| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-24813 |
严重 |
10.1.30 |
11.0.3, 10.1.35, 9.0.99 |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-24813 |
严重 |
10.1.30 |
11.0.3, 10.1.35, 9.0.99 |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41293 |
严重 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41293 |
严重 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43512 |
严重 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43512 |
严重 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43515 |
严重 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: tomcat: Improper Authorization allows security bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43515 |
严重 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: tomcat: Improper Authorization allows security bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2020-1938 |
严重 |
8.5.46 |
9.0.31, 8.5.51, 7.0.100 |
tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1938
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2020-02-24 22:15 修改: 2026-06-17 03:02
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-24813 |
严重 |
8.5.46 |
11.0.3, 10.1.35, 9.0.99 |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41293 |
严重 |
8.5.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43512 |
严重 |
8.5.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43515 |
严重 |
8.5.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: tomcat: Improper Authorization allows security bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| com.google.protobuf:protobuf-java |
CVE-2022-3509 |
高危 |
3.20.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Textformat parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| com.google.protobuf:protobuf-java |
CVE-2022-3510 |
高危 |
3.20.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Message-Type Extensions parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| com.google.protobuf:protobuf-java |
CVE-2022-3510 |
高危 |
3.20.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Message-Type Extensions parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| com.google.protobuf:protobuf-java |
CVE-2022-3510 |
高危 |
3.20.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Message-Type Extensions parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.20.1 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.20.1 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.20.1 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.9.4 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.9.4 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.9.4 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.7 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| io.grpc:grpc-netty-shaded |
CVE-2025-55163 |
高危 |
1.53.0 |
1.75.0 |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.grpc:grpc-netty-shaded |
CVE-2025-55163 |
高危 |
1.53.0 |
1.75.0 |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.grpc:grpc-netty-shaded |
CVE-2025-55163 |
高危 |
1.53.0 |
1.75.0 |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.grpc:grpc-protobuf |
CVE-2023-32731 |
高危 |
1.53.0 |
1.53.1, 1.54.2 |
gRPC: sensitive information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32731
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-06-09 11:15 修改: 2026-06-17 05:59
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.113.Final |
4.1.133.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.113.Final |
4.1.133.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-dns |
CVE-2026-42579 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-dns |
CVE-2026-42579 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-haproxy |
CVE-2026-44893 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44893
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-haproxy |
CVE-2026-44893 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44893
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-haproxy |
CVE-2026-48059 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48059
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-haproxy |
CVE-2026-48059 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48059
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-haproxy |
CVE-2026-44893 |
高危 |
4.1.79.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44893
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-haproxy |
CVE-2026-48059 |
高危 |
4.1.79.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48059
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http2 |
CVE-2025-55163 |
高危 |
4.1.113.Final |
4.2.4.Final, 4.1.124.Final |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-http2 |
CVE-2025-55163 |
高危 |
4.1.113.Final |
4.2.4.Final, 4.1.124.Final |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-redis |
CVE-2026-44250 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44250
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
|
| io.netty:netty-codec-redis |
CVE-2026-44250 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44250
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
|
| io.netty:netty-codec-redis |
CVE-2026-44890 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44890
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-redis |
CVE-2026-44890 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44890
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:51
|
| io.netty:netty-codec-redis |
CVE-2026-48006 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48006
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-redis |
CVE-2026-48006 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48006
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-redis |
CVE-2026-50011 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: Netty: Denial of Service via malicious Redis array header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50011
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-redis |
CVE-2026-50011 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-redis: Netty: Denial of Service via malicious Redis array header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50011
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-smtp |
CVE-2025-59419 |
高危 |
4.1.113.Final |
4.2.7.Final, 4.1.128.Final |
io.netty/netty-codec-smtp: Netty netty-codec-smtp SMTP Command Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59419
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-15 16:15 修改: 2026-06-17 09:46
|
| io.netty:netty-codec-smtp |
CVE-2025-59419 |
高危 |
4.1.113.Final |
4.2.7.Final, 4.1.128.Final |
io.netty/netty-codec-smtp: Netty netty-codec-smtp SMTP Command Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59419
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-15 16:15 修改: 2026-06-17 09:46
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.113.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.113.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-resolver-dns |
CVE-2026-45674 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-resolver-dns |
CVE-2026-45674 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-resolver-dns |
CVE-2026-47691 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-resolver-dns |
CVE-2026-47691 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-transport-sctp |
CVE-2026-46340 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46340
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:53
|
| io.netty:netty-transport-sctp |
CVE-2026-46340 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46340
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:53
|
| org.apache.thrift:libthrift |
CVE-2026-43869 |
高危 |
0.14.1 |
0.23.0 |
Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43869
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-05 08:16 修改: 2026-06-17 10:50
|
| ch.qos.logback:logback-classic |
CVE-2023-6378 |
高危 |
1.3.5 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| ch.qos.logback:logback-classic |
CVE-2023-6378 |
高危 |
1.3.5 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| ch.qos.logback:logback-classic |
CVE-2023-6378 |
高危 |
1.3.5 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| ch.qos.logback:logback-core |
CVE-2023-6378 |
高危 |
1.3.5 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| ch.qos.logback:logback-core |
CVE-2023-6378 |
高危 |
1.3.5 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| ch.qos.logback:logback-core |
CVE-2023-6378 |
高危 |
1.3.5 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| com.alipay.sofa:hessian |
CVE-2024-46983 |
高危 |
3.3.6 |
3.5.5 |
SOFA Hessian Remote Command Execution (RCE) Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46983
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:56
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.17.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind contains the general-purpose data-binding functionali ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-50379 |
高危 |
10.1.30 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-50379 |
高危 |
10.1.30 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-56337 |
高危 |
10.1.30 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-20 16:15 修改: 2026-06-17 08:12
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-56337 |
高危 |
10.1.30 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-20 16:15 修改: 2026-06-17 08:12
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48988 |
高危 |
10.1.30 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat DoS in multipart upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48988 |
高危 |
10.1.30 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat DoS in multipart upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48989 |
高危 |
10.1.30 |
11.0.10, 10.1.44, 9.0.108 |
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48989 |
高危 |
10.1.30 |
11.0.10, 10.1.44, 9.0.108 |
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-52520 |
高危 |
10.1.30 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-52520 |
高危 |
10.1.30 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-53506 |
高危 |
10.1.30 |
9.0.107, 10.1.43, 11.0.9 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-53506 |
高危 |
10.1.30 |
9.0.107, 10.1.43, 11.0.9 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55752 |
高危 |
10.1.30 |
11.0.11, 10.1.45, 9.0.109 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55752 |
高危 |
10.1.30 |
11.0.11, 10.1.45, 9.0.109 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24734 |
高危 |
10.1.30 |
11.0.18, 10.1.52, 9.0.115 |
tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24734 |
高危 |
10.1.30 |
11.0.18, 10.1.52, 9.0.115 |
tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24880 |
高危 |
10.1.30 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24880 |
高危 |
10.1.30 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-34483 |
高危 |
10.1.30 |
9.0.116, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-34483 |
高危 |
10.1.30 |
9.0.116, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41284 |
高危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41284 |
高危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-42498 |
高危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-42498 |
高危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43513 |
高危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43513 |
高危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.17.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind contains the general-purpose data-binding functionali ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:00
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:00
|
| com.google.protobuf:protobuf-java |
CVE-2022-3509 |
高危 |
3.20.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Textformat parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| com.google.protobuf:protobuf-java |
CVE-2022-3509 |
高危 |
3.20.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Textformat parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2019-12418 |
高危 |
8.5.46 |
7.0.99, 8.5.49, 9.0.29 |
tomcat: local privilege escalation
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12418
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2019-12-23 18:15 修改: 2026-06-17 02:14
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2019-17563 |
高危 |
8.5.46 |
7.0.99, 8.5.50, 9.0.30 |
tomcat: Session fixation when using FORM authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17563
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2019-12-23 17:15 修改: 2026-06-17 02:24
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2020-11996 |
高危 |
8.5.46 |
10.0.0-M5, 9.0.35, 8.5.55 |
tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11996
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2020-06-26 17:15 修改: 2026-06-17 02:51
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2020-9484 |
高危 |
8.5.46 |
10.0.0-M5, 9.0.35, 8.5.55, 7.0.104 |
tomcat: deserialization flaw in session persistence storage leading to RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9484
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2020-05-20 19:15 修改: 2026-06-17 03:28
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2021-25122 |
高危 |
8.5.46 |
10.0.2, 9.0.43, 8.5.63 |
tomcat: Request mix-up with h2c
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-25122
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2021-03-01 12:15 修改: 2026-06-17 03:41
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2021-25329 |
高危 |
8.5.46 |
10.0.2, 9.0.41, 8.5.61, 7.0.108 |
tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-25329
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2021-03-01 12:15 修改: 2026-06-17 03:41
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2022-42252 |
高危 |
8.5.46 |
8.5.83, 9.0.68, 10.0.27, 10.1.1 |
tomcat: request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42252
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2022-11-01 09:15 修改: 2026-06-17 05:04
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-46589 |
高危 |
8.5.46 |
11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 |
tomcat: HTTP request smuggling via malformed trailer headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-11-28 16:15 修改: 2026-06-17 06:31
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-34750 |
高危 |
8.5.46 |
11.0.0-M21, 10.1.25, 9.0.90 |
tomcat: Improper Handling of Exceptional Conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-07-03 20:15 修改: 2026-06-17 07:34
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-50379 |
高危 |
8.5.46 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48988 |
高危 |
8.5.46 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat DoS in multipart upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-52520 |
高危 |
8.5.46 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-53506 |
高危 |
8.5.46 |
9.0.107, 10.1.43, 11.0.9 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55752 |
高危 |
8.5.46 |
11.0.11, 10.1.45, 9.0.109 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24880 |
高危 |
8.5.46 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41284 |
高危 |
8.5.46 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-42498 |
高危 |
8.5.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43513 |
高危 |
8.5.46 |
9.0.118, 10.1.55, 11.0.22 |
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-5598 |
高危 |
1.83 |
1.84 |
bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5598
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:59
|
| org.json:json |
CVE-2022-45688 |
高危 |
20141113 |
20230227 |
json stack overflow vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45688
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2022-12-13 15:15 修改: 2026-06-17 05:10
|
| org.json:json |
CVE-2023-5072 |
高危 |
20141113 |
20231013 |
JSON-java: parser confusion leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5072
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2023-10-12 17:15 修改: 2026-06-17 06:47
|
| org.lz4:lz4-java |
CVE-2025-12183 |
高危 |
1.8.0 |
1.8.1 |
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12183
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-11-28 16:15 修改: 2026-06-17 08:31
|
| org.lz4:lz4-java |
CVE-2025-12183 |
高危 |
1.8.0 |
1.8.1 |
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12183
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-11-28 16:15 修改: 2026-06-17 08:31
|
| org.lz4:lz4-java |
CVE-2025-12183 |
高危 |
1.8.0 |
1.8.1 |
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12183
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-11-28 16:15 修改: 2026-06-17 08:31
|
| org.lz4:lz4-java |
CVE-2025-66566 |
高危 |
1.8.0 |
|
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57
|
| org.lz4:lz4-java |
CVE-2025-66566 |
高危 |
1.8.0 |
|
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57
|
| org.lz4:lz4-java |
CVE-2025-66566 |
高危 |
1.8.0 |
|
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57
|
| org.springframework.boot:spring-boot |
CVE-2025-22235 |
高危 |
3.3.4 |
3.3.11, 3.4.5 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45
|
| org.springframework.boot:spring-boot |
CVE-2025-22235 |
高危 |
3.3.4 |
3.3.11, 3.4.5 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
3.3.4 |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
3.3.4 |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45
|
| org.springframework:spring-core |
CVE-2025-41249 |
高危 |
6.1.13 |
6.2.11 |
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-core |
CVE-2025-41249 |
高危 |
6.1.13 |
6.2.11 |
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-webflux |
CVE-2024-38819 |
高危 |
6.1.13 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
6.1.13 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
6.1.13 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.113.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
3.2.0 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.3.5 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.3.5 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.3.5 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.3.5 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.113.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.113.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-mqtt |
CVE-2026-44248 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44248
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:50
|
| io.netty:netty-codec-mqtt |
CVE-2026-44248 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44248
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:50
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind contains the general-purpose data-binding functionali ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind contains the general-purpose data-binding functionali ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.17.2 |
3.1.4, 2.18.9, 2.21.5 |
jackson-databind contains the general-purpose data-binding functionali ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-25 16:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.17.2 |
3.1.4, 2.18.9, 2.21.5 |
jackson-databind contains the general-purpose data-binding functionali ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-23 21:17 修改: 2026-06-25 16:14
|
| io.grpc:grpc-protobuf |
CVE-2023-32732 |
中危 |
1.53.0 |
1.53.1, 1.54.2 |
gRPC: denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32732
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-06-09 11:15 修改: 2026-06-17 05:59
|
| com.github.junrar:junrar |
CVE-2026-28208 |
中危 |
7.5.0 |
7.5.8 |
com.github.junrar/junrar: Junrar: Remote code execution via path traversal when extracting crafted RAR archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28208
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-26 23:16 修改: 2026-06-17 10:28
|
| com.github.junrar:junrar |
CVE-2026-41245 |
中危 |
7.5.0 |
7.5.10 |
junrar: Junrar: Arbitrary file write via path traversal when extracting crafted RAR archives.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41245
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.113.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| io.netty:netty-codec-redis |
CVE-2026-42586 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42586
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-52317 |
中危 |
10.1.30 |
9.0.96, 10.1.31, 11.0.0 |
tomcat: Apache Tomcat: Request/response mix-up with HTTP/2
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52317
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-11-18 12:15 修改: 2026-06-17 08:07
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-52317 |
中危 |
10.1.30 |
9.0.96, 10.1.31, 11.0.0 |
tomcat: Apache Tomcat: Request/response mix-up with HTTP/2
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52317
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-11-18 12:15 修改: 2026-06-17 08:07
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31650 |
中危 |
10.1.30 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31650
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31650 |
中危 |
10.1.30 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31650
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49124 |
中危 |
10.1.30 |
11.0.8, 10.1.42, 9.0.106 |
Apache Tomcat installer for Windows has an untrusted search path vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49124 |
中危 |
10.1.30 |
11.0.8, 10.1.42, 9.0.106 |
Apache Tomcat installer for Windows has an untrusted search path vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49125 |
中危 |
10.1.30 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49125 |
中危 |
10.1.30 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-66614 |
中危 |
10.1.30 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-66614 |
中危 |
10.1.30 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-25854 |
中危 |
10.1.30 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-25854 |
中危 |
10.1.30 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25
|
| io.netty:netty-codec-redis |
CVE-2026-42586 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42586
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.113.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| com.github.junrar:junrar |
CVE-2026-28208 |
中危 |
7.5.4 |
7.5.8 |
com.github.junrar/junrar: Junrar: Remote code execution via path traversal when extracting crafted RAR archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28208
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-26 23:16 修改: 2026-06-17 10:28
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.113.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.113.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.113.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.113.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| com.github.junrar:junrar |
CVE-2026-41245 |
中危 |
7.5.4 |
7.5.10 |
junrar: Junrar: Arbitrary file write via path traversal when extracting crafted RAR archives.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41245
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:46
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.3.5 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.5.8 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.5.8 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.3.5 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| io.netty:netty-codec-haproxy |
CVE-2022-41881 |
中危 |
4.1.79.Final |
4.1.86.Final |
codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41881
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2022-12-12 18:15 修改: 2026-06-17 05:03
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.17.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.17.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.google.protobuf:protobuf-java |
CVE-2022-3171 |
中危 |
3.20.1 |
3.21.7, 3.20.3, 3.19.6, 3.16.3 |
protobuf-java: timeout in parser leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58
|
| io.netty:netty-resolver-dns |
CVE-2026-45673 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-resolver-dns |
CVE-2026-45673 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2020-1935 |
中危 |
8.5.46 |
7.0.100, 8.5.51, 9.0.31 |
tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1935
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2020-02-24 22:15 修改: 2026-06-17 03:02
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2021-24122 |
中危 |
8.5.46 |
10.0.0-M10, 9.0.40, 8.5.60, 7.0.107 |
tomcat: Information disclosure when using NTFS file system
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-24122
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2021-01-14 15:15 修改: 2026-06-17 03:39
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-41080 |
中危 |
8.5.46 |
8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 |
tomcat: Open Redirect vulnerability in FORM authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-41080
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-08-25 21:15 修改: 2026-06-17 06:20
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-42795 |
中危 |
8.5.46 |
10.1.14, 9.0.81, 8.5.94, 11.0.0-M12 |
tomcat: improper cleaning of recycled objects could lead to information leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42795
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-10-10 18:15 修改: 2026-06-17 06:24
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-44487 |
中危 |
8.5.46 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-10-10 14:15 修改: 2026-06-17 06:27
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-45648 |
中危 |
8.5.46 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
tomcat: incorrectly parsed http trailer headers can cause request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45648
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-10-10 19:15 修改: 2026-06-17 06:28
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-21733 |
中危 |
8.5.46 |
8.5.64, 9.0.44 |
tomcat: Leaking of unrelated request bodies in default error page
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21733
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-01-19 11:15 修改: 2026-06-17 07:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-24549 |
中危 |
8.5.46 |
8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 |
Tomcat: HTTP/2 header handling DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-03-13 16:15 修改: 2026-06-17 07:14
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31650 |
中危 |
8.5.46 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31650
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49125 |
中危 |
8.5.46 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-66614 |
中危 |
8.5.46 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-25854 |
中危 |
8.5.46 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25
|
| org.bouncycastle:bcpkix-jdk15on |
CVE-2025-8916 |
中危 |
1.69 |
1.79 |
org.bouncycastle: BouncyCastle denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-08-13 10:15 修改: 2026-06-17 10:07
|
| org.bouncycastle:bcpkix-jdk15on |
CVE-2026-5588 |
中危 |
1.69 |
1.84 |
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:59
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2026-5588 |
中危 |
1.83 |
1.84 |
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:59
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2023-33201 |
中危 |
1.69 |
|
bouncycastle: potential blind LDAP injection attack using a self-signed certificate
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-07-05 03:15 修改: 2026-06-17 06:01
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2023-33202 |
中危 |
1.69 |
1.70 |
bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2023-11-23 16:15 修改: 2026-06-17 06:01
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2024-29857 |
中危 |
1.69 |
1.78 |
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-05-14 15:17 修改: 2026-06-17 07:23
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2024-30171 |
中危 |
1.69 |
1.78 |
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-05-14 15:21 修改: 2026-06-17 07:26
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2024-34447 |
中危 |
1.69 |
1.78 |
org.bouncycastle: Use of Incorrectly-Resolved Name or Reference
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34447
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-05-03 16:15 修改: 2026-06-17 07:33
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-0636 |
中危 |
1.83 |
1.84 |
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:11
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| com.google.protobuf:protobuf-java |
CVE-2022-3171 |
中危 |
3.20.1 |
3.21.7, 3.20.3, 3.19.6, 3.16.3 |
protobuf-java: timeout in parser leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58
|
| com.google.protobuf:protobuf-java |
CVE-2022-3171 |
中危 |
3.20.1 |
3.21.7, 3.20.3, 3.19.6, 3.16.3 |
protobuf-java: timeout in parser leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.29.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:51
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.37.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:51
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.37.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:51
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| io.projectreactor.netty:reactor-netty-http |
CVE-2025-22227 |
中危 |
1.1.22 |
1.3.0-M5, 1.2.8 |
io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22227
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-07-16 10:15 修改: 2026-06-17 08:45
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.12.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-web |
CVE-2025-41234 |
中危 |
6.1.13 |
6.2.8, 6.1.21 |
springframework: Reflected download attack in Spring Framework with non-ASCII headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-web |
CVE-2025-41234 |
中危 |
6.1.13 |
6.2.8, 6.1.21 |
springframework: Reflected download attack in Spring Framework with non-ASCII headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.14.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.springframework:spring-webflux |
CVE-2026-22737 |
中危 |
6.1.13 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webflux |
CVE-2026-22745 |
中危 |
6.1.13 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.14.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.113.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| org.springframework:spring-webmvc |
CVE-2025-41242 |
中危 |
6.1.13 |
6.2.10 |
org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-webmvc |
CVE-2025-41242 |
中危 |
6.1.13 |
6.2.10 |
org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-webmvc |
CVE-2026-22737 |
中危 |
6.1.13 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22737 |
中危 |
6.1.13 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
6.1.13 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
6.1.13 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55754 |
低危 |
10.1.30 |
11.0.11, 10.1.45, 9.0.109 |
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-61795 |
低危 |
10.1.30 |
11.0.12, 10.1.47, 9.0.110 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-61795 |
低危 |
10.1.30 |
11.0.12, 10.1.47, 9.0.110 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24733 |
低危 |
10.1.30 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: security constraint bypass with HTTP/0.9
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24733 |
低危 |
10.1.30 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: security constraint bypass with HTTP/0.9
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43514 |
低危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43514 |
低危 |
10.1.30 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.3.5 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.3.5 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.5.8 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.5.8 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.113.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
6.1.13 |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
6.1.13 |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.113.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.3.5 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31651 |
低危 |
8.5.46 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31651
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-46701 |
低危 |
8.5.46 |
9.0.105, 10.1.41, 11.0.7 |
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-61795 |
低危 |
8.5.46 |
11.0.12, 10.1.47, 9.0.110 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24733 |
低危 |
8.5.46 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: security constraint bypass with HTTP/0.9
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43514 |
低危 |
8.5.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.3.5 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:68497cb452f504ac07fd7b5d82e6d17d5d02b2713b86a38c0c7f8abd10b07ce6
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| org.springframework:spring-webflux |
CVE-2026-22735 |
低危 |
6.1.13 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webflux |
CVE-2026-22740 |
低危 |
6.1.13 |
7.0.7, 6.2.18 |
spring-webflux: Spring WebFlux: Denial of Service via temporary file accumulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22740
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webflux |
CVE-2026-22741 |
低危 |
6.1.13 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.3.5 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.3.5 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31651 |
低危 |
10.1.30 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31651
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31651 |
低危 |
10.1.30 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31651
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-46701 |
低危 |
10.1.30 |
9.0.105, 10.1.41, 11.0.7 |
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-46701 |
低危 |
10.1.30 |
9.0.105, 10.1.41, 11.0.7 |
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55754 |
低危 |
10.1.30 |
11.0.11, 10.1.45, 9.0.109 |
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
|
| org.springframework:spring-webmvc |
CVE-2026-22735 |
低危 |
6.1.13 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22735 |
低危 |
6.1.13 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
6.1.13 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
6.1.13 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:b92c25476b051e56f32fc1eb89aeb04df3aeb2d13de382f6de1f3d0d517660b6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|