搜尋

6,382 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-44546daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processi…2026/6/3
LOW3.3CVE-2026-10528EPSS 0.01%A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11.2026/6/2
LOW3.3CVE-2026-10298EPSS 0.01%A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2.2026/6/1
CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members2026/6/1
CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script2026/6/1
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed2026/6/1
LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
LOW3.3CVE-2026-10233EPSS 0.01%A security vulnerability has been detected in Assimp up to 6.0.4.2026/6/1
LOW3.3CVE-2026-10201EPSS 0.01%A vulnerability was determined in Assimp up to 6.0.4.2026/6/1
LOW3.3CVE-2026-10199EPSS 0.01%A vulnerability has been found in Assimp up to 6.0.4.2026/5/31
LOW3.3CVE-2026-10198EPSS 0.01%A flaw has been found in Assimp up to 6.0.4.2026/5/31
LOW3.3CVE-2026-10197EPSS 0.01%A vulnerability was detected in Assimp up to 6.0.4.2026/5/31
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}2026/5/29
CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset2026/5/29
CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution2026/5/29
CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)2026/5/29
CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default2026/5/29
CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset2026/5/29
CRITICAL9.8CVE-2026-45700EPSS 0.02%FreeRDP is a free implementation of the Remote Desktop Protocol.2026/5/29
CRITICAL9.9CVE-2026-45372EPSS 0.06%cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.2026/5/29
CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection2026/5/29
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution2026/5/29
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass2026/5/29
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE2026/5/29
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species2026/5/29

第 1 / 256 頁下一頁 →