Lucene search
K

187 matches found

Snyk
Snyk
added 2026/06/23 9:23 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 10:21 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP Agent. An attacker can cause a client to accept a response as valid before the client has sent its request by exploiting the timing of HTTP responses. Remediation A fix was...

6.3CVSS6.2AI score0.00359EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the copyString function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:9 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation in the XMLParseBuffer function. An attacker can cause unexpected behavior, including potential data corruption or application crashes, by providing specially crafted input that...

7.5CVSS5.9AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:15 p.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the MagicYUV decoder process in the libavcodec library. An attacker can cause a denial of service or potentially execute arbitrary code by submitting a specially crafted file that triggers an odd sliceheight valu...

8.8CVSS6.2AI score0.00477EPSS
Exploits3References2
Snyk
Snyk
added 2026/06/10 11:13 p.m.6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the ICON decoding. An attacker can cause a crash by providing a specially crafted ICON file that triggers an out-of-bounds heap write. Remediation A fix was pushed into the master branch but not yet published...

8.8CVSS5.3AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.7 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the subimage-search when handling a specially crafted image. An attacker can cause the application to enter an infinite loop and exhaust system resources by providing a malicious image file. Remediation A fix was pushed...

6.5CVSS5.3AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the SF3 encoder when handling crafted multi-frame images. An attacker can cause a heap buffer overwrite by submitting specially crafted image data. Remediation A fix was pushed into the master branch b...

7CVSS5.5AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 9:45 a.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error due to the improper matching of the query destination address and port with the response source address and port when Idns is used in applications as stub resolver over UDP. Remediation A fix was pushed into the...

8.2CVSS5.8AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 4:22 p.m.6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the bacnettagnumberdecode function. An attacker can trigger application crashes or unexpected behavior by providing specially crafted input that leads to reading outside the bounds of allocated memory. Remediation...

8.7CVSS5.3AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 3:39 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the parseinterface function. An attacker can cause a crash of the application by providing a crafted USB configuration descriptor, such as via virtualized USB passthrough, file-based descriptor parsing, or...

6.9CVSS5.8AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 3:45 p.m.22 views

Arbitrary Command Injection

Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not...

9.2CVSS6.1AI score0.00848EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/22 1:14 p.m.14 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the distributed pixel cache process. An attacker can gain unauthorized access to sensitive information by connecting to the server without authentication. Remediation A fix was pushed into the master branch but n...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 8:39 p.m.25 views

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 9:51 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the overlay process. An attacker can cause a crash or potentially access sensitive memory contents by providing a crafted HEIF file that triggers incorrect indexing into the alpha buffer during image compositing...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:37 p.m.12 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the JP2 encoder. An attacker can cause a single-byte heap buffer overwrite by specifying certain options. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Advisory -...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:37 p.m.9 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the fx operation. An attacker can cause a denial of service by supplying a specially crafted argument that triggers a stack overflow. Remediation A fix was pushed into the master branch but not yet published...

6.9CVSS5.8AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:23 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the CREATE TYPE process. An attacker can execute arbitrary SQL functions of their choice by hijacking queries that use searchpath to locate user-defined types, including those defined by extensions. Remediation...

5.4CVSS6.3AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.11 views

Improper Authentication

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authentication when DIGEST authentication is configured. An attacker can gain unauthorized access by providing any...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.11 views

Improper Authorization

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization in the processing of security constraints when multiple method constraints define an HTTP method for the...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References2
Rows per page
Query Builder