SOC Cyber Wall v5

P1 P2 KEV only EPSS≥0.20 REMOTE PoC CRITICAL 🆕 Nouveaux

Priority

Vendor

Sévérité

EPSS min: 0.00

CVSS min: 0.0

Exports

Publié entre et

Heatmap CVSS × EPSS (visible)survol = détail CVE

Prio	CVE	Sev	CVSS	EPSS	Score	Vendor	Produit	CWE	Description	Signaux
P0	CVE-2026-3055	CRITICAL	9.8	0.443	222.0	Citrix	NetScaler	CWE-125	Citrix NetScaler Out-of-Bounds Read Vulnerability	KEV EPSS↑ CWE! 🦠 RANSOM
P0	CVE-2021-22054	LOW	0.0	0.938	217.6	Omnissa	Workspace One UEM	—	Omnissa Workspace ONE Server-Side Request Forgery	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-32432	LOW	0.0	0.877	210.2	Craft CMS	Craft CMS	—	Craft CMS Code Injection Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-68613	LOW	0.0	0.792	200.0	n8n	n8n	—	n8n Improper Control of Dynamically-Managed Code Resources Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-1603	LOW	0.0	0.654	183.5	Ivanti	Endpoint Manager (EPM)	—	Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-33634	HIGH	8.8	0.212	183.2	Aquasecurity	Trivy	CWE-506	Aquasecurity Trivy Embedded Malicious Code Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-33017	CRITICAL	9.8	0.057	175.6	Langflow	Langflow	CWE-94	Langflow Code Injection Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2025-54068	LOW	0.0	0.583	175.0	Laravel	Livewire	—	Laravel Livewire Code Injection Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-20131	CRITICAL	10.0	0.006	170.7	Cisco	Secure Firewall Management Center (FMC)	CWE-502	Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2026-5281	HIGH	8.8	0.030	166.4	Google	Dawn	CWE-416	Google Dawn Use-After-Free Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2026-3910	HIGH	8.8	0.008	163.7	Google	Chromium V8	CWE-94	Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2026-3909	HIGH	8.8	0.003	163.1	Google	Skia	CWE-787	Google Skia Out-of-Bounds Write Vulnerability	KEV CWE! 🦠 RANSOM
P0	CVE-2025-53521	LOW	0.0	0.414	154.7	F5	BIG-IP	—	F5 BIG-IP Stack-Based Buffer Overflow Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2026-3502	HIGH	7.8	0.012	153.3	TrueConf	Client	CWE-494	TrueConf Client Download of Code Without Integrity Check Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-26399	LOW	0.0	0.282	138.9	SolarWinds	Web Help Desk	—	SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-47813	LOW	0.0	0.204	129.5	Wing FTP Server	Wing FTP Server	—	Wing FTP Server Information Disclosure Vulnerability	KEV EPSS↑ 🦠 RANSOM
P0	CVE-2025-66376	LOW	0.0	0.100	117.0	Synacor	Zimbra Collaboration Suite (ZCS)	—	Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability	KEV 🦠 RANSOM
P0	CVE-2026-35044	HIGH	8.8	0.000	112.8	pip	bentoml	CWE-1336	BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation	🦠 RANSOM 📡 ITW
P0	CVE-2026-20963	LOW	0.0	0.060	112.2	Microsoft	SharePoint	—	Microsoft SharePoint Deserialization of Untrusted Data Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-43510	LOW	0.0	0.005	105.6	Apple	Multiple Products	—	Apple Multiple Products Improper Locking Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-43520	LOW	0.0	0.004	105.5	Apple	Multiple Products	—	Apple Multiple Products Classic Buffer Overflow Vulnerability	KEV 🦠 RANSOM
P0	CVE-2025-31277	LOW	0.0	0.002	105.2	Apple	Multiple Products	—	Apple Multiple Products Buffer Overflow Vulnerability	KEV 🦠 RANSOM
P0	CVE-2026-35405	HIGH	7.5	0.000	105.0	rust	libp2p-rendezvous	CWE-770	libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers	🦠 RANSOM 📡 ITW
P2	CVE-2026-5323	LOW	5.3	0.000	96.8	npm	a11y-mcp	CWE-918	a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function	CWE! 🦠 RANSOM 📡 ITW
P2	CVE-2026-4325	MEDIUM	5.3	0.000	91.8	maven	org.keycloak:keycloak-services	CWE-653	Keycloak: Replay of action tokens via improper handling of single-use entries	🦠 RANSOM 📡 ITW
P2	CVE-2026-35181	MEDIUM	4.3	0.000	90.8	composer	wwbn/avideo	CWE-352	AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php	CWE! 🦠 RANSOM 📡 ITW
P2	CVE-2026-35471	CRITICAL	9.8	0.000	63.8	go	github.com/patrickhener/goshs	CWE-22	goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)	CWE!
P2	CVE-2026-35393	CRITICAL	9.8	0.000	63.8	go	github.com/patrickhener/goshs	CWE-22	goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload	CWE!
P2	CVE-2026-35392	CRITICAL	9.8	0.000	63.8	go	github.com/patrickhener/goshs	CWE-22	goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload	CWE!
P2	CVE-2026-0596	CRITICAL	9.6	0.002	62.9	pip	mflow	CWE-78	Mflow: Command Injection when serving models with enable_mlserver=True	CWE!
P2	CVE-2026-31818	CRITICAL	9.6	0.000	62.6	npm	@budibase/backend-core	CWE-918	Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist	CWE!
P2	CVE-2026-34208	CRITICAL	10.0	0.000	60.0	npm	@nyariv/sandboxjs	CWE-693	SandboxJS: Sandbox integrity escape
P3	CVE-2026-35216	CRITICAL	9.1	0.000	59.6	npm	@budibase/server	CWE-78	Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step	CWE!
P3	CVE-2026-35463	HIGH	8.8	0.000	57.8	pip	pyload-ng	CWE-78	pyLoad: Improper Neutralization of Special Elements used in an OS Command	CWE!
P3	CVE-2026-35470	HIGH	8.8	0.000	57.8	composer	devcode-it/openstamanager	CWE-89	OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals	CWE!
P3	CVE-2026-33175	HIGH	8.8	0.000	57.8	pip	oauthenticator	CWE-287	Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims	CWE!
P3	CVE-2026-35214	HIGH	8.7	0.000	57.2	npm	@budibase/server	CWE-22	Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write	CWE!
P3	CVE-2026-33752	HIGH	8.6	0.000	56.6	pip	curl_cffi	CWE-918	curl_cffi: Redirect-based SSRF leads to internal network access in curl_cffi (with TLS impersonation bypass)	CWE!
P3	CVE-2026-33950	CRITICAL	9.4	0.000	56.5	npm	signalk-server	CWE-285	Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity
P3	CVE-2026-35039	CRITICAL	9.1	0.000	54.6	npm	fast-jwt	CWE-345	fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
P3	CVE-2026-35408	HIGH	8.7	0.000	52.2	npm	directus	CWE-346	Directus: Missing Cross-Origin Opener Policy
P3	CVE-2026-35043	HIGH	7.8	0.000	51.8	pip	bentoml	CWE-78	BentoML: Command Injection in cloud deployment setup script	CWE!
P3	CVE-2026-35409	HIGH	7.7	0.000	51.2	npm	directus	CWE-20	Directus: SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import	CWE!
P3	CVE-2026-35187	HIGH	7.7	0.000	51.2	pip	pyload-ng	CWE-918	pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter	CWE!
P3	GHSA-393c-p46r-7c95	HIGH	8.5	0.000	51.0	npm	directus	CWE-284	Directus: Path Traversal and Broken Access Control in File Management API
P3	CVE-2026-35464	HIGH	7.5	0.000	50.0	pip	pyload-ng	CWE-502	pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)	CWE!
P3	CVE-2026-30762	HIGH	7.5	0.000	50.0	pip	lightrag-hku	CWE-287	LightRAG: Hardcoded JWT Signing Secret Allows Authentication Bypass	CWE!
P3	CVE-2026-35394	HIGH	8.3	0.000	49.8	npm	@mobilenext/mobile-mcp	CWE-939	@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
P3	CVE-2026-35457	HIGH	8.2	0.000	49.2	rust	libp2p-rendezvous	CWE-770	libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion
P3	CVE-2026-4636	HIGH	8.1	0.000	48.6	maven	org.keycloak:keycloak-services	CWE-551	Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants
P3	CVE-2026-35442	HIGH	8.1	0.000	48.6	npm	directus	CWE-200	Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries
P3	CVE-2026-4634	HIGH	7.5	0.001	45.1	maven	org.keycloak:keycloak-services	CWE-1050	Keycloak: Application-Level DoS via Scope Processing
P3	CVE-2026-35209	HIGH	7.5	0.000	45.0	npm	defu	CWE-1321	defu: Prototype pollution via `__proto__` key in defaults argument
P3	GHSA-6q22-g298-grjh	HIGH	7.5	0.000	45.0	npm	directus	CWE-400	Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver
P3	CVE-2026-35042	HIGH	7.5	0.000	45.0	npm	fast-jwt	CWE-345	fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)
P3	GHSA-2m67-wjpj-xhg9	HIGH	7.5	0.000	45.0	maven	tools.jackson.core:jackson-core	—	Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers
P3	CVE-2026-34824	HIGH	7.5	0.000	45.0	pip	mesop	CWE-400	Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service
P3	CVE-2024-24762	HIGH	7.5	0.000	45.0	pip	python-multipart	CWE-400	python-multipart vulnerable to Content-Type Header ReDoS
P3	CVE-2026-4282	HIGH	7.4	0.000	44.4	maven	org.keycloak:keycloak-services	CWE-653	Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw
P3	CVE-2026-2265	MEDIUM	6.5	0.001	44.1	npm	replicator	CWE-502	Replicator deserializes untrusted user input	CWE!
P3	GHSA-6p2j-742g-835f	MEDIUM	6.5	0.000	44.0	actions	Tiryoh/actions-mkdocs	CWE-77	actions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow	CWE!
P3	CVE-2026-3872	HIGH	7.3	0.000	43.8	maven	org.keycloak:keycloak-services	CWE-601	Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint
P3	CVE-2026-35536	HIGH	7.2	0.000	43.2	pip	tornado	CWE-159	Tornado has cookie attribute injection via .RequestHandler.set_cookie
P3	CVE-2026-35412	HIGH	7.1	0.000	42.6	npm	directus	CWE-863	Directus: TUS Upload Authorization Bypass Allows Arbitrary File Overwrite
P3	CVE-2026-35539	MEDIUM	6.1	0.000	41.6	composer	roundcube/roundcubemail	CWE-79	Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode	CWE!
P3	CVE-2026-35410	MEDIUM	6.1	0.000	41.6	npm	directus	CWE-20	Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow	CWE!
P3	CVE-2026-35441	MEDIUM	6.5	0.000	39.0	npm	directus	CWE-400	Directus: GraphQL Alias Amplification Denial of Service Due to Missing Query Cost/Complexity Limits
P3	GHSA-mvv8-v4jj-g47j	MEDIUM	6.5	0.000	39.0	npm	directus	CWE-200	Directus: Sensitive fields exposed in revision history
P3	CVE-2026-34755	MEDIUM	6.5	0.000	39.0	pip	vllm	CWE-770	vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
P3	CVE-2026-34215	HIGH	6.5	0.000	39.0	npm	parse-server	CWE-200	Parse Server exposes auth data via verify password endpoint
P3	CVE-2026-34756	MEDIUM	6.5	0.000	39.0	pip	vllm	CWE-770	vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
P3	CVE-2026-5327	LOW	6.3	0.007	38.7	npm	fast-filesystem-mcp	CWE-74	fast-filesystem-mcp is vulnerable to command injection through handleGetDiskUsage function
P3	CVE-2026-34753	MEDIUM	5.4	0.000	37.4	pip	vllm	CWE-918	vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `	CWE!
P3	GHSA-3c7f-5hgj-h279	MEDIUM	5.4	0.000	37.4	npm	n8n	CWE-79	n8n has XSS in Chat Trigger Node through Custom CSS	CWE!
P3	CVE-2026-35450	MEDIUM	5.3	0.000	36.8	composer	wwbn/avideo	CWE-306	AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php	CWE!
P3	CVE-2026-34083	MEDIUM	6.1	0.000	36.6	npm	signalk-server	CWE-346	Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
P3	CVE-2026-34052	MEDIUM	5.9	0.000	35.4	pip	jupyterhub-ltiauthenticator	CWE-401	LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
P3	CVE-2026-30867	MEDIUM	5.7	0.000	34.2	swift	CocoaMQTT	CWE-617	CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing
P3	CVE-2026-35540	MEDIUM	5.4	0.000	32.4	composer	roundcube/roundcubemail	CWE-669	Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
P3	CVE-2026-35545	MEDIUM	5.3	0.000	31.8	composer	roundcube/roundcubemail	CWE-669	Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message
P3	CVE-2026-35544	MEDIUM	5.3	0.000	31.8	composer	roundcube/roundcubemail	CWE-669	Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
P3	CVE-2026-35543	MEDIUM	5.3	0.000	31.8	composer	roundcube/roundcubemail	CWE-669	Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message
P3	CVE-2026-35542	MEDIUM	5.3	0.000	31.8	composer	roundcube/roundcubemail	CWE-669	Roundcube: Bypass of remote image blocking via crafted BODY background attribute
P3	CVE-2026-35452	MEDIUM	5.3	0.000	31.8	composer	wwbn/avideo	CWE-200	AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
P3	CVE-2026-35449	MEDIUM	5.3	0.000	31.8	composer	wwbn/avideo	CWE-200	AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php
P3	CVE-2026-35413	MEDIUM	5.3	0.000	31.8	npm	directus	CWE-200	Directus: GraphQL Schema SDL Disclosure Setting
P3	CVE-2026-35179	MEDIUM	5.3	0.000	31.8	composer	wwbn/avideo	CWE-862	AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
P3	CVE-2026-35537	LOW	3.7	0.000	27.2	composer	roundcube/roundcubemail	CWE-502	Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler	CWE!
P3	CVE-2026-5370	LOW	3.5	0.000	26.0	composer	krayin/laravel-crm	CWE-79	Krayin CRM is vulnerable to Cross-site Scripting (XSS)	CWE!
P3	CVE-2026-35411	MEDIUM	4.3	0.000	25.8	npm	directus	CWE-601	Directus: Open Redirect in Admin 2FA Setup Page
P3	CVE-2026-35541	MEDIUM	4.2	0.000	25.2	composer	roundcube/roundcubemail	CWE-843	Roundcube Webmail: Incorrect password comparison in the password plugin
P3	CVE-2026-35448	LOW	3.7	0.000	22.2	composer	wwbn/avideo	CWE-862	AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php
P3	CVE-2026-34764	LOW	2.3	0.000	18.8	npm	electron	CWE-416	Electron: Use-after-free in offscreen shared texture release() callback	CWE!
P3	CVE-2026-35538	LOW	3.1	0.000	18.6	composer	roundcube/roundcubemail	CWE-88	Roundcube Webmail: Unsanitized IMAP SEARCH command arguments
P3	CVE-2026-34544	HIGH	0.0	0.000	5.0	pip	openexr	CWE-190	OpenEXR: integer overflow to OOB write in uncompress_b44_impl()	CWE!
P3	CVE-2026-35459	CRITICAL	0.0	0.000	5.0	pip	pyload-ng	CWE-918	pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)	CWE!
P3	GHSA-5hr4-253g-cpx2	MEDIUM	0.0	0.000	5.0	pip	web3	CWE-918	web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling	CWE!
P3	CVE-2026-35454	HIGH	0.0	0.000	5.0	go	github.com/coder/code-marketplace	CWE-22	Code Extension Marketplace: Zip Slip Path Traversal	CWE!
P3	GHSA-2c6h-4899-wjxr	HIGH	0.0	0.000	5.0	rust	scaly	CWE-125	scaly: Multiple soundness issues in Rust safe APIs	CWE!
P3	CVE-2026-35166	MEDIUM	0.0	0.000	5.0	go	github.com/gohugoio/hugo	CWE-79	Hugo: Certain markdown links are not properly escaped	CWE!
P3	CVE-2026-35030	CRITICAL	0.0	0.000	5.0	pip	litellm	CWE-287	LiteLLM: Authentication bypass via OIDC userinfo cache key collision	CWE!
P3	CVE-2026-25044	HIGH	0.0	0.000	5.0	npm	@budibase/server	CWE-78	Budibase: Command Injection in Bash Automation Step	CWE!
P3	CVE-2026-35038	LOW	0.0	0.000	5.0	npm	signalk-server	CWE-20	Signal K Server: Arbitrary Prototype Read via `from` Field Bypass	CWE!
P3	CVE-2026-35002	CRITICAL	0.0	0.004	0.5	pip	agno	CWE-95	Agno is vulnerable to Eval Injection
P3	CVE-2026-33951	MEDIUM	0.0	0.003	0.3	npm	signalk-server	CWE-284	Signal K Server: Unauthenticated Source Priorities Manipulation
P3	CVE-2026-5199	LOW	0.0	0.000	0.1	go	go.temporal.io/server	CWE-639	Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster
P3	CVE-2026-34543	HIGH	0.0	0.000	0.1	pip	openexr	CWE-908	OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)
P3	GHSA-9jpj-g8vv-j5mf	HIGH	0.0	0.000	0.0	npm	openclaw	CWE-345	OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
P3	GHSA-j3w3-p6mr-3hrh	MEDIUM	0.0	0.000	0.0	rust	dyn-future	CWE-843	DynFuture Drop Can Construct a Dangling Reference
P3	GHSA-5jg4-p4qw-cgfr	HIGH	0.0	0.000	0.0	npm	@stablelib/cbor	CWE-674	@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
P3	GHSA-w48f-fwg7-ww6p	HIGH	0.0	0.000	0.0	npm	@stablelib/cbor	CWE-1321	@stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding
P3	CVE-2026-35213	HIGH	0.0	0.000	0.0	npm	@hapi/content	CWE-1333	@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing
P3	CVE-2026-35200	LOW	0.0	0.000	0.0	npm	parse-server	CWE-436	Parse Server: File upload Content-Type override via extension mismatch
P3	CVE-2026-35029	HIGH	0.0	0.000	0.0	pip	litellm	CWE-863	LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
P3	CVE-2026-34217	MEDIUM	0.0	0.000	0.0	npm	@nyariv/sandboxjs	CWE-668	SandboxJS: Sandbox Escape via Prop Object Leak in New Handler
P3	CVE-2026-34211	MEDIUM	0.0	0.000	0.0	npm	@nyariv/sandboxjs	CWE-674	SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
P3	CVE-2026-33709	MEDIUM	0.0	0.000	0.0	pip	jupyterhub	CWE-601	JupyterHub has an Open Redirect Vulnerability
P3	GHSA-rm5c-4rmf-vvhw	MEDIUM	0.0	0.000	0.0	npm	openclaw	CWE-367	OpenClaw: Sandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses
P3	CVE-2025-68153	HIGH	0.0	0.000	0.0	go	github.com/juju/juju	CWE-863	Juju has a resource poisoning vulnerability
P3	CVE-2025-68152	MEDIUM	0.0	0.000	0.0	go	github.com/juju/juju	CWE-863	Juju: Read All Controller Logs From Compromised Workload
P3	CVE-2026-34450	MEDIUM	0.0	0.000	0.0	pip	anthropic	CWE-276	Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool