VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

11,728 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM4.4CVE-2026-55650Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure2026/6/19
MEDIUM6.1Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering2026/6/19
MEDIUM6.2Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read2026/6/19
HIGH7.8@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels2026/6/19
HIGH7.5flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key2026/6/19
HIGH8.8CedarJava has policy injection vulnerability2026/6/19
HIGH8.8CedarJava has type confusion vulnerability2026/6/19
MEDIUM5.3NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)2026/6/19
MEDIUM5.3ts-deepmerge: Prototype Method Override leads to DoS2026/6/19
MEDIUM5.8Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints2026/6/18
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment2026/6/18
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection2026/6/18
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots2026/6/18
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names2026/6/18
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install2026/6/18
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns2026/6/18
MEDIUM4.2OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers2026/6/18
MEDIUM6.5OpenClaw: memory-wiki shared search could miss session visibility checks2026/6/18
MEDIUM5.5OpenClaw: Config recovery could restore openclaw.json with broad file permissions2026/6/18
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names2026/6/18
MEDIUM4.3OpenClaw: Skill-command dispatch could skip before-tool-call hooks2026/6/18
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links2026/6/18
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings2026/6/18
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes2026/6/18
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks2026/6/18

第 1 / 470 頁下一頁 →