VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

15,701 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-49854Tornado has out-of-bounds memory access via C extension2026/6/12
MEDIUM6.5CVE-2025-58175GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution2026/6/12
HIGH7.2GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page2026/6/12
HIGH7.3Vim is an open source, command line text editor.2026/6/11
HIGH7.5Vim is an open source, command line text editor.2026/6/11
MEDIUM6.9Vim is an open source, command line text editor.2026/6/11
HIGH7.2GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection2026/6/11
HIGH7.1WsgiDAV encoded dot segments can escape filesystem share roots2026/6/11
—Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion2026/6/11
MEDIUM5.8Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset2026/6/11
MEDIUM6.5python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood2026/6/11
MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion2026/6/11
—netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access2026/6/11
CRITICAL9.1Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token2026/6/11
—Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator2026/6/11
—PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing2026/6/11
—PDM wheel installation leads to Path Traversal via overridden write_to_fs2026/6/10
—PDM: Project-Local State and Config Writes Follow Symlinks2026/6/10
MEDIUM5.9Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header2026/6/10
HIGH8.1Litestar has HTML Injection Through its CSRF Token2026/6/10
MEDIUM6.5vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors2026/6/10
HIGH7.5Acknowledgement extension out of memory2026/6/10
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description2026/6/10
HIGH8.1In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization2026/6/10
MEDIUM6.5In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header2026/6/10

第 1 / 629 頁下一頁 →