VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

3,107 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM6.1CVE-2026-47250MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration2026/6/5
MEDIUM5.3Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths2026/6/4
MEDIUM5.3Hono: IP Restriction bypasses static deny rules for non-canonical IPv62026/6/4
MEDIUM4.3Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection2026/6/4
MEDIUM4.8Hono: JWT middleware accepts any Authorization scheme, not only Bearer2026/6/4
MEDIUM6.5EPSS 0.02%browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server2026/6/3
MEDIUM5.4EPSS 0.03%React Router has stored XSS via unescaped Location header in prerendered redirect HTML2026/6/3
MEDIUM5.3EPSS 0.06%ExifReader is vulnerable to denial of service via unbounded decompression of image metadata2026/5/29
MEDIUM4.8axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions2026/5/29
MEDIUM5.5Shamefile has an arbitrary file read via shamefile.yaml in shame next2026/5/28
MEDIUM6.5EPSS 0.07%A flaw was found in Samba’s vfs_worm module.2026/5/27
MEDIUM5.3LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`2026/5/27
MEDIUM6.5LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body2026/5/27
MEDIUM6.1LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS2026/5/27
MEDIUM5.3EPSS 0.25%A flaw was found in gnutls.2026/5/26
MEDIUM6.1EPSS 0.03%CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS2026/5/26
MEDIUM5.4EPSS 0.05%Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers2026/5/26
MEDIUM5.3EPSS 0.07%Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…2026/5/25
MEDIUM6.5EPSS 0.03%Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.2026/5/25
MEDIUM5.3EPSS 0.04%qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set2026/5/22
MEDIUM5.8NocoDB: Shared-base link access can invite arbitrary users as persistent base members2026/5/21
MEDIUM6.5NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion2026/5/21
MEDIUM5.4NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags2026/5/21
MEDIUM4.3NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)2026/5/21
MEDIUM6.1NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL2026/5/21

← 上一頁第 2 / 125 頁下一頁 →