搜尋

1,596 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.8CVE-2026-43512EPSS 0.14%Apache Tomcat - Digest authenticator will authenticate any unknown user2026/5/12
CRITICAL9.8CVE-2026-41293EPSS 0.25%Apache Tomcat - HTTP/2 request headers not validated2026/5/12
CRITICAL9.1CVE-2026-45091EPSS 0.01%sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)2026/5/12
CRITICAL9.6CVE-2026-45321⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys2026/5/12
CRITICAL10.0CVE-2026-43898EPSS 0.06%SandboxJS has a sandbox escape via Function.caller leakage of internal call op2026/5/11
CRITICAL9.1CVE-2026-27478EPSS 0.03%Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation2026/5/11
CRITICAL9.8CVE-2026-25244EPSS 0.15%WebdriverIO BrowserStack Service has a Command Injection issue2026/5/11
CRITICAL9.6CVE-2026-44211EPSS 0.02%Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability2026/5/8
CRITICAL9.6CVE-2026-43944EPSS 0.15%Electerm users can run dangrous code through link or command line2026/5/8
CRITICAL9.8CVE-2026-43940EPSS 0.04%Electerm runWidget has a path traversal that leads to arbitrary code execution2026/5/8
CRITICAL9.8CVE-2026-44009EPSS 0.02%vm2 has Sandbox Breakout Through Null Proto Exception2026/5/8
CRITICAL9.8CVE-2026-44008EPSS 0.08%vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`2026/5/8
CRITICAL9.8CVE-2025-63704EPSS 0.02%query-parser-string is vulnerable to Prototype Pollution2026/5/7
CRITICAL9.8CVE-2025-63703EPSS 0.02%parse-ini is vulnerable to Prototype Pollution in index.js()2026/5/7
CRITICAL9.8CVE-2025-63706EPSS 0.11%next-npm-version is vulnerable to Command injection2026/5/7
CRITICAL9.1CVE-2026-40982EPSS 0.14%Spring Cloud Config vulnerable to Path Traversal2026/5/7
CRITICAL9.1CVE-2026-44007EPSS 0.05%vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution2026/5/7
CRITICAL9.9CVE-2026-43999EPSS 0.18%vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape2026/5/7
CRITICAL10.0CVE-2026-44005EPSS 0.11%vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape2026/5/7
CRITICAL10.0CVE-2026-43997EPSS 0.02%vm2 Access to Host Object Enables Sandbox Escape2026/5/7
CRITICAL10.0CVE-2026-44006EPSS 0.06%vm2 has a Sandbox Escape Vulnerability2026/5/7
CRITICAL9.1CVE-2026-44351EPSS 0.01%fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver2026/5/6
CRITICAL9.1CVE-2026-42555EPSS 0.30%Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users2026/5/6
CRITICAL9.1CVE-2026-40010EPSS 0.11%Apache Wicket has a Session Fixation issue2026/5/6
CRITICAL9.0CVE-2026-44221EPSS 0.01%ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases2026/5/5