VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

5,050 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM6.7CVE-2026-48121LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access2026/6/12
MEDIUM5.3CVE-2026-48049@hapi/inert has a static-file confinement bypass via sibling-prefix path2026/6/11
HIGH7.5@grpc/grpc-js: A malformed request can cause a server crash2026/6/11
HIGH7.5@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash2026/6/11
MEDIUM5.3joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas2026/6/11
HIGH8.8OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri2026/6/11
MEDIUM6.5@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects2026/6/11
—Element Call reports full URLs of visited pages to analytics server2026/6/11
—Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload2026/6/10
LOW3.5Papra HTTP redirect bypass can lead to SSRF via webhook delivery system2026/6/10
—@hulumi/baseline: AccountFoundation reuse paths silently downgrade GuardDuty / Security Hub posture2026/6/10
—@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts2026/6/10
—@hulumi/baseline: AccountFoundation audit-delivery S3 bucket could be silently weakened2026/6/10
—@hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket2026/6/10
—@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name2026/6/10
—@hulumi/policies bypasses IAM-role policy checks when the role trusts multiple OIDC providers2026/6/10
MEDIUM6.3FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions2026/6/8
MEDIUM5.3FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString2026/6/8
HIGH8.2FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading2026/6/8
—actual Allows Electron to Run As Node2026/6/8
—Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.2026/6/8
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes2026/6/5
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs2026/6/5

← 上一頁第 4 / 202 頁下一頁 →