| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41293 |
严重 |
10.1.48 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43512 |
严重 |
10.1.48 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43515 |
严重 |
10.1.48 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: tomcat: Improper Authorization allows security bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2025-14813 |
严重 |
1.81 |
1.80.2, 1.81.1, 1.84 |
bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14813
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:16
|
| org.springframework.security:spring-security-web |
CVE-2026-22732 |
严重 |
6.5.7 |
6.5.9, 7.0.4 |
Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20
|
| org.thymeleaf:thymeleaf |
CVE-2026-40477 |
严重 |
3.1.3.RELEASE |
3.1.4.RELEASE |
thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40477
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19
|
| org.thymeleaf:thymeleaf |
CVE-2026-40478 |
严重 |
3.1.3.RELEASE |
3.1.4.RELEASE |
thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40478
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19
|
| org.thymeleaf:thymeleaf |
CVE-2026-41901 |
严重 |
3.1.3.RELEASE |
3.1.5.RELEASE |
Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41901
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 23:16 修改: 2026-06-17 10:47
|
| org.thymeleaf:thymeleaf-spring6 |
CVE-2026-40477 |
严重 |
3.1.3.RELEASE |
3.1.4.RELEASE |
thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40477
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19
|
| org.thymeleaf:thymeleaf-spring6 |
CVE-2026-40478 |
严重 |
3.1.3.RELEASE |
3.1.4.RELEASE |
thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40478
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19
|
| org.thymeleaf:thymeleaf-spring6 |
CVE-2026-41901 |
严重 |
3.1.3.RELEASE |
3.1.5.RELEASE |
Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41901
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 23:16 修改: 2026-06-17 10:47
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-resolver-dns |
CVE-2026-45674 |
高危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-resolver-dns |
CVE-2026-47691 |
高危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| at.yawk.lz4:lz4-java |
CVE-2025-66566 |
高危 |
1.8.1 |
1.10.1 |
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.19.4 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.19.4 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24734 |
高危 |
10.1.48 |
11.0.18, 10.1.52, 9.0.115 |
tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-02-17 19:21 修改: 2026-06-30 03:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24880 |
高危 |
10.1.48 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-34483 |
高危 |
10.1.48 |
9.0.116, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41284 |
高危 |
10.1.48 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-42498 |
高危 |
10.1.48 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43513 |
高危 |
10.1.48 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-catalina: Apache Tomcat: Improper Handling of Case Sensitivity in LockOutRealm
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.128.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| org.msgpack:msgpack-core |
CVE-2026-21452 |
高危 |
0.9.10 |
0.9.11 |
MessagePack for Java is a serializer implementation for Java. A denial ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21452
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-01-02 21:16 修改: 2026-06-17 10:18
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.7.8 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-29 16:16 修改: 2026-06-30 03:19
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
3.5.8 |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45
|
| org.springframework.boot:spring-boot-starter-actuator |
CVE-2026-22731 |
高危 |
3.5.8 |
3.5.12, 4.0.4 |
Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22731
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20
|
| org.springframework.boot:spring-boot-starter-actuator |
CVE-2026-22733 |
高危 |
3.5.8 |
4.0.4, 3.5.12 |
Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22733
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| io.netty:netty-codec-dns |
CVE-2026-42579 |
高危 |
4.1.128.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.128.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.128.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.128.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.128.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.128.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.19.4 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.19.4 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.128.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.19.4 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.128.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-66614 |
中危 |
10.1.48 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-25854 |
中危 |
10.1.48 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2026-5588 |
中危 |
1.81 |
1.84 |
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.128.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-0636 |
中危 |
1.81 |
1.84 |
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:17
|
| org.elasticsearch:elasticsearch |
CVE-2024-52980 |
中危 |
7.17.29 |
8.15.1 |
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52980
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2025-04-08 17:15 修改: 2026-06-17 08:07
|
| org.elasticsearch:elasticsearch |
CVE-2025-37727 |
中危 |
7.17.29 |
8.18.8, 8.19.5, 9.0.8, 9.1.5 |
org.elasticsearch/elasticsearch-core: Elasticsearch Insertion of sensitive information in log file
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37727
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2025-10-10 10:15 修改: 2026-06-17 09:15
|
| org.elasticsearch:elasticsearch |
CVE-2025-37731 |
中危 |
7.17.29 |
8.19.8, 9.1.8, 9.2.2 |
elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37731
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2025-12-15 11:15 修改: 2026-06-17 09:15
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.128.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.128.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-resolver-dns |
CVE-2026-45673 |
中危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.1.128.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| org.springframework.security:spring-security-core |
CVE-2026-22751 |
中危 |
6.5.7 |
6.5.10, 7.0.5 |
Spring Security: JdbcOneTimeTokenService: Spring Security: Authentication bypass due to race condition in One-Time Token login
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22751
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-21 19:16 修改: 2026-06-17 10:20
|
| org.springframework.security:spring-security-oauth2-jose |
CVE-2026-22748 |
中危 |
6.5.7 |
6.5.10, 7.0.5 |
Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22748
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.49.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-28 17:16 修改: 2026-07-06 13:16
|
| org.springframework.security:spring-security-web |
CVE-2026-47838 |
中危 |
6.5.7 |
6.5.11 |
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16
|
| org.springframework:spring-webmvc |
CVE-2026-22737 |
中危 |
6.2.14 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
6.2.14 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.25.2 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.25.2 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34478 |
中危 |
2.25.2 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.25.2 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-layout-template-json |
CVE-2026-34481 |
中危 |
2.25.2 |
2.25.4 |
org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34481
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.128.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.128.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43514 |
低危 |
10.1.48 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.springframework:spring-webmvc |
CVE-2026-22735 |
低危 |
6.2.14 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
6.2.14 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.springframework.security:spring-security-core |
CVE-2026-22746 |
低危 |
6.5.7 |
6.5.10, 7.0.5 |
Spring Security: Spring Security: Timing attack defense bypass allows information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746
镜像层: sha256:66bfb8cc857a5e77bbaa4c8b54618b1c1e495a9363973693c22e1959719e0e1e
发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
|