搜尋

370 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-44489Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix2026/5/29
LOW2.0CVE-2026-46549NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation2026/5/21
LOW3.7CVE-2026-43514EPSS 0.10%Apache Tomcat - AJP secret compared in non-constant time2026/5/12
LOW3.7CVE-2026-44572EPSS 0.01%Next.js's Middleware / Proxy redirects can be cache-poisoned2026/5/11
LOW3.7CVE-2026-44582EPSS 0.01%Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting2026/5/11
LOW3.8CVE-2026-44459EPSS 0.02%Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()2026/5/9
LOW3.7CVE-2026-44589EPSS 0.04%nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)2026/5/7
LOW3.7CVE-2026-44242EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header2026/5/6
LOW3.7CVE-2026-8026EPSS 0.02%Flowise: Bcrypt Password Hash Exposure2026/5/6
LOW2.4CVE-2026-42188EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser2026/5/5
LOW3.7CVE-2026-42040EPSS 0.06%Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams2026/5/5
LOW3.7CVE-2026-7303EPSS 0.07%xxl-job has a Resource Injection issue2026/4/29
LOW3.7CVE-2026-40969EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client2026/4/28
LOW2.2CVE-2026-41321EPSS 0.05%Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)2026/4/23
LOW3.7CVE-2026-22746EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider2026/4/22
LOW3.7CVE-2026-33877EPSS 0.03%ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint2026/4/16
LOW3.5CVE-2026-6216EPSS 0.04%DbGate has cross site scripting via the SVG Icon String Handler component2026/4/13
LOW3.7CVE-2026-41913EPSS 0.08%OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths2026/4/9
LOW3.7CVE-2026-34166EPSS 0.02%LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter2026/4/8
LOW3.7CVE-2026-39321EPSS 0.03%Parse Server has a login timing side-channel reveals user existence2026/4/8
LOW3.7CVE-2026-41407EPSS 0.04%OpenClaw: Shared-secret comparison call sites leaked length information through timing2026/4/7
LOW2.8CVE-2026-34781EPSS 0.01%Electron: Crash in clipboard.readImage() on malformed clipboard image data2026/4/7
LOW3.7CVE-2026-37977EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim2026/4/6
LOW2.3CVE-2026-34764EPSS 0.02%Electron: Use-after-free in offscreen shared texture release() callback2026/4/3
LOW3.7CVE-2026-41333EPSS 0.08%OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting2026/4/3

第 1 / 15 頁下一頁 →