搜尋

382 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
LOW3.7CVE-2026-44489Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix2026/5/29
LOW3.7CVE-2026-48524EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.2026/5/28
LOW2.0CVE-2026-46549NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation2026/5/21
LOW3.1CVE-2026-45739Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs2026/5/19
LOW3.5CVE-2026-45316EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)2026/5/14
LOW3.1CVE-2026-44970dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction2026/5/14
LOW2.5CVE-2026-44969dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled2026/5/14
LOW3.7CVE-2026-44572EPSS 0.01%Next.js's Middleware / Proxy redirects can be cache-poisoned2026/5/11
LOW3.7CVE-2026-44582EPSS 0.01%Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting2026/5/11
LOW3.8CVE-2026-44459EPSS 0.02%Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()2026/5/9
LOW3.3CVE-2026-8088EPSS 0.01%OSGeo gdal GDapi.c GDfieldinfo out-of-bounds2026/5/7
LOW3.7CVE-2026-44589EPSS 0.04%nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)2026/5/7
LOW3.5CVE-2026-42448EPSS 0.04%Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed2026/5/6
LOW3.7CVE-2026-8026EPSS 0.02%Flowise: Bcrypt Password Hash Exposure2026/5/6
LOW3.4CVE-2026-44405EPSS 0.00%Paramiko rsakey.py allows the SHA-1 algorithm2026/5/6
LOW3.0CVE-2026-44218EPSS 0.01%ciguard: Container image runs as root (no USER directive)2026/5/5
LOW3.7CVE-2026-44219EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap2026/5/5
LOW3.7CVE-2026-42874EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()2026/5/5
LOW2.6CVE-2026-7847EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values2026/5/5
LOW2.6CVE-2026-7846EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API2026/5/5
LOW2.6CVE-2026-7845EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm2026/5/5
LOW3.7CVE-2026-42040EPSS 0.06%Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams2026/5/5
LOW2.2CVE-2026-41321EPSS 0.05%Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)2026/4/23
LOW2.7CVE-2026-6597EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction2026/4/20

第 1 / 16 頁下一頁 →