Lucene search
K

187 matches found

Snyk
Snyk
added 2025/06/20 4:42 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the handleNewCR function. An attacker can execute arbitrary commands by submitting a specially crafted custom resource with malicious input fields that can escape the constructed lmeval command. Note: Successful...

5.9CVSS7.8AI score0.00757EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/25 12:30 p.m.4 views

Deserialization of Untrusted Data

Overview inspiremusic is an InspireMusic: A Fundamental Music, Song and Audio Generation Framework and Toolkits Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the load function in the file cli/model.py. An attacker can manipulate internal data...

5.3CVSS6.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/18 12:0 a.m.1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the improper verification of SignatureValue within SignerInfo. An attacker can manipulate the integrity of signed data by crafting a malicious signature that bypasses validation...

9.1CVSS4.7AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/15 9:0 p.m.3 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in hotspot/compiler due to improper handling of buffers in addnode.cpp. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit - GitHub Commit - GitHub Commi...

6.3CVSS6.9AI score0.00492EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/14 11:40 p.m.3 views

Server-side Request Forgery (SSRF)

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the requests wrapper. An attacker can manipulate the request process to access unauthorized data or interact with internal services by...

8.7CVSS7AI score0.00414EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/14 3:41 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the soupmultipartnewfrommessage function. An attacker can induce the server to read out of bounds by sending a specially crafted HTTP request. Remediation A fix was pushed into the master branch but not yet...

8.3CVSS7.1AI score0.00637EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/10 1:49 a.m.2 views

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation due to the behavior of the DisableForwarding directive in sshd8, which fails to disable X11 forwarding and agent forwarding by default. An attacker can bypass intended security restrictions. Remediation A fix...

5.1CVSS6.9AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/09 7:42 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the LoadArchiveFiles function in archive.go. An attacker can disrupt service by supplying an archive whose decompressed size is very large. Remediation A fix was pushed into the...

7.1CVSS6.6AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/10 9:40 p.m.1 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in v8. Remediation A fix was pushed into the...

8.8CVSS6.8AI score0.00324EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/19 11:15 p.m.5 views

Heap-based Buffer Overflow

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. Remediation A fix was...

8.8CVSS6.8AI score0.00648EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/03 5:41 p.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the component grayfindcell. An attacker can cause a crash of the application by sending specially crafted inputs that trigger a segmentation violation. Remediation A fix was pushed into the master branch but...

8.7CVSS6.8AI score0.00402EPSS
Exploits1References2
Snyk
Snyk
added 2025/01/23 12:45 a.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to the component blendtransformedtiledargb.isra.0. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Issue - PoC Credit: keepinggg...

8.2CVSS6.9AI score0.00386EPSS
Exploits1References2
Snyk
Snyk
added 2025/01/22 7:42 p.m.1 views

Out-of-bounds Write

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending...

8.8CVSS7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 6:43 p.m.2 views

Detection of Error Condition Without Action

Overview Affected versions of this package are vulnerable to Detection of Error Condition Without Action when files are being copied from a client to a server. This allows a server to leak the contents of an arbitrary file from the client's machine. Remediation A fix was pushed into the master...

6.9CVSS6.8AI score0.01761EPSS
Exploits1References2
Snyk
Snyk
added 2025/01/08 10:4 a.m.5 views

Missing Authentication for Critical Function

Overview django-mdeditor is an A simple Django app to edit markdown text. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint...

9.8CVSS6.4AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2024/11/08 9:43 p.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free through the ForEachModule process. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Gist - GitHub Issue - GitHub PR Credit: Ziyi Guo...

8.6CVSS6.9AI score0.00221EPSS
Exploits1References2
Snyk
Snyk
added 2024/10/24 5:48 p.m.3 views

Privilege Context Switching Error

Overview aimeos/ai-admin-graphql is an Aimeos Admin GraphQL API extension Affected versions of this package are vulnerable to Privilege Context Switching Error through the SaaS and marketplace setups. An attacker can disrupt service availability by overwhelming the system with requests. Note: The...

7CVSS6.9AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/09 6:46 a.m.2 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to an invalid parse of the title in the vector-intro-page message. Remediation A fix was pushed into the master branch but not yet published. References - Gerrit Wikimedia - GitHub Commit ...

6.9CVSS6.9AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
added 2024/01/18 9:44 p.m.1 views

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the newToken function. An attacker can cause a denial of service by exploiting the memory leak issue. Remediation A fix was pushed into the master branch but not yet published...

5.5CVSS6.8AI score0.00259EPSS
Exploits1References2
Snyk
Snyk
added 2023/07/31 12:0 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation which allows a remote attacker to cause a Denial of Service DoS via a crafted PDF file in OutlineItem::open. Remediation Upgrade poppler to version 25.11.0 or higher. References - Fix Commit - Issue - RedHat...

5.5CVSS5.6AI score0.00927EPSS
Exploits1References2
Rows per page
Query Builder