VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

461 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.5CVE-2026-48051Papra HTTP redirect bypass can lead to SSRF via webhook delivery system2026/6/10
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…2026/6/9
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…2026/6/9
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix2026/5/29
LOW2.0NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation2026/5/21
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…2026/5/20
LOW3.7EPSS 0.10%Apache Tomcat: AJP secret compared in non-constant time2026/5/12
LOW3.7EPSS 0.01%Next.js's Middleware / Proxy redirects can be cache-poisoned2026/5/11
LOW3.7EPSS 0.01%Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting2026/5/11
LOW3.8EPSS 0.02%Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()2026/5/9
LOW3.7EPSS 0.04%nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)2026/5/7
LOW3.7EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header2026/5/6
LOW3.7EPSS 0.02%Flowise: Bcrypt Password Hash Exposure2026/5/6
LOW2.4EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser2026/5/5
LOW3.7EPSS 0.06%Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams2026/5/5
LOW3.7EPSS 0.02%A flaw was found in gnutls.2026/4/30
LOW3.7EPSS 0.04%A flaw was found in gnutls.2026/4/30
LOW3.7EPSS 0.07%xxl-job has a Resource Injection issue2026/4/29
LOW3.7EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client2026/4/28
LOW2.2EPSS 0.05%Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)2026/4/23
LOW3.7EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider2026/4/22
LOW3.7EPSS 0.03%ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint2026/4/16
LOW2.9EPSS 0.01%libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.2026/4/16
LOW3.5EPSS 0.04%DbGate has cross site scripting via the SVG Icon String Handler component2026/4/13
LOW3.7EPSS 0.08%OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths2026/4/9

第 1 / 19 頁下一頁 →