPermissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.EPSS 0.2%CVE-2026-55413CRITICALToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code ExecutionEPSS 0.3%