VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

25,289 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.3CVE-2026-49342YARD is a documentation generation tool for the Ruby programming language.2026/6/20
MEDIUM4.3libde265 is an open source implementation of the h.265 video codec.2026/6/20
MEDIUM6.5A use-after-free vulnerability was found in FFmpeg's RASC video decoder.2026/6/19
MEDIUM4.4Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure2026/6/19
MEDIUM6.1Langflow: Logout button does not clear session2026/6/19
MEDIUM6.1Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering2026/6/19
MEDIUM6.2Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read2026/6/19
MEDIUM6.8dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens2026/6/19
MEDIUM6.5libheif is a HEIF and AVIF file format decoder and encoder.2026/6/19
MEDIUM6.5UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()2026/6/19
MEDIUM5.8guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts2026/6/19
MEDIUM5.9guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext2026/6/19
MEDIUM5.3NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)2026/6/19
HIGH8.3libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sf…2026/6/19
MEDIUM6.5A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.1…2026/6/19
MEDIUM6.1OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry.2026/6/19
MEDIUM5.4Coturn is a free open source implementation of TURN and STUN Server.2026/6/19
MEDIUM4.9libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation.2026/6/19
MEDIUM4.8guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization2026/6/19
MEDIUM5.3ts-deepmerge: Prototype Method Override leads to DoS2026/6/19
MEDIUM5.3A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame.2026/6/18
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.2026/6/18
MEDIUM6.7NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 sup…2026/6/18
MEDIUM5.8Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints2026/6/18
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment2026/6/18

第 1 / 1012 頁下一頁 →