docker.io/nacos/nacos-server:v3.1.2 linux/amd64

docker.io/nacos/nacos-server:v3.1.2 - Trivy安全扫描结果扫描时间: 2026-06-30 15:47

全部漏洞信息

低危漏洞:38

中危漏洞:65

高危漏洞:57

严重漏洞:7

系统OS: alpine 3.23.3 扫描引擎: Trivy 扫描时间: 2026-06-30 15:47

docker.io/nacos/nacos-server:v3.1.2 (alpine 3.23.3) (alpine)

低危漏洞:30

中危漏洞:50

高危漏洞:46

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libcrypto3	CVE-2026-31789	严重	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
libssl3	CVE-2026-31789	严重	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
lcms2	CVE-2026-41254	高危	2.17-r0	2.19-r0	Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41254 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-18 07:16 修改: 2026-06-17 10:46
libcrypto3	CVE-2026-28387	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libcrypto3	CVE-2026-28388	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libcrypto3	CVE-2026-28389	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Denial of Service vulnerability in CMS processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libcrypto3	CVE-2026-28390	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libcrypto3	CVE-2026-45447	高危	3.5.5-r0	3.5.7-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libcap2	CVE-2026-4878	高危	2.77-r0	2.78-r0	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-09 16:16 修改: 2026-06-27 08:16
libssl3	CVE-2026-28387	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3	CVE-2026-28388	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3	CVE-2026-28389	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Denial of Service vulnerability in CMS processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3	CVE-2026-28390	高危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3	CVE-2026-45447	高危	3.5.5-r0	3.5.7-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
musl	CVE-2026-40200	高危	1.2.5-r21	1.2.5-r23	musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44
musl-utils	CVE-2026-40200	高危	1.2.5-r21	1.2.5-r23	musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44
nghttp2-libs	CVE-2026-27135	高危	1.68.0-r0	1.68.1	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-18 18:16 修改: 2026-06-17 10:26
openjdk17-jre	CVE-2026-22016	高危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22016 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre	CVE-2026-34282	高危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance TLS connection handling (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34282 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:38
openjdk17-jre-headless	CVE-2026-22016	高危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22016 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre-headless	CVE-2026-34282	高危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance TLS connection handling (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34282 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:38
p11-kit	CVE-2026-2100	高危	0.25.5-r2	0.26.2-r0	p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2100 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-26 21:17 修改: 2026-06-22 20:16
p11-kit-trust	CVE-2026-2100	高危	0.25.5-r2	0.26.2-r0	p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2100 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-26 21:17 修改: 2026-06-22 20:16
vim	CVE-2026-34714	高危	9.2.0219-r0	9.2.0272-r0	vim: Vim: Arbitrary code execution via crafted file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34714 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-30 19:16 修改: 2026-06-25 14:49
vim	CVE-2026-34982	高危	9.2.0219-r0	9.2.0280-r0	vim: arbitrary command execution via modeline sandbox bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34982 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:39
vim	CVE-2026-35177	高危	9.2.0219-r0	9.2.0280-r0	vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35177 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-06 18:16 修改: 2026-06-17 10:40
vim	CVE-2026-39881	高危	9.2.0219-r0	9.2.0321-r0	vim: Vim: Arbitrary code execution via command injection in NetBeans interface 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39881 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
vim	CVE-2026-46483	高危	9.2.0219-r0	9.2.0481-r0	vim: command injection when decompressing .tgz archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46483 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-15 15:16 修改: 2026-06-17 10:53
vim	CVE-2026-52858	高危	9.2.0219-r0	9.2.0498-r0	Vim is an open source, command line text editor. Prior to version 9.2. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52858 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
vim	CVE-2026-52859	高危	9.2.0219-r0	9.2.0567-r0	vim: Vim: Denial of Service via out-of-bounds write in terminal handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52859 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
vim	CVE-2026-52860	高危	9.2.0219-r0	9.2.0602-r0	vim: Vim: Arbitrary code execution through Python omni-completion. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52860 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
vim-common	CVE-2026-34714	高危	9.2.0219-r0	9.2.0272-r0	vim: Vim: Arbitrary code execution via crafted file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34714 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-30 19:16 修改: 2026-06-25 14:49
vim-common	CVE-2026-34982	高危	9.2.0219-r0	9.2.0280-r0	vim: arbitrary command execution via modeline sandbox bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34982 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:39
vim-common	CVE-2026-35177	高危	9.2.0219-r0	9.2.0280-r0	vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35177 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-06 18:16 修改: 2026-06-17 10:40
vim-common	CVE-2026-39881	高危	9.2.0219-r0	9.2.0321-r0	vim: Vim: Arbitrary code execution via command injection in NetBeans interface 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39881 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
vim-common	CVE-2026-46483	高危	9.2.0219-r0	9.2.0481-r0	vim: command injection when decompressing .tgz archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46483 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-15 15:16 修改: 2026-06-17 10:53
vim-common	CVE-2026-52858	高危	9.2.0219-r0	9.2.0498-r0	Vim is an open source, command line text editor. Prior to version 9.2. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52858 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
vim-common	CVE-2026-52859	高危	9.2.0219-r0	9.2.0567-r0	vim: Vim: Denial of Service via out-of-bounds write in terminal handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52859 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
vim-common	CVE-2026-52860	高危	9.2.0219-r0	9.2.0602-r0	vim: Vim: Arbitrary code execution through Python omni-completion. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52860 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
xxd	CVE-2026-34714	高危	9.2.0219-r0	9.2.0272-r0	vim: Vim: Arbitrary code execution via crafted file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34714 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-30 19:16 修改: 2026-06-25 14:49
xxd	CVE-2026-34982	高危	9.2.0219-r0	9.2.0280-r0	vim: arbitrary command execution via modeline sandbox bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34982 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:39
xxd	CVE-2026-35177	高危	9.2.0219-r0	9.2.0280-r0	vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35177 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-06 18:16 修改: 2026-06-17 10:40
xxd	CVE-2026-39881	高危	9.2.0219-r0	9.2.0321-r0	vim: Vim: Arbitrary code execution via command injection in NetBeans interface 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39881 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
xxd	CVE-2026-46483	高危	9.2.0219-r0	9.2.0481-r0	vim: command injection when decompressing .tgz archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46483 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-15 15:16 修改: 2026-06-17 10:53
xxd	CVE-2026-52858	高危	9.2.0219-r0	9.2.0498-r0	Vim is an open source, command line text editor. Prior to version 9.2. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52858 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
xxd	CVE-2026-52859	高危	9.2.0219-r0	9.2.0567-r0	vim: Vim: Denial of Service via out-of-bounds write in terminal handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52859 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
xxd	CVE-2026-52860	高危	9.2.0219-r0	9.2.0602-r0	vim: Vim: Arbitrary code execution through Python omni-completion. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-52860 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-11 19:16 修改: 2026-06-17 10:57
zlib	CVE-2026-22184	高危	1.3.1-r2	1.3.2-r0	zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-01-07 21:16 修改: 2026-06-17 10:19
openjdk17-jre	CVE-2026-22021	中危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance certificate chain validation (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22021 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre	CVE-2026-23865	中危	17.0.18_p8-r0	17.0.19_p10-r0	freetype: Information disclosure or denial of service via specially crafted font files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23865 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-02 17:16 修改: 2026-06-17 10:22
libcurl	CVE-2025-14017	中危	8.17.0-r1	8.19.0-r0	curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35
libcurl	CVE-2026-1965	中危	8.17.0-r1	8.19.0-r0	curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16
openjdk17-jre-headless	CVE-2026-22013	中危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22013 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre-headless	CVE-2026-22021	中危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance certificate chain validation (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22021 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre-headless	CVE-2026-23865	中危	17.0.18_p8-r0	17.0.19_p10-r0	freetype: Information disclosure or denial of service via specially crafted font files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23865 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-02 17:16 修改: 2026-06-17 10:22
libcurl	CVE-2026-3783	中危	8.17.0-r1	8.19.0-r0	curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libcurl	CVE-2026-3784	中危	8.17.0-r1	8.19.0-r0	curl: curl: Unauthorized access due to improper HTTP proxy connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libcurl	CVE-2026-3805	中危	8.17.0-r1	8.19.0-r0	curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3805 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libpng	CVE-2026-33416	中危	1.6.55-r0	1.6.56-r0	libpng: libpng: Arbitrary code execution due to use-after-free vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33416 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37
libpng	CVE-2026-33636	中危	1.6.55-r0	1.6.56-r0	libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33636 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37
libpng	CVE-2026-34757	中危	1.6.55-r0	1.6.57-r0	libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34757 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-09 15:16 修改: 2026-06-17 10:39
libpng	CVE-2026-40930	中危	1.6.55-r0	1.6.58-r1	LIBPNG is a reference library for use in applications that process PNG ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40930 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-06-04 16:16 修改: 2026-06-17 10:45
curl	CVE-2026-3784	中危	8.17.0-r1	8.19.0-r0	curl: curl: Unauthorized access due to improper HTTP proxy connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
curl	CVE-2026-3805	中危	8.17.0-r1	8.19.0-r0	curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3805 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
curl	CVE-2025-14017	中危	8.17.0-r1	8.19.0-r0	curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35
vim	CVE-2026-41411	中危	9.2.0219-r0	9.2.0357-r0	vim: Vim: Command injection allows arbitrary code execution via malicious tag files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41411 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-24 17:16 修改: 2026-06-17 10:46
vim	CVE-2026-42307	中危	9.2.0219-r0	9.2.0389-r0	Vim: Vim: Arbitrary code execution via OS command injection in netrw plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42307 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:47
vim	CVE-2026-43961	中危	9.2.0219-r0	9.2.0481-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43961 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
vim	CVE-2026-44656	中危	9.2.0219-r0	9.2.0437-r0	vim: Vim: Arbitrary command execution via :find command-line completion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44656 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:51
vim	CVE-2026-45130	中危	9.2.0219-r0	9.2.0452-r0	vim: Vim: Heap buffer overflow allows arbitrary code execution or denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45130 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:51
curl	CVE-2026-1965	中危	8.17.0-r1	8.19.0-r0	curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16
curl	CVE-2026-3783	中危	8.17.0-r1	8.19.0-r0	curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libcrypto3	CVE-2026-2673	中危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31
libssl3	CVE-2026-2673	中危	3.5.5-r0	3.5.6-r0	openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31
libssl3	CVE-2026-31790	中危	3.5.5-r0	3.5.6-r0	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
libssl3	CVE-2026-34182	中危	3.5.5-r0	3.5.7-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libssl3	CVE-2026-34183	中危	3.5.5-r0	3.5.7-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libssl3	CVE-2026-42764	中危	3.5.5-r0	3.5.7-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
vim-common	CVE-2026-41411	中危	9.2.0219-r0	9.2.0357-r0	vim: Vim: Command injection allows arbitrary code execution via malicious tag files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41411 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-24 17:16 修改: 2026-06-17 10:46
vim-common	CVE-2026-42307	中危	9.2.0219-r0	9.2.0389-r0	Vim: Vim: Arbitrary code execution via OS command injection in netrw plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42307 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:47
vim-common	CVE-2026-43961	中危	9.2.0219-r0	9.2.0481-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43961 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
vim-common	CVE-2026-44656	中危	9.2.0219-r0	9.2.0437-r0	vim: Vim: Arbitrary command execution via :find command-line completion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44656 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:51
vim-common	CVE-2026-45130	中危	9.2.0219-r0	9.2.0452-r0	vim: Vim: Heap buffer overflow allows arbitrary code execution or denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45130 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:51
libssl3	CVE-2026-45445	中危	3.5.5-r0	3.5.7-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libcrypto3	CVE-2026-31790	中危	3.5.5-r0	3.5.6-r0	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
musl	CVE-2026-6042	中危	1.2.5-r21	1.2.5-r22	musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00
libcrypto3	CVE-2026-34182	中危	3.5.5-r0	3.5.7-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
musl-utils	CVE-2026-6042	中危	1.2.5-r21	1.2.5-r22	musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00
libcrypto3	CVE-2026-34183	中危	3.5.5-r0	3.5.7-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libcrypto3	CVE-2026-42764	中危	3.5.5-r0	3.5.7-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libcrypto3	CVE-2026-45445	中危	3.5.5-r0	3.5.7-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
xxd	CVE-2026-41411	中危	9.2.0219-r0	9.2.0357-r0	vim: Vim: Command injection allows arbitrary code execution via malicious tag files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41411 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-24 17:16 修改: 2026-06-17 10:46
xxd	CVE-2026-42307	中危	9.2.0219-r0	9.2.0389-r0	Vim: Vim: Arbitrary code execution via OS command injection in netrw plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42307 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:47
xxd	CVE-2026-43961	中危	9.2.0219-r0	9.2.0481-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43961 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
xxd	CVE-2026-44656	中危	9.2.0219-r0	9.2.0437-r0	vim: Vim: Arbitrary command execution via :find command-line completion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44656 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:51
xxd	CVE-2026-45130	中危	9.2.0219-r0	9.2.0452-r0	vim: Vim: Heap buffer overflow allows arbitrary code execution or denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45130 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-05-08 23:16 修改: 2026-06-17 10:51
openjdk17-jre	CVE-2026-22013	中危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22013 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
zlib	CVE-2026-27171	中危	1.3.1-r2	1.3.2-r0	zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26
libcrypto3	CVE-2026-9076	低危	3.5.5-r0	3.5.7-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04
curl	CVE-2025-14524	低危	8.17.0-r1	8.19.0-r0	curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
curl	CVE-2025-14819	低危	8.17.0-r1	8.19.0-r0	curl: libcurl: Improper certificate validation due to cached TLS settings reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14819 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
libcrypto3	CVE-2026-34180	低危	3.5.5-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libcrypto3	CVE-2026-34181	低危	3.5.5-r0	3.5.7-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libcrypto3	CVE-2026-42766	低危	3.5.5-r0	3.5.7-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
openjdk17-jre	CVE-2026-22007	低危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22007 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre	CVE-2026-22018	低危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance Zip file reading (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22018 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre	CVE-2026-34268	低危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance key generation (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34268 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:38
libcurl	CVE-2025-14524	低危	8.17.0-r1	8.19.0-r0	curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
libcurl	CVE-2025-14819	低危	8.17.0-r1	8.19.0-r0	curl: libcurl: Improper certificate validation due to cached TLS settings reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14819 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
libcrypto3	CVE-2026-42767	低危	3.5.5-r0	3.5.7-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libcrypto3	CVE-2026-42768	低危	3.5.5-r0	3.5.7-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3	CVE-2026-34180	低危	3.5.5-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
openjdk17-jre-headless	CVE-2026-22007	低危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22007 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre-headless	CVE-2026-22018	低危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance Zip file reading (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22018 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:19
openjdk17-jre-headless	CVE-2026-34268	低危	17.0.18_p8-r0	17.0.19_p10-r0	openjdk: Enhance key generation (Oracle CPU 2026-04) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34268 镜像层: sha256:5e0a93d46a7cb23e382eef3747a82bda1aa344f49ca08fb9a4b4efa70ab5b3ad 发布日期: 2026-04-21 21:16 修改: 2026-06-17 10:38
libssl3	CVE-2026-34181	低危	3.5.5-r0	3.5.7-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libssl3	CVE-2026-42766	低危	3.5.5-r0	3.5.7-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3	CVE-2026-42767	低危	3.5.5-r0	3.5.7-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3	CVE-2026-42768	低危	3.5.5-r0	3.5.7-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3	CVE-2026-42769	低危	3.5.5-r0	3.5.7-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3	CVE-2026-42770	低危	3.5.5-r0	3.5.7-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3	CVE-2026-45446	低危	3.5.5-r0	3.5.7-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libssl3	CVE-2026-7383	低危	3.5.5-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02
libssl3	CVE-2026-9076	低危	3.5.5-r0	3.5.7-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04
libcrypto3	CVE-2026-42769	低危	3.5.5-r0	3.5.7-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libcrypto3	CVE-2026-42770	低危	3.5.5-r0	3.5.7-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libcrypto3	CVE-2026-45446	低危	3.5.5-r0	3.5.7-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libcrypto3	CVE-2026-7383	低危	3.5.5-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

Java (jar)

低危漏洞:8

中危漏洞:15

高危漏洞:11

严重漏洞:5

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
org.apache.derby:derby	CVE-2022-46337	严重	10.14.2.0	10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0	A cleverly devised username might bypass LDAP authentication checks. I ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46337 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2023-11-20 09:15 修改: 2026-06-17 05:11
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-41293	严重	10.1.46	9.0.118, 10.1.55, 11.0.22	tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-43512	严重	10.1.46	9.0.118, 10.1.55, 11.0.22	tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-43515	严重	10.1.46	9.0.118, 10.1.55, 11.0.22	tomcat-coyote: tomcat: Improper Authorization allows security bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
org.springframework.security:spring-security-web	CVE-2026-22732	严重	6.4.11	6.5.9, 7.0.4	Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20
com.fasterxml.jackson.core:jackson-databind	CVE-2026-54512	高危	2.18.4	2.18.8, 3.1.4, 2.21.4	jackson-databind contains the general-purpose data-binding functionali ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
com.fasterxml.jackson.core:jackson-databind	CVE-2026-54513	高危	2.18.4	2.18.8, 2.21.4, 3.1.4	jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:00
io.modelcontextprotocol.sdk:mcp-core	CVE-2026-35568	高危	0.14.1	1.0.0	Java-SDK has a DNS Rebinding Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35568 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:40
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-24734	高危	10.1.46	11.0.18, 10.1.52, 9.0.115	tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-24880	高危	10.1.46	9.0.116, 10.1.52, 11.0.20	Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-34483	高危	10.1.46	9.0.116, 10.1.54, 11.0.21	Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-41284	高危	10.1.46	9.0.118, 10.1.55, 11.0.22	Allocation of Resources Without Limits or Throttling vulnerability in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-42498	高危	10.1.46	9.0.118, 10.1.55, 11.0.22	tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-43513	高危	10.1.46	9.0.118, 10.1.55, 11.0.22	Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
org.springframework.boot:spring-boot	CVE-2026-40973	高危	3.4.10	4.0.6, 3.5.14	Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45
com.alipay.sofa:hessian	CVE-2024-46983	高危	3.3.6	3.5.5	SOFA Hessian Remote Command Execution (RCE) Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46983 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:56
commons-lang:commons-lang	CVE-2025-48924	中危	2.6		commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
com.fasterxml.jackson.core:jackson-core	GHSA-72hv-8253-57qq	中危	2.18.4.1	2.21.1, 2.18.6	jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
io.modelcontextprotocol.sdk:mcp-core	CVE-2026-34237	中危	0.14.1	1.0.1, 1.1.1, 0.18.3	MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34237 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-03-31 16:16 修改: 2026-06-17 10:38
org.apache.commons:commons-lang3	CVE-2025-48924	中危	3.17.0	3.18.0	commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
ch.qos.logback:logback-core	CVE-2025-11226	中危	1.5.12	1.5.19, 1.3.16	ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
ch.qos.logback:logback-core	CVE-2024-12798	中危	1.5.12	1.5.13, 1.3.15	logback-core: arbitrary code execution via JaninoEventEvaluator 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
org.apache.tomcat.embed:tomcat-embed-core	CVE-2025-66614	中危	10.1.46	11.0.15, 10.1.50, 9.0.113	tomcat: Client certificate verification bypass due to virtual host mapping 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-25854	中危	10.1.46	9.0.116, 10.1.53, 11.0.20	Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25
org.bouncycastle:bcpkix-jdk18on	CVE-2026-5588	中危	1.79	1.84	bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:59
org.bouncycastle:bcprov-jdk18on	CVE-2026-0636	中危	1.79	1.84	bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-15 10:16 修改: 2026-06-17 10:11
com.fasterxml.jackson.core:jackson-databind	CVE-2026-54514	中危	2.18.4	2.18.8, 2.21.4, 3.1.4	jackson-databind contains the general-purpose data-binding functionali ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
org.springframework.security:spring-security-core	CVE-2026-22751	中危	6.4.11	6.5.10, 7.0.5	Spring Security: JdbcOneTimeTokenService: Spring Security: Authentication bypass due to race condition in One-Time Token login 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22751 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-21 19:16 修改: 2026-06-17 10:20
com.fasterxml.jackson.core:jackson-databind	CVE-2026-54515	中危	2.18.4	3.1.4, 2.18.9, 2.21.5	jackson-databind contains the general-purpose data-binding functionali ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-06-23 21:17 修改: 2026-06-25 16:14
org.springframework:spring-webmvc	CVE-2026-22737	中危	6.2.11	7.0.6, 6.2.17	Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
org.springframework:spring-webmvc	CVE-2026-22745	中危	6.2.11	7.0.7, 6.2.18	spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
org.apache.tomcat.embed:tomcat-embed-core	CVE-2025-61795	低危	10.1.46	11.0.12, 10.1.47, 9.0.110	tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-24733	低危	10.1.46	11.0.15, 10.1.50, 9.0.113	tomcat: security constraint bypass with HTTP/0.9 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
org.springframework.security:spring-security-core	CVE-2026-22746	低危	6.4.11	6.5.10, 7.0.5	Spring Security: Spring Security: Timing attack defense bypass allows information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-43514	低危	10.1.46	9.0.118, 10.1.55, 11.0.22	tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
ch.qos.logback:logback-core	CVE-2024-12801	低危	1.5.12	1.5.13, 1.3.15	logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
ch.qos.logback:logback-core	CVE-2026-1225	低危	1.5.12	1.5.25	ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
org.springframework:spring-webmvc	CVE-2026-22735	低危	6.2.11	7.0.6, 6.2.17	org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
org.springframework:spring-webmvc	CVE-2026-22741	低危	6.2.11	7.0.7, 6.2.18	Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741 镜像层: sha256:e76e1ac1b00288e25476a448d77aa07426b61e5c75a147c891b94b68748652e9 发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20