VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

3,107 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.3CVE-2026-48988markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations2026/6/15
MEDIUM5.3OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation2026/6/15
MEDIUM5.3UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`2026/6/15
MEDIUM5.3protobufjs: Memory amplification from preserved unknown fields in binary decode2026/6/15
MEDIUM6.1DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks2026/6/15
MEDIUM6.1DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM2026/6/15
MEDIUM5.3protobufjs : Schema-derived names can shadow runtime-significant properties2026/6/15
MEDIUM5.3JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases2026/6/15
MEDIUM5.4Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization2026/6/12
MEDIUM6.5Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker2026/6/12
MEDIUM6.7LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access2026/6/12
MEDIUM6.9Vim is an open source, command line text editor.2026/6/11
MEDIUM5.3@hapi/inert has a static-file confinement bypass via sibling-prefix path2026/6/11
MEDIUM5.3joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas2026/6/11
MEDIUM6.5@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects2026/6/11
MEDIUM4.8Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authent…2026/6/9
MEDIUM5.9Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption.2026/6/9
MEDIUM5.9Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client…2026/6/9
MEDIUM5.3Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CM…2026/6/9
MEDIUM6.3FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions2026/6/8
MEDIUM5.3FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString2026/6/8
MEDIUM4.3MariaDB server is a community developed fork of MySQL server.2026/6/7
MEDIUM6.3MariaDB server is a community developed fork of MySQL server.2026/6/7
MEDIUM5.0MariaDB server is a community developed fork of MySQL server.2026/6/7
MEDIUM6.0NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`2026/6/5

第 1 / 125 頁下一頁 →