浏览 41+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6494 | Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input | Red Hat | Red Hat Ansible Automation Platform 2 | Medium | 5.3 | 2026-04-17 08:18:51 | Deep Dive |
| CVE-2025-9909 | Aap-gateway: improper path validation in gateway allows credential exfiltration | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | Medium | 6.7 | 2026-02-27 07:30:01 | Deep Dive |
| CVE-2025-9908 | Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | Medium | 6.7 | 2026-02-27 07:29:32 | Deep Dive |
| CVE-2025-9907 | Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | Medium | 6.7 | 2026-02-27 07:29:06 | Deep Dive |
| CVE-2026-0598 | Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api | Red Hat | Red Hat Ansible Automation Platform 2 | Medium | 4.2 | 2026-02-06 05:47:57 | Deep Dive |
| CVE-2025-14025 | Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | High | 8.5 | 2026-01-08 13:44:05 | Deep Dive |
| CVE-2025-10894 | Nx: nx/devkit: malicious versions of nx and plugins published to npm | - | - | Critical | 9.6 | 2025-09-24 21:20:31 | Deep Dive |
| CVE-2025-5988 | Aap-gateway: csrf origin checking is disabled | - | - | Medium | 5.3 | 2025-08-04 15:16:44 | Deep Dive |
| CVE-2025-7738 | Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap | Ansible | django-ansible-base | Medium | 4.4 | 2025-07-31 14:12:03 | Deep Dive |
| CVE-2025-53861 | Aap: sensitive cookie(s) set without security flags | Red Hat | Red Hat Ansible Automation Platform 2 | Low | 3.1 | 2025-07-11 12:44:18 | Deep Dive |
| CVE-2025-53862 | Aap: aap-gateway: automation-hub: sensitive information disclosure | Red Hat | Red Hat Ansible Automation Platform 2 | Low | 3.5 | 2025-07-11 12:34:24 | Deep Dive |
| CVE-2025-49520 | Event-driven-ansible: authenticated argument injection in git url in eda project creation | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | High | 8.8 | 2025-06-30 20:45:29 | Deep Dive |
| CVE-2025-49521 | Event-driven-ansible: template injection via git branch and refspec in eda projects | Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 | High | 8.8 | 2025-06-30 20:45:13 | Deep Dive |
| CVE-2025-2877 | Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda | - | - | Medium | 6.5 | 2025-03-28 14:05:18 | Deep Dive |
| CVE-2025-1801 | Aap-gateway: aap-gateway privilege escalation | - | - | High | 8.1 | 2025-03-03 15:03:15 | Deep Dive |
| CVE-2024-11831 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript | - | - | Medium | 5.4 | 2025-02-10 15:27:47 | Deep Dive |
| CVE-2024-11483 | Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5 | - | - | Medium | 5.0 | 2024-11-25 03:54:34 | Deep Dive |
| CVE-2024-11079 | Ansible-core: unsafe tagging bypass via hostvars object in ansible-core | - | - | Medium | 5.5 | 2024-11-11 23:32:56 | Deep Dive |
| CVE-2024-9902 | Ansible-core: ansible-core user may read/write unauthorized content | - | - | Medium | 6.3 | 2024-11-06 09:56:55 | Deep Dive |
| CVE-2024-10033 | Aap-gateway: xss on aap-gateway | - | - | Medium | 6.1 | 2024-10-16 16:59:44 | Deep Dive |