VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

21,197 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.5CVE-2026-55446Langflow: Unauthenticated DoS through multipart form boundary file upload2026/6/19
HIGH7.8@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels2026/6/19
HIGH7.5flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key2026/6/19
HIGH7.1jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories2026/6/19
HIGH7.5Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders2026/6/19
HIGH7.6Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN2026/6/19
HIGH8.0py7zr: Arbitrary File Write Vulnerability2026/6/19
HIGH7.3Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()2026/6/19
HIGH8.8CedarJava has policy injection vulnerability2026/6/19
HIGH8.8CedarJava has type confusion vulnerability2026/6/19
HIGH8.3libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sf…2026/6/19
CRITICAL9.0HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…2026/6/18
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.2026/6/18
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…2026/6/18
HIGH8.7HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tb…2026/6/18
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection2026/6/18
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots2026/6/18
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names2026/6/18
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install2026/6/18
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns2026/6/18
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names2026/6/18
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks2026/6/18
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID2026/6/18
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module2026/6/18
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing2026/6/18

第 1 / 848 頁下一頁 →