搜尋

8,175 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM6.5CVE-2026-47183zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion2026/5/29
MEDIUM6.5CVE-2026-47180zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service2026/5/29
CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection2026/5/29
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution2026/5/29
MEDIUM5.3CVE-2026-8814EPSS 0.06%ExifReader is vulnerable to denial of service via unbounded decompression of image metadata2026/5/29
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass2026/5/29
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE2026/5/29
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species2026/5/29
CRITICAL10.0CVE-2026-47131vm2 has a Sandbox Escape issue2026/5/29
MEDIUM4.8CVE-2026-44490axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions2026/5/29
CRITICAL9.6CVE-2026-2611EPSS 0.04%MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution2026/5/29
MEDIUM5.5CVE-2026-47144Shamefile has an arbitrary file read via shamefile.yaml in shame next2026/5/28
MEDIUM5.0CVE-2026-46526EPSS 0.03%local-deep-research has an SSRF bypass in `safe_get`2026/5/28
MEDIUM6.7CVE-2026-46380compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem2026/5/28
MEDIUM5.3CVE-2026-48525EPSS 0.05%PyJWT is a JSON Web Token implementation in Python.2026/5/28
MEDIUM5.4CVE-2026-48523EPSS 0.01%PyJWT is a JSON Web Token implementation in Python.2026/5/28
MEDIUM4.2CVE-2026-48522EPSS 0.03%PyJWT is a JSON Web Token implementation in Python.2026/5/28
CRITICAL9.1CVE-2026-46621Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection2026/5/27
CRITICAL9.8CVE-2026-46562Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override2026/5/27
CRITICAL9.8CVE-2026-25879EPSS 0.08%Langroid has Prompt to SQL Injection, Leading to RCE2026/5/27
CRITICAL10.0CVE-2026-45618LiquidJS is Vulnerable to Remote Code Execution2026/5/27
MEDIUM5.3CVE-2026-44646LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`2026/5/27
MEDIUM6.5CVE-2026-44645LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body2026/5/27
MEDIUM6.1CVE-2026-44644LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS2026/5/27
CRITICAL9.1CVE-2026-44632Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`2026/5/27

← 上一頁第 2 / 327 頁下一頁 →