搜尋

2,236 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members2026/6/1
CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script2026/6/1
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed2026/6/1
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}2026/5/29
CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset2026/5/29
CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution2026/5/29
CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)2026/5/29
CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default2026/5/29
CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset2026/5/29
CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection2026/5/29
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution2026/5/29
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass2026/5/29
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE2026/5/29
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species2026/5/29
CRITICAL10.0CVE-2026-47131vm2 has a Sandbox Escape issue2026/5/29
CRITICAL9.6CVE-2026-2611EPSS 0.04%MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution2026/5/29
CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection2026/5/27
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override2026/5/27
CRITICAL9.8CVE-2026-25879EPSS 0.08%Langroid has Prompt to SQL Injection, Leading to RCE2026/5/27
CRITICAL10.0CVE-2026-45618LiquidJS is Vulnerable to Remote Code Execution2026/5/27
CRITICAL9.1CVE-2026-44632Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`2026/5/27
CRITICAL9.6CVE-2026-46703OCI layer symlink escape → arbitrary host write2026/5/21
CRITICAL10.0CVE-2026-46695Read-only volume remount bypass via guest CAP_SYS_ADMIN2026/5/21
CRITICAL10.0CVE-2026-46412Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm2026/5/19
CRITICAL9.8CVE-2026-45772EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection2026/5/19

第 1 / 90 頁下一頁 →