VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

3,643 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.3CVE-2026-50574yt-dlp: Arbitrary code execution via manifest downloads with aria2c2026/6/16
HIGH8.6CVE-2026-53755Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check2026/6/16
HIGH7.5Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)2026/6/16
HIGH8.3yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)2026/6/16
HIGH7.5vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution2026/6/16
HIGH8.8Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints2026/6/16
HIGH7.5Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read2026/6/16
HIGH7.5Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS2026/6/15
HIGH7.5python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service2026/6/15
HIGH7.7Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient2026/6/15
HIGH7.5tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)2026/6/15
HIGH7.5Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows2026/6/15
HIGH7.3Vim is an open source, command line text editor.2026/6/11
HIGH7.5Vim is an open source, command line text editor.2026/6/11
HIGH7.1WsgiDAV encoded dot segments can escape filesystem share roots2026/6/11
HIGH8.1Litestar has HTML Injection Through its CSRF Token2026/6/10
HIGH7.5Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied i…2026/6/9
HIGH7.5Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…2026/6/9
HIGH7.5Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen str…2026/6/9
HIGH7.5Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…2026/6/9
HIGH7.4Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentic…2026/6/9
HIGH7.5Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frame…2026/6/9
HIGH8.1Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…2026/6/9
HIGH8.0MariaDB server is a community developed fork of MySQL server.2026/6/7
HIGH8.0MariaDB server is a community developed fork of MySQL server.2026/6/7

第 1 / 146 頁下一頁 →