搜尋

8,076 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.1CVE-2026-42252Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern2026/6/5
LOW3.1CVE-2026-40963Apache Airflow: DAG authorization bypass on /ui/structure/structure_data2026/6/5
CRITICAL9.8CVE-2026-49448authentik: SourceStage bypass via empty POST2026/6/5
CRITICAL9.3CVE-2026-42849authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover2026/6/5
LOW3.7CVE-2026-48011Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames2026/6/4
LOW3.7CVE-2026-44546daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processi…2026/6/3
LOW3.3CVE-2026-10528EPSS 0.01%A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11.2026/6/2
LOW3.3CVE-2026-10298EPSS 0.01%A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2.2026/6/1
CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members2026/6/1
CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script2026/6/1
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed2026/6/1
LOW3.1CVE-2026-45426EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access2026/6/1
LOW3.3CVE-2026-10233EPSS 0.01%A security vulnerability has been detected in Assimp up to 6.0.4.2026/6/1
LOW3.3CVE-2026-10201EPSS 0.01%A vulnerability was determined in Assimp up to 6.0.4.2026/6/1
LOW3.3CVE-2026-10199EPSS 0.01%A vulnerability has been found in Assimp up to 6.0.4.2026/5/31
LOW3.3CVE-2026-10198EPSS 0.01%A flaw has been found in Assimp up to 6.0.4.2026/5/31
LOW3.3CVE-2026-10197EPSS 0.01%A vulnerability was detected in Assimp up to 6.0.4.2026/5/31
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}2026/5/29
CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset2026/5/29
CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution2026/5/29
CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)2026/5/29
CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default2026/5/29
CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset2026/5/29
CRITICAL9.8CVE-2026-45700EPSS 0.02%FreeRDP is a free implementation of the Remote Desktop Protocol.2026/5/29
CRITICAL9.9CVE-2026-45372EPSS 0.06%cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.2026/5/29

第 1 / 324 頁下一頁 →