VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

5,050 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

—CVE-2026-50556@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR2026/6/15
—CVE-2026-50555@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2026/6/15
—node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)2026/6/15
—launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows2026/6/15
—vite: `server.fs.deny` bypass on Windows alternate paths2026/6/15
MEDIUM5.3JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases2026/6/15
LOW3.2@babel/core: Arbitrary File Read via sourceMappingURL Comment2026/6/15
—@angular/service-worker: Request Credential & Cache Policy Stripping2026/6/15
—@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)2026/6/15
—@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache2026/6/15
—@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)2026/6/15
—Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities2026/6/15
—@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass2026/6/15
HIGH8.2tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template2026/6/15
HIGH7.5ws: Memory exhaustion DoS from tiny fragments and data chunks2026/6/15
—Angular Client Hydration DOM Clobbering & Response-Cache Poisoning2026/6/15
MEDIUM5.4Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization2026/6/12
HIGH7.5form-data: CRLF injection in form-data via unescaped multipart field names and filenames2026/6/12
HIGH8.1Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL2026/6/12
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema2026/6/12
CRITICAL9.0Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign2026/6/12
—Budibase: Unvalidated VectorDB Host Parameter Enables SSRF2026/6/12
MEDIUM6.5Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker2026/6/12
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection2026/6/12
—Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step2026/6/12

← 上一頁第 3 / 202 頁下一頁 →