VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

489 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW2.5CVE-2026-54326Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass2026/6/16
LOW3.7Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname2026/6/15
LOW3.7python-multipart: Negative Content-Length in parse_form buffers the entire body in memory2026/6/15
LOW3.7python-multipart: Semicolon treated as querystring field separator enables parameter smuggling2026/6/15
LOW3.7python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters2026/6/15
LOW3.1React Router: Potential CSRF via PUT/PATCH/DELETE document requests2026/6/15
LOW3.2@babel/core: Arbitrary File Read via sourceMappingURL Comment2026/6/15
LOW3.7Tornado has out-of-bounds memory access via C extension2026/6/12
LOW3.5Papra HTTP redirect bypass can lead to SSRF via webhook delivery system2026/6/10
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…2026/6/9
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…2026/6/9
LOW3.1Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known2026/6/5
LOW3.1Bugsink: Issue event views can show an event from another project if its UUID is known2026/6/5
LOW2.5A security flaw has been discovered in gradio-app gradio 6.14.0.2026/6/4
LOW3.7daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processi…2026/6/3
LOW3.1EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix2026/5/29
LOW3.3Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`2026/5/29
LOW3.7EPSS 0.06%PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)2026/5/28
LOW3.3EPSS 0.01%pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams2026/5/28
LOW2.0NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation2026/5/21
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…2026/5/20
LOW3.1Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs2026/5/19
LOW3.5EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)2026/5/14
LOW3.1dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction2026/5/14

第 1 / 20 頁下一頁 →