VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

23,754 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.3CVE-2026-48937A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame.2026/6/18
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.2026/6/18
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)2026/6/18
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module2026/6/18
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module2026/6/18
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing2026/6/18
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102842026/6/18
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator2026/6/18
MEDIUM6.1marimo contains a reflected cross-site scripting vulnerability in the notebook page2026/6/18
MEDIUM5.3joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.2026/6/17
MEDIUM5.9Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00,…2026/6/17
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass2026/6/17
LOW3.7Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets.2026/6/17
LOW3.7Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring,…2026/6/17
MEDIUM5.8Shaarli is a personal bookmarking service.2026/6/17
MEDIUM5.9libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO hand…2026/6/17
MEDIUM4.8Shaarli is a personal bookmarking service.2026/6/17
MEDIUM5.8Shaarli is a personal bookmarking service.2026/6/17
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names2026/6/17
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.2026/6/17
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.2026/6/17
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects2026/6/17
MEDIUM5.3Open WebUI: Any authenticated user can read other users' private notes via Socket.IO2026/6/17
MEDIUM6.3Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter2026/6/17
MEDIUM6.5Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode2026/6/17

第 1 / 951 頁下一頁 →