浏览 13+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39362 | InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs | inventree | InvenTree | - | - | 2026-04-08 19:32:47 | Deep Dive |
| CVE-2026-35479 | InvenTree Plugin Installation - Insufficient Permissions | inventree | InvenTree | Medium | 6.6 | 2026-04-08 19:27:57 | Deep Dive |
| CVE-2026-35477 | InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape | inventree | InvenTree | Medium | 5.5 | 2026-04-08 19:20:59 | Deep Dive |
| CVE-2026-33531 | InvenTree has Path Traversal In Report Templates | inventree | InvenTree | 中危 | - | 2026-03-26 19:40:51 | Deep Dive |
| CVE-2026-33530 | InvenTree Vulnerable to ORM Filter Injection | inventree | InvenTree | High | 7.7 | 2026-03-26 19:34:51 | Deep Dive |
| CVE-2026-27629 | InvenTree Vulnerable to Server Side Template Injection (SSTI) | inventree | InvenTree | Medium | 5.9 | 2026-02-25 02:48:42 | Deep Dive |
| CVE-2025-49000 | InvenTree has uncontrolled memory allocation via built-in label-sheet plugin | inventree | InvenTree | Low | 3.5 | 2025-06-03 20:54:28 | Deep Dive |
| CVE-2024-47610 | Stored Cross-site Scripting Vulnerability in Markdown Editor | inventree | InvenTree | High | 7.3 | 2024-10-07 20:45:21 | Deep Dive |
| CVE-2022-3355 | Cross-site Scripting (XSS) - Stored in inventree/inventree | inventree | inventree/inventree | 中危 | - | 2022-09-29 09:25:11 | Deep Dive |
| CVE-2022-2134 | Allocation of Resources Without Limits or Throttling in inventree/inventree | inventree | inventree/inventree | 中危 | - | 2022-06-20 00:00:00 | Deep Dive |
| CVE-2022-2113 | Cross-site Scripting (XSS) - Stored in inventree/inventree | inventree | inventree/inventree | 中危 | - | 2022-06-17 10:20:10 | Deep Dive |
| CVE-2022-2112 | Improper Neutralization of Formula Elements in a CSV File in inventree/inventree | inventree | inventree/inventree | 高危 | - | 2022-06-17 10:15:16 | Deep Dive |
| CVE-2022-2111 | Unrestricted Upload of File with Dangerous Type in inventree/inventree | inventree | inventree/inventree | 高危 | - | 2022-06-17 10:10:10 | Deep Dive |