Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
HIGH 8.0
CVE-2026-53441
Jenkins: Stored XSS vulnerability in node offline cause description
HIGH 8.1
CVE-2026-41731
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization
HIGH 7.5
CVE-2026-45416
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
HIGH 7.5
CVE-2026-44893
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
HIGH 7.5
CVE-2026-44894
Netty's Default QUIC token handler accepts any client-supplied token
HIGH 7.5
CVE-2026-46340
Netty: SCTP reassembly nests buffers without bound
HIGH 8.7
CVE-2026-45674
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
HIGH 8.7
CVE-2026-47691
Netty has Insufficient Bailiwick Validation for NS Records
HIGH 7.5
CVE-2026-44892
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size
HIGH 7.5
CVE-2026-44250
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays
HIGH 7.5
CVE-2026-44890
Netty has Unbounded Direct Memory Consumption in its RedisDecoder
HIGH 8.1
CVE-2026-44249
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking
HIGH 8.1
GHSA-j9gf-vw2f-9hrw
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
HIGH 8.1
GHSA-9wcp-79g5-5c3c
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators
HIGH 7.2
CVE-2025-52465
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
HIGH 7.2
CVE-2025-27511
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
HIGH 7.5
CVE-2026-40981
Spring Cloud Config has an Authorization Bypass Through User-Controlled Key
HIGH 7.5
CVE-2020-13935
Infinite Loop in Apache Tomcat
HIGH 7.5
CVE-2020-11996
Uncontrolled Resource Consumption in Apache Tomcat
HIGH 8.7
CVE-2026-28367
Undertow is Vulnerable to HTTP Request/Response Smuggling
HIGH 8.7
CVE-2026-28369
Undertow is Vulnerable to HTTP Request/Response Smuggling
HIGH 8.7
CVE-2026-28368
Undertow is Vulnerable to HTTP Request/Response Smuggling
HIGH 7.5
CVE-2025-53114
Acknowledgement extension out of memory
HIGH 8.3
CVE-2026-46481
OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
HIGH 8.8
CVE-2022-33891
Apache Spark UI can allow impersonation if ACLs enabled
HIGH 8.8
CVE-2023-32007
Apache Spark UI vulnerable to Command Injection
HIGH 7.5
CVE-2022-43766
Apache IoTDB subject to ReDOS with Java 8
HIGH 7.4
CVE-2026-45300
async-http-client: Cookie header not stripped on cross-origin redirect
HIGH 7.2
CVE-2026-45609
Spring AI MCP Security: Unvalidated URL Fetching (SSRF)
HIGH 8.6
CVE-2021-45105
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
HIGH 7.5
CVE-2017-12626
Denial of Service in Apache POI
HIGH 7.5
CVE-2023-25570
Apollo has potential access control security issue in eureka
HIGH 7.5
CVE-2026-34486
Apache Tomcat Missing Encryption of Sensitive Data vulnerability
HIGH 8.1
CVE-2026-44900
epa4all-client has a VAU Signature bypass
HIGH 7.4
CVE-2026-45575
Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client
HIGH 8.1
CVE-2026-45574
epa4all-client: TLS Certificate Validation Disabled in Production
HIGH 7.7
CVE-2022-25647
Deserialization of Untrusted Data in Gson
HIGH 7.5
CVE-2021-25122
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
HIGH 7.5
CVE-2026-7307
Keycloak: Denial of Service via specially crafted SAML input
HIGH 8.1
CVE-2026-7504
Keycloak: Open redirect when using wildcard valid redirect URIs in Keycloak
HIGH 7.1
CVE-2026-7571
Keycloak: Access token disclosure and implicit flow bypass via forged client data
HIGH 7.5
CVE-2026-7507
Keycloak: Session fixation in OIDC login flow that can lead to account takeover
HIGH 8.8
CVE-2026-33001
Jenkins has a link following vulnerability allows arbitrary file creation
HIGH 7.5
CVE-2023-34620
hjson stack exhaustion vulnerability
HIGH 7.3
CVE-2026-43869
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
HIGH 7.5
CVE-2026-6857
camel-infinispan Vulnerable to Deserialization of Untrusted Data
HIGH 7.3
CVE-2026-8771
org.linlinjava:litemall-wx-api has an Injection issue
HIGH 7.5
CVE-2026-48048
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
HIGH 7.5
CVE-2026-41712
Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
HIGH 7.3
CVE-2026-8759
Beetl's SpELFunction extension function has an expression injection risk
HIGH 8.1
CVE-2026-35194
Apache Flink: Remote code execution via SQL injection in code generation
HIGH 7.5
CVE-2022-42004
Uncontrolled Resource Consumption in FasterXML jackson-databind
HIGH 8.2
CVE-2026-40022
Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel
HIGH 7.5
CVE-2026-29129
Apache Tomcat: Configured cipher preference order not preserved
HIGH 7.5
CVE-2026-24880
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
HIGH 7.0
CVE-2020-9484
Potential remote code execution in Apache Tomcat
HIGH 7.5
CVE-2020-13934
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
HIGH 7.5
CVE-2019-0199
Apache Tomcat Denial of Service vulnerability
HIGH 8.1
CVE-2026-2603
Keycloak: Unauthorized authentication via disabled SAML Identity Provider
HIGH 7.4
CVE-2026-2332
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Ready to move
Start Securing
Free, no credit card | First findings in minutes