VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

517 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.7CVE-2026-40969EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client2026/4/28
LOW3.7EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider2026/4/22
LOW2.7EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction2026/4/20
LOW3.7EPSS 0.11%Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=12026/4/18
LOW3.1EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding2026/4/16
LOW3.1EPSS 0.01%Weblate: Improper access control for pending tasks in API2026/4/16
LOW3.5EPSS 0.03%OpenStack Keystone: Restricted application credentials can create EC2 credentials2026/4/10
LOW2.7EPSS 0.01%Privilege abuse in ModelAdmin.list_editable2026/4/7
LOW3.7EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim2026/4/6
LOW2.7EPSS 0.01%Nautobot: Management of users via REST API does not apply configured password validators2026/3/31
LOW3.1EPSS 0.01%Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories2026/3/27
LOW3.1EPSS 0.01%Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation2026/3/26
LOW3.7EPSS 0.02%Keycloak's identity-first login flow exposes user information2026/3/23
LOW3.3EPSS 0.01%Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching2026/3/22
LOW2.6EPSS 0.09%Spring MVC and WebFlux has Server Sent Event stream corruption2026/3/20
LOW3.6EPSS 0.02%Stored XSS in Memray-generated HTML reports via unescaped command-line metadata2026/3/16
LOW3.7EPSS 0.01%Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`2026/3/12
LOW3.1EPSS 0.01%Keycloak vulnerable to authorization bypass via the Admin API2026/3/12
LOW2.7EPSS 0.01%Keycloak: Information disclosure of disabled user attributes via administrative endpoint2026/3/11
LOW3.7EPSS 0.14%org.eclipse.jetty:jetty-http has different parsing of invalid URIs2026/3/5
LOW3.7EPSS 0.01%Potential incorrect permissions on newly created file system objects2026/3/3
LOW3.1EPSS 0.01%Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass2026/2/27
LOW3.3EPSS 0.01%Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner2026/2/27
LOW3.1EPSS 0.04%wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data2026/2/26
LOW3.8EPSS 0.03%Keycloak: Missing Check on Disabled Client for Docker Registry Protocol2026/2/19