VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

11,635 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.5CVE-2026-49855tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)2026/6/15
HIGH7.5CVE-2026-48818Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows2026/6/15
MEDIUM5.3Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`2026/6/15
—aiohttp: Incomplete websocket frame payloads bypass memory limits2026/6/15
—aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections2026/6/15
—aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect2026/6/15
—aiohttp: HTTP/1 Pipelined Requests Queue Without Limit2026/6/15
—aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup2026/6/15
—aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines2026/6/15
—aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges2026/6/15
—aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence2026/6/15
—aiohttp: CRLF injection in multipart headers2026/6/15
MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature2026/6/12
HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion2026/6/12
HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification2026/6/12
HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length2026/6/12
MEDIUM4.8Netty: QUIC stateless reset token material exposed through header-visible connection IDs2026/6/12
MEDIUM5.3Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted2026/6/12
LOW3.7Tornado has out-of-bounds memory access via C extension2026/6/12
MEDIUM6.5GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution2026/6/12
HIGH7.2GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page2026/6/12
HIGH7.2GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection2026/6/11
HIGH7.1WsgiDAV encoded dot segments can escape filesystem share roots2026/6/11
—Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion2026/6/11
MEDIUM5.8Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset2026/6/11

← 上一頁第 2 / 466 頁下一頁 →