Lucene search
+L

78 matches found

Snyk
Snyk
added 2026/02/18 6:5 a.m.3 views

Infinite loop

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker ...

8.7CVSS5.9AI score0.00554EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/08 3:51 a.m.6 views

Arbitrary Command Injection

Overview mcp-maigret is a MCP server for maigret - OSINT username search across social networks Affected versions of this package are vulnerable to Arbitrary Command Injection via the searchusername process in index.ts when handling the Username argument. An attacker can execute arbitrary system...

9.8CVSS7AI score0.01741EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/06 3:46 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the identityTriggerType function in the pfcpreports.go file. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference. Remediation Upgrade...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/02 12:0 a.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the xmllint interactive shell when repeatedly providing whitespace-only input. An attacker can exhaust system memory and cause process termination by continuously submitting such...

6.9CVSS5.8AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/27 12:0 a.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the Host header processing when an HTTP proxy is configured. An attacker can cause unintended or unauthorized HTTP requests to be forwarded by injecting additional HTTP headers or request bodies by supplying specially...

6.1CVSS6AI score0.00312EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 12:0 a.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the gbase64encodeclose function. An attacker can cause memory corruption or application crashes by providing excessively large or untrusted input data. Remediation A fix was pushed into the master branch but not...

8.1CVSS5.9AI score0.00304EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/31 1:44 a.m.3 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via the pcapetheraton function. An attacker can cause unintended reads and writes outside the bounds of allocated memory by providing a specially crafted input string. Remediation Upgrade libpcap to version 1.10.6 or...

3.3CVSS5.8AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 7:45 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...

7.5CVSS5.6AI score0.0036EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/10 3:47 p.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ReadTIMImage function. An attacker can access sensitive memory contents by supplying a specially crafted TIM image file with large width and height values, causing an integer overflow and subsequent out-of-boun...

8.7CVSS6.9AI score0.00456EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/26 10:43 p.m.1 views

Integer Overflow or Wraparound

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1 structures containing OIDs with oversized arcs. An attacker can bypass security...

6.3CVSS6.4AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/24 1:0 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the gescapeuristring function. An attacker can cause a heap-based buffer overflow by supplying a string with a very large number of characters requiring escaping, which results in an incorrect...

7.7CVSS7.3AI score0.00313EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/19 10:46 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

8.8CVSS7.5AI score0.10572EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/16 4:40 p.m.3 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound due to improper handling of buffer size calculations in the libregexp engine. An attacker can achieve out-of-bounds memory writes by supplying a specially crafted regular expression that causes an...

8.8CVSS6.1AI score0.00427EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/07 10:45 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the getlinkhashentry function. An attacker can cause an out-of-bounds read by supplying crafted input to the linker process. Remediation A fix was pushed into the master branch but not yet published. References -...

6.1CVSS4.5AI score0.00189EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/21 9:41 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to an improper fix for CVE-2025-6507. An attacker can execute arbitrary code and access unauthorized system files by injecting malicious parameters that bypass regular expression filters by adding...

9.8CVSS9.6AI score0.12993EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/17 6:39 p.m.1 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to improper validation of user-supplied paths in router.go. An attacker can access sensitive files on the server by crafting requests with directory traversal sequences in the URL path. Remediation A fix was...

8.7CVSS6.5AI score0.01527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 1:59 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadOneJNGImage function. An attacker can access data on the heap or cause memory corruption by tricking a user into processing a specially crafted image file. Remediation A fix was pushed into the...

7.6CVSS7.1AI score0.00522EPSS
Exploits1References3
Snyk
Snyk
added 2025/08/11 7:40 a.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the jasimagechclrspc function. An attacker can cause a denial of service by triggering a null pointer dereference during image color space conversion. Remediation A fix was pushed into the master branch but...

5.5CVSS6.8AI score0.0021EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/07 7:43 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the tmplayerparseline function when parsing a subtitle file. An attacker can cause a crash by providing a specially crafted subtitle file that triggers a NULL pointer dereference. Remediation Upgrade gstream...

8.7CVSS7.4AI score0.00459EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/05 2:33 p.m.3 views

Use of Uninitialized Variable

Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable due to the absent check of pimage value before calling opjj2kreadheader function. An attacker can achieve arbitrary code execution or cause a denial of service by supplying a specially crafted image file...

9.8CVSS7.5AI score0.00636EPSS
Exploits1References2
Rows per page
Query Builder