搜尋

22,634 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.8CVE-2026-49298Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments2026/6/5
HIGH7.3CVE-2026-45360Apache Airflow: Arbitrary import in custom deadline-reference deserialization2026/6/5
HIGH8.8CVE-2026-42359Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator2026/6/5
HIGH7.5CVE-2026-41084Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation2026/6/5
HIGH7.2CVE-2026-40961Apache Airflow: Open Redirect Bypass Vulnerability2026/6/5
HIGH8.8CVE-2026-49443authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API2026/6/5
HIGH7.5CVE-2026-34077React Router vulnerable to Denial of Service via reflected user input in single-fetch2026/6/4
HIGH7.6CVE-2026-45337Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending2026/6/4
HIGH7.5CVE-2026-44496Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection2026/6/4
HIGH7.5CVE-2026-44488Allocation of Resources Without Limits or Throttling in Axios2026/6/4
HIGH7.5CVE-2026-44486Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection2026/6/4
HIGH8.8CVE-2026-49143EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler2026/6/3
HIGH7.5CVE-2026-42342EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint2026/6/3
HIGH8.1CVE-2026-42211EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE2026/6/3
HIGH7.6CVE-2026-41234Froxlor: BIND Zone File Injection via TXT Record Content2026/6/3
HIGH8.0CVE-2026-33245EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets2026/6/3
HIGH7.5CVE-2026-50031ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages.2026/6/3
HIGH7.5CVE-2026-42504EPSS 0.04%Quadratic complexity in WordDecoder.DecodeHeader in mime2026/6/2
HIGH8.8CVE-2026-49157EPSS 0.06%Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default2026/6/1
HIGH8.1CVE-2026-42588EPSS 0.06%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector2026/6/1
HIGH8.8CVE-2026-45505EPSS 0.10%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass2026/6/1
HIGH7.8CVE-2026-43958EPSS 0.01%A flaw was found in rrdcached, a component of rrdtool.2026/6/1
HIGH7.8CVE-2026-46243EPSS 0.02%In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key…2026/6/1
HIGH7.8CVE-2026-10118EPSS 0.07%A flaw was found in Poppler's Splash backend.2026/6/1
HIGH8.1CVE-2026-47412praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}2026/6/1

第 1 / 906 頁下一頁 →