VulnScope — 以套件為主體的 CVE 查詢工具
MEDIUM5.3 CVE-2026-53851 OpenClaw: Slack reaction events could ignore reaction notification settings 2026/6/18 MEDIUM4.2 OpenClaw: Bootstrap token replay could widen pending pairing scopes 2026/6/18 HIGH8.1 OpenClaw: Shell positional parameters could weaken strict inline-eval checks 2026/6/18 MEDIUM6.5 OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently 2026/6/18 MEDIUM4.3 OpenClaw: Exec allowlist could miss side effects from transparent command wrappers 2026/6/18 MEDIUM6.5 NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463) 2026/6/18 MEDIUM6.6 OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags 2026/6/18 HIGH7.5 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass 2026/6/18 HIGH7.5 http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody` 2026/6/18 HIGH8.1 piscina: Prototype Pollution Gadget → RCE via inherited options.filename 2026/6/18 MEDIUM5.4 Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator 2026/6/18 HIGH8.0 Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator` 2026/6/18 HIGH7.1 OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution 2026/6/18 HIGH8.1 OpenClaw: Shell inline-command parsing could miss an allowlist check 2026/6/18 HIGH8.8 OpenClaw: Pairing-scoped device session could restore revoked node token authority 2026/6/18 HIGH8.1 OpenClaw: Host environment sanitizer missed two Node.js control variables 2026/6/18 MEDIUM5.9 undici vulnerable to HTTP header injection via Set-Cookie percent-decoding 2026/6/17 HIGH7.5 undici WebSocket client vulnerable to denial of service via fragment count bypass 2026/6/17 HIGH7.4 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent 2026/6/17 MEDIUM5.9 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass 2026/6/17 HIGH7.5 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse 2026/6/17 HIGH7.5 HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS 2026/6/17 HIGH7.5 handlebars.java FileTemplateLoader Path Traversal 2026/6/17 HIGH7.6 LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector 2026/6/17 MEDIUM6.5 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access. 2026/6/17