Lucene search
K

724 matches found

Snyk
Snyk
added 2026/07/03 8:14 p.m.7 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the ExportToBlob function of the PLY Model Handler component. An attacker can cause memory corruption or application crashes by triggering a double free condition remotely. Remediation There is no fixed version for assimp...

6.5CVSS6.7AI score0.00233EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:50 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00455EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 4:19 p.m.5 views

Deserialization of Untrusted Data

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code, escalate privileges, tamper with dat...

8.5CVSS6.1AI score0.00169EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:26 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...

6.9CVSS5.8AI score0.00335EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 12:40 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the upload process. An attacker can upload arbitrary files into a user's personal file storage by tricking an authenticated user into visiting a malicious page that submits a forged multipart request...

8.6CVSS5.9AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 8:19 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the admin.config.php process. An attacker can modify arbitrary core, module, or plugin configuration options by tricking an authenticated administrator into visiting a malicious page, resulting in...

8.8CVSS5.9AI score0.00176EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:19 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the scraper process. An attacker can access internal network resources by supplying a crafted URL after authenticating. Remediation There is no fixed version for koillection/koillection. References -...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 9:0 p.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...

7.1CVSS6AI score0.00032EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 2:38 p.m.6 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely. Remediation There is no fixed version for org.webjars.npm:image-size. References - GitHub PR - Vulnerability Repor...

8.7CVSS5.3AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/08 11:16 p.m.7 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the bz2.BZ2Decompressor objects. An attacker can cause out-of-bounds writes to a stack buffer by reusing a decompressor object after a decompression error and providing crafted input. This can result in...

8.2CVSS5.5AI score0.00433EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 2:26 p.m.14 views

Use of Weak Hash

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a weak hash algorithm in the hashing.py process of the Palette Handler component. An attacker can compromise data integrity or cause unintend...

5.7CVSS6AI score0.00083EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 10:23 p.m.12 views

Use of Uninitialized Variable

Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable in the readMSAT function. An attacker can cause application crashes or potentially disclose sensitive information by submitting a specially crafted XLS file. Remediation There is no fixed version for libxls...

6.9CVSS5.2AI score0.00228EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/03 6:26 p.m.6 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the DecodeFromBytes function. An attacker can trigger a nil pointer dereference and panic by supplying a malicious BGP UPDATE message with a declared section length shorter than the actual data...

8.7CVSS5.5AI score0.00279EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 6:28 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitrary code, tamper with data, or access sensitive information by providing specially crafted input to the deserialization mechanism. Details...

8.5CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 5:16 a.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Import function in the TTS Configuration Endpoint. An attacker can access internal resources or services by sending crafted requests through the vulnerable endpoint. Remediation Upgrade...

5.8CVSS5AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 8:26 a.m.10 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the readmeshes function of the Half-Life 1 MDL Loader component. An attacker can execute arbitrary code or cause a denial of service by providing a specially crafted MDL file that triggers a heap-based buff...

5.3CVSS6.6AI score0.00125EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 8:26 a.m.9 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the extractanimvalue function of the Half-Life 1 MDL Loader component when processing the num.total argument. An attacker can achieve arbitrary code execution or cause application crashes by supplying...

5.3CVSS6.5AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/31 11:16 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the ImportMeshes function of the glTFImporter component. An attacker can cause a denial of service by triggering a null pointer dereference through local access with low privileges. Remediation There is no...

5CVSS5.2AI score0.00113EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 9:14 p.m.8 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

8.7CVSS5.8AI score0.00397EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 9:14 p.m.8 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

8.7CVSS5.8AI score0.00397EPSS
Exploits0References2
Rows per page
Query Builder