VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

2,252 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL10.0CVE-2026-45618LiquidJS is Vulnerable to Remote Code Execution2026/5/27
CRITICAL9.1Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`2026/5/27
CRITICAL9.6OCI layer symlink escape → arbitrary host write2026/5/21
CRITICAL10.0Read-only volume remount bypass via guest CAP_SYS_ADMIN2026/5/21
CRITICAL10.0Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm2026/5/19
CRITICAL9.8EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection2026/5/19
CRITICAL10.09router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes2026/5/19
CRITICAL9.8EPSS 0.18%APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization2026/5/19
CRITICAL9.6Malicious code in guardrails-ai 0.10.1 (supply chain compromise)2026/5/19
CRITICAL9.6GlassFish's gadget handler is vulnerable to RCE2026/5/19
CRITICAL9.1GlassFish's Administration Console is Vulnerable to RCE2026/5/19
CRITICAL9.8Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering2026/5/19
CRITICAL9.8EPSS 0.43%SGLang: Unauthenticated RCE via --enable-custom-logit-processor2026/5/18
CRITICAL9.1EPSS 0.10%SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability2026/5/18
CRITICAL9.8EPSS 0.06%SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket2026/5/18
CRITICAL9.8EPSS 0.08%vm2 Has a Sandbox Breakout Using Async Generator2026/5/14
CRITICAL10.0EPSS 0.01%utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol2026/5/14
CRITICAL9.6EPSS 0.05%DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval2026/5/14
CRITICAL9.3Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`2026/5/14
CRITICAL9.8EPSS 0.05%Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy2026/5/13
CRITICAL9.1EPSS 0.10%SillyTavern has a Path Traversal issue2026/5/12
CRITICAL9.8EPSS 0.09%SillyTavern has Authentication Bypass via SSO Header Injection2026/5/12
CRITICAL9.1EPSS 0.03%Security feature bypass vulnerability in Azure Key Vault Keys library for Java2026/5/12
CRITICAL9.8EPSS 0.05%mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub2026/5/12
CRITICAL9.8EPSS 0.09%Ludwig framework is vulnerable to insecure deserialization in its model serving component2026/5/12