VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

2,673 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM6.1CVE-2026-35212OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.2026/6/2
CRITICAL9.6praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members2026/6/1
MEDIUM6.5praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}2026/6/1
MEDIUM6.5EPSS 0.05%Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking2026/6/1
MEDIUM5.9EPSS 0.02%Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy2026/6/1
MEDIUM6.5EPSS 0.04%Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response2026/6/1
CRITICAL9.6praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}2026/5/29
CRITICAL9.8praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset2026/5/29
MEDIUM6.5praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership2026/5/29
CRITICAL9.8PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution2026/5/29
CRITICAL9.9PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)2026/5/29
MEDIUM5.5PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context2026/5/29
CRITICAL9.8PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default2026/5/29
CRITICAL9.8PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset2026/5/29
MEDIUM5.5PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings2026/5/29
MEDIUM6.5BoxLite has a Timeout Bypass Vulnerability2026/5/29
MEDIUM6.5zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood2026/5/29
MEDIUM6.5zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion2026/5/29
MEDIUM6.5zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service2026/5/29
CRITICAL9.8EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection2026/5/29
CRITICAL9.6EPSS 0.04%Improper Origin Validation in mlflow/mlflow2026/5/29
MEDIUM5.7Dulwich has unbounded memory allocation in receive-pack from crafted thin packs2026/5/29
MEDIUM5.5Shamefile has an arbitrary file read via shamefile.yaml in shame next2026/5/28
MEDIUM5.0EPSS 0.03%local-deep-research has an SSRF bypass in `safe_get`2026/5/28
MEDIUM6.7compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem2026/5/28

← 上一頁第 2 / 107 頁下一頁 →