VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

7,605 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.5CVE-2026-54695Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID2026/6/18
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module2026/6/18
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module2026/6/18
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing2026/6/18
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102842026/6/18
MEDIUM6.1marimo contains a reflected cross-site scripting vulnerability in the notebook page2026/6/18
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names2026/6/17
HIGH8.4pdfkit: Path traversal in from_string2026/6/17
MEDIUM5.3Open WebUI: Any authenticated user can read other users' private notes via Socket.IO2026/6/17
MEDIUM6.3Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter2026/6/17
MEDIUM6.5Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode2026/6/17
HIGH7.7Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects2026/6/17
HIGH7.7Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal2026/6/17
MEDIUM4.3Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration2026/6/17
MEDIUM6.4Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion2026/6/17
MEDIUM4.3Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}2026/6/17
HIGH7.6Open WebUI: Stored XSS to Account Takeover via Model Profile Images2026/6/17
HIGH7.1Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion2026/6/17
HIGH8.7Open WebUI: Stored XSS in Mermaid Markdown Preview2026/6/17
HIGH8.3Open WebUI: Forged chat-file link allows cross-user file read and deletion2026/6/17
MEDIUM6.5Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field2026/6/17
HIGH8.5Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)2026/6/17
MEDIUM4.3Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar2026/6/17
MEDIUM6.5vLLM: OOM Denial of Service via Audio Decompression Bomb2026/6/17
MEDIUM4.8vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations2026/6/17

第 1 / 305 頁下一頁 →