VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

3,907 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-49854Tornado has out-of-bounds memory access via C extension2026/6/12
MEDIUM6.9Vim is an open source, command line text editor.2026/6/11
MEDIUM5.8Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset2026/6/11
MEDIUM6.5python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood2026/6/11
MEDIUM5.9Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header2026/6/10
MEDIUM6.5vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors2026/6/10
MEDIUM4.8Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authent…2026/6/9
MEDIUM5.9Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption.2026/6/9
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…2026/6/9
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…2026/6/9
MEDIUM5.9Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client…2026/6/9
MEDIUM5.3Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CM…2026/6/9
MEDIUM5.4Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type2026/6/8
MEDIUM4.3MariaDB server is a community developed fork of MySQL server.2026/6/7
MEDIUM6.3MariaDB server is a community developed fork of MySQL server.2026/6/7
MEDIUM5.0MariaDB server is a community developed fork of MySQL server.2026/6/7
MEDIUM4.3Bugsink: DOS using large numbers of event tags2026/6/5
MEDIUM4.3Bugsink: Project scoping missing in sourcemap and debug-file lookup2026/6/5
LOW3.1Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known2026/6/5
LOW3.1Bugsink: Issue event views can show an event from another project if its UUID is known2026/6/5
MEDIUM6.5Authorization Bypass in SearchModelVersions in mlflow/mlflow2026/6/5
MEDIUM6.5Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path2026/6/5
MEDIUM4.3Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints2026/6/5
MEDIUM6.5Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler2026/6/5
MEDIUM5.3Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification2026/6/4

第 1 / 157 頁下一頁 →