VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

7,548 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM4.4CVE-2026-55650Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure2026/6/19
CRITICAL9.6Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit2026/6/19
MEDIUM6.1Langflow: Logout button does not clear session2026/6/19
CRITICAL9.9Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow2026/6/19
MEDIUM6.8dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens2026/6/19
MEDIUM6.5UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()2026/6/19
CRITICAL9.9Network-AI: Improper Neutralization of Special Elements used in an OS Command2026/6/19
CRITICAL9.1Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests2026/6/19
MEDIUM5.3ts-deepmerge: Prototype Method Override leads to DoS2026/6/19
MEDIUM5.8Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints2026/6/18
CRITICAL9.8gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)2026/6/18
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment2026/6/18
MEDIUM4.2OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers2026/6/18
MEDIUM6.5OpenClaw: memory-wiki shared search could miss session visibility checks2026/6/18
MEDIUM5.5OpenClaw: Config recovery could restore openclaw.json with broad file permissions2026/6/18
MEDIUM4.3OpenClaw: Skill-command dispatch could skip before-tool-call hooks2026/6/18
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links2026/6/18
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings2026/6/18
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes2026/6/18
MEDIUM6.5OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently2026/6/18
MEDIUM4.3OpenClaw: Exec allowlist could miss side effects from transparent command wrappers2026/6/18
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module2026/6/18
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module2026/6/18
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing2026/6/18
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102842026/6/18

第 1 / 302 頁下一頁 →