搜尋

1,769 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.1CVE-2026-47412praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}2026/6/1
HIGH8.3CVE-2026-47415praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.1CVE-2026-47417praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR2026/6/1
HIGH8.1CVE-2026-47418praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.1CVE-2026-47409praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role2026/5/29
HIGH7.6CVE-2026-47414praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)2026/5/29
HIGH8.1CVE-2026-47406praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks2026/5/29
HIGH8.8CVE-2026-47405PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership2026/5/29
HIGH8.8CVE-2026-47399PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID2026/5/29
HIGH8.8CVE-2026-48169PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API2026/5/29
HIGH8.1CVE-2026-47398PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-443342026/5/29
HIGH8.8CVE-2026-42305Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows2026/5/28
HIGH7.8CVE-2026-46439compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)2026/5/28
HIGH7.2CVE-2026-44730EPSS 0.05%OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd2026/5/28
HIGH8.4CVE-2026-46345compliance-trestle - jinja has an Arbitrary File Write via Path Traversal2026/5/28
HIGH7.4CVE-2026-48526EPSS 0.02%PyJWT is a JSON Web Token implementation in Python.2026/5/28
HIGH8.1CVE-2026-45361EPSS 0.09%Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Air…2026/5/25
HIGH7.8CVE-2026-46517lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out2026/5/21
HIGH7.2CVE-2026-8597EPSS 0.04%Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler2026/5/21
HIGH7.2CVE-2026-8596EPSS 0.06%Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path2026/5/21
HIGH7.8CVE-2026-46432LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization2026/5/21
HIGH7.5CVE-2026-45804Diffusers: TOCTOU Trust Remote Code Bypass2026/5/20
HIGH7.5CVE-2026-46374SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser2026/5/19
HIGH7.5CVE-2026-46373SQLFluff: Recursive Stack Overflow in Parser2026/5/19
HIGH7.0CVE-2026-4137EPSS 0.01%MLFlow Creates a Temporary File With Insecure Permissions2026/5/18

第 1 / 71 頁下一頁 →