搜尋

3,408 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.5CVE-2026-34077React Router vulnerable to Denial of Service via reflected user input in single-fetch2026/6/4
HIGH7.6CVE-2026-45337Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending2026/6/4
HIGH7.5CVE-2026-44496Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection2026/6/4
HIGH7.5CVE-2026-44488Allocation of Resources Without Limits or Throttling in Axios2026/6/4
HIGH7.5CVE-2026-44486Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection2026/6/4
HIGH8.8CVE-2026-49143EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler2026/6/3
HIGH7.5CVE-2026-42342EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint2026/6/3
HIGH8.1CVE-2026-42211EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE2026/6/3
HIGH8.0CVE-2026-33245EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets2026/6/3
HIGH8.1CVE-2026-47412praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}2026/6/1
HIGH8.3CVE-2026-47415praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.1CVE-2026-47417praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR2026/6/1
HIGH8.1CVE-2026-47418praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.2CVE-2026-47423DOMPurify XSS via selectedcontent re-clone2026/6/1
HIGH8.1CVE-2026-47409praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role2026/5/29
HIGH7.6CVE-2026-47414praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)2026/5/29
HIGH8.1CVE-2026-47406praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks2026/5/29
HIGH8.8CVE-2026-47405PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership2026/5/29
HIGH8.8CVE-2026-47399PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID2026/5/29
HIGH8.8CVE-2026-48169PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API2026/5/29
HIGH8.1CVE-2026-47398PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-443342026/5/29
HIGH8.6CVE-2026-47139NodeVM network builtin exclusions bypass via internal _http_client and _http_server2026/5/29
HIGH7.5CVE-2026-8813EPSS 0.06%ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag2026/5/29
HIGH8.6CVE-2026-47209vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain2026/5/29
HIGH8.7CVE-2026-47135vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks2026/5/29

第 1 / 137 頁下一頁 →