搜尋

509 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
LOW3.7CVE-2026-48524EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.2026/5/28
LOW3.1CVE-2026-45739Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs2026/5/19
LOW3.5CVE-2026-45316EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)2026/5/14
LOW3.1CVE-2026-44970dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction2026/5/14
LOW2.5CVE-2026-44969dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled2026/5/14
LOW3.7CVE-2026-43514EPSS 0.10%Apache Tomcat - AJP secret compared in non-constant time2026/5/12
LOW3.3CVE-2026-8088EPSS 0.01%OSGeo gdal GDapi.c GDfieldinfo out-of-bounds2026/5/7
LOW3.5CVE-2026-42448EPSS 0.04%Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed2026/5/6
LOW3.7CVE-2026-44242EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header2026/5/6
LOW3.4CVE-2026-44405EPSS 0.00%Paramiko rsakey.py allows the SHA-1 algorithm2026/5/6
LOW3.0CVE-2026-44218EPSS 0.01%ciguard: Container image runs as root (no USER directive)2026/5/5
LOW3.7CVE-2026-44219EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap2026/5/5
LOW2.4CVE-2026-42188EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser2026/5/5
LOW3.7CVE-2026-42874EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()2026/5/5
LOW2.6CVE-2026-7847EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values2026/5/5
LOW2.6CVE-2026-7846EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API2026/5/5
LOW2.6CVE-2026-7845EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm2026/5/5
LOW3.7CVE-2026-7303EPSS 0.07%xxl-job has a Resource Injection issue2026/4/29
LOW3.7CVE-2026-40969EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client2026/4/28
LOW3.7CVE-2026-22746EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider2026/4/22
LOW2.7CVE-2026-6597EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction2026/4/20
LOW3.7CVE-2026-32690EPSS 0.11%Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=12026/4/18
LOW3.1CVE-2026-41488EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding2026/4/16
LOW3.1CVE-2026-33212EPSS 0.01%Weblate: Improper access control for pending tasks in API2026/4/16

第 1 / 21 頁下一頁 →