VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

19,465 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.0CVE-2026-55203HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…2026/6/18
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.2026/6/18
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…2026/6/18
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID2026/6/18
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module2026/6/18
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing2026/6/18
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`2026/6/18
HIGH7.5Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a l…2026/6/17
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent2026/6/17
LOW3.7Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets.2026/6/17
LOW3.7Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring,…2026/6/17
HIGH7.5Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's orig…2026/6/17
HIGH8.2Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthent…2026/6/17
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS2026/6/17
HIGH7.5handlebars.java FileTemplateLoader Path Traversal2026/6/17
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector2026/6/17
HIGH8.4pdfkit: Path traversal in from_string2026/6/17
HIGH7.7Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects2026/6/17
HIGH7.7Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal2026/6/17
HIGH7.6Open WebUI: Stored XSS to Account Takeover via Model Profile Images2026/6/17
HIGH7.1Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion2026/6/17
HIGH8.7Open WebUI: Stored XSS in Mermaid Markdown Preview2026/6/17
HIGH8.3Open WebUI: Forged chat-file link allows cross-user file read and deletion2026/6/17
HIGH8.5Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)2026/6/17
LOW3.1Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage…2026/6/17

第 1 / 779 頁下一頁 →