Lucene search
K

187 matches found

Snyk
Snyk
added 2025/09/19 5:46 a.m.3 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the handling of Bluetooth Low Energy BLE fixed channels, such as SMP or ATT. An attacker can cause the target device to send disconnection requests for fixed channels, which is not permitted by the...

7.1CVSS6.8AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/12 5:42 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper validation in the path comparison process. An attacker can cause a crash or override the contents of a secure cookie by setting a cookie with the secure keyword for an HTTPS site, then redirecting to t...

7.5CVSS6.7AI score0.01301EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/10 3:48 p.m.3 views

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type when functions including List and SignWithFlags process successAgentMsg. This can be triggered by a malicious agent sending a single 0x06 byte SSHAGENTSUCCESS, which is unmarshalled into a...

7.5CVSS7AI score0.00579EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/10 3:42 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.bower:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with...

7.5CVSS6.3AI score0.01099EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/09 12:0 a.m.2 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the key exchange process. An attacker can cause gradual memory exhaustion and potential application crashes by repeatedly initiating key exchanges with incorrect guesses as an...

3.1CVSS5.7AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/25 3:54 p.m.1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the processing of crafted TIFF files. An attacker can cause the application to crash by supplying a specially crafted file. Remediation A fix was pushed into the master branch but not yet published...

5.1CVSS6.9AI score0.00178EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/25 2:41 p.m.3 views

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the PSD Image Decoding functionality. An attacker can execute arbitrary code by supplying a specially crafted .psd file that triggers an integer overflow during stride calculation, leading to a...

8.8CVSS7.9AI score0.00636EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/25 2:41 p.m.2 views

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow via the WebP Image Decoding functionality. An attacker can execute arbitrary code by enticing a user to open a specially crafted .webp animation file, which triggers an integer overflow during stride...

8.8CVSS7.8AI score0.00636EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/22 6:43 a.m.2 views

Open Redirect

Amendment This was deemed not a vulnerability. Overview org.webjars.npm:koa is a Koa web app framework Affected versions of this package are vulnerable to Open Redirect via the redirect function in lib/response.js due to improper input sanitization. An attacker can redirect users to arbitrary...

5.4CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

6.3CVSS6.8AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/12 5:44 p.m.3 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the CBOR data processing. An attacker can gain elevated privileges by providing specially crafted input that triggers excessive recursive calls. Remediation A fix was pushed into t...

6.7CVSS7AI score0.00118EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/26 4:2 a.m.5 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the setrow function. An attacker can cause application instability and potentially execute arbitrary code by supplying a specially crafted image file that triggers improper bounds checking during row data assignment...

7.8CVSS6AI score0.00271EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/24 12:0 a.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the calculation of the session ID during the key exchange process. An attacker can cause a crash of SSH clients or servers by triggering an allocation failure in cryptographic functions. Remediation Upgrade...

5.7CVSS5.7AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/15 7:27 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the DDL component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Details Denial of Service DoS describes a family of attacks, al...

6.9CVSS7AI score0.00559EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/15 7:27 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the DML component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Details Denial of Service DoS describes a family of attacks, all aimed at making a...

7.1CVSS7AI score0.00525EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/15 6:41 p.m.3 views

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via improper handling of possible socket destruction in P2PSocketTcpBase. An attacker can...

8.8CVSS7.7AI score0.00497EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/10 7:56 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the gnutlsfigurecommonciphersuite function. Remediation A fix was pushed into the master branch but not yet published. References - Fix Commit - PoC - Red Hat Bugzilla Bug - Release Notes Credit: Stefan Bühl...

8.3CVSS6.9AI score0.00619EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/07 5:41 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stack-overflow handler in ljstate.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Gist - GitHub Issue Credit: Kutyavin Maxim...

9.1CVSS6.9AI score0.00536EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/07 4:45 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the snapunsink function in ljsnap.c.c, which the IRFSTORE process uses when handling a NULL metatable. An attacker can cause the application to crash or become unresponsive by triggering this condition...

8.7CVSS6.9AI score0.00455EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/29 12:30 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...

8.8CVSS7.8AI score0.00186EPSS
Exploits0References2
Rows per page
Query Builder