SOC Cyber Wall v5

P1 P2 KEV only EPSS≥0.20 REMOTE PoC CRITICAL 🆕 Nouveaux

Priority

Vendor

Sévérité

EPSS min: 0.00

CVSS min: 0.0

Exports

Publié entre et

Heatmap CVSS × EPSS (visible)survol = détail CVE

Prio	CVE	Sev	CVSS	EPSS	Score	Vendor	Produit	CWE	Description	Signaux
P0	CVE-2026-3055	CRITICAL	9.8	0.443	222.0	Citrix	NetScaler	CWE-125	Citrix NetScaler Out-of-Bounds Read Vulnerability	KEV EPSS↑ CWE! 🦠 RANSOM
P0	CVE-2017-7921	LOW	0.0	0.942	218.1	Hikvision	Multiple Products	—	Hikvision Multiple Products Improper Authentication Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2021-22054	LOW	0.0	0.938	217.6	Omnissa	Workspace One UEM	—	Omnissa Workspace ONE Server-Side Request Forgery	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-32432	LOW	0.0	0.877	210.2	Craft CMS	Craft CMS	—	Craft CMS Code Injection Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-68613	LOW	0.0	0.792	200.0	n8n	n8n	—	n8n Improper Control of Dynamically-Managed Code Resources Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-1603	LOW	0.0	0.654	183.5	Ivanti	Endpoint Manager (EPM)	—	Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-33634	HIGH	8.8	0.212	183.2	Aquasecurity	Trivy	CWE-506	Aquasecurity Trivy Embedded Malicious Code Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-33017	CRITICAL	9.8	0.057	175.6	Langflow	Langflow	CWE-94	Langflow Code Injection Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2026-20131	CRITICAL	10.0	0.006	170.7	Cisco	Secure Firewall Management Center (FMC)	CWE-502	Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2026-3910	HIGH	8.8	0.015	164.6	Google	Chromium V8	CWE-94	Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2025-54068	LOW	0.0	0.489	163.6	Laravel	Livewire	—	Laravel Livewire Code Injection Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-3909	HIGH	8.8	0.005	163.4	Google	Skia	CWE-787	Google Skia Out-of-Bounds Write Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2026-5281	HIGH	8.8	0.000	162.8	Google	Dawn	CWE-416	Google Dawn Use-After-Free Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2025-53521	LOW	0.0	0.414	154.7	F5	BIG-IP	—	F5 BIG-IP Unspecified Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-26399	LOW	0.0	0.282	138.9	SolarWinds	Web Help Desk	—	SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-47813	LOW	0.0	0.204	129.5	Wing FTP Server	Wing FTP Server	—	Wing FTP Server Information Disclosure Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2021-22681	LOW	0.0	0.129	120.5	Rockwell	Multiple Products	—	Rockwell Multiple Products Insufficient Protected Credentials Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-66376	LOW	0.0	0.100	117.0	Synacor	Zimbra Collaboration Suite (ZCS)	—	Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability	KEV 🦠 RANSOM
P0	CVE-2026-20963	LOW	0.0	0.062	112.4	Microsoft	SharePoint	—	Microsoft SharePoint Deserialization of Untrusted Data Vulnerability	KEV 🦠 RANSOM
P0	CVE-2021-30952	LOW	0.0	0.013	106.5	Apple	Multiple Products	—	Apple Multiple Products Integer Overflow or Wraparound Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-43520	LOW	0.0	0.005	105.6	Apple	Multiple Products	—	Apple Multiple Products Classic Buffer Overflow Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-43510	LOW	0.0	0.005	105.5	Apple	Multiple Products	—	Apple Multiple Products Improper Locking Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-31277	LOW	0.0	0.002	105.2	Apple	Multiple Products	—	Apple Multiple Products Buffer Overflow Vulnerability	KEV 🦠 RANSOM
P0	CVE-2023-41974	LOW	0.0	0.002	105.2	Apple	iOS and iPadOS	—	Apple iOS and iPadOS Use-After-Free Vulnerability	KEV 🦠 RANSOM
P0	CVE-2023-43000	LOW	0.0	0.001	105.1	Apple	Multiple Products	—	Apple Multiple products Use-After-Free Vulnerability	KEV 🦠 RANSOM
P2	CVE-2026-34571	CRITICAL	10.0	0.001	65.1	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise	CWE!
P2	CVE-2026-34569	CRITICAL	10.0	0.000	65.1	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P2	CVE-2026-4370	CRITICAL	10.0	0.000	65.0	go	github.com/juju/juju	CWE-287	Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster	CWE!
P2	CVE-2026-4789	MEDIUM	9.8	0.000	63.8	go	github.com/kyverno/kyverno	CWE-918	Kyverno is vulnerable to server-side request forgery (SSRF)	CWE!
P2	CVE-2026-34934	CRITICAL	9.8	0.000	63.8	pip	praisonai	CWE-89	PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`	CWE!
P2	CVE-2026-34935	CRITICAL	9.8	0.000	63.8	pip	praisonai	CWE-78	PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()	CWE!
P2	CVE-2026-34513	LOW	0.0	0.000	60.0	pip	aiohttp	CWE-770	AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector	🦠 RANSOM 📡 ITW
P2	CVE-2026-34938	CRITICAL	10.0	0.000	60.0	pip	praisonaiagents	CWE-693	PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
P3	CVE-2026-34568	CRITICAL	9.1	0.000	59.7	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34567	CRITICAL	9.1	0.000	59.7	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34566	CRITICAL	9.1	0.000	59.7	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34565	CRITICAL	9.1	0.000	59.7	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34564	CRITICAL	9.1	0.000	59.7	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34563	CRITICAL	9.1	0.000	59.7	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS	CWE!
P3	CVE-2026-34560	CRITICAL	9.1	0.000	59.6	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34559	CRITICAL	9.1	0.000	59.6	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34952	CRITICAL	9.1	0.000	59.6	pip	praisonai	CWE-306	PraisonAI Has Missing Authentication in WebSocket Gateway	CWE!
P3	CVE-2026-34955	HIGH	8.8	0.000	57.8	pip	praisonai	CWE-78	PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox	CWE!
P3	CVE-2026-34748	HIGH	8.7	0.000	57.2	npm	@payloadcms/next	CWE-79	@payloadcms/next has Stored XSS in Admin Panel	CWE!
P3	CVE-2026-34940	HIGH	8.7	0.000	57.2	go	github.com/kubeai-project/kubeai	CWE-78	KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods	CWE!
P3	CVE-2026-34728	HIGH	8.7	0.000	57.2	composer	phpmyfaq/phpmyfaq	CWE-22	phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController	CWE!
P3	CVE-2026-34445	HIGH	8.6	0.000	56.6	pip	onnx	CWE-20	ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.	CWE!
P3	CVE-2026-34954	HIGH	8.6	0.000	56.6	pip	praisonaiagents	CWE-918	PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL	CWE!
P3	CVE-2026-34747	HIGH	8.5	0.000	56.1	npm	payload	CWE-89	Payload has an SQL Injection via Query Handling	CWE!
P3	CVE-2026-34725	HIGH	8.3	0.000	54.8	npm	dbgate-web	CWE-79	dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration	CWE!
P3	CVE-2026-34524	HIGH	8.3	0.000	54.8	npm	sillytavern	CWE-22	SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root	CWE!
P3	CVE-2026-34953	CRITICAL	9.1	0.000	54.6	pip	praisonai	CWE-863	PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
P3	CVE-2026-4800	HIGH	8.1	0.001	53.7	npm	lodash	CWE-94	lodash vulnerable to Code Injection via `_.template` imports key names	CWE!
P3	CVE-2026-34783	HIGH	8.1	0.000	53.6	go	github.com/MontFerret/ferret/v2	CWE-22	Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites	CWE!
P3	CVE-2026-34522	HIGH	8.1	0.000	53.6	npm	sillytavern	CWE-22	SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory	CWE!
P3	CVE-2026-34570	HIGH	8.8	0.001	52.9	composer	ci4-cms-erp/ci4ms	CWE-284	CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
P3	CVE-2026-24159	HIGH	7.8	0.001	51.9	pip	nemo-toolkit	CWE-502	NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution	CWE!
P3	CVE-2026-24157	HIGH	7.8	0.001	51.9	pip	nemo-toolkit	CWE-502	NVIDIA NeMo Framework contains an RCE vulnerability in checkpoint loading	CWE!
P3	CVE-2026-34937	HIGH	7.8	0.000	51.8	pip	praisonaiagents	CWE-78	PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution	CWE!
P3	CVE-2026-34746	HIGH	7.7	0.000	51.2	npm	payload	CWE-918	Payload has Authenticated SSRF via Upload Functionality	CWE!
P3	CVE-2026-34936	HIGH	7.7	0.000	51.2	pip	praisonai	CWE-918	PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback	CWE!
P3	CVE-2026-34572	HIGH	8.0	0.001	48.1	composer	ci4-cms-erp/ci4ms	CWE-284	CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
P3	GHSA-q56x-g2fj-4rj6	HIGH	7.1	0.000	47.6	pip	onnx	CWE-22	ONNX: TOCTOU arbitrary file read/write in save_external_dat	CWE!
P3	CVE-2026-34784	HIGH	7.5	0.000	45.0	npm	parse-server	CWE-285	Parser Server's streaming file download bypasses afterFind file trigger authorization
P3	CVE-2026-34240	HIGH	7.5	0.000	45.0	pub	jose	CWE-347	jose vulnerable to untrusted JWK header key acceptance during signature verification
P3	GHSA-32wq-ppwg-3w4m	HIGH	7.5	0.000	45.0	nuget	EnhancedLinq.Async	CWE-129	EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory
P3	CVE-2026-34750	MEDIUM	6.5	0.001	44.1	npm	@payloadcms/storage-azure	CWE-22	Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints	CWE!
P3	CVE-2026-34740	MEDIUM	6.5	0.000	44.0	composer	wwbn/avideo	CWE-918	AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation	CWE!
P3	GHSA-w2fm-25vw-vh7f	HIGH	7.1	0.000	42.6	npm	mcp-handler	CWE-362	mcp-handler has a tool response leak across concurrent client sessions ('Race Condition')
P3	CVE-2026-34828	HIGH	7.1	0.000	42.6	go	github.com/knadh/listmonk	CWE-613	listmonk's active sessions remain valid after password reset and password change
P3	CVE-2026-34739	MEDIUM	6.1	0.000	41.6	composer	wwbn/avideo	CWE-79	AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php	CWE!
P3	GHSA-gmpc-fxg2-vcmq	MEDIUM	6.1	0.000	41.6	composer	wwbn/avideo	CWE-79	AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin	CWE!
P3	CVE-2026-34729	MEDIUM	6.1	0.000	41.6	composer	phpmyfaq/phpmyfaq	CWE-79	phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()	CWE!
P3	CVE-2026-1180	MEDIUM	5.8	0.000	39.9	maven	org.keycloak:keycloak-adapter-core	CWE-918	Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)	CWE!
P3	CVE-2026-2950	MEDIUM	6.5	0.000	39.0	npm	lodash	CWE-1321	lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
P3	CVE-2026-34737	MEDIUM	6.5	0.000	39.0	composer	wwbn/avideo	CWE-862	AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
P3	CVE-2026-34939	MEDIUM	6.5	0.000	39.0	pip	praisonai	CWE-1333	PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
P3	CVE-2026-34447	MEDIUM	5.5	0.000	38.0	pip	onnx	CWE-22	ONNX: External Data Symlink Traversal	CWE!
P3	CVE-2026-34730	MEDIUM	5.5	0.000	38.0	pip	copier	CWE-22	Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode	CWE!
P3	CVE-2026-30587	MEDIUM	5.4	0.000	37.5	npm	@seafile/sdoc-editor	CWE-79	Seafile Server has multiple stored XSS vulnerabilities	CWE!
P3	CVE-2026-34749	MEDIUM	5.4	0.000	37.4	npm	payload	CWE-352	Payload has a CSRF Protection Bypass in Authentication Flow	CWE!
P3	CVE-2026-34974	MEDIUM	5.4	0.000	37.4	composer	thorsten/phpmyfaq	CWE-79	phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation	CWE!
P3	CVE-2026-34523	MEDIUM	5.3	0.000	36.8	npm	sillytavern	CWE-22	SillyTavern: Path Traversal allows file existence oracle	CWE!
P3	GHSA-prxj-3gcv-cqrh	MEDIUM	5.9	0.000	35.4	go	github.com/teslamotors/fleet-telemetry	CWE-295	Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials
P3	CVE-2026-34881	MEDIUM	5.0	0.000	35.0	pip	glance	CWE-918	OpenStack Glance is affected by Server-Side Request Forgery (SSRF)	CWE!
P3	CVE-2026-34526	MEDIUM	5.0	0.000	35.0	npm	sillytavern	CWE-918	SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6	CWE!
P3	CVE-2026-34761	MEDIUM	5.8	0.000	34.8	go	github.com/ellanetworks/core	CWE-476	Ella Core Panics Upon NGAP handover failure
P3	CVE-2026-34562	MEDIUM	4.7	0.000	33.2	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34561	MEDIUM	4.7	0.000	33.2	composer	ci4-cms-erp/ci4ms	CWE-79	CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS	CWE!
P3	CVE-2026-34446	MEDIUM	4.7	0.000	33.2	pip	onnx	CWE-22	ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load	CWE!
P3	CVE-2026-34715	MEDIUM	5.3	0.000	31.8	erlang	ewe	CWE-113	ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)
P3	GHSA-x3ff-w252-2g7j	MEDIUM	5.3	0.000	31.8	npm	@stablelib/ed25519	CWE-347	StableLib Ed25519 Signature Malleability via Missing S < L Check
P3	CVE-2026-34726	MEDIUM	4.4	0.000	31.4	pip	copier	CWE-22	Copier `_subdirectory` allows template root escape via parent-directory traversal	CWE!
P3	CVE-2026-32794	MEDIUM	4.8	0.000	28.8	pip	apache-airflow	CWE-295	Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange
P3	CVE-2026-3190	MEDIUM	4.3	0.000	25.8	maven	org.keycloak:keycloak-server-spi-private	CWE-280	Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
P3	CVE-2026-34738	MEDIUM	4.3	0.000	25.8	composer	wwbn/avideo	CWE-285	AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
P3	CVE-2026-3429	MEDIUM	4.2	0.000	25.2	maven	org.keycloak:keycloak-services	CWE-284	Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
P3	CVE-2026-34762	LOW	2.7	0.000	21.2	go	github.com/ellanetworks/core	CWE-20	Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber	CWE!
P3	CVE-2026-2366	LOW	3.1	0.000	18.6	npm	@keycloak/keycloak-admin-client	CWE-639	Keycloak vulnerable to authorization bypass via the Admin API
P3	CVE-2026-1035	LOW	3.1	0.000	18.6	maven	org.keycloak:keycloak-services	CWE-367	Keycloak does not validate and update refresh token usage atomically
P3	CVE-2025-14083	LOW	2.7	0.000	16.2	maven	org.keycloak:keycloak-services	CWE-284	Keycloak Admin REST API exposes backend schema and rules
P3	CVE-2026-3911	LOW	2.7	0.000	16.2	maven	org.keycloak:keycloak-services	CWE-359	Keycloak: Information disclosure of disabled user attributes via administrative endpoint
P3	CVE-2025-14082	LOW	2.7	0.000	16.2	maven	org.keycloak:keycloak-services	CWE-284	Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
P3	CVE-2026-34525	MEDIUM	0.0	0.001	5.1	pip	aiohttp	CWE-20	AIOHTTP accepts duplicate Host headers	CWE!
P3	CVE-2026-34451	MEDIUM	0.0	0.000	5.0	npm	@anthropic-ai/sdk	CWE-22	Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories	CWE!
P3	CVE-2026-34825	HIGH	0.0	0.000	5.0	npm	@nocobase/plugin-workflow-sql	CWE-89	NocoBase Has SQL Injection via template variable substitution in workflow SQL node	CWE!
P3	CVE-2026-34591	HIGH	0.0	0.000	5.0	pip	poetry	CWE-22	Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write	CWE!
P3	CVE-2026-34515	MEDIUM	0.0	0.001	0.1	pip	aiohttp	CWE-36	AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
P3	CVE-2026-34520	LOW	0.0	0.000	0.1	pip	aiohttp	CWE-113	AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
P3	CVE-2026-34519	LOW	0.0	0.000	0.1	pip	aiohttp	CWE-113	AIOHTTP has HTTP response splitting via \r in reason phrase
P3	CVE-2026-34518	LOW	0.0	0.000	0.1	pip	aiohttp	CWE-200	AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
P3	CVE-2026-34517	LOW	0.0	0.000	0.1	pip	aiohttp	CWE-770	AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
P3	CVE-2026-34516	MEDIUM	0.0	0.000	0.1	pip	aiohttp	CWE-770	AIOHTTP has a Multipart Header Size Bypass
P3	CVE-2026-34514	LOW	0.0	0.000	0.1	pip	aiohttp	CWE-113	AIOHTTP has CRLF injection through multipart part content type header construction
P3	CVE-2026-34452	MEDIUM	0.0	0.000	0.0	pip	anthropic	CWE-59	Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
P3	CVE-2026-34450	MEDIUM	0.0	0.000	0.0	pip	anthropic	CWE-276	Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
P3	CVE-2026-34973	MEDIUM	0.0	0.000	0.0	composer	thorsten/phpmyfaq	CWE-943	phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
P3	CVE-2026-34969	LOW	0.0	0.000	0.0	go	github.com/nhost/nhost	CWE-200	Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback
P3	CVE-2026-34752	HIGH	0.0	0.000	0.0	npm	Haraka	CWE-248	Haraka affected by DoS via `__proto__` email header
P3	GHSA-c65f-x25w-62jv	MEDIUM	0.0	0.000	0.0	pip	openssl-encrypt	CWE-863	openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers
P3	GHSA-4rh7-jwg9-m28m	MEDIUM	0.0	0.000	0.0	pip	openssl-encrypt	CWE-598	openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage
P3	GHSA-2vhw-q7vh-7xv2	MEDIUM	0.0	0.000	0.0	pip	openssl-encrypt	CWE-201	openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers
P3	GHSA-hvc7-763r-4f3h	MEDIUM	0.0	0.000	0.0	pip	openssl-encrypt	CWE-862	openssl-encrypt has no owner verification on key revocation — any client can revoke any key
P3	GHSA-8h88-gxp3-j7pg	MEDIUM	0.0	0.000	0.0	pip	openssl-encrypt	CWE-347	openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys
P3	CVE-2026-34742	HIGH	0.0	0.000	0.0	go	github.com/modelcontextprotocol/go-sdk	CWE-1188	DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost