搜尋

5,617 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-44546daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processi…2026/6/3
LOW3.3CVE-2026-10528EPSS 0.01%A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11.2026/6/2
LOW3.3CVE-2026-10298EPSS 0.01%A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2.2026/6/1
CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members2026/6/1
LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
LOW3.3CVE-2026-10233EPSS 0.01%A security vulnerability has been detected in Assimp up to 6.0.4.2026/6/1
LOW3.3CVE-2026-10201EPSS 0.01%A vulnerability was determined in Assimp up to 6.0.4.2026/6/1
LOW3.3CVE-2026-10199EPSS 0.01%A vulnerability has been found in Assimp up to 6.0.4.2026/5/31
LOW3.3CVE-2026-10198EPSS 0.01%A flaw has been found in Assimp up to 6.0.4.2026/5/31
LOW3.3CVE-2026-10197EPSS 0.01%A vulnerability was detected in Assimp up to 6.0.4.2026/5/31
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}2026/5/29
CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset2026/5/29
CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution2026/5/29
CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)2026/5/29
CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default2026/5/29
CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset2026/5/29
CRITICAL9.8CVE-2026-45700EPSS 0.02%FreeRDP is a free implementation of the Remote Desktop Protocol.2026/5/29
CRITICAL9.9CVE-2026-45372EPSS 0.06%cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.2026/5/29
CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection2026/5/29
CRITICAL9.6CVE-2026-2611EPSS 0.04%MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution2026/5/29
LOW3.1CVE-2026-9991EPSS 0.03%Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the…2026/5/28
CRITICAL9.6CVE-2026-9967EPSS 0.11%Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a…2026/5/28
LOW3.1CVE-2026-9959EPSS 0.03%Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML p…2026/5/28
LOW3.1CVE-2026-9950EPSS 0.04%Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had comprom…2026/5/28
LOW3.1CVE-2026-9944EPSS 0.03%Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to l…2026/5/28

第 1 / 225 頁下一頁 →