Putki Security Vulnerability Scans
Last Updated: 03 Jun 2026 01:11:31
Quick Navigation
↑Development
Severity Breakdown
| Severity | Count |
|---|---|
| HIGH | 12 |
| MEDIUM | 22 |
| LOW | 2 |
Details for version: Development
CVE Details for Version: Development
| Severity | Score | CVE ID | Description |
|---|---|---|---|
| HIGH | 8.9 | CVE-2026-5598 | CVE-2026-5598: Covert Timing Channel |
| HIGH | 8.8 | CVE-2025-69194 | CVE-2025-69194 |
| HIGH | 8.7 | CVE-2026-33871 | CVE-2026-33871: Allocation of Resources Without Limits or Throttling |
| HIGH | 8.2 | CVE-2026-26740 | CVE-2026-26740 |
| HIGH | 7.5 | CVE-2022-41404 | CVE-2022-41404: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-33870 | CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.5 | CVE-2026-42198 | CVE-2026-42198: Allocation of Resources Without Limits or Throttling |
| HIGH | 7.5 | CVE-2026-42583 | CVE-2026-42583: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-42587 | CVE-2026-42587: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-5773 | CVE-2026-5773 |
| HIGH | 7.5 | CVE-2026-6276 | CVE-2026-6276 |
| HIGH | 7.3 | CVE-2026-42584 | CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 6.9 | GHSA-72hv-8253-57qq | GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.5 | CVE-2016-5004 | CVE-2016-5004: Uncontrolled Resource Consumption |
| MEDIUM | 6.5 | CVE-2024-45993 | CVE-2024-45993 |
| MEDIUM | 6.5 | CVE-2025-60876 | CVE-2025-60876 |
| MEDIUM | 6.5 | CVE-2026-42580 | CVE-2026-42580: Integer Overflow or Wraparound |
| MEDIUM | 6.5 | CVE-2026-42585 | CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 6.5 | CVE-2026-5545 | CVE-2026-5545 |
| MEDIUM | 6.3 | CVE-2025-8916 | CVE-2025-8916: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.3 | CVE-2026-5588 | CVE-2026-5588: Use of a Broken or Risky Cryptographic Algorithm |
| MEDIUM | 5.9 | CVE-2026-28208 | CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-41245 | CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-4873 | CVE-2026-4873 |
| MEDIUM | 5.9 | CVE-2026-6253 | CVE-2026-6253 |
| MEDIUM | 5.8 | CVE-2026-42581 | CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.7 | CVE-2025-46551 | CVE-2025-46551: Improper Certificate Validation |
| MEDIUM | 5.5 | CVE-2026-0636 | CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| MEDIUM | 5.3 | CVE-2026-23865 | CVE-2026-23865 |
| MEDIUM | 5.3 | CVE-2026-41417 | CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.3 | CVE-2026-6429 | CVE-2026-6429 |
| MEDIUM | 5.3 | CVE-2026-7009 | CVE-2026-7009 |
| MEDIUM | 5.3 | CVE-2026-7168 | CVE-2026-7168 |
| MEDIUM | 5.1 | CVE-2026-23868 | CVE-2026-23868 |
| LOW | 2.9 | CVE-2026-42578 | CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
| LOW | 1.9 | CVE-2026-3293 | CVE-2026-3293: Uncontrolled Resource Consumption |
↑2026.03.02
Severity Breakdown
| Severity | Count |
|---|---|
| HIGH | 17 |
| MEDIUM | 28 |
| LOW | 3 |
Details for version: 2026.03.02
CVE Details for Version: 2026.03.02
| Severity | Score | CVE ID | Description |
|---|---|---|---|
| HIGH | 8.9 | CVE-2026-5598 | CVE-2026-5598: Covert Timing Channel |
| HIGH | 8.8 | CVE-2025-69194 | CVE-2025-69194 |
| HIGH | 8.7 | CVE-2026-33871 | CVE-2026-33871: Allocation of Resources Without Limits or Throttling |
| HIGH | 8.7 | CVE-2026-35554 | CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| HIGH | 8.2 | CVE-2026-26740 | CVE-2026-26740 |
| HIGH | 7.5 | CVE-2022-41404 | CVE-2022-41404: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-1605 | CVE-2026-1605: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-33870 | CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.5 | CVE-2026-42198 | CVE-2026-42198: Allocation of Resources Without Limits or Throttling |
| HIGH | 7.5 | CVE-2026-42577 | CVE-2026-42577: Missing Release of Resource after Effective Lifetime |
| HIGH | 7.5 | CVE-2026-42579 | CVE-2026-42579: Improper Input Validation |
| HIGH | 7.5 | CVE-2026-42583 | CVE-2026-42583: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-42587 | CVE-2026-42587: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-5773 | CVE-2026-5773 |
| HIGH | 7.5 | CVE-2026-6276 | CVE-2026-6276 |
| HIGH | 7.4 | CVE-2026-2332 | CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.3 | CVE-2026-42584 | CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 6.9 | CVE-2026-34478 | CVE-2026-34478: Improper Output Neutralization for Logs |
| MEDIUM | 6.9 | CVE-2026-34480 | CVE-2026-34480: Improper Encoding or Escaping of Output |
| MEDIUM | 6.9 | GHSA-72hv-8253-57qq | GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.5 | CVE-2016-5004 | CVE-2016-5004: Uncontrolled Resource Consumption |
| MEDIUM | 6.5 | CVE-2024-45993 | CVE-2024-45993 |
| MEDIUM | 6.5 | CVE-2025-48924 | CVE-2025-48924: Uncontrolled Recursion |
| MEDIUM | 6.5 | CVE-2025-60876 | CVE-2025-60876 |
| MEDIUM | 6.5 | CVE-2026-42580 | CVE-2026-42580: Integer Overflow or Wraparound |
| MEDIUM | 6.5 | CVE-2026-42585 | CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 6.5 | CVE-2026-5545 | CVE-2026-5545 |
| MEDIUM | 6.3 | CVE-2025-8916 | CVE-2025-8916: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.3 | CVE-2026-34477 | CVE-2026-34477: Improper Validation of Certificate with Host Mismatch |
| MEDIUM | 6.3 | CVE-2026-5588 | CVE-2026-5588: Use of a Broken or Risky Cryptographic Algorithm |
| MEDIUM | 5.9 | CVE-2026-28208 | CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-41245 | CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-4873 | CVE-2026-4873 |
| MEDIUM | 5.9 | CVE-2026-6253 | CVE-2026-6253 |
| MEDIUM | 5.8 | CVE-2026-42581 | CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.7 | CVE-2025-46551 | CVE-2025-46551: Improper Certificate Validation |
| MEDIUM | 5.5 | CVE-2026-0636 | CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| MEDIUM | 5.3 | CVE-2026-23865 | CVE-2026-23865 |
| MEDIUM | 5.3 | CVE-2026-33558 | CVE-2026-33558: Insertion of Sensitive Information into Log File |
| MEDIUM | 5.3 | CVE-2026-41417 | CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.3 | CVE-2026-45292 | CVE-2026-45292: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 5.3 | CVE-2026-6429 | CVE-2026-6429 |
| MEDIUM | 5.3 | CVE-2026-7009 | CVE-2026-7009 |
| MEDIUM | 5.3 | CVE-2026-7168 | CVE-2026-7168 |
| MEDIUM | 5.1 | CVE-2026-23868 | CVE-2026-23868 |
| LOW | 3.7 | CVE-2025-11143 | CVE-2025-11143: Improper Input Validation |
| LOW | 2.9 | CVE-2026-42578 | CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
| LOW | 1.9 | CVE-2026-3293 | CVE-2026-3293: Uncontrolled Resource Consumption |
↑2025.08.01
Severity Breakdown
| Severity | Count |
|---|---|
| HIGH | 26 |
| MEDIUM | 45 |
| LOW | 10 |
Details for version: 2025.08.01
CVE Details for Version: 2025.08.01
| Severity | Score | CVE ID | Description |
|---|---|---|---|
| HIGH | 8.9 | CVE-2026-5598 | CVE-2026-5598: Covert Timing Channel |
| HIGH | 8.8 | CVE-2025-12183 | CVE-2025-12183: Out-of-bounds Read |
| HIGH | 8.8 | CVE-2025-48734 | CVE-2025-48734: Improper Access Control |
| HIGH | 8.8 | CVE-2025-69194 | CVE-2025-69194 |
| HIGH | 8.7 | CVE-2023-52428 | CVE-2023-52428: Uncontrolled Resource Consumption |
| HIGH | 8.7 | CVE-2026-33871 | CVE-2026-33871: Allocation of Resources Without Limits or Throttling |
| HIGH | 8.7 | CVE-2026-35554 | CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| HIGH | 8.2 | CVE-2025-49146 | CVE-2025-49146: Improper Authentication |
| HIGH | 8.2 | CVE-2025-55163 | CVE-2025-55163: Allocation of Resources Without Limits or Throttling |
| HIGH | 8.2 | CVE-2025-66566 | CVE-2025-66566: Insertion of Sensitive Information Into Sent Data |
| HIGH | 8.2 | CVE-2026-26740 | CVE-2026-26740 |
| HIGH | 8.1 | CVE-2025-59250 | CVE-2025-59250: Improper Input Validation |
| HIGH | 7.7 | CVE-2024-47072 | CVE-2024-47072: Stack-based Buffer Overflow |
| HIGH | 7.5 | CVE-2021-31684 | CVE-2021-31684: Out-of-bounds Read |
| HIGH | 7.5 | CVE-2022-41404 | CVE-2022-41404: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2023-1370 | CVE-2023-1370: Uncontrolled Recursion |
| HIGH | 7.5 | CVE-2026-33870 | CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.5 | CVE-2026-42198 | CVE-2026-42198: Allocation of Resources Without Limits or Throttling |
| HIGH | 7.5 | CVE-2026-42579 | CVE-2026-42579: Improper Input Validation |
| HIGH | 7.5 | CVE-2026-42583 | CVE-2026-42583: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-42587 | CVE-2026-42587: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-5773 | CVE-2026-5773 |
| HIGH | 7.5 | CVE-2026-6276 | CVE-2026-6276 |
| HIGH | 7.4 | CVE-2026-2332 | CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.3 | CVE-2026-42584 | CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.2 | CVE-2024-13009 | CVE-2024-13009: Improper Resource Shutdown or Release |
| MEDIUM | 6.9 | CVE-2025-31672 | CVE-2025-31672: Improper Input Validation |
| MEDIUM | 6.9 | CVE-2025-58057 | CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification) |
| MEDIUM | 6.9 | CVE-2026-34478 | CVE-2026-34478: Improper Output Neutralization for Logs |
| MEDIUM | 6.9 | CVE-2026-34480 | CVE-2026-34480: Improper Encoding or Escaping of Output |
| MEDIUM | 6.9 | GHSA-72hv-8253-57qq | GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.5 | CVE-2016-5004 | CVE-2016-5004: Uncontrolled Resource Consumption |
| MEDIUM | 6.5 | CVE-2024-45993 | CVE-2024-45993 |
| MEDIUM | 6.5 | CVE-2025-48924 | CVE-2025-48924: Uncontrolled Recursion |
| MEDIUM | 6.5 | CVE-2025-60876 | CVE-2025-60876 |
| MEDIUM | 6.5 | CVE-2025-67735 | CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| MEDIUM | 6.5 | CVE-2026-42580 | CVE-2026-42580: Integer Overflow or Wraparound |
| MEDIUM | 6.5 | CVE-2026-42585 | CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 6.5 | CVE-2026-5545 | CVE-2026-5545 |
| MEDIUM | 6.3 | CVE-2024-6763 | CVE-2024-6763: Improper Validation of Syntactic Correctness of Input |
| MEDIUM | 6.3 | CVE-2025-68161 | CVE-2025-68161: Improper Validation of Certificate with Host Mismatch |
| MEDIUM | 6.3 | CVE-2025-8916 | CVE-2025-8916: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.3 | CVE-2026-34477 | CVE-2026-34477: Improper Validation of Certificate with Host Mismatch |
| MEDIUM | 6.3 | CVE-2026-5588 | CVE-2026-5588: Use of a Broken or Risky Cryptographic Algorithm |
| MEDIUM | 6.2 | CVE-2025-27817 | CVE-2025-27817: Server-Side Request Forgery (SSRF) |
| MEDIUM | 6.1 | CVE-2025-22227 | CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUM | 6.0 | CVE-2025-7962 | CVE-2025-7962: Improper Neutralization of Input Terminators |
| MEDIUM | 5.9 | CVE-2024-8184 | CVE-2024-8184: Uncontrolled Resource Consumption |
| MEDIUM | 5.9 | CVE-2026-28208 | CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-41245 | CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-4873 | CVE-2026-4873 |
| MEDIUM | 5.9 | CVE-2026-6253 | CVE-2026-6253 |
| MEDIUM | 5.8 | CVE-2025-53864 | CVE-2025-53864: Uncontrolled Recursion |
| MEDIUM | 5.8 | CVE-2026-42581 | CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.7 | CVE-2025-46551 | CVE-2025-46551: Improper Certificate Validation |
| MEDIUM | 5.5 | CVE-2023-2976 | CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions |
| MEDIUM | 5.5 | CVE-2025-4949 | org.eclipse.jgit: XXE vulnerability in Eclipse JGit |
| MEDIUM | 5.5 | CVE-2026-0636 | CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| MEDIUM | 5.3 | CVE-2021-34429 | CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUM | 5.3 | CVE-2023-26048 | CVE-2023-26048: Uncontrolled Resource Consumption |
| MEDIUM | 5.3 | CVE-2023-40167 | CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| MEDIUM | 5.3 | CVE-2024-9823 | CVE-2024-9823: Uncontrolled Resource Consumption |
| MEDIUM | 5.3 | CVE-2026-23865 | CVE-2026-23865 |
| MEDIUM | 5.3 | CVE-2026-33558 | CVE-2026-33558: Insertion of Sensitive Information into Log File |
| MEDIUM | 5.3 | CVE-2026-41417 | CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.3 | CVE-2026-45292 | CVE-2026-45292: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 5.3 | CVE-2026-6429 | CVE-2026-6429 |
| MEDIUM | 5.3 | CVE-2026-7009 | CVE-2026-7009 |
| MEDIUM | 5.3 | CVE-2026-7168 | CVE-2026-7168 |
| MEDIUM | 5.1 | CVE-2026-23868 | CVE-2026-23868 |
| MEDIUM | 4.3 | CVE-2023-41900 | CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| LOW | 3.9 | GHSA-58qw-p7qm-5rvh | GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference |
| LOW | 3.7 | CVE-2025-11143 | CVE-2025-11143: Improper Input Validation |
| LOW | 3.5 | CVE-2023-36479 | CVE-2023-36479: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| LOW | 3.3 | CVE-2020-8908 | CVE-2020-8908: Improper Handling of Alternate Encoding |
| LOW | 3.1 | CVE-2025-58056 | CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| LOW | 2.9 | CVE-2026-42578 | CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
| LOW | 2.7 | CVE-2022-2047 | CVE-2022-2047: Improper Input Validation |
| LOW | 2.7 | CVE-2025-66453 | CVE-2025-66453: Uncontrolled Resource Consumption |
| LOW | 2.4 | CVE-2023-26049 | CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| LOW | 1.9 | CVE-2026-3293 | CVE-2026-3293: Uncontrolled Resource Consumption |
↑2025.05.01
Severity Breakdown
| Severity | Count |
|---|---|
| HIGH | 26 |
| MEDIUM | 45 |
| LOW | 10 |
Details for version: 2025.05.01
CVE Details for Version: 2025.05.01
| Severity | Score | CVE ID | Description |
|---|---|---|---|
| HIGH | 8.9 | CVE-2026-5598 | CVE-2026-5598: Covert Timing Channel |
| HIGH | 8.8 | CVE-2025-12183 | CVE-2025-12183: Out-of-bounds Read |
| HIGH | 8.8 | CVE-2025-48734 | CVE-2025-48734: Improper Access Control |
| HIGH | 8.8 | CVE-2025-69194 | CVE-2025-69194 |
| HIGH | 8.7 | CVE-2023-52428 | CVE-2023-52428: Uncontrolled Resource Consumption |
| HIGH | 8.7 | CVE-2026-33871 | CVE-2026-33871: Allocation of Resources Without Limits or Throttling |
| HIGH | 8.7 | CVE-2026-35554 | CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| HIGH | 8.2 | CVE-2025-49146 | CVE-2025-49146: Improper Authentication |
| HIGH | 8.2 | CVE-2025-55163 | CVE-2025-55163: Allocation of Resources Without Limits or Throttling |
| HIGH | 8.2 | CVE-2025-66566 | CVE-2025-66566: Insertion of Sensitive Information Into Sent Data |
| HIGH | 8.2 | CVE-2026-26740 | CVE-2026-26740 |
| HIGH | 8.1 | CVE-2025-59250 | CVE-2025-59250: Improper Input Validation |
| HIGH | 7.7 | CVE-2024-47072 | CVE-2024-47072: Stack-based Buffer Overflow |
| HIGH | 7.5 | CVE-2021-31684 | CVE-2021-31684: Out-of-bounds Read |
| HIGH | 7.5 | CVE-2022-41404 | CVE-2022-41404: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2023-1370 | CVE-2023-1370: Uncontrolled Recursion |
| HIGH | 7.5 | CVE-2026-33870 | CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.5 | CVE-2026-42198 | CVE-2026-42198: Allocation of Resources Without Limits or Throttling |
| HIGH | 7.5 | CVE-2026-42579 | CVE-2026-42579: Improper Input Validation |
| HIGH | 7.5 | CVE-2026-42583 | CVE-2026-42583: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-42587 | CVE-2026-42587: Uncontrolled Resource Consumption |
| HIGH | 7.5 | CVE-2026-5773 | CVE-2026-5773 |
| HIGH | 7.5 | CVE-2026-6276 | CVE-2026-6276 |
| HIGH | 7.4 | CVE-2026-2332 | CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.3 | CVE-2026-42584 | CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HIGH | 7.2 | CVE-2024-13009 | CVE-2024-13009: Improper Resource Shutdown or Release |
| MEDIUM | 6.9 | CVE-2025-31672 | CVE-2025-31672: Improper Input Validation |
| MEDIUM | 6.9 | CVE-2025-58057 | CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification) |
| MEDIUM | 6.9 | CVE-2026-34478 | CVE-2026-34478: Improper Output Neutralization for Logs |
| MEDIUM | 6.9 | CVE-2026-34480 | CVE-2026-34480: Improper Encoding or Escaping of Output |
| MEDIUM | 6.9 | GHSA-72hv-8253-57qq | GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.5 | CVE-2016-5004 | CVE-2016-5004: Uncontrolled Resource Consumption |
| MEDIUM | 6.5 | CVE-2024-45993 | CVE-2024-45993 |
| MEDIUM | 6.5 | CVE-2025-48924 | CVE-2025-48924: Uncontrolled Recursion |
| MEDIUM | 6.5 | CVE-2025-60876 | CVE-2025-60876 |
| MEDIUM | 6.5 | CVE-2025-67735 | CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| MEDIUM | 6.5 | CVE-2026-42580 | CVE-2026-42580: Integer Overflow or Wraparound |
| MEDIUM | 6.5 | CVE-2026-42585 | CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 6.5 | CVE-2026-5545 | CVE-2026-5545 |
| MEDIUM | 6.3 | CVE-2024-6763 | CVE-2024-6763: Improper Validation of Syntactic Correctness of Input |
| MEDIUM | 6.3 | CVE-2025-68161 | CVE-2025-68161: Improper Validation of Certificate with Host Mismatch |
| MEDIUM | 6.3 | CVE-2025-8916 | CVE-2025-8916: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 6.3 | CVE-2026-34477 | CVE-2026-34477: Improper Validation of Certificate with Host Mismatch |
| MEDIUM | 6.3 | CVE-2026-5588 | CVE-2026-5588: Use of a Broken or Risky Cryptographic Algorithm |
| MEDIUM | 6.2 | CVE-2025-27817 | CVE-2025-27817: Server-Side Request Forgery (SSRF) |
| MEDIUM | 6.1 | CVE-2025-22227 | CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUM | 6.0 | CVE-2025-7962 | CVE-2025-7962: Improper Neutralization of Input Terminators |
| MEDIUM | 5.9 | CVE-2024-8184 | CVE-2024-8184: Uncontrolled Resource Consumption |
| MEDIUM | 5.9 | CVE-2026-28208 | CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-41245 | CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| MEDIUM | 5.9 | CVE-2026-4873 | CVE-2026-4873 |
| MEDIUM | 5.9 | CVE-2026-6253 | CVE-2026-6253 |
| MEDIUM | 5.8 | CVE-2025-53864 | CVE-2025-53864: Uncontrolled Recursion |
| MEDIUM | 5.8 | CVE-2026-42581 | CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.7 | CVE-2025-46551 | CVE-2025-46551: Improper Certificate Validation |
| MEDIUM | 5.5 | CVE-2023-2976 | CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions |
| MEDIUM | 5.5 | CVE-2025-4949 | org.eclipse.jgit: XXE vulnerability in Eclipse JGit |
| MEDIUM | 5.5 | CVE-2026-0636 | CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| MEDIUM | 5.3 | CVE-2021-34429 | CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUM | 5.3 | CVE-2023-26048 | CVE-2023-26048: Uncontrolled Resource Consumption |
| MEDIUM | 5.3 | CVE-2023-40167 | CVE-2023-40167: Improper Handling of Length Parameter Inconsistency |
| MEDIUM | 5.3 | CVE-2024-9823 | CVE-2024-9823: Uncontrolled Resource Consumption |
| MEDIUM | 5.3 | CVE-2026-23865 | CVE-2026-23865 |
| MEDIUM | 5.3 | CVE-2026-33558 | CVE-2026-33558: Insertion of Sensitive Information into Log File |
| MEDIUM | 5.3 | CVE-2026-41417 | CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| MEDIUM | 5.3 | CVE-2026-45292 | CVE-2026-45292: Allocation of Resources Without Limits or Throttling |
| MEDIUM | 5.3 | CVE-2026-6429 | CVE-2026-6429 |
| MEDIUM | 5.3 | CVE-2026-7009 | CVE-2026-7009 |
| MEDIUM | 5.3 | CVE-2026-7168 | CVE-2026-7168 |
| MEDIUM | 5.1 | CVE-2026-23868 | CVE-2026-23868 |
| MEDIUM | 4.3 | CVE-2023-41900 | CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| LOW | 3.9 | GHSA-58qw-p7qm-5rvh | GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference |
| LOW | 3.7 | CVE-2025-11143 | CVE-2025-11143: Improper Input Validation |
| LOW | 3.5 | CVE-2023-36479 | CVE-2023-36479: Improper Neutralization of Quoting Syntax |
| LOW | 3.3 | CVE-2020-8908 | CVE-2020-8908: Improper Handling of Alternate Encoding |
| LOW | 3.1 | CVE-2025-58056 | CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| LOW | 2.9 | CVE-2026-42578 | CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
| LOW | 2.7 | CVE-2022-2047 | CVE-2022-2047: Improper Input Validation |
| LOW | 2.7 | CVE-2025-66453 | CVE-2025-66453: Uncontrolled Resource Consumption |
| LOW | 2.4 | CVE-2023-26049 | CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| LOW | 1.9 | CVE-2026-3293 | CVE-2026-3293: Uncontrolled Resource Consumption |