VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

77 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.6CVE-2026-45321⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys2026/5/12
HIGH8.8⚠ KEVEPSS 4.1%LiteLLM: Authenticated command execution via MCP stdio test endpoints2026/4/25
CRITICAL9.8⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification2026/4/24
CRITICAL9.8⚠ KEVEPSS 80.7%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass2026/4/8
HIGH8.8⚠ KEVEPSS 83.5%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans2026/4/7
—⚠ KEVEPSS 23.9%Trivy ecosystem supply chain was briefly compromised in github.com/aquasecurity/trivy2026/3/30
CRITICAL9.8⚠ KEVEPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint2026/3/17
CRITICAL9.9⚠ KEVEPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection2025/12/22
HIGH8.8⚠ KEVEPSS 32.7%Langflow CORS misconfiguration enables Account Takeover and RCE2025/12/6
CRITICAL10.0⚠ KEVEPSS 84.5%React Server Components are Vulnerable to RCE2025/12/3
HIGH8.2⚠ KEVEPSS 81.4%GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature2025/11/25
CRITICAL9.8⚠ KEVEPSS 27.9%@react-native-community/cli has arbitrary OS command injection2025/11/3
HIGH7.5⚠ KEVEPSS 14.7%eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code2025/7/19
CRITICAL9.8⚠ KEVEPSS 92.7%Langflow Unauth RCE2025/6/17
MEDIUM5.3⚠ KEVEPSS 83.2%Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query2025/3/31
CRITICAL9.8⚠ KEVEPSS 94.1%Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT2025/3/10
CRITICAL9.8⚠ KEVEPSS 93.7%XWiki Platform allows remote code execution as guest via SolrSearchMacros request2025/2/20
CRITICAL9.8⚠ KEVEPSS 94.4%Remote Code Execution (RCE) vulnerability in geoserver2024/7/1
CRITICAL9.8⚠ KEVEPSS 94.3%Apache HugeGraph-Server: Command execution in gremlin2024/4/22
CRITICAL9.8⚠ KEVEPSS 94.5%Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE2024/1/24
CRITICAL10.0⚠ KEVEPSS 94.4%Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack2023/10/27
MEDIUM5.3⚠ KEVEPSS 94.4%nghttp2 - security update2023/10/10
HIGH8.8⚠ KEVEPSS 5.0%libvpx - security update2023/9/28
CRITICAL9.8⚠ KEVEPSS 94.0%Improper Control of Generation of Code ('Code Injection') in jai-ext2023/9/19
HIGH8.8⚠ KEVEPSS 93.3%thunderbird - security update2023/9/12

第 1 / 4 頁下一頁 →