VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

5,341 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.1CVE-2026-53865OpenClaw: Workspace-derived service PATH could influence trash command selection2026/6/18
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names2026/6/18
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install2026/6/18
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns2026/6/18
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names2026/6/18
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks2026/6/18
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass2026/6/18
HIGH7.5http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`2026/6/18
HIGH7.1OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution2026/6/18
HIGH8.1OpenClaw: Shell inline-command parsing could miss an allowlist check2026/6/18
HIGH8.8OpenClaw: Pairing-scoped device session could restore revoked node token authority2026/6/18
HIGH8.1OpenClaw: Host environment sanitizer missed two Node.js control variables2026/6/18
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent2026/6/17
HIGH7.5Multer vulnerable to Denial of Service via deeply nested field names2026/6/17
HIGH7.7Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects2026/6/17
HIGH7.7Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal2026/6/17
HIGH7.1OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin2026/6/17
HIGH7.6Open WebUI: Stored XSS to Account Takeover via Model Profile Images2026/6/17
HIGH7.1Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion2026/6/17
HIGH8.7Open WebUI: Stored XSS in Mermaid Markdown Preview2026/6/17
HIGH8.3Open WebUI: Forged chat-file link allows cross-user file read and deletion2026/6/17
HIGH8.5Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)2026/6/17
HIGH7.3Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts2026/6/17
HIGH7.7n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host2026/6/16
HIGH7.6n8n: Stored XSS in Chat Trigger Node2026/6/16

第 1 / 214 頁下一頁 →