VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

18,067 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.3CVE-2026-11417aws-cdk-lib: OS Command Injection in NodejsFunction Bundling2026/6/15
HIGH7.5Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS2026/6/15
HIGH7.5python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service2026/6/15
HIGH7.7Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient2026/6/15
HIGH7.5tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)2026/6/15
HIGH7.5Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows2026/6/15
HIGH8.2protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names2026/6/15
HIGH7.5protobufjs: Denial of service through unbounded Any expansion during JSON conversion2026/6/15
HIGH8.2tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template2026/6/15
HIGH7.5ws: Memory exhaustion DoS from tiny fragments and data chunks2026/6/15
HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion2026/6/12
HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification2026/6/12
HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length2026/6/12
HIGH7.6Kitty is a cross-platform GPU based terminal.2026/6/12
HIGH7.5Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts.2026/6/12
HIGH7.8Kitty is a cross-platform GPU based terminal.2026/6/12
HIGH7.5form-data: CRLF injection in form-data via unescaped multipart field names and filenames2026/6/12
HIGH8.1Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL2026/6/12
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema2026/6/12
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection2026/6/12
HIGH7.8SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate2026/6/12
HIGH7.8SQLite before 3.53.2 Memory Corruption in FTS5 Extension2026/6/12
HIGH8.8Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruptio…2026/6/11
HIGH8.3Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote atta…2026/6/11
HIGH8.3Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the…2026/6/11

第 1 / 723 頁下一頁 →