Lucene search
K

222 matches found

Snyk
Snyk
‱added 2026/06/21 5:11 p.m.‱5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the storeAtts function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/21 5:11 p.m.‱6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...

7.3CVSS6.2AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/21 5:9 p.m.‱4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the endDoctypeDecl process when handling NOTATION declarations. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted XML input. Remediation A fix...

7.5CVSS6.2AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/17 6:22 p.m.‱6 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and...

8.7CVSS5.9AI score0.0057EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/17 2:4 p.m.‱7 views

Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the error handling process for certain API and WebSocket routes, where unsanitized exception...

6.9CVSS5.8AI score0.00796EPSS
Exploits1References2
Snyk
Snyk
‱added 2026/06/10 11:12 p.m.‱5 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the Floyd-Steinberg dithering when handling images with a mask. An attacker can cause a negative heap buffer overwrite by supplying a specially crafted image file. Remediation A fix was pushed into the master bran...

6.8CVSS5.5AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/10 4:32 p.m.‱5 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the libnfszdrstring function in lib/libnfs-zdr.c when connecting to a specially crafted NFS server. An attacker can cause an integer overflow and potentially execute arbitrary code o...

7.6CVSS6.2AI score0.00192EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/09 6:32 p.m.‱7 views

Covert Channel

Overview Affected versions of this package are vulnerable to Covert Channel information exposure from CMSdecrypt and PKCS7decrypt. An attacker who can supply CMS or S/MIME messages and observe the application's error code and/or decryption output can use the victim's process as an adaptive chosen...

6.3CVSS5.7AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/04 12:25 p.m.‱7 views

Use of Weak Hash

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Use of Weak Hash in the Template.savepilimage function in swift/template/base.py. An attacker can exploit a weakness in cache key integrity to tamper with the...

4.8CVSS5.5AI score0.00075EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/04 6:15 a.m.‱8 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free due to missing handler call depth tracking in the processing of XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers when a policy violation occurs. An attacker can cause memory...

5.9CVSS6AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/06/03 8:24 a.m.‱9 views

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/29 7:18 p.m.‱10 views

SQL Injection

Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to SQL Injection via the deletebymetadata function in the clickhouse backend. An attacker can execute unintended SQL commands by supplying malicious metadata keys and...

8.7CVSS6AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/28 4:50 p.m.‱9 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the bzip2recover utility when processing a specially crafted file. An attacker can cause memory corruption and application crash by supplying a malicious input file. Remediation A fix was pushed into the master...

5.1CVSS5.8AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/19 9:51 p.m.‱9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Chunk process when handling files with a samplesperchunk value of zero. An attacker can cause a segmentation fault and denial of service by providing a specially crafted HEIF file that triggers an unsigned...

7.1CVSS5.8AI score0.00301EPSS
Exploits1References2
Snyk
Snyk
‱added 2026/05/19 9:51 p.m.‱7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the decodemaskimage function. An attacker can cause a heap buffer overflow by providing a crafted HEIF file containing a mask image where the iloc extent exceeds the allocated pixel buffer, leading to...

7.1CVSS6AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/18 5:53 p.m.‱10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the PSD decoder due to a missing check for the list-length resource policy. An attacker can cause excessive resource consumption by providing a specially crafted PSD image that...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/14 7:14 p.m.‱11 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the computehashtosign function. An attacker can cause heap corruption and potentially crash the application by triggering a failure in EVPDigestFinal after memory has already been freed, leading to a second free operation...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/14 3:23 p.m.‱9 views

Use of Externally-Controlled Format String

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Format String in the timeofday function when processing crafted timezone zones. An attacker can access portions of server memory by supplying specially crafted input to the timeofday function. Remediation...

5.3CVSS5.8AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/12 5:21 p.m.‱12 views

Improper Handling of Case Sensitivity

Overview org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by submitting usernames wit...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References2
Snyk
Snyk
‱added 2026/05/12 3:6 p.m.‱8 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated JavaScript output, which is then executed or imported by the...

8.8CVSS6.2AI score0.00395EPSS
Exploits0References2
Rows per page
Query Builder