Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
MEDIUM 6.1
CVE-2020-13932
Cross-site Scripting (XSS) in Apache ActiveMQ Artemis
MEDIUM 6.5
CVE-2026-41726
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header
MEDIUM 5.3
CVE-2023-45648
Apache Tomcat Improper Input Validation vulnerability
MEDIUM 5.3
CVE-2023-42795
Apache Tomcat Incomplete Cleanup vulnerability
MEDIUM 4.0
CVE-2026-45536
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once
MEDIUM 6.8
CVE-2026-45673
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
MEDIUM 5.3
CVE-2026-47244
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
MEDIUM 5.3
CVE-2026-48043
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
MEDIUM 6.5
CVE-2025-58175
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
MEDIUM 6.4
CVE-2026-9087
Keycloak: Insufficient verification proof scoping enables identity provider account linking attack and account compromise
MEDIUM 4.3
CVE-2026-42568
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
MEDIUM 5.4
CVE-2026-8922
Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured
MEDIUM 4.3
CVE-2026-8830
Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation
MEDIUM 5.4
CVE-2026-7500
Keycloak has a Forced Browsing issue
MEDIUM 6.1
CVE-2026-34237
MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)
MEDIUM 5.5
CVE-2026-45581
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
MEDIUM 5.3
CVE-2026-0707
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
MEDIUM 6.6
CVE-2021-44832
Improper Input Validation and Injection in Apache Log4j2
MEDIUM 5.3
CVE-2026-45292
OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation
MEDIUM 6.1
CVE-2023-41080
Apache Tomcat Open Redirect vulnerability
MEDIUM 5.3
CVE-2025-48459
Apache IoTDB: Deserialization of untrusted Data
MEDIUM 6.5
CVE-2026-47672
epa4all-client: Unauthenticated REST API for Patient Record Writes
MEDIUM 6.8
CVE-2026-37982
Keycloak: Unauthorized account takeover via WebAuthn token replay
MEDIUM 6.5
CVE-2026-37979
Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass
MEDIUM 4.9
CVE-2026-37978
Keycloak: Information Disclosure via evaluate-scopes Admin API
MEDIUM 5.3
CVE-2026-6860
Vert.x has a DoS via unbounded server-side SNI SslContext cache growth
MEDIUM 4.3
CVE-2026-44595
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints
MEDIUM 6.5
CVE-2026-44596
Yamcs has No Rate Limiting on Authentication Endpoint
MEDIUM 5.9
CVE-2026-3260
Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
MEDIUM 5.3
CVE-2026-45205
Apache Commons Configuration: StackOverflowError for YAML input with cycles
MEDIUM 5.3
CVE-2024-54677
Apache Tomcat Uncontrolled Resource Consumption vulnerability
MEDIUM 6.5
CVE-2026-34500
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
MEDIUM 4.8
CVE-2020-1935
Potential HTTP request smuggling in Apache Tomcat
MEDIUM 6.8
CVE-2026-42586
Netty Redis Codec Encoder has a CRLF Injection Issue
MEDIUM 6.5
CVE-2026-42580
Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing
MEDIUM 5.3
CVE-2026-44248
Netty MQTT: Resource exhaustion in MqttDecoder
MEDIUM 6.5
CVE-2026-42585
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
MEDIUM 5.8
CVE-2026-42581
Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
MEDIUM 6.5
CVE-2026-41043
Apache ActiveMQ Vulnerable to Cross-site Scripting
MEDIUM 6.1
CVE-2023-42343
Alkacon OpenCms is vulnerable to XSS via cmis-online/type
MEDIUM 6.1
CVE-2023-42345
Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
MEDIUM 5.3
CVE-2025-61795
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
MEDIUM 6.5
CVE-2026-42404
Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API
MEDIUM 4.4
CVE-2026-41004
Spring Cloud Config Server Logged Sensitive Information
MEDIUM 6.1
CVE-2026-42509
Apache Wicket has a Cross-site Scripting issue
MEDIUM 6.5
CVE-2026-43975
Apache Wicket has a Path Traversal issue
MEDIUM 5.3
CVE-2026-41417
Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
MEDIUM 4.3
CVE-2026-42519
Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths
MEDIUM 6.5
CVE-2026-42521
Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors
MEDIUM 5.3
CVE-2026-22745
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources
MEDIUM 4.3
CVE-2025-9263
xxl-job Vulnerable to Resource Injection and Authorization Bypass Through User-Controlled Key
MEDIUM 5.4
CVE-2025-9264
xxl-job Jobs Handler remove function allows improper control of resource identifiers via ID parameter
MEDIUM 5.4
CVE-2026-36766
Shopizer is vulnerable to Cross-site Scripting
MEDIUM 5.3
GHSA-x83w-23jp-g6pw
OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation
MEDIUM 5.9
GHSA-248h-974q-xrc2
axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
MEDIUM 4.3
CVE-2026-42522
Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test
MEDIUM 4.3
CVE-2026-42525
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
MEDIUM 4.2
CVE-2026-40968
Spring gRPC SecurityContext leaks across requests upon authorization failure
MEDIUM 6.1
CVE-2026-40979
Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory
MEDIUM 5.9
CVE-2026-40966
Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
Ready to move
Start Securing
Free, no credit card | First findings in minutes