VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

62,527 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

—CVE-2026-54279aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence2026/6/15
—aiohttp: CRLF injection in multipart headers2026/6/15
LOW3.1React Router: Potential CSRF via PUT/PATCH/DELETE document requests2026/6/15
CRITICAL9.8Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE2026/6/15
—DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content2026/6/15
MEDIUM6.1DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks2026/6/15
MEDIUM6.1DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM2026/6/15
HIGH7.5protobufjs: Denial of service through unbounded Any expansion during JSON conversion2026/6/15
MEDIUM5.3protobufjs : Schema-derived names can shadow runtime-significant properties2026/6/15
—@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker2026/6/15
—@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)2026/6/15
—@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning2026/6/15
—@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)2026/6/15
—Angular: Template and Attribute Namespace Sanitization Bypass (XSS)2026/6/15
—@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR2026/6/15
—@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2026/6/15
—node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)2026/6/15
—launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows2026/6/15
—vite: `server.fs.deny` bypass on Windows alternate paths2026/6/15
MEDIUM5.3JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases2026/6/15
LOW3.2@babel/core: Arbitrary File Read via sourceMappingURL Comment2026/6/15
—@angular/service-worker: Request Credential & Cache Policy Stripping2026/6/15
—@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)2026/6/15
—@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache2026/6/15
—@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)2026/6/15

← 上一頁第 2 / 2502 頁下一頁 →