docker.io/camunda/tasklist:8.6.0 linux/amd64

docker.io/camunda/tasklist:8.6.0 - Trivy安全扫描结果 扫描时间: 2026-07-13 11:28
全部漏洞信息
低危漏洞:37 中危漏洞:86 高危漏洞:77 严重漏洞:15

系统OS: alpine 3.20.3 扫描引擎: Trivy 扫描时间: 2026-07-13 11:28

docker.io/camunda/tasklist:8.6.0 (alpine 3.20.3) (alpine)
低危漏洞:26 中危漏洞:36 高危漏洞:34 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-31789 严重 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2024-12797 高危 3.3.2-r0 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

libcrypto3 CVE-2025-15467 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libcrypto3 CVE-2025-69421 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2026-28387 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28388 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28389 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28390 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libpng CVE-2025-64720 高危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64720

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:55

libpng CVE-2025-65018 高危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG heap buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65018

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:55

libpng CVE-2025-66293 高危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG out-of-bounds read in png_image_read_composite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66293

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-12-03 21:15 修改: 2026-06-17 09:56

libpng CVE-2026-22695 高危 1.6.44-r0 1.6.54-r0 libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22695

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-01-12 23:15 修改: 2026-06-17 10:20

libpng CVE-2026-22801 高危 1.6.44-r0 1.6.54-r0 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22801

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-01-12 23:15 修改: 2026-06-17 10:20

libpng CVE-2026-25646 高危 1.6.44-r0 1.6.55-r0 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25646

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-02-10 18:16 修改: 2026-06-30 03:17

lcms2 CVE-2026-41254 高危 2.16-r0 2.19-r0 Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41254

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-04-18 07:16 修改: 2026-06-17 10:46

libssl3 CVE-2024-12797 高危 3.3.2-r0 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

libssl3 CVE-2025-15467 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-69421 高危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2026-28387 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 高危 3.3.2-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

musl CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

musl-utils CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl-utils CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

openjdk21-jre CVE-2025-23083 高危 21.0.4_p7-r0 21.0.7_p6-r0 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23083

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-01-22 02:15 修改: 2026-06-17 08:51

openjdk21-jre CVE-2025-30749 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Better Glyph drawing (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30749

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

openjdk21-jre CVE-2025-50059 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50059

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

openjdk21-jre CVE-2025-50106 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50106

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

openjdk21-jre-headless CVE-2025-23083 高危 21.0.4_p7-r0 21.0.7_p6-r0 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23083

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-01-22 02:15 修改: 2026-06-17 08:51

openjdk21-jre-headless CVE-2025-30749 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Better Glyph drawing (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30749

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

openjdk21-jre-headless CVE-2025-50059 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50059

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

openjdk21-jre-headless CVE-2025-50106 高危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50106

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:34

zlib CVE-2026-22184 高危 1.3.1-r1 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-07 21:16 修改: 2026-06-30 03:17

libssl3 CVE-2025-9231 中危 3.3.2-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-31790 中危 3.3.2-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libtasn1 CVE-2024-12133 中危 4.19.0-r2 4.20.0-r0 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-02-10 16:15 修改: 2026-06-30 03:16

libpng CVE-2026-33416 中危 1.6.44-r0 1.6.56-r0 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33416

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37

libpng CVE-2026-33636 中危 1.6.44-r0 1.6.56-r0 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33636

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37

musl CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

libpng CVE-2026-34757 中危 1.6.44-r0 1.6.57-r0 libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34757

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-04-09 15:16 修改: 2026-06-17 10:39

busybox-binsh CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

musl-utils CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

busybox CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

libcrypto3 CVE-2025-69419 中危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9230 中危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2025-9231 中危 3.3.2-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

openjdk21-jre CVE-2024-21208 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: HTTP client improper handling of maxHeaderSize (8328286)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21208

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre CVE-2024-21210 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Array indexing integer overflow (8328544)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21210

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre CVE-2024-21235 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Integer conversion error leads to incorrect range check (8332644)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21235

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre CVE-2025-21502 中危 21.0.4_p7-r0 21.0.6_p7-r0 openjdk: Enhance array handling (Oracle CPU 2025-01)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21502

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-01-21 21:15 修改: 2026-06-17 08:43

openjdk21-jre CVE-2025-21587 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Better TLS connection support (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21587

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-04-15 21:15 修改: 2026-06-17 08:43

openjdk21-jre CVE-2025-30691 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Improve compiler transformations (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30691

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre CVE-2025-30698 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30698

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre CVE-2025-30754 中危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30754

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

libcrypto3 CVE-2026-31790 中危 3.3.2-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libpng CVE-2025-64505 中危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG heap buffer overflow via malformed palette index

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64505

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:54

libpng CVE-2025-64506 中危 1.6.44-r0 1.6.53-r0 libpng: LIBPNG heap buffer over-read

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64506

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:54

libssl3 CVE-2025-69419 中危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openjdk21-jre-headless CVE-2024-21208 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: HTTP client improper handling of maxHeaderSize (8328286)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21208

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre-headless CVE-2024-21210 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Array indexing integer overflow (8328544)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21210

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre-headless CVE-2024-21235 中危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Integer conversion error leads to incorrect range check (8332644)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21235

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

openjdk21-jre-headless CVE-2025-21502 中危 21.0.4_p7-r0 21.0.6_p7-r0 openjdk: Enhance array handling (Oracle CPU 2025-01)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21502

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-01-21 21:15 修改: 2026-06-17 08:43

openjdk21-jre-headless CVE-2025-21587 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Better TLS connection support (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21587

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-04-15 21:15 修改: 2026-06-17 08:43

openjdk21-jre-headless CVE-2025-30691 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Improve compiler transformations (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30691

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre-headless CVE-2025-30698 中危 21.0.4_p7-r0 21.0.7_p6-r0 openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30698

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-04-15 21:15 修改: 2026-06-17 09:09

openjdk21-jre-headless CVE-2025-30754 中危 21.0.4_p7-r0 21.0.8_p9-r0 openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30754

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2025-07-15 20:15 修改: 2026-06-17 09:09

ssl_client CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

libssl3 CVE-2025-9230 中危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

zlib CVE-2026-27171 中危 1.3.1-r1 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

libcrypto3 CVE-2026-22795 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2024-13176 低危 3.3.2-r0 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libssl3 CVE-2024-9143 低危 3.3.2-r0 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libssl3 CVE-2025-15468 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libssl3 CVE-2025-66199 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libssl3 CVE-2025-68160 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libssl3 CVE-2025-69418 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-69420 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openjdk21-jre CVE-2024-21211 低危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Compiler unspecified vulnerability (CPU Oct 2024)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21211

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

libssl3 CVE-2025-9232 低危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-22795 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2026-22796 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libcrypto3 CVE-2026-22796 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libtasn1 CVE-2025-13151 低危 4.19.0-r2 4.21.0-r0 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13151

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2026-01-07 22:15 修改: 2026-06-17 08:33

busybox-binsh CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

busybox CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

libcrypto3 CVE-2024-13176 低危 3.3.2-r0 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libcrypto3 CVE-2024-9143 低危 3.3.2-r0 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2025-15468 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libcrypto3 CVE-2025-66199 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libcrypto3 CVE-2025-68160 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

openjdk21-jre-headless CVE-2024-21211 低危 21.0.4_p7-r0 21.0.5_p11-r0 JDK: Compiler unspecified vulnerability (CPU Oct 2024)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21211

镜像层: sha256:af468df6c4f32529e7a489f3a9a47e9cd13990743a66ad080774f4bbee06acdc

发布日期: 2024-10-15 20:15 修改: 2026-06-17 07:08

libcrypto3 CVE-2025-69418 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

ssl_client CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

libcrypto3 CVE-2025-69420 低危 3.3.2-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9232 低危 3.3.2-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:63ca1fbb43ae5034640e5e6cb3e083e05c290072c5366fcaa9d62435a4cced85

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

Java (jar)
低危漏洞:11 中危漏洞:50 高危漏洞:43 严重漏洞:13
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-24813 严重 10.1.30 11.0.3, 10.1.35, 9.0.99 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41293 严重 10.1.30 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43512 严重 10.1.30 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43515 严重 10.1.30 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: tomcat: Improper Authorization allows security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.bouncycastle:bcprov-jdk18on CVE-2025-14813 严重 1.78.1 1.80.2, 1.81.1, 1.84 bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14813

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:16

org.springframework.security:spring-security-web CVE-2024-38821 严重 6.3.3 5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-10-28 07:15 修改: 2026-06-17 07:41

org.springframework.security:spring-security-web CVE-2026-22732 严重 6.3.3 6.5.9, 7.0.4 Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20

org.thymeleaf:thymeleaf CVE-2026-40477 严重 3.1.2.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40477

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf CVE-2026-40478 严重 3.1.2.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40478

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf CVE-2026-41901 严重 3.1.2.RELEASE 3.1.5.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41901

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 23:16 修改: 2026-06-17 10:47

org.thymeleaf:thymeleaf-spring6 CVE-2026-40477 严重 3.1.2.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40477

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf-spring6 CVE-2026-40478 严重 3.1.2.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40478

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf-spring6 CVE-2026-41901 严重 3.1.2.RELEASE 3.1.5.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41901

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 23:16 修改: 2026-06-17 10:47

io.netty:netty-handler CVE-2026-44249 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-11 22:16 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2026-45416 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

io.netty:netty-resolver-dns CVE-2026-45674 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17

io.netty:netty-resolver-dns CVE-2026-47691 高危 4.1.113.Final 4.2.15.Final, 4.1.135.Final io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

net.minidev:json-smart CVE-2024-57699 高危 2.5.1 2.5.2 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.17.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.17.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-23 21:17 修改: 2026-07-09 13:17

commons-beanutils:commons-beanutils CVE-2025-48734 高危 1.9.4 1.11.0 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30

io.grpc:grpc-netty-shaded CVE-2025-55163 高危 1.68.0 1.75.0 netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

org.apache.tomcat.embed:tomcat-embed-core CVE-2024-50379 高危 10.1.30 11.0.2, 10.1.34, 9.0.98 tomcat: RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04

org.apache.tomcat.embed:tomcat-embed-core CVE-2024-56337 高危 10.1.30 11.0.2, 10.1.34, 9.0.98 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-12-20 16:15 修改: 2026-06-17 08:12

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48988 高危 10.1.30 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat DoS in multipart upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48989 高危 10.1.30 11.0.10, 10.1.44, 9.0.108 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-52520 高危 10.1.30 11.0.9, 10.1.43, 9.0.107 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-53506 高危 10.1.30 9.0.107, 10.1.43, 11.0.9 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55752 高危 10.1.30 11.0.11, 10.1.45, 9.0.109 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24734 高危 10.1.30 11.0.18, 10.1.52, 9.0.115 tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-02-17 19:21 修改: 2026-06-30 03:17

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24880 高危 10.1.30 9.0.116, 10.1.52, 11.0.20 Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-34483 高危 10.1.30 9.0.116, 10.1.54, 11.0.21 Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41284 高危 10.1.30 9.0.118, 10.1.55, 11.0.22 Allocation of Resources Without Limits or Throttling vulnerability in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-42498 高危 10.1.30 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43513 高危 10.1.30 9.0.118, 10.1.55, 11.0.22 tomcat-catalina: Apache Tomcat: Improper Handling of Case Sensitivity in LockOutRealm

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

io.netty:netty-codec CVE-2026-42583 高危 4.1.113.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

org.lz4:lz4-java CVE-2025-12183 高危 1.8.0 1.8.1 lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12183

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-11-28 16:15 修改: 2026-06-17 08:31

org.lz4:lz4-java CVE-2025-66566 高危 1.8.0 lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57

org.msgpack:msgpack-core CVE-2026-21452 高危 0.9.8 0.9.11 MessagePack for Java is a serializer implementation for Java. A denial ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21452

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-01-02 21:16 修改: 2026-06-17 10:18

org.postgresql:postgresql CVE-2025-49146 高危 42.7.4 42.7.7 pgjdbc: pgjdbc insecure authentication in channel binding

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49146

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-06-11 15:15 修改: 2026-06-17 09:30

org.postgresql:postgresql CVE-2026-42198 高危 42.7.4 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-29 16:16 修改: 2026-07-10 12:16

org.springframework.boot:spring-boot CVE-2025-22235 高危 3.3.4 3.3.11, 3.4.5 org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45

org.springframework.boot:spring-boot CVE-2026-40973 高危 3.3.4 4.0.6, 3.5.14 Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45

org.springframework.boot:spring-boot-starter-actuator CVE-2026-22733 高危 3.3.4 4.0.4, 3.5.12 Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22733

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework.security:spring-security-crypto CVE-2025-22228 高危 6.3.3 6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45

io.netty:netty-codec-dns CVE-2026-42579 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-33870 高危 4.1.113.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

org.springframework:spring-core CVE-2025-41249 高危 6.1.13 6.2.11 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2024-38819 高危 6.1.13 6.1.14 org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41

io.netty:netty-codec-http CVE-2026-42584 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42587 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.113.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.113.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2025-24970 高危 4.1.113.Final 4.1.118.Final io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59

io.netty:netty-codec-http CVE-2025-67735 中危 4.1.113.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58

io.netty:netty-codec-http CVE-2026-41417 中危 4.1.113.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46

io.netty:netty-codec-http CVE-2026-42580 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-42581 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-resolver-dns CVE-2026-45673 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

org.apache.tomcat.embed:tomcat-embed-core CVE-2024-52317 中危 10.1.30 9.0.96, 10.1.31, 11.0.0 tomcat: Apache Tomcat: Request/response mix-up with HTTP/2

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52317

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-11-18 12:15 修改: 2026-06-17 08:07

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-31650 中危 10.1.30 9.0.104, 10.1.40, 11.0.6 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31650

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49124 中危 10.1.30 11.0.8, 10.1.42, 9.0.106 Apache Tomcat installer for Windows has an untrusted search path vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49125 中危 10.1.30 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55668 中危 10.1.30 11.0.8, 10.1.42, 9.0.106 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55668

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-08-13 14:15 修改: 2026-06-17 09:41

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-66614 中危 10.1.30 11.0.15, 10.1.50, 9.0.113 tomcat: Client certificate verification bypass due to virtual host mapping

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-25854 中危 10.1.30 9.0.116, 10.1.53, 11.0.20 Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25

org.bouncycastle:bcpkix-jdk18on CVE-2025-8916 中危 1.78.1 1.79 org.bouncycastle: BouncyCastle denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-08-13 10:15 修改: 2026-06-17 10:07

org.bouncycastle:bcpkix-jdk18on CVE-2026-5588 中危 1.78.1 1.84 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21

io.netty:netty-transport-native-kqueue CVE-2026-45536 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

org.bouncycastle:bcprov-jdk18on CVE-2026-0636 中危 1.78.1 1.84 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:17

org.elasticsearch:elasticsearch CVE-2024-52979 中危 7.17.24 7.17.25, 8.16.0 elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52979

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-05-01 14:15 修改: 2026-06-17 08:07

org.elasticsearch:elasticsearch CVE-2024-52980 中危 7.17.24 8.15.1 Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52980

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-04-08 17:15 修改: 2026-06-17 08:07

org.elasticsearch:elasticsearch CVE-2025-37727 中危 7.17.24 8.18.8, 8.19.5, 9.0.8, 9.1.5 org.elasticsearch/elasticsearch-core: Elasticsearch Insertion of sensitive information in log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37727

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-10-10 10:15 修改: 2026-06-17 09:15

org.elasticsearch:elasticsearch CVE-2025-37731 中危 7.17.24 8.19.8, 9.1.8, 9.2.2 elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37731

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-12-15 11:15 修改: 2026-06-17 09:15

io.opentelemetry:opentelemetry-api CVE-2026-45292 中危 1.37.0 1.62.0 opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-28 17:16 修改: 2026-07-09 13:17

io.projectreactor.netty:reactor-netty-http CVE-2025-22227 中危 1.1.22 1.3.0-M5, 1.2.8 io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22227

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-07-16 10:15 修改: 2026-06-17 08:45

io.netty:netty-codec-http CVE-2026-42585 中危 4.1.113.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.17.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.23.1 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34478 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.23.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.springframework.ldap:spring-ldap-core CVE-2024-38829 中危 3.2.6 3.2.8, 2.4.4 spring-ldap: Spring LDAP sensitive data exposure for case-sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38829

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-12-04 21:15 修改: 2026-06-17 07:41

org.springframework.security:spring-security-core CVE-2024-38827 中危 6.3.3 5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 spring-security: authorization bypass for case sensitive comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-12-02 15:15 修改: 2026-06-17 07:41

io.netty:netty-codec-http CVE-2026-50020 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

org.springframework.security:spring-security-oauth2-jose CVE-2026-22748 中危 6.3.3 6.5.10, 7.0.5 Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22748

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

io.netty:netty-codec CVE-2025-58057 中危 4.1.113.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

com.nimbusds:nimbus-jose-jwt CVE-2025-53864 中危 9.41.1 10.0.2, 9.37.4 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39

org.springframework.security:spring-security-web CVE-2026-47838 中危 6.3.3 6.5.11 Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16

org.springframework:spring-context CVE-2024-38820 中危 6.1.13 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.17.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.springframework:spring-web CVE-2024-38820 中危 6.1.13 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41

org.springframework:spring-web CVE-2025-41234 中危 6.1.13 6.2.8, 6.1.21 springframework: Reflected download attack in Spring Framework with non-ASCII headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22

io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

org.springframework:spring-webmvc CVE-2025-41242 中危 6.1.13 6.2.10 org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2026-22737 中危 6.1.13 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22745 中危 6.1.13 7.0.7, 6.2.18 spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.113.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.113.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

io.netty:netty-common CVE-2024-47535 中危 4.1.113.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2025-25193 中危 4.1.113.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.17.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.17.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43514 低危 10.1.30 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.113.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2025-58056 低危 4.1.113.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43

org.springframework:spring-webmvc CVE-2026-22735 低危 6.1.13 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22741 低危 6.1.13 7.0.7, 6.2.18 Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-31651 低危 10.1.30 9.0.104, 10.1.40, 11.0.6 tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31651

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10

org.springframework:spring-context CVE-2025-22233 低危 6.1.13 6.2.7, 6.1.20 CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-46701 低危 10.1.30 9.0.105, 10.1.41, 11.0.7 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26

org.springframework.security:spring-security-core CVE-2026-22746 低危 6.3.3 6.5.10, 7.0.5 Spring Security: Spring Security: Timing attack defense bypass allows information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55754 低危 10.1.30 11.0.11, 10.1.45, 9.0.109 org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-61795 低危 10.1.30 11.0.12, 10.1.47, 9.0.110 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795

镜像层: sha256:55e64674b65a25905e67f6649c315e59739800b5b1ff5613c24bb93b96bb6d46

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×