data-prep-toolkit-transforms (>=0.2.1.dev0 <=0.2.1.dev2), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +14 more potentially affected by CVE-2026-44023 via docling-core (>=1.7.2 <=2.74.0)

docling-core PYPI version =1.7.2, =0.2.1.dev0, =0.2.1.dev0, =1.0.0, =1.0.0, =0.19.2, =0.14.1, =0.4.0, =0.2.0, =0.0.1, =0.4.1 - resume-ats =0.1.0 - smart-pdf-for-business =1.0.0 and more Source cves: CVE-2026-44023 Source advisory: OSV:GHSA-JMMV-H3MP-59V8...

EUVD-2025-210031

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-44595 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-44595 Source advisory: SNYK:JAVA-ORGYAMCS-17229842...

@budibase/client (>=3.0.0 <=3.2.26), @budibase/server (>=3.0.0 <=3.2.26) potentially affected by CVE-2026-45716 via @budibase/frontend-core (>=3.0.0 <=3.2.7)

@budibase/frontend-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-45716 Source advisory: SNYK:JS-BUDIBASEFRONTENDCORE-16759691...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3011 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.4.0 <=4.4.9)

io.vertx:vertx-core MAVEN version =4.4.0, =0.0.1, =0.0.1, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =23.3.0, =23.3.0, =23.3.0, =23.9.1 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.tock:bot-test (>=26.3.1 <=26.3.2), ai.tock:bot-test-base (>=26.3.1 <=26.3.2) +561 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.2 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.tock:bot-test (>=26.3.1 <=26.3.2), ai.tock:bot-test-base (>=26.3.1 <=26.3.2) +556 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.2 and more Source cves: CVE-2026-6860 Source advisory: SNYK:JAVA-IOVERTX-16433278...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: SNYK:JAVA-AIH2O-16417170...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-25917 via apache-airflow-core (>=3.0.0 <=3.1.8rc2)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-25917 Source advisory: OSV:GHSA-6FFJ-2WG2-W45J...

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

@akago/akago_backend_commands (>=1.0.0 <=1.2.8), @djpfs/adonisjs-microservices (>=1.0.1 <=2.0.1) +50 more potentially affected by CVE-2026-40255 via @adonisjs/core (>=5.1.11 <=6.21.0)

@adonisjs/core NPM version =5.1.11, =1.0.0, =1.0.1, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.1 - @nhtio/adonis-maxmind =1.20260220.0 and more Source cves: CVE-2026-40255 Source advisory: OSV:GHSA-6QVV-PJ99-48QM...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-34538 via apache-airflow-core (>=3.0.0rc2 <=3.2.0b2)

apache-airflow-core PYPI version =3.0.0rc2, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-34538 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15954288...

CVE-2026-27049

Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through = 1.4.2...

CVE-2026-25460

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

CVE-2026-23514

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +452 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +452 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623152...

com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.48.0), com.github.rumbledb:rumbledb (=2.0.0) +84 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=4.0.0-preview2 <=4.0.0)

org.apache.spark:spark-core2.13 MAVEN version =4.0.0-preview2, =4.43.0, =0.43.0-preview, =0.43.0-preview, =4.0.0-preview22.0.1, =0.0.3, =0.0.3, =7.0.1, =4.1.0, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc7 and more Source cves: CVE-2025-54920 Source advisory:...

CVE-2026-27344

Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through = 1.0.5...

CVE-2025-69310

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through = 1.4...