VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

23,778 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.3CVE-2026-12565BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102842026/6/18
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator2026/6/18
MEDIUM6.1marimo contains a reflected cross-site scripting vulnerability in the notebook page2026/6/18
MEDIUM5.3joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.2026/6/17
MEDIUM5.9undici vulnerable to HTTP header injection via Set-Cookie percent-decoding2026/6/17
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass2026/6/17
LOW3.7undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse2026/6/17
LOW3.7undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching2026/6/17
MEDIUM5.5Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)2026/6/17
MEDIUM5.8Shaarli is a personal bookmarking service.2026/6/17
MEDIUM5.9libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO hand…2026/6/17
MEDIUM4.8Shaarli is a personal bookmarking service.2026/6/17
MEDIUM5.8Shaarli is a personal bookmarking service.2026/6/17
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names2026/6/17
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.2026/6/17
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.2026/6/17
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects2026/6/17
MEDIUM5.3Open WebUI: Any authenticated user can read other users' private notes via Socket.IO2026/6/17
MEDIUM6.3Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter2026/6/17
MEDIUM6.5Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode2026/6/17
MEDIUM5.4A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c.2026/6/17
MEDIUM4.3Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration2026/6/17
MEDIUM6.4Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion2026/6/17
MEDIUM4.3Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}2026/6/17
MEDIUM6.5Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field2026/6/17

← 上一頁第 2 / 952 頁下一頁 →