| com.h2database:h2 |
CVE-2021-42392 |
严重 |
1.4.200 |
2.0.206 |
h2: Remote Code Execution in Console
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42392
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-01-10 14:10 修改: 2024-11-21 06:27
|
| com.h2database:h2 |
CVE-2022-23221 |
严重 |
1.4.200 |
2.1.210 |
h2: Loading of custom classes from remote servers through JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23221
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-01-19 17:15 修改: 2025-05-05 17:17
|
| commons-collections:commons-collections |
CVE-2015-7501 |
严重 |
3.2.1 |
3.2.2 |
apache-commons-collections: InvokerTransformer code execution during deserialisation
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-7501
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2017-11-09 17:29 修改: 2025-04-20 01:37
|
| commons-fileupload:commons-fileupload |
CVE-2016-1000031 |
严重 |
1.3.1 |
1.3.3 |
FileUpload: DiskFileItem file manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000031
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2016-10-25 14:29 修改: 2026-05-06 22:30
|
| io.undertow:undertow-core |
CVE-2022-4492 |
严重 |
2.2.2.Final |
2.3.5.Final, 2.2.24.Final |
undertow: Server identity in https connection is not checked by the undertow client
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4492
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-02-23 20:15 修改: 2025-03-12 15:15
|
| io.undertow:undertow-core |
CVE-2025-12543 |
严重 |
2.2.2.Final |
2.3.21.Final, 2.2.39.Final |
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12543
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-01-07 17:15 修改: 2026-03-18 16:16
|
| org.apache.bcel:bcel |
CVE-2022-42920 |
严重 |
5.2 |
6.6.0 |
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42920
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-11-07 13:15 修改: 2024-11-21 07:25
|
| org.apache.commons:commons-collections4 |
CVE-2015-7501 |
严重 |
4.0 |
4.1 |
apache-commons-collections: InvokerTransformer code execution during deserialisation
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-7501
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2017-11-09 17:29 修改: 2025-04-20 01:37
|
| org.apache.flex.blazeds:flex-messaging-core |
CVE-2017-5641 |
严重 |
4.7.2 |
4.7.3 |
Apache Flex BlazeDS unsafe deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-5641
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2017-12-28 15:29 修改: 2026-05-13 00:24
|
| org.apache.logging.log4j:log4j-core |
CVE-2021-44228 |
严重 |
2.13.3 |
2.15.0, 2.3.1, 2.12.2 |
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44228
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-12-10 10:15 修改: 2026-02-20 16:15
|
| org.apache.logging.log4j:log4j-core |
CVE-2021-45046 |
严重 |
2.13.3 |
2.16.0, 2.12.2 |
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45046
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-12-14 19:15 修改: 2025-10-27 17:35
|
| org.apache.mina:mina-core |
CVE-2024-52046 |
严重 |
2.0.16 |
2.2.4, 2.1.10, 2.0.27 |
mina-core: Apache MINA: applications using unbounded deserialization may allow RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52046
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-25 10:15 修改: 2025-02-12 10:15
|
| org.apache.mina:mina-core |
CVE-2026-41409 |
严重 |
2.0.16 |
2.0.28, 2.1.11, 2.2.6 |
Apache MINA: Apache MINA: Arbitrary code execution via incomplete deserialization fix
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41409
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-27 10:16 修改: 2026-04-29 19:08
|
| org.apache.mina:mina-core |
CVE-2026-41635 |
严重 |
2.0.16 |
2.0.28, 2.1.11, 2.2.6 |
Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41635
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-27 09:16 修改: 2026-04-29 19:08
|
| org.apache.shiro:shiro-core |
CVE-2021-41303 |
严重 |
1.7.1 |
1.8.0 |
shiro: specially crafted HTTP request may cause an authentication bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41303
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-09-17 09:15 修改: 2024-11-21 06:26
|
| org.apache.shiro:shiro-core |
CVE-2022-32532 |
严重 |
1.7.1 |
1.9.1 |
shiro: authorization bypass due to possible misconfigured
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32532
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-06-29 00:15 修改: 2024-11-21 07:06
|
| org.apache.shiro:shiro-core |
CVE-2022-40664 |
严重 |
1.7.1 |
1.10.0 |
shiro: Authentication Bypass Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40664
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-10-12 07:15 修改: 2025-05-15 15:16
|
| org.apache.shiro:shiro-web |
CVE-2023-34478 |
严重 |
1.7.1 |
1.12.0, 2.0.0-alpha-3 |
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34478
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-07-24 19:15 修改: 2025-02-13 17:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-24813 |
严重 |
9.0.46 |
11.0.3, 10.1.35, 9.0.99 |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-03-10 17:15 修改: 2025-10-23 14:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41293 |
严重 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:57
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43512 |
严重 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:54
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43515 |
严重 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Improper Authorization vulnerability when multiple method constraints ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:52
|
| org.apache.tomcat:tomcat-catalina |
CVE-2024-52316 |
严重 |
9.0.46 |
9.0.96, 10.1.30, 11.0.1 |
tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52316
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-11-18 12:15 修改: 2025-11-07 16:15
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-24813 |
严重 |
9.0.46 |
11.0.3, 10.1.35, 9.0.99 |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-03-10 17:15 修改: 2025-10-23 14:49
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-41293 |
严重 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:57
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43512 |
严重 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:54
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43515 |
严重 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Improper Authorization vulnerability when multiple method constraints ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:52
|
| org.clojure:clojure |
CVE-2017-20189 |
严重 |
1.8.0 |
1.9.0 |
In Clojure before 1.9.0, classes can be used to construct a serialized ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-20189
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-01-22 06:15 修改: 2025-11-03 22:15
|
| org.codehaus.groovy:groovy |
CVE-2015-3253 |
严重 |
2.4.3 |
2.4.4 |
groovy: remote execution of untrusted code in class MethodClosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-3253
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2015-08-13 14:59 修改: 2026-05-06 22:30
|
| org.codehaus.groovy:groovy |
CVE-2016-6814 |
严重 |
2.4.3 |
2.4.8 |
Groovy: Remote code execution via deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-6814
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-01-18 18:29 修改: 2024-11-21 02:56
|
| org.postgresql:postgresql |
CVE-2024-1597 |
严重 |
42.2.20 |
42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 |
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-02-19 13:15 修改: 2025-11-03 22:16
|
| org.python:jython-standalone |
CVE-2016-4000 |
严重 |
2.5.2 |
2.7.1 |
jython: Unsafe deserialization leads to code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-4000
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2017-07-06 16:29 修改: 2026-05-13 00:24
|
| org.springframework.boot:spring-boot-starter-web |
CVE-2022-22965 |
严重 |
2.3.12.RELEASE |
2.5.12, 2.6.6 |
spring-framework: RCE via Data Binding on JDK 9+
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22965
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-04-01 23:15 修改: 2025-10-30 19:56
|
| org.springframework.security:spring-security-core |
CVE-2022-22978 |
严重 |
5.3.9.RELEASE |
5.5.7, 5.6.4, 5.4.11 |
springframework: Authorization Bypass in RegexRequestMatcher
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22978
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-19 15:15 修改: 2024-11-21 06:47
|
| org.springframework.security:spring-security-web |
CVE-2022-22978 |
严重 |
5.3.9.RELEASE |
5.5.7, 5.6.4, 5.4.11 |
springframework: Authorization Bypass in RegexRequestMatcher
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22978
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-19 15:15 修改: 2024-11-21 06:47
|
| org.springframework.security:spring-security-web |
CVE-2024-38821 |
严重 |
5.3.9.RELEASE |
5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 |
Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-10-28 07:15 修改: 2026-04-15 00:35
|
| org.springframework.security:spring-security-web |
CVE-2026-22732 |
严重 |
5.3.9.RELEASE |
6.5.9, 7.0.4 |
Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-03-19 23:16 修改: 2026-04-16 04:29
|
| org.springframework:spring-beans |
CVE-2022-22965 |
严重 |
5.2.15.RELEASE |
5.2.20.RELEASE, 5.3.18 |
spring-framework: RCE via Data Binding on JDK 9+
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22965
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-04-01 23:15 修改: 2025-10-30 19:56
|
| org.springframework:spring-web |
CVE-2016-1000027 |
严重 |
5.2.15.RELEASE |
6.0.0 |
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000027
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2020-01-02 23:15 修改: 2024-11-21 02:42
|
| org.springframework:spring-webflux |
CVE-2022-22965 |
严重 |
5.2.15.RELEASE |
5.2.20.RELEASE, 5.3.18 |
spring-framework: RCE via Data Binding on JDK 9+
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22965
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-04-01 23:15 修改: 2025-10-30 19:56
|
| org.springframework:spring-webmvc |
CVE-2022-22965 |
严重 |
5.2.15.RELEASE |
5.2.20.RELEASE, 5.3.18 |
spring-framework: RCE via Data Binding on JDK 9+
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22965
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-04-01 23:15 修改: 2025-10-30 19:56
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.4 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-10-03 12:15 修改: 2025-07-10 21:10
|
| io.netty:netty-codec |
CVE-2021-37136 |
高危 |
4.1.65.Final |
4.1.68.Final |
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-10-19 15:15 修改: 2024-11-21 06:14
|
| io.netty:netty-codec |
CVE-2021-37137 |
高危 |
4.1.65.Final |
4.1.68.Final |
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-10-19 15:15 修改: 2024-11-21 06:14
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.65.Final |
4.1.133.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:22
|
| io.netty:netty-codec-dns |
CVE-2026-42579 |
高危 |
4.1.65.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 17:16
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.65.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-03-27 20:16 修改: 2026-03-30 20:12
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.65.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:15
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.65.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:20
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.65.Final |
4.2.15.Final, 4.1.135.Final |
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.65.Final |
4.2.15.Final, 4.1.135.Final |
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| io.netty:netty-resolver-dns |
CVE-2026-45674 |
高危 |
4.1.65.Final |
4.2.15.Final, 4.1.135.Final |
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| io.netty:netty-resolver-dns |
CVE-2026-47691 |
高危 |
4.1.65.Final |
4.2.15.Final, 4.1.135.Final |
Netty has Insufficient Bailiwick Validation for NS Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.11.4 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-03-11 07:15 修改: 2025-08-27 21:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2021-46877 |
高危 |
2.11.4 |
2.12.6, 2.13.1 |
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46877
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-03-18 22:15 修改: 2025-02-26 19:15
|
| io.undertow:undertow-core |
CVE-2021-3629 |
高危 |
2.2.2.Final |
2.0.40.Final, 2.2.11.Final |
undertow: potential security issue in flow control over HTTP/2 may lead to DOS
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3629
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-24 19:15 修改: 2024-11-21 06:22
|
| io.undertow:undertow-core |
CVE-2021-3690 |
高危 |
2.2.2.Final |
2.0.40, 2.2.10 |
undertow: buffer leak on incoming websocket PONG message may lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3690
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-08-23 16:15 修改: 2024-11-21 06:22
|
| io.undertow:undertow-core |
CVE-2021-3859 |
高危 |
2.2.2.Final |
2.2.15 |
undertow: client side invocation timeout raised when calling over HTTP2
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3859
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-08-26 16:15 修改: 2024-11-21 06:22
|
| io.undertow:undertow-core |
CVE-2022-2053 |
高危 |
2.2.2.Final |
2.2.19.Final, 2.3.0.Alpha2 |
undertow: Large AJP request may cause DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2053
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-08-05 16:15 修改: 2024-11-21 07:00
|
| io.undertow:undertow-core |
CVE-2023-1108 |
高危 |
2.2.2.Final |
2.3.5.Final, 2.2.24.Final |
Undertow: Infinite loop in SslConduit during close
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1108
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-09-14 15:15 修改: 2024-11-21 07:38
|
| io.undertow:undertow-core |
CVE-2023-4639 |
高危 |
2.2.2.Final |
2.3.11.Final, 2.2.30.Final |
undertow: Cookie Smuggling/Spoofing
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4639
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-11-17 11:15 修改: 2026-04-15 00:35
|
| io.undertow:undertow-core |
CVE-2024-1635 |
高危 |
2.2.2.Final |
2.3.12.Final, 2.2.31.Final |
undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1635
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-02-19 22:15 修改: 2025-06-25 01:15
|
| io.undertow:undertow-core |
CVE-2024-3884 |
高危 |
2.2.2.Final |
2.2.39.Final, 2.4.0.Beta1, 2.3.21.Final |
undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3884
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-12-03 19:15 修改: 2026-04-15 00:35
|
| io.undertow:undertow-core |
CVE-2024-4027 |
高危 |
2.2.2.Final |
2.2.39.Final, 2.4.0.Beta1, 2.3.21.Final |
undertow: OutOfMemoryError in HttpServletRequestImpl.getParameterNames() can cause remote DoS attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4027
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-01-30 15:16 修改: 2026-04-15 00:35
|
| io.undertow:undertow-core |
CVE-2024-5971 |
高危 |
2.2.2.Final |
2.3.15.Final, 2.2.34.Final |
undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5971
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-07-08 21:15 修改: 2026-04-15 00:35
|
| io.undertow:undertow-core |
CVE-2024-6162 |
高危 |
2.2.2.Final |
2.3.14.Final, 2.2.33.Final |
undertow: url-encoded request path information can be broken on ajp-listener
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6162
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-06-20 15:15 修改: 2026-04-15 00:35
|
| io.undertow:undertow-core |
CVE-2024-7885 |
高危 |
2.2.2.Final |
2.2.36.Final, 2.3.17.Final |
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7885
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-08-21 14:15 修改: 2026-01-19 04:15
|
| io.undertow:undertow-core |
CVE-2025-9784 |
高危 |
2.2.2.Final |
2.2.38.Final, 2.3.20.Final |
undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9784
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-09-02 14:15 修改: 2026-03-18 16:16
|
| mysql:mysql-connector-java |
CVE-2023-22102 |
高危 |
8.0.25 |
|
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-10-17 22:15 修改: 2025-03-06 17:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.11.4 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-10-02 05:15 修改: 2024-11-21 07:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.11.4 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-10-02 05:15 修改: 2024-11-21 07:24
|
| org.apache.commons:commons-collections4 |
CVE-2015-6420 |
高危 |
4.0 |
4.1 |
Insecure Deserialization in Apache Commons Collection
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6420
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2015-12-15 05:59 修改: 2026-02-24 19:36
|
| ch.qos.logback:logback-classic |
CVE-2023-6378 |
高危 |
1.2.3 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
|
| ch.qos.logback:logback-core |
CVE-2023-6378 |
高危 |
1.2.3 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
|
| com.h2database:h2 |
CVE-2021-23463 |
高危 |
1.4.200 |
2.0.202 |
h2database: XXE injection vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23463
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-12-10 20:15 修改: 2024-11-21 05:51
|
| org.apache.logging.log4j:log4j-core |
CVE-2021-45105 |
高危 |
2.13.3 |
2.12.3, 2.17.0, 2.3.1 |
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45105
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-12-18 12:15 修改: 2026-05-29 13:16
|
| com.h2database:h2 |
CVE-2022-45868 |
高危 |
1.4.200 |
2.2.220 |
The web-based admin console in H2 Database Engine before 2.2.220 can b ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45868
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-11-23 21:15 修改: 2024-11-21 07:29
|
| com.mchange:c3p0 |
CVE-2026-27830 |
高危 |
0.9.5.5 |
0.12.0 |
c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27830
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-26 01:16 修改: 2026-04-15 00:35
|
| com.mchange:mchange-commons-java |
CVE-2026-27727 |
高危 |
0.2.19 |
0.4.0 |
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-25 17:25 修改: 2026-03-11 23:30
|
| org.apache.mina:mina-core |
CVE-2019-0231 |
高危 |
2.0.16 |
2.0.21, 2.1.1 |
mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0231
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2019-10-01 20:15 修改: 2024-11-21 04:16
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39139 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39139
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:52
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39141 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39141
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:52
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39144 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39144
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-10-24 14:47
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39145 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39145
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:52
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39146 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39146
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:48
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39147 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39147
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:51
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39148 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39148
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:48
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39149 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39149
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:50
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2022-42252 |
高危 |
9.0.46 |
8.5.83, 9.0.68, 10.0.27, 10.1.1 |
tomcat: request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42252
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-11-01 09:15 修改: 2025-05-06 16:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2022-45143 |
高危 |
9.0.46 |
8.5.84, 9.0.69, 10.1.2 |
tomcat: JsonErrorReportValve injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45143
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-01-03 19:15 修改: 2024-11-21 07:28
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-24998 |
高危 |
9.0.46 |
10.1.5, 11.0.0-M5, 8.5.88, 9.0.71 |
FileUpload: FileUpload DoS with excessive parts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24998
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-02-20 16:15 修改: 2025-11-03 22:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-46589 |
高危 |
9.0.46 |
11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 |
tomcat: HTTP request smuggling via malformed trailer headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-11-28 16:15 修改: 2025-08-07 11:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-34750 |
高危 |
9.0.46 |
11.0.0-M21, 10.1.25, 9.0.90 |
tomcat: Improper Handling of Exceptional Conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-07-03 20:15 修改: 2025-11-03 20:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-50379 |
高危 |
9.0.46 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-17 13:15 修改: 2025-11-03 21:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-56337 |
高危 |
9.0.46 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-20 16:15 修改: 2025-11-03 21:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48988 |
高危 |
9.0.46 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat DoS in multipart upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-16 15:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48989 |
高危 |
9.0.46 |
11.0.10, 10.1.44, 9.0.108 |
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-08-13 13:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-52520 |
高危 |
9.0.46 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-07-10 19:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-53506 |
高危 |
9.0.46 |
9.0.107, 10.1.43, 11.0.9 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-07-10 20:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55752 |
高危 |
9.0.46 |
11.0.11, 10.1.45, 9.0.109 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24880 |
高危 |
9.0.46 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 20:02
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-34483 |
高危 |
9.0.46 |
9.0.116, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 12:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-34487 |
高危 |
9.0.46 |
9.0.117, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34487
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 12:44
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41284 |
高危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:59
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-42498 |
高危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Exposure of HTTP Authentication Header to unexpected hosts during WebS ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:51
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43513 |
高危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:53
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39150 |
高危 |
1.4.17 |
1.4.18 |
xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39150
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 19:15 修改: 2025-05-23 16:48
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39151 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39151
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:49
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39152 |
高危 |
1.4.17 |
1.4.18 |
xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39152
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 19:15 修改: 2025-05-23 16:47
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39153 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39153
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:50
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39154 |
高危 |
1.4.17 |
1.4.18 |
xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39154
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 18:15 修改: 2025-05-23 16:47
|
| org.apache.tomcat:tomcat-catalina |
CVE-2023-46589 |
高危 |
9.0.46 |
11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 |
tomcat: HTTP request smuggling via malformed trailer headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-11-28 16:15 修改: 2025-08-07 11:15
|
| org.apache.tomcat:tomcat-catalina |
CVE-2024-50379 |
高危 |
9.0.46 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-17 13:15 修改: 2025-11-03 21:17
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-48988 |
高危 |
9.0.46 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat DoS in multipart upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-16 15:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-52520 |
高危 |
9.0.46 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-07-10 19:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-55752 |
高危 |
9.0.46 |
11.0.11, 10.1.45, 9.0.109 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-34483 |
高危 |
9.0.46 |
9.0.116, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 12:46
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-34487 |
高危 |
9.0.46 |
9.0.117, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34487
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 12:44
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-41284 |
高危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:59
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-42498 |
高危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Exposure of HTTP Authentication Header to unexpected hosts during WebS ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:51
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43513 |
高危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:53
|
| org.apache.tomcat:tomcat-coyote |
CVE-2022-42252 |
高危 |
9.0.46 |
9.0.68, 10.0.27, 10.1.1 |
tomcat: request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42252
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-11-01 09:15 修改: 2025-05-06 16:15
|
| org.apache.tomcat:tomcat-coyote |
CVE-2023-24998 |
高危 |
9.0.46 |
10.1.5, 11.0.0-M5, 8.5.88, 9.0.71 |
FileUpload: FileUpload DoS with excessive parts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24998
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-02-20 16:15 修改: 2025-11-03 22:16
|
| org.apache.tomcat:tomcat-coyote |
CVE-2024-34750 |
高危 |
9.0.46 |
11.0.0-M21, 10.1.25, 9.0.90 |
tomcat: Improper Handling of Exceptional Conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-07-03 20:15 修改: 2025-11-03 20:16
|
| org.apache.tomcat:tomcat-coyote |
CVE-2025-48989 |
高危 |
9.0.46 |
11.0.10, 10.1.44, 9.0.108 |
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-08-13 13:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat:tomcat-coyote |
CVE-2025-53506 |
高危 |
9.0.46 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-07-10 20:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat:tomcat-coyote |
CVE-2026-24880 |
高危 |
9.0.46 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 20:02
|
| org.apache.tomcat:tomcat-tribes |
CVE-2026-29146 |
高危 |
9.0.46 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29146
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 12:56
|
| org.apache.tomcat:tomcat-util |
CVE-2022-45143 |
高危 |
9.0.46 |
8.5.84, 9.0.69 |
tomcat: JsonErrorReportValve injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45143
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-01-03 19:15 修改: 2024-11-21 07:28
|
| org.apache.tomcat:tomcat-util |
CVE-2024-38286 |
高危 |
9.0.46 |
11.0.0-M21, 10.1.25, 9.0.90 |
tomcat: Denial of Service in Tomcat
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38286
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-11-07 08:15 修改: 2025-11-03 21:16
|
| org.apache.velocity:velocity |
CVE-2020-13936 |
高危 |
1.7 |
|
velocity: arbitrary code execution when attacker is able to modify templates
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13936
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-03-10 08:15 修改: 2024-11-21 05:02
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000338 |
高危 |
1.54 |
1.56 |
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000338
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-01 20:29 修改: 2025-05-05 14:14
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000340 |
高危 |
1.54 |
1.56 |
bouncycastle: Carry propagation bug in math.raw.Nat??? class
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000340
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000342 |
高危 |
1.54 |
1.56 |
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000342
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000343 |
高危 |
1.54 |
1.56 |
bouncycastle: DSA key pair generator generates a weak private key by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000343
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000344 |
高危 |
1.54 |
1.56 |
bouncycastle: DHIES implementation allowed the use of ECB mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000344
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000352 |
高危 |
1.54 |
1.56 |
bouncycastle: ECIES implementation allowed the use of ECB mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000352
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2018-1000180 |
高危 |
1.54 |
1.60 |
bouncycastle: flaw in the low-level interface to RSA key pair generator
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000180
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-05 13:29 修改: 2025-05-12 17:37
|
| com.thoughtworks.xstream:xstream |
CVE-2021-43859 |
高危 |
1.4.17 |
1.4.19 |
xstream: Injecting highly recursive collections or maps can cause a DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43859
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-02-01 12:15 修改: 2025-11-03 22:15
|
| org.clojure:clojure |
CVE-2024-22871 |
高危 |
1.8.0 |
1.11.2, 1.12.0-alpha9 |
An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22871
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-02-29 02:15 修改: 2025-11-04 22:15
|
| com.thoughtworks.xstream:xstream |
CVE-2022-40151 |
高危 |
1.4.17 |
1.4.20 |
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40151
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-09-16 10:15 修改: 2025-05-23 16:51
|
| com.thoughtworks.xstream:xstream |
CVE-2022-41966 |
高危 |
1.4.17 |
1.4.20 |
xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41966
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-12-28 00:15 修改: 2025-05-23 16:51
|
| org.hibernate:hibernate-core |
CVE-2020-25638 |
高危 |
3.6.10.Final |
5.4.24.Final, 5.3.20.Final |
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25638
镜像层: sha256:619d683924f0a70516271b989e4f8da69dfe5c381ae379e1fd79d4c61e8222af
发布日期: 2020-12-02 15:15 修改: 2025-04-23 20:15
|
| org.hibernate:hibernate-core |
CVE-2020-25638 |
高危 |
4.3.11.Final |
5.4.24.Final, 5.3.20.Final |
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25638
镜像层: sha256:619d683924f0a70516271b989e4f8da69dfe5c381ae379e1fd79d4c61e8222af
发布日期: 2020-12-02 15:15 修改: 2025-04-23 20:15
|
| org.hibernate:hibernate-core |
CVE-2020-25638 |
高危 |
5.0.7.Final |
5.4.24.Final, 5.3.20.Final |
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25638
镜像层: sha256:619d683924f0a70516271b989e4f8da69dfe5c381ae379e1fd79d4c61e8222af
发布日期: 2020-12-02 15:15 修改: 2025-04-23 20:15
|
| org.hibernate:hibernate-core |
CVE-2026-0603 |
高危 |
5.4.32.Final |
|
org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0603
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-01-23 07:15 修改: 2026-04-15 00:35
|
| org.jboss.remoting:jboss-remoting |
CVE-2020-35510 |
高危 |
4.0.19.Final |
5.0.20.Final |
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35510
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-06-02 14:15 修改: 2024-11-21 05:27
|
| org.jboss.xnio:xnio-api |
CVE-2023-5685 |
高危 |
3.8.0.Final |
3.8.14.Final |
xnio: StackOverflowException when the chain of notifier states becomes problematically big
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5685
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-22 19:15 修改: 2026-04-15 00:35
|
| org.jdom:jdom2 |
CVE-2021-33813 |
高危 |
2.0.6 |
2.0.6.1 |
jdom: XXE allows attackers to cause a DoS via a crafted HTTP request
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33813
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-06-16 12:15 修改: 2024-11-21 06:09
|
| org.jsoup:jsoup |
CVE-2021-37714 |
高危 |
1.8.3 |
1.14.2 |
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-18 15:15 修改: 2024-11-21 06:15
|
| com.thoughtworks.xstream:xstream |
CVE-2024-47072 |
高危 |
1.4.17 |
1.4.21 |
com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47072
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-11-08 00:15 修改: 2026-04-15 00:35
|
| org.postgresql:postgresql |
CVE-2022-21724 |
高危 |
42.2.20 |
42.2.25, 42.3.2 |
jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21724
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-02-02 12:15 修改: 2025-05-05 17:17
|
| org.postgresql:postgresql |
CVE-2022-31197 |
高危 |
42.2.20 |
42.2.26, 42.4.1, 42.3.7 |
postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31197
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-08-03 19:15 修改: 2025-11-03 22:15
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.2.20 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-29 16:16 修改: 2026-05-01 12:51
|
| com.vaadin:vaadin-server |
CVE-2020-36320 |
高危 |
7.7.14 |
7.7.22 |
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36320
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-04-23 16:15 修改: 2024-11-21 05:29
|
| org.springframework.boot:spring-boot |
CVE-2025-22235 |
高危 |
2.3.12.RELEASE |
3.3.11, 3.4.5 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-04-28 08:15 修改: 2026-04-15 00:35
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
2.3.12.RELEASE |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-28 00:16 修改: 2026-04-30 14:25
|
| org.springframework.boot:spring-boot-autoconfigure |
CVE-2023-20883 |
高危 |
2.3.12.RELEASE |
3.0.7, 2.7.12, 2.6.15, 2.5.15 |
spring-boot: Spring Boot Welcome Page DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20883
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-05-26 17:15 修改: 2025-01-16 15:15
|
| commons-beanutils:commons-beanutils |
CVE-2014-0114 |
高危 |
1.8.3 |
1.9.4 |
1: Class Loader manipulation via request parameters
漏洞详情: https://avd.aquasec.com/nvd/cve-2014-0114
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2014-04-30 10:49 修改: 2026-05-06 22:30
|
| commons-beanutils:commons-beanutils |
CVE-2019-10086 |
高危 |
1.8.3 |
1.9.4 |
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10086
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2019-08-20 21:15 修改: 2024-11-21 04:18
|
| org.springframework.security:spring-security-core |
CVE-2021-22119 |
高危 |
5.3.9.RELEASE |
5.5.1, 5.4.7, 5.3.10, 5.2.11 |
spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22119
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-06-29 17:15 修改: 2024-11-21 05:49
|
| org.springframework.security:spring-security-core |
CVE-2024-22257 |
高危 |
5.3.9.RELEASE |
5.7.12, 5.8.11, 6.1.8, 6.2.3 |
spring-security: Broken Access Control With Direct Use of AuthenticatedVoter
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22257
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-18 15:15 修改: 2026-04-15 00:35
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.8.3 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-05-28 14:15 修改: 2025-11-03 20:19
|
| com.alibaba:fastjson |
CVE-2022-25845 |
高危 |
1.2.58 |
1.2.83 |
fastjson: autoType shutdown restriction bypass leads to deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25845
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-06-10 20:15 修改: 2024-11-21 06:53
|
| commons-collections:commons-collections |
CVE-2015-6420 |
高危 |
3.2.1 |
3.2.2 |
Insecure Deserialization in Apache Commons Collection
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6420
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2015-12-15 05:59 修改: 2026-02-24 19:36
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.11.4 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-25 17:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-beans |
CVE-2022-22970 |
高危 |
5.2.15.RELEASE |
5.2.22.RELEASE, 5.3.20 |
springframework: DoS via data binding to multipartFile or servlet part
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22970
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-12 20:15 修改: 2024-11-21 06:47
|
| org.springframework:spring-context |
CVE-2022-22968 |
高危 |
5.2.15.RELEASE |
5.3.19, 5.2.21.RELEASE |
Framework: Data Binding Rules Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22968
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-04-14 21:15 修改: 2024-11-21 06:47
|
| org.springframework:spring-expression |
CVE-2023-20863 |
高危 |
5.2.15.RELEASE |
6.0.8, 5.3.27, 5.2.24.RELEASE |
springframework: Spring Expression DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20863
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-04-13 20:15 修改: 2025-02-07 17:15
|
| commons-fileupload:commons-fileupload |
CVE-2016-3092 |
高危 |
1.3.1 |
1.3.2 |
tomcat: Usage of vulnerable FileUpload package can result in denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3092
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2016-07-04 22:59 修改: 2026-05-06 22:30
|
| org.springframework:spring-web |
CVE-2024-22243 |
高危 |
5.2.15.RELEASE |
6.1.4, 6.0.17, 5.3.32 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22243
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-02-23 05:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-web |
CVE-2024-22259 |
高危 |
5.2.15.RELEASE |
6.1.5, 6.0.18, 5.3.33 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22259
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-16 05:15 修改: 2025-06-10 15:55
|
| org.springframework:spring-web |
CVE-2024-22262 |
高危 |
5.2.15.RELEASE |
5.3.34, 6.0.19, 6.1.6 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22262
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-04-16 06:15 修改: 2026-04-15 00:35
|
| commons-fileupload:commons-fileupload |
CVE-2023-24998 |
高危 |
1.3.1 |
1.5 |
FileUpload: FileUpload DoS with excessive parts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24998
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-02-20 16:15 修改: 2025-11-03 22:16
|
| org.springframework:spring-webflux |
CVE-2024-38819 |
高危 |
5.2.15.RELEASE |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-19 18:15 修改: 2026-04-15 00:35
|
| commons-fileupload:commons-fileupload |
CVE-2025-48976 |
高危 |
1.3.1 |
1.6.0 |
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48976
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-16 15:15 修改: 2025-11-03 20:19
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
5.2.15.RELEASE |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-19 18:15 修改: 2026-04-15 00:35
|
| org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.26 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-12-01 11:15 修改: 2025-06-18 09:15
|
| org.yaml:snakeyaml |
CVE-2022-25857 |
高危 |
1.26 |
1.31 |
snakeyaml: Denial of Service due to missing nested depth limitation for collections
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-08-30 05:15 修改: 2024-11-21 06:53
|
| xalan:xalan |
CVE-2014-0107 |
高危 |
2.6.0 |
2.7.2 |
Xalan-Java: insufficient constraints in secure processing feature
漏洞详情: https://avd.aquasec.com/nvd/cve-2014-0107
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2014-04-15 23:13 修改: 2026-05-06 22:30
|
| xalan:xalan |
CVE-2022-34169 |
高危 |
2.6.0 |
2.7.3 |
OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-34169
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-07-19 18:15 修改: 2026-05-27 14:16
|
| xerces:xercesImpl |
CVE-2012-0881 |
高危 |
2.9.1 |
2.12.0 |
xml: xerces-j2 hash table collisions CPU usage DoS (oCERT-2011-003)
漏洞详情: https://avd.aquasec.com/nvd/cve-2012-0881
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2017-10-30 16:29 修改: 2025-04-20 01:37
|
| xerces:xercesImpl |
CVE-2013-4002 |
高危 |
2.9.1 |
2.12.0 |
OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4002
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2013-07-23 11:03 修改: 2026-04-29 01:13
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-25854 |
中危 |
9.0.46 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 14:01
|
| com.google.guava:guava |
CVE-2018-10237 |
中危 |
13.0.1 |
24.1.1-android |
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-04-26 21:29 修改: 2024-11-21 03:41
|
| com.thoughtworks.xstream:xstream |
CVE-2021-39140 |
中危 |
1.4.17 |
1.4.18 |
xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39140
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-08-23 19:15 修改: 2025-05-23 16:50
|
| org.apache.mina:mina-core |
CVE-2021-41973 |
中危 |
2.0.16 |
2.1.5, 2.0.22 |
mina-core: infinite loop may lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41973
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-11-01 09:15 修改: 2024-11-21 06:27
|
| io.netty:netty-resolver-dns |
CVE-2026-45673 |
中危 |
4.1.65.Final |
4.2.15.Final, 4.1.135.Final |
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.65.Final |
4.2.15.Final, 4.1.135.Final |
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
13.0.1 |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-06-14 18:15 修改: 2026-02-25 18:16
|
| org.apache.tomcat:tomcat-coyote |
CVE-2023-44487 |
中危 |
9.0.46 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
|
| org.apache.tomcat:tomcat-coyote |
CVE-2024-24549 |
中危 |
9.0.46 |
11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 |
Tomcat: HTTP/2 header handling DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-13 16:15 修改: 2025-10-29 12:15
|
| org.apache.shiro:shiro-core |
CVE-2023-46749 |
中危 |
1.7.1 |
1.13.0, 2.0.0-alpha4 |
shiro: path traversal attack may lead to authentication bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46749
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-01-15 10:15 修改: 2025-11-03 22:16
|
| com.vaadin:vaadin-server |
CVE-2019-25028 |
中危 |
7.7.14 |
7.7.20, 8.8.5 |
Stored cross-site scripting in Grid component in Vaadin 7 and 8
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-25028
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-04-23 16:15 修改: 2024-11-21 04:39
|
| org.apache.shiro:shiro-web |
CVE-2023-46750 |
中危 |
1.7.1 |
1.13.0, 2.0.0-alpha-4 |
shiro: URL redirection to untrusted site in FORM authentication feature
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46750
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-12-14 09:15 修改: 2025-11-03 22:16
|
| org.apache.tomcat:tomcat-util |
CVE-2025-52434 |
中危 |
9.0.46 |
9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52434
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-07-10 19:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat:tomcat-websocket |
CVE-2024-23672 |
中危 |
9.0.62 |
11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 |
Tomcat: WebSocket DoS with incomplete closing handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-13 16:15 修改: 2025-08-07 12:15
|
| commons-io:commons-io |
CVE-2021-29425 |
中危 |
2.4 |
2.7 |
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29425
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-04-13 07:15 修改: 2024-11-21 06:01
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.5 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
|
| com.vaadin:vaadin-server |
CVE-2021-31403 |
中危 |
7.7.14 |
7.7.24, 8.12.3 |
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31403
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-04-23 16:15 修改: 2024-11-21 06:05
|
| com.vaadin:vaadin-server |
CVE-2025-15022 |
中危 |
7.7.14 |
7.7.50, 8.30.0 |
Vaadin vulnerable to Cross-site Scripting
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15022
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-01-05 08:15 修改: 2026-04-15 00:35
|
| com.vaadin:vaadin-server |
CVE-2025-9467 |
中危 |
7.7.14 |
7.7.48, 8.28.2 |
Vaadin Framework possible file bypass via upload validation on the server-side
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9467
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-09-04 10:42 修改: 2026-04-15 00:35
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.65.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-09-04 10:42 修改: 2025-09-08 16:45
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-49128 |
中危 |
2.11.4 |
2.13.0 |
com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-06 22:15 修改: 2026-04-15 00:35
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.11.4 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000339 |
中危 |
1.54 |
1.56 |
bouncycastle: Information leak in AESFastEngine class
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000339
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000341 |
中危 |
1.54 |
1.56 |
bouncycastle: Information exposure in DSA signature generation via timing attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000341
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000345 |
中危 |
1.54 |
1.56 |
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000345
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2020-15522 |
中危 |
1.54 |
1.66 |
bouncycastle: Timing issue within the EC math library
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15522
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-05-20 12:15 修改: 2025-07-17 17:04
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2020-26939 |
中危 |
1.54 |
1.61 |
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-26939
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2020-11-02 22:15 修改: 2025-07-17 17:04
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2023-33201 |
中危 |
1.54 |
|
bouncycastle: potential blind LDAP injection attack using a self-signed certificate
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-07-05 03:15 修改: 2024-11-21 08:05
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2023-33202 |
中危 |
1.54 |
1.70 |
bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-11-23 16:15 修改: 2025-08-18 17:15
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2024-29857 |
中危 |
1.54 |
1.78 |
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-05-14 15:17 修改: 2026-04-15 00:35
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2024-30171 |
中危 |
1.54 |
1.78 |
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-05-14 15:21 修改: 2026-04-15 00:35
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.2.3 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-19 16:15 修改: 2026-04-15 00:35
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.2.3 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-01 08:15 修改: 2026-04-15 00:35
|
| io.netty:netty-codec-http |
CVE-2021-43797 |
中危 |
4.1.65.Final |
4.1.71.Final |
netty: control chars in header names may lead to HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-12-09 19:15 修改: 2024-11-21 06:29
|
| io.netty:netty-codec-http |
CVE-2022-24823 |
中危 |
4.1.65.Final |
4.1.77.Final |
netty: world readable temporary file containing sensitive data
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24823
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-06 12:15 修改: 2024-11-21 06:51
|
| org.codehaus.groovy:groovy |
CVE-2020-17521 |
中危 |
2.4.3 |
2.4.21, 2.5.14, 3.0.7 |
groovy: OS temporary directory leads to information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-17521
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2020-12-07 20:15 修改: 2024-11-21 05:08
|
| org.glassfish:jakarta.el |
CVE-2021-28170 |
中危 |
3.0.3 |
3.0.4 |
jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28170
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-05-26 22:15 修改: 2024-11-21 05:59
|
| org.hibernate.validator:hibernate-validator |
CVE-2023-1932 |
中危 |
6.1.7.Final |
6.2.0.Final |
hibernate-validator: rendering of invalid html with SafeHTML leads to HTML injection and XSS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1932
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-11-07 10:15 修改: 2025-06-24 13:07
|
| org.hibernate.validator:hibernate-validator |
CVE-2025-35036 |
中危 |
6.1.7.Final |
6.2.0.CR1, 7.0.0.CR1 |
hibernate-validator: Hibernate Validator Expression Language Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-35036
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-03 20:15 修改: 2025-09-18 14:19
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.65.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-25 20:15 修改: 2025-09-19 15:10
|
| org.hibernate:hibernate-core |
CVE-2019-14900 |
中危 |
3.6.10.Final |
5.3.18, 5.4.18, 5.5.0.Beta1 |
hibernate: SQL injection issue in Hibernate ORM
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14900
镜像层: sha256:619d683924f0a70516271b989e4f8da69dfe5c381ae379e1fd79d4c61e8222af
发布日期: 2020-07-06 19:15 修改: 2024-11-21 04:27
|
| io.undertow:undertow-core |
CVE-2021-3597 |
中危 |
2.2.2.Final |
2.2.9.Final, 2.0.39.Final |
undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3597
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-24 19:15 修改: 2024-11-21 06:21
|
| org.hibernate:hibernate-core |
CVE-2019-14900 |
中危 |
4.3.11.Final |
5.3.18, 5.4.18, 5.5.0.Beta1 |
hibernate: SQL injection issue in Hibernate ORM
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14900
镜像层: sha256:619d683924f0a70516271b989e4f8da69dfe5c381ae379e1fd79d4c61e8222af
发布日期: 2020-07-06 19:15 修改: 2024-11-21 04:27
|
| io.undertow:undertow-core |
CVE-2023-1973 |
中危 |
2.2.2.Final |
2.2.32.Final, 2.3.13.Final |
undertow: unrestricted request storage leads to memory exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1973
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-11-07 10:15 修改: 2026-04-15 00:35
|
| org.hibernate:hibernate-core |
CVE-2019-14900 |
中危 |
5.0.7.Final |
5.3.18, 5.4.18, 5.5.0.Beta1 |
hibernate: SQL injection issue in Hibernate ORM
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14900
镜像层: sha256:619d683924f0a70516271b989e4f8da69dfe5c381ae379e1fd79d4c61e8222af
发布日期: 2020-07-06 19:15 修改: 2024-11-21 04:27
|
| io.undertow:undertow-core |
CVE-2024-1459 |
中危 |
2.2.2.Final |
2.2.31.Final, 2.3.12.Final |
undertow: directory traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1459
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-02-12 21:15 修改: 2025-10-24 14:15
|
| io.undertow:undertow-core |
CVE-2024-3653 |
中危 |
2.2.2.Final |
2.3.15.Final, 2.2.34.Final |
undertow: LearningPushHandler can lead to remote memory DoS attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3653
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-07-08 22:15 修改: 2026-04-15 00:35
|
| io.undertow:undertow-core |
CVE-2026-3260 |
中危 |
2.2.2.Final |
2.4.0.Beta1 |
undertow: Undertow: Denial of Service due to premature multipart/form-data parsing in GET requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3260
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-03-24 05:16 修改: 2026-04-08 19:11
|
| org.jboss.xnio:xnio-nio |
CVE-2020-14340 |
中危 |
3.8.0.Final |
3.8.2.Final, 3.7.9.Final |
xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14340
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-06-02 13:15 修改: 2024-11-21 05:03
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.65.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-12-16 01:15 修改: 2026-01-02 18:50
|
| mysql:mysql-connector-java |
CVE-2021-2471 |
中危 |
8.0.25 |
8.0.27 |
mysql-connector-java: unauthorized access to critical
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-2471
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-10-20 11:16 修改: 2024-11-21 06:03
|
| org.jsoup:jsoup |
CVE-2022-36033 |
中危 |
1.8.3 |
1.15.3 |
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-08-29 17:15 修改: 2024-11-21 07:12
|
| mysql:mysql-connector-java |
CVE-2022-21363 |
中危 |
8.0.25 |
8.0.28 |
mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21363
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-01-19 12:15 修改: 2024-11-21 06:44
|
| net.sf.json-lib:json-lib |
CVE-2024-47855 |
中危 |
2.4 |
|
json-lib: Mishandling of an unbalanced comment string in json-lib
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47855
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-10-04 06:15 修改: 2026-04-15 00:35
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-41080 |
中危 |
9.0.46 |
8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 |
tomcat: Open Redirect vulnerability in FORM authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-41080
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-08-25 21:15 修改: 2025-08-07 11:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-42795 |
中危 |
9.0.46 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
tomcat: improper cleaning of recycled objects could lead to information leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42795
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-10-10 18:15 修改: 2025-08-07 11:15
|
| org.postgresql:postgresql |
CVE-2022-41946 |
中危 |
42.2.20 |
42.2.27, 42.3.8, 42.4.3, 42.5.1 |
postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41946
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-11-23 20:15 修改: 2025-11-03 22:16
|
| org.postgresql:postgresql |
GHSA-673j-qm5f-xpv8 |
中危 |
42.2.20 |
42.3.3 |
pgjdbc Arbitrary File Write Vulnerability
漏洞详情: https://github.com/advisories/GHSA-673j-qm5f-xpv8
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-02-16 00:08 修改: 2024-01-22 19:35
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-44487 |
中危 |
9.0.46 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
|
| org.python:jython-standalone |
CVE-2013-2027 |
中危 |
2.5.2 |
2.7.2b3 |
Jython creates executables class files with wrong permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2013-2027
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2015-02-13 15:59 修改: 2026-05-06 22:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-45648 |
中危 |
9.0.46 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
tomcat: incorrectly parsed http trailer headers can cause request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45648
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-10-10 19:15 修改: 2025-08-07 11:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-24549 |
中危 |
9.0.46 |
8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 |
Tomcat: HTTP/2 header handling DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-13 16:15 修改: 2025-10-29 12:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49124 |
中危 |
9.0.46 |
11.0.8, 10.1.42, 9.0.106 |
Apache Tomcat installer for Windows has an untrusted search path vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-16 15:15 修改: 2025-10-29 12:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49125 |
中危 |
9.0.46 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-16 15:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-66614 |
中危 |
9.0.46 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-17 19:21 修改: 2026-03-11 16:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-25854 |
中危 |
9.0.46 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-09 20:16 修改: 2026-04-14 14:01
|
| org.apache.tomcat.embed:tomcat-embed-websocket |
CVE-2024-23672 |
中危 |
9.0.46 |
11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 |
Tomcat: WebSocket DoS with incomplete closing handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-03-13 16:15 修改: 2025-08-07 12:15
|
| org.springframework.security:spring-security-core |
CVE-2022-22976 |
中危 |
5.3.9.RELEASE |
5.5.7, 5.6.4 |
springframework: BCrypt skips salt rounds for work factor of 31
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22976
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-19 15:15 修改: 2024-11-21 06:47
|
| org.springframework.security:spring-security-core |
CVE-2024-38827 |
中危 |
5.3.9.RELEASE |
5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 |
spring-security: authorization bypass for case sensitive comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-02 15:15 修改: 2026-04-15 00:35
|
| ognl:ognl |
CVE-2016-3093 |
中危 |
2.6.9 |
3.0.12 |
struts: OGNL cache poisoning can lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3093
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2016-06-07 18:59 修改: 2026-05-06 22:30
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.65.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-06 22:16 修改: 2026-05-11 14:29
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.65.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 14:03
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.65.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 13:14
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.10 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.65.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:24
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
5.2.15.RELEASE |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
|
| org.springframework:spring-core |
CVE-2021-22060 |
中危 |
5.2.15.RELEASE |
5.3.14, 5.2.19 |
springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22060
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-01-10 14:10 修改: 2024-11-21 05:49
|
| org.springframework:spring-core |
CVE-2021-22096 |
中危 |
5.2.15.RELEASE |
5.3.11, 5.2.18 |
springframework: malicious input leads to insertion of additional log entries
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22096
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-10-28 16:15 修改: 2024-11-21 05:49
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.65.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-11-12 16:15 修改: 2025-09-05 14:00
|
| org.springframework:spring-expression |
CVE-2022-22950 |
中危 |
5.2.15.RELEASE |
5.3.17, 5.2.20.RELEASE |
spring-expression: Denial of service via specially crafted SpEL expression
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22950
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-04-01 23:15 修改: 2024-11-21 06:47
|
| org.springframework:spring-expression |
CVE-2023-20861 |
中危 |
5.2.15.RELEASE |
6.0.7, 5.3.26, 5.2.23.RELEASE |
springframework: Spring Expression DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20861
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-03-23 21:15 修改: 2025-02-25 16:15
|
| org.springframework:spring-expression |
CVE-2024-38808 |
中危 |
5.2.15.RELEASE |
5.3.39 |
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38808
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-08-20 08:15 修改: 2025-06-18 12:10
|
| org.springframework:spring-messaging |
CVE-2022-22971 |
中危 |
5.2.15.RELEASE |
5.3.20, 5.2.22.RELEASE |
springframework: DoS with STOMP over WebSocket
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22971
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-05-12 20:15 修改: 2024-11-21 06:47
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.65.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-02-10 22:15 修改: 2025-06-11 15:36
|
| castor:castor |
CVE-2014-3004 |
中危 |
0.9.7 |
|
castor: XML External Entity (XXE) attacks via a crafted XML document
漏洞详情: https://avd.aquasec.com/nvd/cve-2014-3004
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2014-06-11 14:55 修改: 2026-05-06 22:30
|
| org.apache.logging.log4j:log4j-core |
CVE-2021-44832 |
中危 |
2.13.3 |
2.3.2, 2.12.4, 2.17.1 |
log4j-core: remote code execution via JDBC Appender
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44832
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-12-28 20:15 修改: 2026-05-29 20:16
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.13.3 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-12-18 21:15 修改: 2026-01-20 01:15
|
| org.springframework:spring-web |
CVE-2024-38809 |
中危 |
5.2.15.RELEASE |
5.3.38, 6.0.23, 6.1.12 |
org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-09-27 17:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
5.2.15.RELEASE |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.13.3 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-10 16:16 修改: 2026-05-06 16:49
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.13.3 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-10 16:16 修改: 2026-04-24 18:21
|
| org.springframework:spring-webflux |
CVE-2026-22745 |
中危 |
5.2.15.RELEASE |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-29 12:16 修改: 2026-05-04 14:50
|
| ch.qos.logback:logback-core |
CVE-2021-42550 |
中危 |
1.2.3 |
1.2.9 |
logback: remote code execution through JNDI call from within its configuration file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42550
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2021-12-16 19:15 修改: 2024-11-21 06:27
|
| io.netty:netty-handler |
CVE-2023-34462 |
中危 |
4.1.65.Final |
4.1.94.Final |
netty: SniHandler 16MB allocation leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-06-22 23:15 修改: 2024-11-21 08:07
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
5.2.15.RELEASE |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-29 12:16 修改: 2026-05-04 14:50
|
| org.springframework:spring-websocket |
CVE-2025-41254 |
中危 |
5.2.15.RELEASE |
6.2.12 |
org.springframework/spring-core: Spring Framework STOMP CSRF Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41254
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-16 15:15 修改: 2026-04-15 00:35
|
| org.apache.tomcat:tomcat-catalina |
CVE-2023-28708 |
中危 |
9.0.46 |
11.0.0-M3, 10.1.6, 9.0.72, 8.5.86 |
tomcat: not including the secure attribute causes information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28708
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-03-22 11:15 修改: 2025-11-04 20:16
|
| org.apache.tomcat:tomcat-catalina |
CVE-2023-41080 |
中危 |
9.0.46 |
10.1.13, 9.0.80, 8.5.93 |
tomcat: Open Redirect vulnerability in FORM authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-41080
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2023-08-25 21:15 修改: 2025-08-07 11:15
|
| org.yaml:snakeyaml |
CVE-2022-38749 |
中危 |
1.26 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-09-05 10:15 修改: 2024-11-21 07:17
|
| org.yaml:snakeyaml |
CVE-2022-38750 |
中危 |
1.26 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-09-05 10:15 修改: 2024-11-21 07:17
|
| org.yaml:snakeyaml |
CVE-2022-38751 |
中危 |
1.26 |
1.31 |
snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-09-05 10:15 修改: 2024-11-21 07:17
|
| org.yaml:snakeyaml |
CVE-2022-38752 |
中危 |
1.26 |
1.32 |
snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-09-05 10:15 修改: 2024-11-21 07:17
|
| org.yaml:snakeyaml |
CVE-2022-41854 |
中危 |
1.26 |
1.32 |
dev-java/snakeyaml: DoS via stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-11-11 13:15 修改: 2024-11-21 07:23
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-49124 |
中危 |
9.0.46 |
11.0.8, 10.1.42, 9.0.106 |
Apache Tomcat installer for Windows has an untrusted search path vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-16 15:15 修改: 2025-10-29 12:15
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-49125 |
中危 |
9.0.46 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-06-16 15:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-55668 |
中危 |
9.0.46 |
11.0.8, 10.1.42, 9.0.106 |
org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55668
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-08-13 14:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-66614 |
中危 |
9.0.46 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-17 19:21 修改: 2026-03-11 16:16
|
| xerces:xercesImpl |
CVE-2009-2625 |
中危 |
2.9.1 |
2.10.0 |
JDK: XML parsing Denial-Of-Service (6845701)
漏洞详情: https://avd.aquasec.com/nvd/cve-2009-2625
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2009-08-06 15:30 修改: 2026-04-23 00:35
|
| xerces:xercesImpl |
CVE-2020-14338 |
中危 |
2.9.1 |
2.12.0.sp3 |
wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14338
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2020-09-17 15:15 修改: 2024-11-21 05:03
|
| xerces:xercesImpl |
CVE-2022-23437 |
中危 |
2.9.1 |
2.12.2 |
xerces-j2: infinite loop when handling specially crafted XML document payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23437
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-01-24 15:15 修改: 2024-11-21 06:48
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
13.0.1 |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2020-12-10 23:15 修改: 2026-02-23 21:17
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.65.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-09-03 21:15 修改: 2025-09-08 16:46
|
| org.springframework:spring-webflux |
CVE-2026-22740 |
低危 |
5.2.15.RELEASE |
7.0.7, 6.2.18 |
spring-webflux: Spring WebFlux: Denial of Service via temporary file accumulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22740
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-29 12:16 修改: 2026-05-04 14:51
|
| org.springframework:spring-webflux |
CVE-2026-22741 |
低危 |
5.2.15.RELEASE |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-29 12:16 修改: 2026-05-04 14:51
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-46701 |
低危 |
9.0.46 |
9.0.105, 10.1.41, 11.0.7 |
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-05-29 19:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55754 |
低危 |
9.0.46 |
11.0.11, 10.1.45, 9.0.109 |
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-61795 |
低危 |
9.0.46 |
11.0.12, 10.1.47, 9.0.110 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
5.2.15.RELEASE |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-04-29 12:16 修改: 2026-05-04 14:51
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
5.2.15.RELEASE |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-05-16 20:15 修改: 2026-04-15 00:35
|
| org.postgresql:postgresql |
CVE-2022-26520 |
低危 |
42.2.20 |
42.3.3 |
postgresql-jdbc: Arbitrary File Write Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-26520
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2022-03-10 17:47 修改: 2024-11-21 06:54
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24733 |
低危 |
9.0.46 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: security constraint bypass with HTTP/0.9
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-17 19:21 修改: 2026-03-11 16:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43514 |
低危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:46
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.2.3 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2024-12-19 17:15 修改: 2026-04-15 00:35
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-46701 |
低危 |
9.0.46 |
9.0.105, 10.1.41, 11.0.7 |
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-05-29 19:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-55754 |
低危 |
9.0.46 |
11.0.11, 10.1.45, 9.0.109 |
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-61795 |
低危 |
9.0.46 |
11.0.12, 10.1.47, 9.0.110 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000346 |
低危 |
1.54 |
1.56 |
bouncycastle: Other party DH public keys are not fully validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000346
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-24733 |
低危 |
9.0.46 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: security constraint bypass with HTTP/0.9
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-17 19:21 修改: 2026-03-11 16:16
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43514 |
低危 |
9.0.46 |
9.0.118, 10.1.55, 11.0.22 |
Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:46
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.65.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:54
|
| org.apache.shiro:shiro-core |
CVE-2026-23901 |
低危 |
1.7.1 |
2.1.0 |
org.apache.shiro/shiro-core: Apache Shiro: Brute force attack possible to determine valid user names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23901
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-02-10 10:15 修改: 2026-02-12 15:30
|
| org.mozilla:rhino |
CVE-2025-66453 |
低危 |
1.7R4 |
1.7.14.1, 1.7.15.1, 1.8.1 |
Rhino is an open-source implementation of JavaScript written entirely ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66453
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2025-12-03 20:16 修改: 2026-04-14 15:39
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.2.3 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:dcb60b428fd526b53fba6b991ec8984f596a304f9f5ff2cbae3243f43668eb9a
发布日期: 2026-01-22 10:16 修改: 2026-04-15 00:35
|