VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

3,489 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.2CVE-2026-54271protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names2026/6/15
HIGH7.5CVE-2026-48712protobufjs: Denial of service through unbounded Any expansion during JSON conversion2026/6/15
HIGH8.2tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template2026/6/15
HIGH7.5ws: Memory exhaustion DoS from tiny fragments and data chunks2026/6/15
HIGH7.5form-data: CRLF injection in form-data via unescaped multipart field names and filenames2026/6/12
HIGH8.1Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL2026/6/12
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema2026/6/12
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection2026/6/12
HIGH7.1WsgiDAV encoded dot segments can escape filesystem share roots2026/6/11
HIGH7.5@grpc/grpc-js: A malformed request can cause a server crash2026/6/11
HIGH7.5@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash2026/6/11
HIGH8.8OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri2026/6/11
HIGH8.1Litestar has HTML Injection Through its CSRF Token2026/6/10
HIGH8.2FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading2026/6/8
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs2026/6/5
HIGH8.8DbGate: Remote Code Execution via functionName injection in loadReader endpoint2026/6/5
HIGH7.7Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP2026/6/5
HIGH8.3praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/5
HIGH7.3Apache Airflow: Arbitrary import in custom deadline-reference deserialization2026/6/5
HIGH8.8Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator2026/6/5
HIGH7.5Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation2026/6/5
HIGH7.5React Router vulnerable to Denial of Service via reflected user input in single-fetch2026/6/4

← 上一頁第 2 / 140 頁下一頁 →