VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

250 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-43514EPSS 0.10%Apache Tomcat: AJP secret compared in non-constant time2026/5/12
LOW3.7EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header2026/5/6
LOW2.4EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser2026/5/5
LOW3.7EPSS 0.07%xxl-job has a Resource Injection issue2026/4/29
LOW3.7EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client2026/4/28
LOW3.7EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider2026/4/22
LOW3.7EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim2026/4/6
LOW3.1EPSS 0.01%Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation2026/3/26
LOW3.7EPSS 0.02%Keycloak's identity-first login flow exposes user information2026/3/23
LOW2.6EPSS 0.09%Spring MVC and WebFlux has Server Sent Event stream corruption2026/3/20
LOW3.1EPSS 0.01%Keycloak vulnerable to authorization bypass via the Admin API2026/3/12
LOW2.7EPSS 0.01%Keycloak: Information disclosure of disabled user attributes via administrative endpoint2026/3/11
LOW3.7EPSS 0.14%org.eclipse.jetty:jetty-http has different parsing of invalid URIs2026/3/5
LOW3.1EPSS 0.01%Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass2026/2/27
LOW3.3EPSS 0.01%Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner2026/2/27
LOW3.8EPSS 0.03%Keycloak: Missing Check on Disabled Client for Docker Registry Protocol2026/2/19
LOW3.7EPSS 0.16%Apache Tomcat: Security constraint bypass with HTTP/0.92026/2/17
LOW2.5EPSS 0.01%Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability2026/2/10
LOW2.7EPSS 0.01%Keycloak Server-Side Request Forgery (SSRF) vulnerability2026/2/2
LOW2.7EPSS 0.01%Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes2026/2/2
LOW3.1EPSS 0.02%Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods2026/1/26
LOW3.7EPSS 0.04%Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector2026/1/26
LOW2.7EPSS 0.01%Keycloak Admin REST API exposes backend schema and rules2026/1/21
LOW3.1EPSS 0.01%Keycloak does not validate and update refresh token usage atomically2026/1/21
LOW3.7EPSS 0.01%Keycloak has an improper input validation vulnerability2026/1/15

第 1 / 10 頁下一頁 →