VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

940 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

LOW3.5CVE-2026-42448EPSS 0.04%Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed2026/5/6
CRITICAL9.9EPSS 0.01%wger: cross-tenant password reset and plaintext disclosure via gym=None bypass2026/5/6
CRITICAL9.9EPSS 0.05%Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API2026/5/6
CRITICAL9.9EPSS 0.05%Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API2026/5/6
LOW3.4EPSS 0.00%Paramiko rsakey.py allows the SHA-1 algorithm2026/5/6
LOW3.0EPSS 0.01%ciguard: Container image runs as root (no USER directive)2026/5/5
LOW3.7EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap2026/5/5
CRITICAL9.8EPSS 0.08%OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.2026/5/5
LOW3.7EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()2026/5/5
LOW2.6EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values2026/5/5
LOW2.6EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API2026/5/5
LOW2.6EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm2026/5/5
CRITICAL9.6EPSS 0.01%Langflow Knowledge Bases API is Vulnerable to Path Traversal2026/5/5
CRITICAL9.9EPSS 0.06%FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft2026/5/5
CRITICAL9.8EPSS 0.06%ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView2026/5/4
CRITICAL9.1EPSS 0.01%Sentry's improper authentication on SAML SSO process allows user identity linking2026/4/30
CRITICAL9.8EPSS 0.25%NVIDIA NVFlare Dashboard: Authorization bypass through user-controlled key via user management and authentication system2026/4/28
CRITICAL9.8⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification2026/4/24
CRITICAL9.8EPSS 0.88%Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer2026/4/23
LOW2.7EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction2026/4/20
LOW3.7EPSS 0.11%Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=12026/4/18
CRITICAL9.8EPSS 0.10%PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection2026/4/17
CRITICAL9.1EPSS 0.20%OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes2026/4/17
CRITICAL9.1EPSS 0.06%Sentry: Improper authentication on SAML SSO process allows user identity linking2026/4/17
LOW3.1EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding2026/4/16