Lucene search
K

126 matches found

Snyk
Snyk
added 5 days ago5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of an upper bound on memory allocation for unacknowledged WebSocket PING frames. An attacker can cause memory exhaustion by sending a rapid sequence of PING messages from a malicious server. Details...

8.7CVSS6AI score0.00609EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/01 8:44 p.m.3 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via unsanitized repository URL components in the webhook endpoint when no secret is configured. An attacker can trigger continuous repository re-cloning, increasing network traffic and...

8.3CVSS6AI score0.00496EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 5:13 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview github.com/opencontainers/runc/libcontainer is a package for a modern container runtime. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in setupPtmx and setupDevSymlinks, which enable file deletion via calls to os.Remove and os.Symlink. An attack...

4.8CVSS5.5AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 3:20 p.m.5 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the host component of a URI when constructing a PSR-7 Uri or Request. An attacker can inject arbitrary HTTP headers by supplying a crafted host value containing ASCII control characters, such as CRLF, which a...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 11:36 a.m.9 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the theme engine due to rendering uploaded Twig templates without a sandbox or strict function restrictions. An attacker can execute arbitrary code on the hosting...

9.9CVSS6.2AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:18 a.m.10 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the API contact filtering due to insufficient recursive sanitization of nested query parameters. An attacker can execute arbitrary SQL commands and potentially access sensitive data or disrupt database integrity by...

7.1CVSS6.1AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:42 p.m.10 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...

9.6CVSS5.6AI score0.00478EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41117

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description The ModelBuilder/Serve component stores sensitive information in cleartext. A remote authenticated actor with permissions to...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/07 9:34 p.m.8 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...

9.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/07 9:21 p.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the PUT /api/echo/like/:id endpoint. An attacker can manipulate engagement metrics by sending repeated unauthenticated requests to the like endpoint, resulting in arbitrary inflation of the favcount value...

6.9CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/07 9:18 p.m.6 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

4.8CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/05/04 5:28 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the ParseIP6Extended function. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted BGP UPDATE message. Remediation Upgrade github.com/osrg/gobgp/v4/pkg/packet/bgp...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 12:14 p.m.9 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ConsulRegistryUtils.deserialize method which fails to without apply an ObjectInputFilter. An attacker can execute arbitrary code by injecting a malicious serialized Java object into the Consul K...

8.8CVSS6.1AI score0.00667EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/27 10:15 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the FileBasedKeyLifecycleManager class while handling contents of .key files. An attacker can execute arbitrary code by placing a crafted serialized Java object in the key directory, which is then...

7.8CVSS6.1AI score0.00342EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 4:15 p.m.4 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size in the initval process of HuffTable. An attacker can achieve arbitrary code execution or cause a denial of service by supplying a specially crafted malicious file. Remediation Upgrade libraw to versi...

9.8CVSS6.4AI score0.00504EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 11:36 p.m.4 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth provider callback flow. An attacker can gain unauthorized access to sensitive information by intercepting refresh tokens exposed in URL query parameters through browser...

7.5CVSS5.8AI score0.00267EPSS
Exploits1References2
Rows per page
Query Builder