| org.bouncycastle:bcprov-jdk18on |
CVE-2025-14813 |
严重 |
1.78 |
1.80.2, 1.81.1, 1.84 |
bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14813
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:16
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.21.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.microsoft.sqlserver:mssql-jdbc |
CVE-2025-59250 |
高危 |
12.10.2 |
10.2.4.jre11, 11.2.4.jre11, 12.2.1.jre11, 12.6.5.jre11, 12.8.2.jre11, 12.10.2.jre11, 13.2.1.jre11 |
JDBC Driver for SQL Server has improper input validation issue
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59250
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2025-10-14 17:16 修改: 2026-06-17 09:45
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.8.0 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.132.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-dns |
CVE-2026-42579 |
高危 |
4.1.132.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.132.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.132.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.132.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-resolver-dns |
CVE-2026-45674 |
高危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-resolver-dns |
CVE-2026-47691 |
高危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.21.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.7.10 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-04-29 16:16 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.132.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.21.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.132.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54516 |
中危 |
2.21.2 |
2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Security bypass due to improper handling of renamed properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54516
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:52
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54517 |
中危 |
2.21.2 |
2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information disclosure via improper JsonView filter application
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54517
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:51
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54518 |
中危 |
2.21.2 |
2.21.4 |
jackson-databind: jackson-databind: Information disclosure and data manipulation via view-based access control bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54518
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-23 22:16 修改: 2026-06-27 20:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.21.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.132.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-resolver-dns |
CVE-2026-45673 |
中危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.132.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.undertow:undertow-core |
CVE-2026-3260 |
中危 |
2.3.24.Final |
2.4.0.Beta1 |
undertow: Undertow: Denial of Service due to premature multipart/form-data parsing in GET requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3260
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-03-24 05:16 修改: 2026-06-17 10:43
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2025-8916 |
中危 |
1.78 |
1.79 |
org.bouncycastle: BouncyCastle denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2025-08-13 10:15 修改: 2026-06-17 10:07
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2026-5588 |
中危 |
1.78 |
1.84 |
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.132.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-0636 |
中危 |
1.78 |
1.84 |
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:17
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.132.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| org.springframework.security:spring-security-web |
CVE-2026-47838 |
中危 |
6.5.10 |
6.5.11 |
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.132.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| ch.qos.logback:logback-core |
CVE-2026-9828 |
低危 |
1.5.32 |
1.5.33 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828
镜像层: sha256:b9708abcccfcc7d787d5798c67d87589ac166c77ecb6e208399cb8e55ab4b4ef
发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05
|