掃描路徑:D:\待辦\GIT\RADSite-Code
| Vulnerability ID | Package | Severity | Installed | Fixed | Title |
|---|---|---|---|---|---|
| CVE-2026-32933 | AutoMapper | HIGH | 3.0.0 | 16.1.1, 15.1.1 |
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
|
| CVE-2026-32933 | AutoMapper | HIGH | 3.3.1 | 16.1.1, 15.1.1 |
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
|
| CVE-2023-44390 | HtmlSanitizer | MEDIUM | 3.4.156 | 8.0.723, 8.1.722-beta |
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
|
| CVE-2026-25543 | HtmlSanitizer | MEDIUM | 3.4.156 | 9.0.892, 9.1.893-beta |
HtmlSanitizer has a bypass via template tag
|
| CVE-2020-26293 | HtmlSanitizer | LOW | 3.4.156 | 5.0.372 |
XSS in HtmlSanitizer
|
| CVE-2023-33170 | Microsoft.AspNet.Identity.Owin | HIGH | 2.2.1 | 2.2.4 |
dotnet: race condition in Core SignInManager
|
| CVE-2020-1045 | Microsoft.Owin | HIGH | 3.1.0 | 4.1.1 |
dotnet: ASP.NET cookie prefix spoofing vulnerability
|
| CVE-2022-29117 | Microsoft.Owin | HIGH | 3.1.0 | 4.2.2 |
dotnet: malicious content causes high CPU and memory usage
|
| CVE-2022-29117 | Microsoft.Owin.Security.Cookies | HIGH | 3.1.0 | 4.2.2 |
dotnet: malicious content causes high CPU and memory usage
|
| CVE-2024-21907 | Newtonsoft.Json | HIGH | 10.0.2 | 13.0.1 |
Improper Handling of Exceptional Conditions in Newtonsoft.Json
|
| CVE-2024-21907 | Newtonsoft.Json | HIGH | 6.0.8 | 13.0.1 |
Improper Handling of Exceptional Conditions in Newtonsoft.Json
|
| CVE-2021-32840 | SharpZipLib | HIGH | 0.86.0 | 1.3.3 |
Path Traversal in SharpZipLib
|
| CVE-2018-1002208 | SharpZipLib | MEDIUM | 0.86.0 | 1.0.0-rc1 |
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
|
| CVE-2021-32840 | SharpZipLib | HIGH | 1.0.0 | 1.3.3 |
Path Traversal in SharpZipLib
|
| CVE-2021-32842 | SharpZipLib | MEDIUM | 1.0.0 | 1.3.3 |
Path Traversal in SharpZipLib
|
| CVE-2018-8292 | System.Net.Http | HIGH | 4.3.3 | 4.3.4 |
Core: information disclosure due to authentication information exposed in a redirect
|
| CVE-2020-29454 | UmbracoCms | MEDIUM | 7.10.4 | 8.10.0 |
Incorrect permission enforcement in UmbracoCms
|
| CVE-2020-5811 | UmbracoCms | MEDIUM | 7.10.4 | 8.9.2 |
Authenticated path traversal in Umbraco CMS
|
| CVE-2020-9472 | UmbracoCms | MEDIUM | 7.10.4 | 8.5.4 |
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
|
| CVE-2020-9471 | UmbracoCms.Core | HIGH | 7.10.4 |
Umbraco CMS Authenticated File Upload
|
|
| CVE-2020-5809 | UmbracoCms.Core | MEDIUM | 7.10.4 |
Umbraco CMS vulnerable to stored XSS
|
|
| CVE-2020-7210 | UmbracoCms.Core | MEDIUM | 7.10.4 | 8.5.0 |
Umbraco CMS vulnerable to CSRF
|
| CVE-2020-9471 | UmbracoCms.Core | HIGH | 7.4.3 |
Umbraco CMS Authenticated File Upload
|
|
| CVE-2020-5809 | UmbracoCms.Core | MEDIUM | 7.4.3 |
Umbraco CMS vulnerable to stored XSS
|
|
| CVE-2020-7210 | UmbracoCms.Core | MEDIUM | 7.4.3 | 8.5.0 |
Umbraco CMS vulnerable to CSRF
|
| CVE-2016-10735 | bootstrap | MEDIUM | 3.0.0 | 3.4.0, 4.0.0-beta.2 |
bootstrap: XSS in the data-target attribute
|
| CVE-2018-14040 | bootstrap | MEDIUM | 3.0.0 | 3.4.0, 4.1.2 |
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
|
| CVE-2018-14042 | bootstrap | MEDIUM | 3.0.0 | 4.1.2, 3.4.0 |
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
|
| CVE-2018-20676 | bootstrap | MEDIUM | 3.0.0 | 3.4.0 |
bootstrap: XSS in the tooltip data-viewport attribute
|
| CVE-2018-20677 | bootstrap | MEDIUM | 3.0.0 | 3.4.0 |
bootstrap: XSS in the affix configuration target property
|
| CVE-2019-8331 | bootstrap | MEDIUM | 3.0.0 | 4.3.1, 3.4.1 |
bootstrap: XSS in the tooltip or popover data-template attribute
|
| CVE-2015-9251 | jQuery | MEDIUM | 1.10.2 | 1.12.2, 3.0.0 |
jquery: Cross-site scripting via cross-domain ajax requests
|
| CVE-2019-11358 | jQuery | MEDIUM | 1.10.2 | 3.4.0 |
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
|
| CVE-2020-11023 | jQuery | MEDIUM | 1.10.2 | 3.5.0 |
jquery: Untrusted code execution via
|
| CVE-2026-40021 | log4net | MEDIUM | 2.0.17 | 3.3.0 |
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...
|
| CVE-2018-1285 | log4net | CRITICAL | 2.0.8 | 2.0.10 |
Apache log4net versions before 2.0.10 do not disable XML external enti ...
|
| CVE-2026-40021 | log4net | MEDIUM | 2.0.8 | 3.3.0 |
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...
|
| Vulnerability ID | Package | Severity | Installed | Fixed | Title |
|---|---|---|---|---|---|
| NSWG-ECO-328 | jquery | HIGH | 1.10.2 | >=3.0.0 |
Cross-Site Scripting (XSS)
|
| CVE-2015-9251 | jquery | MEDIUM | 1.10.2 | 1.12.2, 3.0.0 |
jquery: Cross-site scripting via cross-domain ajax requests
|
| CVE-2019-11358 | jquery | MEDIUM | 1.10.2 | >=3.4.0 |
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
|
| CVE-2020-11023 | jquery | MEDIUM | 1.10.2 | 3.5.0 |
jquery: Untrusted code execution via
|