浏览 29+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33896 | Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) | digitalbazaar | forge | High | 7.4 | 2026-03-27 20:50:03 | Deep Dive |
| CVE-2026-33895 | Forge has signature forgery in Ed25519 due to missing S > L check | digitalbazaar | forge | High | 7.5 | 2026-03-27 20:47:54 | Deep Dive |
| CVE-2026-33894 | Forge has signature forgery in RSA-PKCS due to ASN.1 extra field | digitalbazaar | forge | High | 7.5 | 2026-03-27 20:45:50 | Deep Dive |
| CVE-2026-33891 | Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input | digitalbazaar | forge | High | 7.5 | 2026-03-27 20:43:38 | Deep Dive |
| CVE-2025-66030 | node-forge ASN.1 OID Integer Truncation | digitalbazaar | forge | - | - | 2025-11-26 22:23:42 | Deep Dive |
| CVE-2025-66031 | node-forge ASN.1 Unbounded Recursion | digitalbazaar | forge | - | - | 2025-11-26 22:23:26 | Deep Dive |
| CVE-2025-12816 | CVE-2025-12816 | Digital Bazaar | node-forge | - | - | 2025-11-25 19:15:50 | Deep Dive |
| CVE-2025-58361 | Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG | MarceloTessaro | promptcraft-forge-studio | Critical | 9.3 | 2025-09-04 19:43:44 | Deep Dive |
| CVE-2025-58353 | Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns | MarceloTessaro | promptcraft-forge-studio | High | 8.2 | 2025-09-04 19:39:24 | Deep Dive |
| CVE-2025-49824 | conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack | conda-forge | conda-smithy | - | - | 2025-06-17 20:40:02 | Deep Dive |
| CVE-2025-49843 | conda-smithy Has Incorrect Default File Permissions | conda-forge | conda-smithy | - | - | 2025-06-17 20:39:53 | Deep Dive |
| CVE-2025-49842 | conda-forge-webservices Privilege Escalation Risk via Default Docker Root User | conda-forge | conda-forge-webservices | - | - | 2025-06-17 14:02:37 | Deep Dive |
| CVE-2025-49598 | conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing | conda-forge | conda-forge-ci-setup-feedstock | - | - | 2025-06-13 20:22:38 | Deep Dive |
| CVE-2025-35471 | conda-forge openssl-feedstock writable OPENSSLDIR | conda-forge | openssl-feedstock | High | 7.3 | 2025-05-13 01:13:15 | Deep Dive |
| CVE-2025-32784 | conda-forge-webservices has an Unauthorized Artifact Modification Race Condition | conda-forge | conda-forge-webservices | - | - | 2025-04-15 21:56:28 | Deep Dive |
| CVE-2025-31484 | conda-forge infrastructure uses a bad token for Azure's cf-staging access | conda-forge | infrastructure | - | - | 2025-04-02 21:38:03 | Deep Dive |
| CVE-2025-27510 | RCE in the package conda-forge-metadata | conda-forge | conda-forge-metadata | 超危 | - | 2025-03-04 21:48:13 | Deep Dive |
| CVE-2025-22703 | WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | manuelvicedo | Forge – Front-End Page Builder | High | 7.1 | 2025-02-03 14:23:53 | Deep Dive |
| CVE-2025-23027 | BASEHUB_TOKEN commited in next-forge | haydenbleasel | next-forge | 中危 | - | 2025-01-13 19:41:44 | Deep Dive |
| CVE-2024-9160 | Security Misconfiguration in Forge module PEADM | Puppet | PEADM Forge Module | - | - | 2024-09-27 18:58:43 | Deep Dive |