VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

3,578 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.8CVE-2026-48054OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri2026/6/11
HIGH7.5Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied i…2026/6/9
HIGH7.5Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…2026/6/9
HIGH7.5Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen str…2026/6/9
HIGH7.5Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…2026/6/9
HIGH7.4Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentic…2026/6/9
HIGH7.5Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frame…2026/6/9
HIGH8.1Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…2026/6/9
HIGH8.2FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading2026/6/8
HIGH8.0MariaDB server is a community developed fork of MySQL server.2026/6/7
HIGH8.0MariaDB server is a community developed fork of MySQL server.2026/6/7
HIGH8.0MariaDB server is a community developed fork of MySQL server.2026/6/7
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs2026/6/5
HIGH8.8DbGate: Remote Code Execution via functionName injection in loadReader endpoint2026/6/5
HIGH7.7Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP2026/6/5
HIGH7.5React Router vulnerable to Denial of Service via reflected user input in single-fetch2026/6/4
HIGH7.6Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending2026/6/4
HIGH7.5Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection2026/6/4
HIGH7.5Allocation of Resources Without Limits or Throttling in Axios2026/6/4
HIGH7.5Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter2026/6/4
HIGH7.5Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection2026/6/4
HIGH8.8EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler2026/6/3

← 上一頁第 2 / 144 頁下一頁 →