docker.io/camunda/optimize:8.6.0 linux/amd64

docker.io/camunda/optimize:8.6.0 - Trivy安全扫描结果 扫描时间: 2026-07-13 11:37
全部漏洞信息
低危漏洞:58 中危漏洞:114 高危漏洞:90 严重漏洞:8

系统OS: alpine 3.20.3 扫描引擎: Trivy 扫描时间: 2026-07-13 11:37

docker.io/camunda/optimize:8.6.0 (alpine 3.20.3) (alpine)
低危漏洞:36 中危漏洞:46 高危漏洞:34 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-31789 严重 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2024-12797 高危 3.3.2-r0 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

libcrypto3 CVE-2025-15467 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libcrypto3 CVE-2025-69421 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2026-28387 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28388 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28389 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28390 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libpng CVE-2025-64720 高危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64720

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:55

libpng CVE-2025-65018 高危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG heap buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65018

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:55

libpng CVE-2025-66293 高危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG out-of-bounds read in png_image_read_composite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66293

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-12-03 21:15 修改: 2026-06-17 09:56

libpng CVE-2026-22695 高危 1.6.44-r0 1.6.54-r0 libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22695

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-01-12 23:15 修改: 2026-06-17 10:20

libpng CVE-2026-22801 高危 1.6.44-r0 1.6.54-r0 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22801

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-01-12 23:15 修改: 2026-06-17 10:20

libpng CVE-2026-25646 高危 1.6.44-r0 1.6.55-r0 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25646

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-02-10 18:16 修改: 2026-06-30 03:17

lcms2 CVE-2026-41254 高危 2.16-r0 2.19-r0 Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41254

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-04-18 07:16 修改: 2026-06-17 10:46

libssl3 CVE-2024-12797 高危 3.3.2-r0 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

libssl3 CVE-2025-15467 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-69421 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2026-28387 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

musl CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

musl-utils CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl-utils CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

openjdk21-jre CVE-2025-23083 高危 21.0.4_p7-r0 21.0.7_p6-r0 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23083

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-01-22 02:15 修改: 2026-06-17 08:51

openjdk21-jre CVE-2025-30749 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Better Glyph drawing (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30749

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

openjdk21-jre CVE-2025-50059 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50059

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

openjdk21-jre CVE-2025-50106 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50106

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

openjdk21-jre-headless CVE-2025-23083 高危 21.0.4_p7-r0 21.0.7_p6-r0 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23083

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-01-22 02:15 修改: 2026-06-17 08:51

openjdk21-jre-headless CVE-2025-30749 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Better Glyph drawing (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30749

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

openjdk21-jre-headless CVE-2025-50059 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50059

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

openjdk21-jre-headless CVE-2025-50106 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50106

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

zlib CVE-2026-22184 高危 1.3.1-r1 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-07 21:16 修改: 2026-06-30 03:17

busybox-binsh CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

libcrypto3 CVE-2025-69419 中危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9230 中危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2025-9231 中危 3.3.2-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2026-31790 中危 3.3.2-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcurl CVE-2024-9681 中危 8.10.1-r0 8.11.0-r0 curl: HSTS subdomain overwrites parent cache entry

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-11-06 08:15 修改: 2026-06-17 08:25

libcurl CVE-2025-4947 中危 8.10.1-r0 8.14.0-r0 libcurl: curl: QUIC certificate check skip with wolfSSL

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4947

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:34

libcurl CVE-2025-5025 中危 8.10.1-r0 8.14.0-r0 curl: libcurl: QUIC Certificate Pinning Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5025

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:47

libssl3 CVE-2025-69419 中危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-9230 中危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2025-9231 中危 3.3.2-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-31790 中危 3.3.2-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libtasn1 CVE-2024-12133 中危 4.19.0-r2 4.20.0-r0 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-02-10 16:15 修改: 2026-06-30 03:16

libcurl CVE-2025-5399 中危 8.10.1-r0 8.14.1-r0 curl: libcurl: WebSocket endless loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5399

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-06-07 08:15 修改: 2026-06-17 09:47

libcurl CVE-2025-9086 中危 8.10.1-r0 8.14.1-r2 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-09-12 06:15 修改: 2026-06-17 10:08

musl CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

curl CVE-2024-9681 中危 8.10.1-r0 8.11.0-r0 curl: HSTS subdomain overwrites parent cache entry

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-11-06 08:15 修改: 2026-06-17 08:25

curl CVE-2025-4947 中危 8.10.1-r0 8.14.0-r0 libcurl: curl: QUIC certificate check skip with wolfSSL

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4947

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:34

musl-utils CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

curl CVE-2025-5025 中危 8.10.1-r0 8.14.0-r0 curl: libcurl: QUIC Certificate Pinning Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5025

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:47

curl CVE-2025-5399 中危 8.10.1-r0 8.14.1-r0 curl: libcurl: WebSocket endless loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5399

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-06-07 08:15 修改: 2026-06-17 09:47

curl CVE-2025-9086 中危 8.10.1-r0 8.14.1-r2 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-09-12 06:15 修改: 2026-06-17 10:08

busybox CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

openjdk21-jre CVE-2024-21208 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: HTTP client improper handling of maxHeaderSize (8328286)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21208

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre CVE-2024-21210 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Array indexing integer overflow (8328544)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21210

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre CVE-2024-21235 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Integer conversion error leads to incorrect range check (8332644)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21235

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre CVE-2025-21502 中危 21.0.4_p7-r0 21.0.6_p7-r0 openjdk: Enhance array handling (Oracle CPU 2025-01)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21502

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-01-21 21:15 修改: 2026-06-17 08:43

openjdk21-jre CVE-2025-21587 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Better TLS connection support (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21587

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-04-15 21:15 修改: 2026-06-17 08:43

openjdk21-jre CVE-2025-30691 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Improve compiler transformations (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30691

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre CVE-2025-30698 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30698

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre CVE-2025-30754 中危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30754

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

libpng CVE-2025-64505 中危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG heap buffer overflow via malformed palette index

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64505

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:54

libpng CVE-2025-64506 中危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG heap buffer over-read

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64506

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:54

libpng CVE-2026-33416 中危 1.6.44-r0 1.6.56-r0 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33416

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37

libpng CVE-2026-33636 中危 1.6.44-r0 1.6.56-r0 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33636

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37

openjdk21-jre-headless CVE-2024-21208 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: HTTP client improper handling of maxHeaderSize (8328286)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21208

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre-headless CVE-2024-21210 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Array indexing integer overflow (8328544)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21210

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre-headless CVE-2024-21235 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Integer conversion error leads to incorrect range check (8332644)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21235

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre-headless CVE-2025-21502 中危 21.0.4_p7-r0 21.0.6_p7-r0 openjdk: Enhance array handling (Oracle CPU 2025-01)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21502

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-01-21 21:15 修改: 2026-06-17 08:43

openjdk21-jre-headless CVE-2025-21587 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Better TLS connection support (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21587

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-04-15 21:15 修改: 2026-06-17 08:43

openjdk21-jre-headless CVE-2025-30691 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Improve compiler transformations (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30691

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre-headless CVE-2025-30698 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30698

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre-headless CVE-2025-30754 中危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30754

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

ssl_client CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

libpng CVE-2026-34757 中危 1.6.44-r0 1.6.57-r0 libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34757

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-04-09 15:16 修改: 2026-06-17 10:39

zlib CVE-2026-27171 中危 1.3.1-r1 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

libcrypto3 CVE-2024-13176 低危 3.3.2-r0 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libcrypto3 CVE-2024-9143 低危 3.3.2-r0 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2025-15468 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libcrypto3 CVE-2025-66199 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libcrypto3 CVE-2025-68160 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libcrypto3 CVE-2025-69418 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-69420 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9232 低危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2026-22795 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libcrypto3 CVE-2026-22796 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

curl CVE-2025-10148 低危 8.10.1-r0 8.14.1-r2 curl: predictable WebSocket mask

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27

busybox-binsh CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

busybox CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

curl CVE-2024-11053 低危 8.10.1-r0 8.11.1-r0 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

curl CVE-2025-0167 低危 8.10.1-r0 8.12.0-r0 When asked to use a `.netrc` file for credentials **and** to follow HT ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25

libcurl CVE-2024-11053 低危 8.10.1-r0 8.11.1-r0 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

libcurl CVE-2025-0167 低危 8.10.1-r0 8.12.0-r0 When asked to use a `.netrc` file for credentials **and** to follow HT ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25

libcurl CVE-2025-0665 低危 8.10.1-r0 8.12.0-r0 libcurl: Double Close of Eventfd in libcurl

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0665

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:26

openjdk21-jre CVE-2024-21211 低危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Compiler unspecified vulnerability (CPU Oct 2024)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21211

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

libcurl CVE-2025-0725 低危 8.10.1-r0 8.12.0-r0 libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0725

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:27

libcurl CVE-2025-10148 低危 8.10.1-r0 8.14.1-r2 curl: predictable WebSocket mask

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27

curl CVE-2025-0665 低危 8.10.1-r0 8.12.0-r0 libcurl: Double Close of Eventfd in libcurl

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0665

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:26

libssl3 CVE-2024-13176 低危 3.3.2-r0 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libssl3 CVE-2024-9143 低危 3.3.2-r0 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libssl3 CVE-2025-15468 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libssl3 CVE-2025-66199 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libssl3 CVE-2025-68160 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libssl3 CVE-2025-69418 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-69420 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-9232 低危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-22795 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

openjdk21-jre-headless CVE-2024-21211 低危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Compiler unspecified vulnerability (CPU Oct 2024)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21211

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

libssl3 CVE-2026-22796 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

ssl_client CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

curl CVE-2025-0725 低危 8.10.1-r0 8.12.0-r0 libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0725

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:27

libtasn1 CVE-2025-13151 低危 4.19.0-r2 4.21.0-r0 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13151

镜像层: sha256:2842f0a9915a5d63738e7754d4e6d267a8a3700d29638b329c7d281d9845f8df

发布日期: 2026-01-07 22:15 修改: 2026-06-17 08:33

Java (jar)
低危漏洞:22 中危漏洞:68 高危漏洞:56 严重漏洞:6
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.tika:tika-core CVE-2025-66516 严重 2.9.2 3.2.2 tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56

org.apache.tika:tika-core CVE-2025-66516 严重 2.9.2 3.2.2 tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56

org.springframework.security:spring-security-web CVE-2024-38821 严重 6.3.3 5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-10-28 07:15 修改: 2026-06-17 07:41

org.springframework.security:spring-security-web CVE-2024-38821 严重 6.3.3 5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-10-28 07:15 修改: 2026-06-17 07:41

org.springframework.security:spring-security-web CVE-2026-22732 严重 6.3.3 6.5.9, 7.0.4 Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20

org.springframework.security:spring-security-web CVE-2026-22732 严重 6.3.3 6.5.9, 7.0.4 Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20

commons-beanutils:commons-beanutils CVE-2025-48734 高危 1.9.4 1.11.0 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30

commons-beanutils:commons-beanutils CVE-2025-48734 高危 1.9.4 1.11.0 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30

io.netty:netty-codec CVE-2026-42583 高危 4.1.113.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec CVE-2026-42583 高危 4.1.113.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-33870 高危 4.1.113.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http CVE-2026-33870 高危 4.1.113.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http CVE-2026-42584 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42584 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42587 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42587 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.113.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.113.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.113.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.113.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2025-24970 高危 4.1.113.Final 4.1.118.Final io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59

io.netty:netty-handler CVE-2025-24970 高危 4.1.113.Final 4.1.118.Final io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59

io.netty:netty-handler CVE-2026-44249 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-11 22:16 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2026-44249 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-11 22:16 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2026-45416 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17

io.netty:netty-handler CVE-2026-45416 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

net.minidev:json-smart CVE-2024-57699 高危 2.5.1 2.5.2 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13

net.minidev:json-smart CVE-2024-57699 高危 2.5.1 2.5.2 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.17.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.17.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

org.eclipse.jetty.http2:jetty-http2-common CVE-2025-1948 高危 12.0.13 12.0.17 jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1948

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-05-08 18:15 修改: 2026-06-17 08:40

org.eclipse.jetty.http2:jetty-http2-common CVE-2025-1948 高危 12.0.13 12.0.17 jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1948

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-05-08 18:15 修改: 2026-06-17 08:40

org.eclipse.jetty.http2:jetty-http2-common CVE-2025-5115 高危 12.0.13 12.0.25, 12.1.0.beta3 jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47

org.eclipse.jetty.http2:jetty-http2-common CVE-2025-5115 高危 12.0.13 12.0.25, 12.1.0.beta3 jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 12.0.13 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 12.0.13 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

org.eclipse.jetty:jetty-server CVE-2026-1605 高危 12.0.13 12.1.6, 12.0.32 org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1605

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-05 10:15 修改: 2026-06-30 03:17

org.eclipse.jetty:jetty-server CVE-2026-1605 高危 12.0.13 12.1.6, 12.0.32 org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1605

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-05 10:15 修改: 2026-06-30 03:17

org.postgresql:postgresql CVE-2025-49146 高危 42.7.4 42.7.7 pgjdbc: pgjdbc insecure authentication in channel binding

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49146

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-06-11 15:15 修改: 2026-06-17 09:30

org.postgresql:postgresql CVE-2025-49146 高危 42.7.4 42.7.7 pgjdbc: pgjdbc insecure authentication in channel binding

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49146

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-06-11 15:15 修改: 2026-06-17 09:30

org.postgresql:postgresql CVE-2026-42198 高危 42.7.4 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-29 16:16 修改: 2026-07-10 12:16

org.postgresql:postgresql CVE-2026-42198 高危 42.7.4 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-29 16:16 修改: 2026-07-10 12:16

org.springframework.boot:spring-boot CVE-2025-22235 高危 3.3.4 3.3.11, 3.4.5 org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45

org.springframework.boot:spring-boot CVE-2025-22235 高危 3.3.4 3.3.11, 3.4.5 org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45

org.springframework.boot:spring-boot CVE-2026-40973 高危 3.3.4 4.0.6, 3.5.14 Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45

org.springframework.boot:spring-boot CVE-2026-40973 高危 3.3.4 4.0.6, 3.5.14 Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45

org.springframework.boot:spring-boot-starter-actuator CVE-2026-22733 高危 3.3.4 4.0.4, 3.5.12 Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22733

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework.boot:spring-boot-starter-actuator CVE-2026-22733 高危 3.3.4 4.0.4, 3.5.12 Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22733

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework.security:spring-security-crypto CVE-2025-22228 高危 6.3.3 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45

org.springframework.security:spring-security-crypto CVE-2025-22228 高危 6.3.3 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.17.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-23 21:17 修改: 2026-07-09 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.17.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-23 21:17 修改: 2026-07-09 13:17

com.mchange:mchange-commons-java CVE-2026-27727 高危 0.2.15 0.4.0 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17

com.mchange:mchange-commons-java CVE-2026-27727 高危 0.2.15 0.4.0 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17

org.springframework:spring-core CVE-2025-41249 高危 6.1.13 6.2.11 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22

org.springframework:spring-core CVE-2025-41249 高危 6.1.13 6.2.11 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2024-38819 高危 6.1.13 6.1.14 org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41

org.springframework:spring-webmvc CVE-2024-38819 高危 6.1.13 6.1.14 org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.17.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.17.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.17.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.17.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

io.opentelemetry:opentelemetry-api CVE-2026-45292 中危 1.37.0 1.62.0 opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-28 17:16 修改: 2026-07-09 13:17

io.opentelemetry:opentelemetry-api CVE-2026-45292 中危 1.37.0 1.62.0 opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-28 17:16 修改: 2026-07-09 13:17

io.netty:netty-codec-http CVE-2025-67735 中危 4.1.113.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58

io.netty:netty-codec-http CVE-2025-67735 中危 4.1.113.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58

org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.14.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.14.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.23.1 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58

org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.23.1 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34478 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34478 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

io.netty:netty-codec-http CVE-2026-41417 中危 4.1.113.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46

io.netty:netty-codec-http CVE-2026-41417 中危 4.1.113.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46

org.eclipse.angus:smtp CVE-2025-7962 中危 2.0.3 2.0.4 com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16

org.eclipse.angus:smtp CVE-2025-7962 中危 2.0.3 2.0.4 com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16

io.netty:netty-codec-http CVE-2026-42580 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-42580 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-42581 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42581 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42585 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-42585 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-50020 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

io.netty:netty-codec-http CVE-2026-50020 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

com.nimbusds:nimbus-jose-jwt CVE-2025-53864 中危 9.41.1 10.0.2, 9.37.4 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39

com.nimbusds:nimbus-jose-jwt CVE-2025-53864 中危 9.41.1 10.0.2, 9.37.4 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39

ch.qos.logback:logback-core CVE-2024-12798 中危 1.5.8 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00

ch.qos.logback:logback-core CVE-2024-12798 中危 1.5.8 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00

ch.qos.logback:logback-core CVE-2025-11226 中危 1.5.8 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16

ch.qos.logback:logback-core CVE-2025-11226 中危 1.5.8 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16

io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.113.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.113.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

org.springframework.security:spring-security-core CVE-2024-38827 中危 6.3.3 5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 spring-security: authorization bypass for case sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-12-02 15:15 修改: 2026-06-17 07:41

org.springframework.security:spring-security-core CVE-2024-38827 中危 6.3.3 5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 spring-security: authorization bypass for case sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-12-02 15:15 修改: 2026-06-17 07:41

io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

org.springframework.security:spring-security-oauth2-jose CVE-2026-22748 中危 6.3.3 6.5.10, 7.0.5 Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22748

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

org.springframework.security:spring-security-oauth2-jose CVE-2026-22748 中危 6.3.3 6.5.10, 7.0.5 Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22748

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

io.netty:netty-common CVE-2024-47535 中危 4.1.113.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2024-47535 中危 4.1.113.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2025-25193 中危 4.1.113.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

io.netty:netty-common CVE-2025-25193 中危 4.1.113.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

org.springframework.security:spring-security-web CVE-2026-47838 中危 6.3.3 6.5.11 Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16

org.springframework.security:spring-security-web CVE-2026-47838 中危 6.3.3 6.5.11 Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16

org.springframework:spring-context CVE-2024-38820 中危 6.1.13 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

org.springframework:spring-context CVE-2024-38820 中危 6.1.13 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

io.netty:netty-codec CVE-2025-58057 中危 4.1.113.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

io.netty:netty-codec CVE-2025-58057 中危 4.1.113.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

org.springframework:spring-web CVE-2024-38820 中危 6.1.13 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

org.springframework:spring-web CVE-2024-38820 中危 6.1.13 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

org.springframework:spring-web CVE-2025-41234 中危 6.1.13 6.2.8, 6.1.21 springframework: Reflected download attack in Spring Framework with non-ASCII headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22

org.springframework:spring-web CVE-2025-41234 中危 6.1.13 6.2.8, 6.1.21 springframework: Reflected download attack in Spring Framework with non-ASCII headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.17.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.17.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

org.springframework:spring-webmvc CVE-2025-41242 中危 6.1.13 6.2.10 org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2025-41242 中危 6.1.13 6.2.10 org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2026-22737 中危 6.1.13 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22737 中危 6.1.13 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22745 中危 6.1.13 7.0.7, 6.2.18 spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22745 中危 6.1.13 7.0.7, 6.2.18 spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.113.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.113.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

org.springframework:spring-context CVE-2025-22233 低危 6.1.13 6.2.7, 6.1.20 CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45

org.springframework:spring-context CVE-2025-22233 低危 6.1.13 6.2.7, 6.1.20 CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 12.0.13 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 12.0.13 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

org.springframework.security:spring-security-core CVE-2026-22746 低危 6.3.3 6.5.10, 7.0.5 Spring Security: Spring Security: Timing attack defense bypass allows information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

org.springframework.security:spring-security-core CVE-2026-22746 低危 6.3.3 6.5.10, 7.0.5 Spring Security: Spring Security: Timing attack defense bypass allows information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

ch.qos.logback:logback-core CVE-2026-10532 低危 1.5.8 1.5.35 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12

ch.qos.logback:logback-core CVE-2026-10532 低危 1.5.8 1.5.35 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12

ch.qos.logback:logback-core CVE-2026-1225 低危 1.5.8 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15

ch.qos.logback:logback-core CVE-2026-1225 低危 1.5.8 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15

io.netty:netty-codec-http CVE-2025-58056 低危 4.1.113.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43

io.netty:netty-codec-http CVE-2025-58056 低危 4.1.113.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43

ch.qos.logback:logback-core CVE-2026-9828 低危 1.5.8 1.5.33 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05

ch.qos.logback:logback-core CVE-2026-9828 低危 1.5.8 1.5.33 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05

ch.qos.logback:logback-core CVE-2024-12801 低危 1.5.8 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00

ch.qos.logback:logback-core CVE-2024-12801 低危 1.5.8 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00

org.springframework:spring-webmvc CVE-2026-22735 低危 6.1.13 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22735 低危 6.1.13 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22741 低危 6.1.13 7.0.7, 6.2.18 Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741

镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22741 低危 6.1.13 7.0.7, 6.2.18 Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741

镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×