Lucene search
K

188 matches found

Snyk
Snyk
added 2026/04/14 11:41 p.m.5 views

Infinite loop

Overview iodine is a fast HTTP / Websocket Server with built-in Pub/Sub support with or without Redis, static file support and many other features, optimized for Ruby MRI on Linux / BSD / macOS. Affected versions of this package are vulnerable to Infinite loop through the fiojsonparse function. A...

8.7CVSS5.8AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:12 p.m.7 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of JSON endpoints that process state-changing requests without verifying the origin or requiring an anti-CSRF token...

5.4CVSS5.8AI score0.00115EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.6 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when parsing XML files. An attacker can cause a denial of service by providing a specially crafted XML file that triggers a heap buffer overflow. Remediation A fix was pushed into the master branch but not yet...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 7:7 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Nikon MakerNote handling process. An attacker can cause crashes or leak information by triggering an unsigned 32-bit integer overflow. This is only exploitable if the system is 32-bit. Remediation...

7.1CVSS5.4AI score0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 4:7 p.m.3 views

Incorrect Behavior Order

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order in the Delegate process when the User parameter is unset and the unit is running. An attacker can cause a system service to terminate unexpectedly by creating or manipulating a unit with these settings. This is...

5.7CVSS5.8AI score0.00086EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:8 a.m.5 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the wolfSSLEVPCipherFinal process. An attacker can obtain unauthorized access to plaintext data by submitting ciphertext with a forged or incorrect authentication tag, as the tag is not...

8.1CVSS5.8AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:6 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of the AES-GCM authentication tag length in the wcPKCS7DecodeAuthEnvelopedData function. An attacker can bypass authentication by truncating the authentication tag, significantly...

8.7CVSS5.8AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.6 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Terminal.runcommand function. An attacker can execute arbitrary operating system commands by supplying crafted input to this function. Remediation A fix was push...

9.8CVSS7.8AI score0.02328EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.5 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the getmimetype function. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A fix was pushed into the mast...

9.8CVSS7.8AI score0.02283EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:30 a.m.7 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview mcp-server-taskwarrior is a MCP server for taskwarrior Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the server.setRequestHandler function. An attacker can execute arbitrary command...

5.3CVSS6AI score0.00647EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:10 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL API when a large number of mutations or queries are included in a single request using aliases or by chaining multiple mutations. An attacker can cause excessive...

8.7CVSS5.8AI score0.00268EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 8:13 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL query batching endpoint. An attacker can exhaust server resources by sending a single HTTP request containing a large number of operations, bypassing per-query...

8.7CVSS5.8AI score0.00435EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 5:22 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...

7.1CVSS5.9AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 8:58 p.m.3 views

Information Exposure

Overview @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Information Exposure in the config.get process. An attacker can obtain sensitive plaintext signing keys by accessing configuration views that expose the secret...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 4:57 p.m.4 views

Unprotected Alternate Channel

Overview Affected versions of this package are vulnerable to Unprotected Alternate Channel due to the omission of confirmation in proxy-mode multiplexing sessions. An attacker can cause unintended data handling by establishing a multiplexed session without explicit confirmation when specific and...

2.5CVSS5.9AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:5 p.m.3 views

Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the absence of authentication checks in the list.json.php template used by multiple plugin endpoints. An attack...

7.5CVSS5.8AI score0.00376EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/31 4:54 p.m.7 views

Incorrect Authorization

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the media download process. An attacker can trigger unauthorized network fetches and disk writes by sending crafted messages to Zalo channels, causing the...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 1:41 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the gdkpixbufjpegimageload function of the JPEG image loader. An attacker can cause application crashes and disrupt service availability by submitting a specially crafted JPEG image that triggers improper...

8.7CVSS7.2AI score0.01069EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 11:24 p.m.4 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the /api/addPackage endpoint. An attacker can access internal network services and exfiltrate sensitive cloud metadata b...

9.6CVSS6AI score0.00397EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 10:32 p.m.1 views

Incorrect Authorization

Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the requireMention process. An attacker can trigger agent-visible system events in group chats that are intended to be mention-gated by sending...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder