VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

7,630 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.1CVE-2026-44249Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking2026/6/8
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs2026/6/5
CRITICAL9.1NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)2026/6/5
HIGH8.8DbGate: Remote Code Execution via functionName injection in loadReader endpoint2026/6/5
HIGH7.7Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP2026/6/5
HIGH8.3praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/5
CRITICAL10.0DbGate: Unauthenticated Remote Code Execution via JSON Script Runner2026/6/5
HIGH7.3Apache Airflow: Arbitrary import in custom deadline-reference deserialization2026/6/5
HIGH8.8Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator2026/6/5
CRITICAL9.1Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern2026/6/5
HIGH7.5Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation2026/6/5
HIGH7.5React Router vulnerable to Denial of Service via reflected user input in single-fetch2026/6/4
HIGH7.6Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending2026/6/4
HIGH7.5Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection2026/6/4
HIGH7.5Allocation of Resources Without Limits or Throttling in Axios2026/6/4
HIGH7.5Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection2026/6/4
HIGH8.8EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler2026/6/3
CRITICAL9.8Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass2026/6/3
HIGH8.6Docling Core: Unsafe remote filename resolution2026/6/3
HIGH8.1Docling Core: Insufficient validation of image reference URIs2026/6/3
HIGH7.1Docling: Unsafe URI and Path Handling in HTML Backend2026/6/3
HIGH7.5Docling: Unsafe XML Entity Expansion in USPTO Patent Backend2026/6/3

← 上一頁第 2 / 306 頁下一頁 →