VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

14,260 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.4CVE-2026-44311Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization2026/6/12
LOW3.7CVE-2026-49854Tornado has out-of-bounds memory access via C extension2026/6/12
HIGH8.1Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL2026/6/12
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema2026/6/12
CRITICAL9.0Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign2026/6/12
—Budibase: Unvalidated VectorDB Host Parameter Enables SSRF2026/6/12
MEDIUM6.5Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker2026/6/12
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection2026/6/12
—Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step2026/6/12
MEDIUM6.7LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access2026/6/12
HIGH7.3Vim is an open source, command line text editor.2026/6/11
HIGH7.5Vim is an open source, command line text editor.2026/6/11
MEDIUM6.9Vim is an open source, command line text editor.2026/6/11
HIGH7.1WsgiDAV encoded dot segments can escape filesystem share roots2026/6/11
MEDIUM5.8Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset2026/6/11
MEDIUM5.3@hapi/inert has a static-file confinement bypass via sibling-prefix path2026/6/11
MEDIUM6.5python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood2026/6/11
CRITICAL9.1Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token2026/6/11
HIGH7.5@grpc/grpc-js: A malformed request can cause a server crash2026/6/11
HIGH7.5@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash2026/6/11
MEDIUM5.3joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas2026/6/11
HIGH8.8OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri2026/6/11
MEDIUM6.5@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects2026/6/11
—Element Call reports full URLs of visited pages to analytics server2026/6/11
—PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing2026/6/11

第 1 / 571 頁下一頁 →