搜尋

2,630 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members2026/6/1
LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}2026/5/29
CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset2026/5/29
CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution2026/5/29
CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)2026/5/29
CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default2026/5/29
CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset2026/5/29
CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection2026/5/29
CRITICAL9.6CVE-2026-2611EPSS 0.04%MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution2026/5/29
LOW3.7CVE-2026-48524EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.2026/5/28
CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection2026/5/27
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override2026/5/27
CRITICAL9.8CVE-2026-25879EPSS 0.08%Langroid has Prompt to SQL Injection, Leading to RCE2026/5/27
CRITICAL9.1CVE-2026-44632Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`2026/5/27
CRITICAL9.0CVE-2026-4408EPSS 0.39%A flaw was found in Samba.2026/5/26
CRITICAL9.6CVE-2026-46703OCI layer symlink escape → arbitrary host write2026/5/21
CRITICAL10.0CVE-2026-46695Read-only volume remount bypass via guest CAP_SYS_ADMIN2026/5/21
CRITICAL9.8CVE-2026-3593EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.2026/5/20
LOW3.7CVE-2026-45232EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…2026/5/20
CRITICAL9.8CVE-2026-31072EPSS 0.18%APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization2026/5/19
LOW3.1CVE-2026-45739Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs2026/5/19
CRITICAL9.6CVE-2026-45758Malicious code in guardrails-ai 0.10.1 (supply chain compromise)2026/5/19
CRITICAL9.6CVE-2026-2587GlassFish's gadget handler is vulnerable to RCE2026/5/19
CRITICAL9.8CVE-2026-7304EPSS 0.43%SGLang: Unauthenticated RCE via --enable-custom-logit-processor2026/5/18

第 1 / 106 頁下一頁 →