docker.io/camunda/identity:8.6.0 linux/amd64

docker.io/camunda/identity:8.6.0 - Trivy安全扫描结果 扫描时间: 2026-07-13 11:41
全部漏洞信息
低危漏洞:41 中危漏洞:60 高危漏洞:56 严重漏洞:8

系统OS: alpine 3.20.0 扫描引擎: Trivy 扫描时间: 2026-07-13 11:41

docker.io/camunda/identity:8.6.0 (alpine 3.20.0) (alpine)
低危漏洞:27 中危漏洞:20 高危漏洞:21 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-31789 严重 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2024-6119 高危 3.3.0-r2 3.3.2-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

libcrypto3 CVE-2025-15467 高危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libcrypto3 CVE-2025-69421 高危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2026-28387 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28388 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28389 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28390 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2024-12797 高危 3.3.0-r2 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

libssl3 CVE-2024-12797 高危 3.3.0-r2 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

libssl3 CVE-2024-6119 高危 3.3.0-r2 3.3.2-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

libssl3 CVE-2025-15467 高危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-69421 高危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2026-28387 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 高危 3.3.0-r2 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

musl CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

musl-utils CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl-utils CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

zlib CVE-2026-22184 高危 1.3.1-r1 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-07 21:16 修改: 2026-06-30 03:17

busybox CVE-2023-42365 中危 1.36.1-r28 1.36.1-r29 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2024-58251 中危 1.36.1-r28 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

libcrypto3 CVE-2025-69419 中危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9230 中危 3.3.0-r2 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2025-9231 中危 3.3.0-r2 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2025-69419 中危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-9230 中危 3.3.0-r2 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2025-9231 中危 3.3.0-r2 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-31790 中危 3.3.0-r2 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2026-31790 中危 3.3.0-r2 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

busybox-binsh CVE-2023-42364 中危 1.36.1-r28 1.36.1-r29 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

musl CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

busybox-binsh CVE-2023-42365 中危 1.36.1-r28 1.36.1-r29 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2024-58251 中危 1.36.1-r28 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

musl-utils CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

ssl_client CVE-2023-42364 中危 1.36.1-r28 1.36.1-r29 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42365 中危 1.36.1-r28 1.36.1-r29 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2024-58251 中危 1.36.1-r28 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

busybox CVE-2023-42364 中危 1.36.1-r28 1.36.1-r29 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

zlib CVE-2026-27171 中危 1.3.1-r1 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

libcrypto3 CVE-2025-69420 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9232 低危 3.3.0-r2 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2026-22795 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2024-13176 低危 3.3.0-r2 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libssl3 CVE-2024-4741 低危 3.3.0-r2 3.3.0-r3 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-5535 低危 3.3.0-r2 3.3.1-r1 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl3 CVE-2024-9143 低危 3.3.0-r2 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libssl3 CVE-2025-15468 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libssl3 CVE-2025-66199 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libssl3 CVE-2025-68160 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libssl3 CVE-2025-69418 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-69420 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-9232 低危 3.3.0-r2 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-22795 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2026-22796 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libcrypto3 CVE-2026-22796 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

busybox-binsh CVE-2025-46394 低危 1.36.1-r28 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

busybox CVE-2025-46394 低危 1.36.1-r28 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

libcrypto3 CVE-2024-13176 低危 3.3.0-r2 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libcrypto3 CVE-2024-4741 低危 3.3.0-r2 3.3.0-r3 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libcrypto3 CVE-2024-5535 低危 3.3.0-r2 3.3.1-r1 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libcrypto3 CVE-2024-9143 低危 3.3.0-r2 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2025-15468 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libcrypto3 CVE-2025-66199 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

ssl_client CVE-2025-46394 低危 1.36.1-r28 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

libcrypto3 CVE-2025-68160 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libcrypto3 CVE-2025-69418 低危 3.3.0-r2 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:02f2bcb26af5ea6d185dcf509dc795746d907ae10c53918b6944ac85447a0c72

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

Java (jar)
低危漏洞:14 中危漏洞:40 高危漏洞:35 严重漏洞:6
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-24813 严重 10.1.25 11.0.3, 10.1.35, 9.0.99 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41293 严重 10.1.25 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43512 严重 10.1.25 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43515 严重 10.1.25 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: tomcat: Improper Authorization allows security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.springframework.security:spring-security-web CVE-2024-38821 严重 6.3.0 5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-10-28 07:15 修改: 2026-06-17 07:41

org.springframework.security:spring-security-web CVE-2026-22732 严重 6.3.0 6.5.9, 7.0.4 Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20

io.netty:netty-codec-http CVE-2026-42587 高危 4.1.111.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.111.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.111.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.111.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2025-24970 高危 4.1.111.Final 4.1.118.Final io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59

io.netty:netty-handler CVE-2026-44249 高危 4.1.111.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-11 22:16 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2026-45416 高危 4.1.111.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.111.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.15.4 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.15.4 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-23 21:17 修改: 2026-07-09 13:17

commons-io:commons-io CVE-2024-47554 高危 2.11.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57

io.netty:netty-codec CVE-2026-42583 高危 4.1.111.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

org.apache.tomcat.embed:tomcat-embed-core CVE-2024-50379 高危 10.1.25 11.0.2, 10.1.34, 9.0.98 tomcat: RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04

org.apache.tomcat.embed:tomcat-embed-core CVE-2024-56337 高危 10.1.25 11.0.2, 10.1.34, 9.0.98 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-12-20 16:15 修改: 2026-06-17 08:12

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48988 高危 10.1.25 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat DoS in multipart upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48989 高危 10.1.25 11.0.10, 10.1.44, 9.0.108 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-52520 高危 10.1.25 11.0.9, 10.1.43, 9.0.107 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-53506 高危 10.1.25 9.0.107, 10.1.43, 11.0.9 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55752 高危 10.1.25 11.0.11, 10.1.45, 9.0.109 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24734 高危 10.1.25 11.0.18, 10.1.52, 9.0.115 tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-02-17 19:21 修改: 2026-06-30 03:17

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24880 高危 10.1.25 9.0.116, 10.1.52, 11.0.20 Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-34483 高危 10.1.25 9.0.116, 10.1.54, 11.0.21 Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41284 高危 10.1.25 9.0.118, 10.1.55, 11.0.22 Allocation of Resources Without Limits or Throttling vulnerability in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-42498 高危 10.1.25 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43513 高危 10.1.25 9.0.118, 10.1.55, 11.0.22 tomcat-catalina: Apache Tomcat: Improper Handling of Case Sensitivity in LockOutRealm

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.keycloak:keycloak-core CVE-2024-10039 高危 25.0.2 26.0.6 keycloak-core: mTLS passthrough

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10039

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

org.postgresql:postgresql CVE-2026-42198 高危 42.7.3 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-29 16:16 修改: 2026-07-10 12:16

org.springframework.boot:spring-boot CVE-2025-22235 高危 3.2.7 3.3.11, 3.4.5 org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45

org.springframework.security:spring-security-crypto CVE-2025-22228 高危 6.2.5 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45

io.netty:netty-codec-http CVE-2026-33870 高危 4.1.111.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http CVE-2026-42584 高危 4.1.111.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

org.springframework:spring-core CVE-2025-41249 高危 6.1.10 6.2.11 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2024-38816 高危 6.1.10 6.1.13 spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-09-13 06:15 修改: 2026-06-17 07:41

org.springframework:spring-webmvc CVE-2024-38819 高危 6.1.10 6.1.14 org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41

software.amazon.jdbc:aws-advanced-jdbc-wrapper GHSA-7xw4-g7mm-r4hh 高危 2.3.6 2.6.5 Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

漏洞详情: https://github.com/advisories/GHSA-7xw4-g7mm-r4hh

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-11-13 22:22 修改: 2025-11-13 22:22

io.netty:netty-codec-http CVE-2026-50020 中危 4.1.111.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.15.4 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

ch.qos.logback:logback-core CVE-2024-12798 中危 1.4.14 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00

io.netty:netty-codec CVE-2025-58057 中危 4.1.111.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.111.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.111.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.111.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

io.netty:netty-common CVE-2024-47535 中危 4.1.111.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2025-25193 中危 4.1.111.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

ch.qos.logback:logback-core CVE-2025-11226 中危 1.4.14 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.15.4 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.15.4 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

io.netty:netty-codec-http CVE-2025-67735 中危 4.1.111.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-31650 中危 10.1.25 9.0.104, 10.1.40, 11.0.6 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31650

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49124 中危 10.1.25 11.0.8, 10.1.42, 9.0.106 Apache Tomcat installer for Windows has an untrusted search path vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49125 中危 10.1.25 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55668 中危 10.1.25 11.0.8, 10.1.42, 9.0.106 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55668

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-08-13 14:15 修改: 2026-06-17 09:41

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-66614 中危 10.1.25 11.0.15, 10.1.50, 9.0.113 tomcat: Client certificate verification bypass due to virtual host mapping

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-25854 中危 10.1.25 9.0.116, 10.1.53, 11.0.20 Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25

org.eclipse.angus:smtp CVE-2025-7962 中危 2.0.3 2.0.4 com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16

org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.13.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.keycloak:keycloak-core CVE-2024-7318 中危 25.0.2 24.0.7, 25.0.4 keycloak-core: One Time Passcode (OTP) is valid longer than expiration timeSeverity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7318

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-09-09 19:15 修改: 2026-06-17 08:19

org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.21.1 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.21.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.springframework.security:spring-security-core CVE-2024-38827 中危 6.2.5 5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 spring-security: authorization bypass for case sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-12-02 15:15 修改: 2026-06-17 07:41

org.apache.logging.log4j:log4j-core CVE-2026-34478 中危 2.21.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.21.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-layout-template-json CVE-2026-34481 中危 2.23.1 2.25.4 org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34481

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-10 16:16 修改: 2026-07-11 06:16

org.springframework.security:spring-security-web CVE-2026-47838 中危 6.3.0 6.5.11 Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16

org.springframework:spring-context CVE-2024-38820 中危 6.1.10 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

io.netty:netty-codec-http CVE-2026-41417 中危 4.1.111.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46

org.springframework:spring-web CVE-2024-38809 中危 6.1.10 5.3.38, 6.0.23, 6.1.12 org.springframework:spring-web: Spring Framework DoS via conditional HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-09-27 17:15 修改: 2026-06-17 07:41

org.springframework:spring-web CVE-2024-38820 中危 6.1.10 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

org.springframework:spring-web CVE-2025-41234 中危 6.1.10 6.2.8, 6.1.21 springframework: Reflected download attack in Spring Framework with non-ASCII headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22

io.netty:netty-codec-http CVE-2026-42580 中危 4.1.111.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-42581 中危 4.1.111.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

org.springframework:spring-webmvc CVE-2025-41242 中危 6.1.10 6.2.10 org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2026-22737 中危 6.1.10 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22745 中危 6.1.10 7.0.7, 6.2.18 spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

io.netty:netty-codec-http CVE-2026-42585 中危 4.1.111.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

ch.qos.logback:logback-core CVE-2026-1225 低危 1.4.14 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15

org.springframework:spring-context CVE-2025-22233 低危 6.1.10 6.2.7, 6.1.20 CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45

ch.qos.logback:logback-core CVE-2026-9828 低危 1.4.14 1.5.33 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05

ch.qos.logback:logback-core CVE-2024-12801 低危 1.4.14 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00

org.keycloak:keycloak-core CVE-2024-4028 低危 25.0.2 keycloak-core: Stored XSS in Keycloak when creating a items in Admin Console

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4028

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-02-18 18:15 修改: 2026-06-17 08:00

io.netty:netty-codec-http CVE-2025-58056 低危 4.1.111.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43

ch.qos.logback:logback-core CVE-2026-10532 低危 1.4.14 1.5.35 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-31651 低危 10.1.25 9.0.104, 10.1.40, 11.0.6 tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31651

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-46701 低危 10.1.25 9.0.105, 10.1.41, 11.0.7 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55754 低危 10.1.25 11.0.11, 10.1.45, 9.0.109 org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-61795 低危 10.1.25 11.0.12, 10.1.47, 9.0.110 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50

org.springframework:spring-webmvc CVE-2026-22735 低危 6.1.10 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22741 低危 6.1.10 7.0.7, 6.2.18 Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43514 低危 10.1.25 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514

镜像层: sha256:79190fe735daad3bcfe58f6082a7c3c86a6aede6436eb483b88488f444fd7311

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×