搜尋

730 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script2026/6/1
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed2026/6/1
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution2026/5/29
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass2026/5/29
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE2026/5/29
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species2026/5/29
CRITICAL10.0CVE-2026-47131vm2 has a Sandbox Escape issue2026/5/29
CRITICAL10.0CVE-2026-45618LiquidJS is Vulnerable to Remote Code Execution2026/5/27
CRITICAL9.6CVE-2026-46703OCI layer symlink escape → arbitrary host write2026/5/21
CRITICAL10.0CVE-2026-46695Read-only volume remount bypass via guest CAP_SYS_ADMIN2026/5/21
CRITICAL10.0CVE-2026-46412Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm2026/5/19
CRITICAL9.8CVE-2026-45772EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection2026/5/19
CRITICAL10.0CVE-2026-463399router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes2026/5/19
CRITICAL9.8CVE-2026-45411EPSS 0.08%vm2 Has a Sandbox Breakout Using Async Generator2026/5/14
CRITICAL9.6CVE-2026-45311EPSS 0.05%DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval2026/5/14
CRITICAL9.3CVE-2026-44990Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`2026/5/14
CRITICAL9.1CVE-2026-44650EPSS 0.10%SillyTavern has a Path Traversal issue2026/5/12
CRITICAL9.8CVE-2026-44649EPSS 0.09%SillyTavern has Authentication Bypass via SSO Header Injection2026/5/12
CRITICAL9.1CVE-2026-45091EPSS 0.01%sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)2026/5/12
CRITICAL9.6CVE-2026-45321⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys2026/5/12
CRITICAL10.0CVE-2026-43898EPSS 0.06%SandboxJS has a sandbox escape via Function.caller leakage of internal call op2026/5/11
CRITICAL9.8CVE-2026-25244EPSS 0.15%WebdriverIO BrowserStack Service has a Command Injection issue2026/5/11
CRITICAL9.6CVE-2026-44211EPSS 0.02%Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability2026/5/8
CRITICAL9.6CVE-2026-43944EPSS 0.15%Electerm users can run dangrous code through link or command line2026/5/8
CRITICAL9.8CVE-2026-43940EPSS 0.04%Electerm runWidget has a path traversal that leads to arbitrary code execution2026/5/8

第 1 / 30 頁下一頁 →