浏览 25+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33353 | Soft Serve: Authenticated repo import can clone server-local private repositories | charmbracelet | soft-serve | 中危 | - | 2026-03-24 19:39:38 | Deep Dive |
| CVE-2026-30832 | Soft Serve: SSRF via unvalidated LFS endpoint in repo import | charmbracelet | soft-serve | Critical | 9.1 | 2026-03-07 15:57:39 | Deep Dive |
| CVE-2026-24058 | Soft Serve has Critical Authentication Bypass | charmbracelet | soft-serve | - | - | 2026-01-22 22:01:22 | Deep Dive |
| CVE-2026-22253 | Soft Serve is missing an authorization check in LFS lock deletion | charmbracelet | soft-serve | Medium | 5.4 | 2026-01-08 18:39:58 | Deep Dive |
| CVE-2025-64522 | Soft Serve is vulnerable to SSRF through its Webhooks | charmbracelet | soft-serve | Critical | 9.1 | 2025-11-10 22:11:19 | Deep Dive |
| CVE-2025-64494 | Soft Serve does not sanitize ANSI escape sequences in user input | charmbracelet | soft-serve | Medium | 4.6 | 2025-11-08 01:19:01 | Deep Dive |
| CVE-2025-58355 | Soft Serve is vulnerable to arbitrary file writing through its SSH API | charmbracelet | soft-serve | High | 7.7 | 2025-09-03 23:52:24 | Deep Dive |
| CVE-2024-6577 | Unclaimed S3 Bucket Usage in pytorch/serve | pytorch | pytorch/serve | 中危 | - | 2025-03-20 10:10:37 | Deep Dive |
| CVE-2025-22130 | Soft Serve allows path traversal attacks | charmbracelet | soft-serve | 中危 | - | 2025-01-08 15:43:05 | Deep Dive |
| CVE-2024-12103 | Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure | giuse | Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached. | Medium | 5.3 | 2024-12-24 09:21:50 | Deep Dive |
| CVE-2024-43800 | serve-static affected by template injection that can lead to XSS | expressjs | serve-static | Medium | 5.0 | 2024-09-10 14:50:06 | Deep Dive |
| CVE-2024-41956 | Soft Serve allows arbitrary code execution by crafting git-lfs requests | charmbracelet | soft-serve | High | 8.1 | 2024-08-01 22:07:33 | Deep Dive |
| CVE-2024-35198 | TorchServe bypass allowed_urls configuration | pytorch | serve | Critical | 9.8 | 2024-07-18 22:40:08 | Deep Dive |
| CVE-2024-35199 | TorchServe gRPC Port Exposure | pytorch | serve | High | 8.2 | 2024-07-18 22:40:07 | Deep Dive |
| CVE-2023-48299 | TorchServe ZipSlip | pytorch | serve | Medium | 5.3 | 2023-11-21 20:56:00 | Deep Dive |
| CVE-2023-43809 | Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled | charmbracelet | soft-serve | High | 7.5 | 2023-10-04 20:40:42 | Deep Dive |
| CVE-2023-43654 | TorchServe Server-Side Request Forgery | pytorch | serve | Critical | 10.0 | 2023-09-28 22:10:09 | Deep Dive |
| CVE-2022-25847 | serve-lite 跨站脚本漏洞 | - | serve-lite | Medium | 5.4 | 2023-01-25 05:00:02 | Deep Dive |
| CVE-2022-21192 | serve-lite 路径遍历漏洞 | - | serve-lite | High | 7.5 | 2023-01-25 05:00:02 | Deep Dive |
| CVE-2020-7684 | Directory Traversal | - | rollup-plugin-serve | High | 7.5 | 2020-07-17 07:25:12 | Deep Dive |