搜尋

2,232 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.5CVE-2026-44022Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands2026/6/3
MEDIUM6.5CVE-2026-47411praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}2026/6/1
LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
MEDIUM6.5CVE-2026-42360EPSS 0.05%Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking2026/6/1
MEDIUM5.9CVE-2026-41017EPSS 0.02%Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy2026/6/1
MEDIUM6.5CVE-2026-45192EPSS 0.04%Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response2026/6/1
MEDIUM6.5CVE-2026-47408praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership2026/5/29
MEDIUM5.5CVE-2026-47395PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context2026/5/29
MEDIUM5.5CVE-2026-47390PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings2026/5/29
MEDIUM6.5CVE-2026-47213BoxLite has a Timeout Bypass Vulnerability2026/5/29
MEDIUM6.5CVE-2026-47184zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood2026/5/29
MEDIUM6.5CVE-2026-47183zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion2026/5/29
MEDIUM6.5CVE-2026-47180zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service2026/5/29
MEDIUM5.5CVE-2026-47144Shamefile has an arbitrary file read via shamefile.yaml in shame next2026/5/28
MEDIUM5.0CVE-2026-46526EPSS 0.03%local-deep-research has an SSRF bypass in `safe_get`2026/5/28
MEDIUM6.7CVE-2026-46380compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem2026/5/28
MEDIUM5.3CVE-2026-48525EPSS 0.05%PyJWT is a JSON Web Token implementation in Python.2026/5/28
LOW3.7CVE-2026-48524EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.2026/5/28
MEDIUM5.4CVE-2026-48523EPSS 0.01%PyJWT is a JSON Web Token implementation in Python.2026/5/28
MEDIUM4.2CVE-2026-48522EPSS 0.03%PyJWT is a JSON Web Token implementation in Python.2026/5/28
MEDIUM5.0CVE-2025-66407EPSS 0.02%Weblate has a Server-Side Request Forgery issue2026/5/26
MEDIUM6.5CVE-2026-47157aiograpi: Unsafe signup challenge path handling2026/5/23
MEDIUM6.5CVE-2026-48710EPSS 0.35%Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks2026/5/22
MEDIUM6.8CVE-2026-46678Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)2026/5/21
MEDIUM4.3CVE-2026-46645SQLAdmin: Authorization Bypass on `ajax_lookup`2026/5/21

第 1 / 90 頁下一頁 →