VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

1,959 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.3CVE-2026-8771EPSS 0.04%org.linlinjava:litemall-wx-api has an Injection issue2026/5/18
HIGH7.3EPSS 0.03%Beetl's SpELFunction extension function has an expression injection risk2026/5/17
HIGH7.4EPSS 0.01%Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client2026/5/15
HIGH8.1EPSS 0.07%Apache Flink: Remote code execution via SQL injection in code generation2026/5/15
HIGH8.1EPSS 0.01%epa4all-client: TLS Certificate Validation Disabled in Production2026/5/15
HIGH8.1EPSS 0.03%Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading2026/5/14
HIGH7.5EPSS 0.08%Apache Tomcat: LockOutRealm treats user names as case-sensitive2026/5/12
HIGH7.3EPSS 0.05%Apache Tomcat: WebSocket authentication header exposure2026/5/12
HIGH7.5EPSS 0.05%Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling2026/5/12
HIGH8.2EPSS 0.04%Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor2026/5/12
HIGH7.5EPSS 0.04%Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage2026/5/12
HIGH7.6EPSS 0.04%Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer2026/5/11
HIGH8.6EPSS 0.03%Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs2026/5/9
HIGH8.1EPSS 0.01%epa4all-client has a VAU Signature bypass2026/5/8
HIGH7.5EPSS 0.01%bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass2026/5/8
HIGH8.8EPSS 0.02%Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService2026/5/8
HIGH7.5EPSS 0.08%Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host2026/5/8
HIGH7.3EPSS 13.7%Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information2026/5/8
HIGH7.2EPSS 0.01%Spring Cloud Config Server Susceptible To TOCTOU Attack2026/5/7
HIGH7.5EPSS 0.02%Spring Cloud Config has an Authorization Bypass Through User-Controlled Key2026/5/7
HIGH7.5EPSS 0.02%Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS2026/5/7
HIGH7.3EPSS 0.02%Netty has HttpClientCodec response desynchronization2026/5/7
HIGH7.5EPSS 0.02%Netty Lz4FrameDecoder is vulnerable to resource exhaustion2026/5/7
HIGH7.5EPSS 0.02%Netty HTTP/3 QPACK literal unbounded allocation2026/5/7
HIGH7.5EPSS 0.03%Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)2026/5/7