搜尋

15,424 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.6CVE-2026-47139NodeVM network builtin exclusions bypass via internal _http_client and _http_server2026/5/29
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution2026/5/29
HIGH7.5CVE-2026-8813EPSS 0.06%ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag2026/5/29
MEDIUM5.3CVE-2026-8814EPSS 0.06%ExifReader is vulnerable to denial of service via unbounded decompression of image metadata2026/5/29
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass2026/5/29
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE2026/5/29
HIGH8.6CVE-2026-47209vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain2026/5/29
HIGH8.7CVE-2026-47135vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks2026/5/29
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species2026/5/29
CRITICAL10.0CVE-2026-47131vm2 has a Sandbox Escape issue2026/5/29
—CVE-2026-47200Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`2026/5/29
HIGH7.0CVE-2026-44495axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge2026/5/29
HIGH8.7CVE-2026-44494axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`2026/5/29
HIGH8.6CVE-2026-44492axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)2026/5/29
MEDIUM4.8CVE-2026-44490axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions2026/5/29
LOW3.7CVE-2026-44489Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix2026/5/29
HIGH8.7CVE-2026-48527EPSS 0.03%HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint2026/5/29
—CVE-2026-47718FUXA provides guest and invalid-token access to protected read APIs in secure mode2026/5/28
MEDIUM5.5CVE-2026-47144Shamefile has an arbitrary file read via shamefile.yaml in shame next2026/5/28
HIGH7.5CVE-2026-47717FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations2026/5/27
CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection2026/5/27
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override2026/5/27
CRITICAL10.0CVE-2026-45618LiquidJS is Vulnerable to Remote Code Execution2026/5/27
HIGH7.5CVE-2026-45617LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex2026/5/27
HIGH7.5CVE-2026-45357LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)2026/5/27

← 上一頁第 2 / 617 頁下一頁 →