搜尋

30,476 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.9CVE-2026-49267Apache Airflow: No certificate validation on SMTP STARTTLS connections2026/6/5
MEDIUM6.5CVE-2026-48726Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path2026/6/5
MEDIUM4.3CVE-2026-46764Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter2026/6/5
MEDIUM6.5CVE-2026-42358Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets2026/6/5
MEDIUM4.3CVE-2026-41014Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints2026/6/5
LOW3.1CVE-2026-40963Apache Airflow: DAG authorization bypass on /ui/structure/structure_data2026/6/5
MEDIUM6.5CVE-2026-40861Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler2026/6/5
MEDIUM4.1CVE-2026-48013Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation2026/6/4
MEDIUM4.9CVE-2026-48015Shopware: Stored XSS via SVG file upload — no SVG sanitization2026/6/4
MEDIUM4.3CVE-2026-48016Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment2026/6/4
MEDIUM6.5CVE-2026-48014Shopware: Admin API ACL Bypass in Order State Transition Endpoints2026/6/4
MEDIUM4.3CVE-2026-48012Shopware SSO referer trust leading to an arbitrary redirect target2026/6/4
LOW3.7CVE-2026-48011Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames2026/6/4
MEDIUM6.5CVE-2026-48010Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts2026/6/4
MEDIUM6.8CVE-2026-48009Shopware: Admin Account Takeover via User Recovery Hash Exposure2026/6/4
MEDIUM6.5CVE-2026-48008Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass2026/6/4
MEDIUM4.7CVE-2026-50183WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section2026/6/4
MEDIUM6.1CVE-2026-50182WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination2026/6/4
MEDIUM4.3CVE-2026-47696EPSS 0.02%WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint2026/6/4
MEDIUM5.4CVE-2026-47694EPSS 0.03%WWBN AVideo: Stored XSS via unescaped Gallery category description2026/6/4
MEDIUM5.3CVE-2026-47676Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths2026/6/4
MEDIUM5.3CVE-2026-47674Hono: IP Restriction bypasses static deny rules for non-canonical IPv62026/6/4
MEDIUM4.3CVE-2026-47675Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection2026/6/4
MEDIUM4.8CVE-2026-47673Hono: JWT middleware accepts any Authorization scheme, not only Bearer2026/6/4
MEDIUM5.4CVE-2026-47671Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets2026/6/4

第 1 / 1220 頁下一頁 →