搜尋

22,634 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.5CVE-2026-46599EPSS 0.06%Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff2026/5/29
HIGH7.1CVE-2026-38739ezsystems/ezpublish-legacy has a SQL injection in dfscleanup2026/5/29
HIGH8.6CVE-2026-47139NodeVM network builtin exclusions bypass via internal _http_client and _http_server2026/5/29
HIGH7.5CVE-2026-8813EPSS 0.06%ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag2026/5/29
HIGH8.6CVE-2026-47209vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain2026/5/29
HIGH8.7CVE-2026-47135vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks2026/5/29
HIGH7.5CVE-2026-45742Gotenberg has a Race Condition via Multipart `downloadFrom` Handling2026/5/29
HIGH7.5CVE-2026-45741Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes2026/5/29
HIGH8.8CVE-2026-44829Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename2026/5/29
HIGH7.0CVE-2026-44495axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge2026/5/29
HIGH8.7CVE-2026-44494axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`2026/5/29
HIGH8.6CVE-2026-44492axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)2026/5/29
HIGH8.8CVE-2026-41236Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path2026/5/29
HIGH8.8CVE-2026-41235Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement2026/5/29
HIGH7.4CVE-2026-48501EPSS 0.05%GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands2026/5/29
HIGH8.7CVE-2026-48527EPSS 0.03%HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint2026/5/29
HIGH7.5CVE-2026-48901EPSS 0.00%Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects2026/5/29
HIGH8.8CVE-2026-9999EPSS 0.08%Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code i…2026/5/28
HIGH8.3CVE-2026-9998EPSS 0.07%Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to pot…2026/5/28
HIGH8.3CVE-2026-9997EPSS 0.12%Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to pote…2026/5/28
HIGH8.8CVE-2026-9995EPSS 0.08%Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a…2026/5/28
HIGH8.3CVE-2026-9994EPSS 0.12%Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer proce…2026/5/28
HIGH8.3CVE-2026-9993EPSS 0.12%Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to pote…2026/5/28
HIGH8.8CVE-2026-9992EPSS 0.09%Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via…2026/5/28
HIGH7.5CVE-2026-9990EPSS 0.07%Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage i…2026/5/28

← 上一頁第 3 / 906 頁下一頁 →