Lucene search
K

131 matches found

Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network while authenticated with high privileges...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:0 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 4:15 p.m.7 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size in the initval process of HuffTable. An attacker can achieve arbitrary code execution or cause a denial of service by supplying a specially crafted malicious file. Remediation Upgrade libraw to versi...

9.8CVSS6.4AI score0.00504EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 11:36 p.m.4 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth provider callback flow. An attacker can gain unauthorized access to sensitive information by intercepting refresh tokens exposed in URL query parameters through browser...

7.5CVSS5.8AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 6:18 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SimpleVectorStore function when unescaped user-supplied input is used as a filter expression key. An attacker can execute arbitrary code by supplying crafted input that is evaluated by the expression...

9.8CVSS6.3AI score0.00821EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 1:23 a.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

7.8CVSS5.9AI score0.00062EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 6:27 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/23 6:16 p.m.4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...

7.5CVSS6.4AI score0.00393EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/23 6:16 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the NGAP Location Report message handling process. An attacker can cause the application to panic and potentially crash by sending a specially crafted, malformed message. Remediation Upgrade...

8.7CVSS5.9AI score0.00396EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:50 p.m.5 views

CRLF Injection

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized carriage return characters in the data and comment fields of the EventStream class. An attacker can inject arbitrary server-sent...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/05 8:53 p.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

6.4CVSS5.8AI score0.00302EPSS
Exploits1References3
OSV
OSV
added 2026/03/02 9:15 p.m.5 views

CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS7.3AI score0.00771EPSS
Exploits0References9
OSV
OSV
added 2026/02/11 9:16 p.m.12 views

UBUNTU-CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.9AI score0.00619EPSS
Exploits0References6
OSV
OSV
added 2026/02/06 3:54 p.m.5 views

OESA-2026-1288 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loadin...

8.9CVSS5.5AI score0.02667EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 12:31 p.m.2 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the /revisions endpoint, which exposes the full revision history of deleted content to unauthenticated attackers. Remediation Upgrade...

8.7CVSS5.3AI score0.00619EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.7 views

openSUSE 16 Security Update : sbctl (openSUSE-SU-2026:20105-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20105-1 advisory. Changes in sbctl: - Upgrade the embedded golang.org/x/net to 0.46.0 Fixes: bsc1251399, CVE-2025-47911: various algorithms with quadratic...

5.3CVSS7.9AI score0.00502EPSS
Exploits1References9
Snyk
Snyk
added 2026/01/21 4:13 p.m.3 views

Improper Verification of Cryptographic Signature

Overview sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the SM2 signature verification process. An attacker can create a new valid signature for a previously signed message by manipulating an existing signature...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 6:47 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the EnvoyExtensionPolicy resource. An attacker can execute arbitrary commands and access sensitive credentials by injecting malicious Lua scripts. This can lead to privilege escalation, theft of secrets, and...

9.2CVSS7.9AI score0.00567EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/30 8:44 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the system.enableCrossNamespaceCommands when it is enabled on by default. An attacker can perform unauthorized actions in a different namespace by submitting workflow task commands that target namespaces othe...

6.3CVSS7AI score0.00358EPSS
Exploits0References2
Rows per page
Query Builder