Lucene search
K

131 matches found

Snyk
Snyk
added 2025/10/29 6:45 p.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via manipulation of the Forwarded or X-Forwarded-Host headers used to construct password reset confirmation links. An attacker can gain unauthorized access to user accounts by tricking users into clicking a password reset...

8.8CVSS7.4AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/29 6:45 p.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via manipulation of the Forwarded or X-Forwarded-Host headers used to construct password reset confirmation links. An attacker can gain unauthorized access to user accounts by tricking users into clicking a password reset...

8.8CVSS7AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3480

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00735EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6574

Malicious code in bioql PyPI...

10CVSS9AI score0.01209EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-33582

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2938

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00356EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/25 4:39 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...

9.9CVSS8.1AI score0.00477EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/24 3:30 a.m.5 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the SpSessionTerminationSamlPortalFilter. An attacker can gain unauthorized access to user accounts by reusing old session tokens via the SLO API, causing the session to be reinitialized when it should...

6.5CVSS7AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/23 5:37 p.m.6 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

7.5CVSS6.6AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/23 5:37 p.m.8 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

7.5CVSS6.6AI score0.00349EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/15 2:47 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient bounds checking on the authorization header. An attacker can cause excessive memory allocation by sending specially crafted requests, potentially leading to servic...

6.9CVSS6.6AI score0.00362EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/20 8:52 p.m.0 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the RSTSTREAM process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially craft...

8.7CVSS7AI score0.01567EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 1:0 p.m.1 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...

8.8CVSS7.5AI score0.00385EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

6.3CVSS6.8AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/09 2:41 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

8.5CVSS7.1AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 1:3 p.m.10 views

CLSA-2025-1753966983 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u462-b08 GA. That fixes following CVEs: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50106: glyph out-of-memory access and crash...

8.1CVSS6.7AI score0.01058EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/07/30 6:37 a.m.117 views

Exploit for CVE-2025-50460

CVE-2025-50460: Remote Code Execution in modelscope/ms-swift v...

9.8CVSS9.1AI score0.02494EPSS
Exploits1
Snyk
Snyk
added 2025/07/25 2:45 p.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

6.9CVSS6.8AI score0.00602EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/15 7:27 p.m.2 views

Misinterpretation of Input

Overview Affected versions of this package are vulnerable to Misinterpretation of Input in the Optimizer component. A privileged attacker can cause the application to become unresponsive or crash by submitting specially crafted data. Remediation Upgrade libmysqlclient to version 8.1.0 or higher...

5.1CVSS6.8AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/24 8:41 p.m.3 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...

8.7CVSS7.6AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder