VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

726 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-44242EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header2026/5/6
LOW3.7EPSS 0.02%Flowise: Bcrypt Password Hash Exposure2026/5/6
LOW3.4EPSS 0.00%Paramiko rsakey.py allows the SHA-1 algorithm2026/5/6
LOW3.0EPSS 0.01%ciguard: Container image runs as root (no USER directive)2026/5/5
LOW3.7EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap2026/5/5
LOW2.4EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser2026/5/5
LOW3.7EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()2026/5/5
LOW2.6EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values2026/5/5
LOW2.6EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API2026/5/5
LOW2.6EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm2026/5/5
LOW3.7EPSS 0.06%Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams2026/5/5
LOW3.7EPSS 0.02%A flaw was found in gnutls.2026/4/30
LOW3.7EPSS 0.04%A flaw was found in gnutls.2026/4/30
LOW3.7EPSS 0.07%xxl-job has a Resource Injection issue2026/4/29
LOW3.7EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client2026/4/28
LOW2.2EPSS 0.05%Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)2026/4/23
LOW3.7EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider2026/4/22
LOW2.7EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction2026/4/20
LOW3.7EPSS 0.11%Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=12026/4/18
LOW3.1EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding2026/4/16
LOW3.7EPSS 0.03%ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint2026/4/16
LOW3.1EPSS 0.01%Weblate: Improper access control for pending tasks in API2026/4/16
LOW2.9EPSS 0.01%libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.2026/4/16
LOW3.5EPSS 0.04%DbGate has cross site scripting via the SVG Icon String Handler component2026/4/13
LOW3.5EPSS 0.03%OpenStack Keystone: Restricted application credentials can create EC2 credentials2026/4/10