搜尋

22,634 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.3CVE-2026-47415praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.1CVE-2026-47417praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR2026/6/1
HIGH8.1CVE-2026-47418praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR2026/6/1
HIGH8.2CVE-2026-47423DOMPurify XSS via selectedcontent re-clone2026/6/1
HIGH7.1CVE-2026-48119Nezha's authenticated agents can forge service-monitor results for other users' services2026/6/1
HIGH7.7CVE-2026-42398EPSS 0.03%Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access2026/6/1
HIGH7.3CVE-2026-33462EPSS 0.03%Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts2026/6/1
HIGH8.1CVE-2026-40172EPSS 0.01%authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser2026/6/1
HIGH7.1CVE-2026-48827EPSS 0.10%Path traversal vulnerability in Apache MINA SSHD bundle sshd-git.2026/6/1
HIGH8.1CVE-2026-8796EPSS 0.01%Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input.2026/5/31
HIGH8.1CVE-2026-47409praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role2026/5/29
HIGH7.6CVE-2026-47414praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)2026/5/29
HIGH8.1CVE-2026-47406praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks2026/5/29
HIGH8.8CVE-2026-47405PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership2026/5/29
HIGH8.8CVE-2026-47399PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID2026/5/29
HIGH8.8CVE-2026-48169PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API2026/5/29
HIGH8.1CVE-2026-47398PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-443342026/5/29
HIGH8.1CVE-2026-47231Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders2026/5/29
HIGH8.5CVE-2026-47201EPSS 0.06%authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user2026/5/29
HIGH7.5CVE-2026-46527EPSS 0.06%cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.2026/5/29
HIGH7.5CVE-2026-44422EPSS 0.05%FreeRDP is a free implementation of the Remote Desktop Protocol.2026/5/29
HIGH8.8CVE-2026-44421EPSS 0.06%FreeRDP is a free implementation of the Remote Desktop Protocol.2026/5/29
HIGH8.8CVE-2026-44420EPSS 0.04%FreeRDP is a free implementation of the Remote Desktop Protocol.2026/5/29
HIGH7.7CVE-2026-47260Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs2026/5/29
HIGH7.5CVE-2026-46702russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets2026/5/29

← 上一頁第 2 / 906 頁下一頁 →