Lucene search
K

188 matches found

Snyk
Snyk
added 2026/03/08 10:0 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the WaveletDenoiseImage function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Red Hat Bugzilla Bug Credit: Hao Ren...

6.8CVSS5.8AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/07 4:46 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readdirectory function. An attacker can cause a denial of service by providing specially crafted input files that trigger an out-of-bounds read during the parsing process. Remediation A fix was pushed into the...

5.5CVSS5.8AI score0.00179EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 12:0 a.m.2 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the parsing process of specially crafted ELF files with the readelf program. An attacker can cause the application to crash by convincing a user to open a malicious file. This is only exploitable if a user processes an...

7.5CVSS5.8AI score0.00502EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/04 10:9 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/server/shutdown endpoint handler. An attacker can repeatedly terminate the server process by sending requests to this endpoint, resulting in continuous server downtime and service disruption. Remediati...

8.7CVSS7.2AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 6:27 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash or become unresponsive by sending malformed requests that trigger uncontrolled recursion, potentially leading to a stack overflow. Remediation A fix was pushed into...

8.7CVSS5.8AI score0.00713EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 12:26 a.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the getData function of the preview component when processing image metadata with an extra command line argument. An attacker can cause a crash or potentially read out-of-bounds memory by supplying specially crafte...

7.5CVSS5.8AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 12:26 a.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the preview component when processing input with an extra command line argument such as -pp. An attacker can cause the application to crash by providing crafted input that triggers an integer overflow, leading to t...

6.9CVSS5.8AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 6:18 a.m.7 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the allowdangerouscode=True which automatically exposes LangChain’s Python REPL tool...

9.8CVSS6AI score0.33694EPSS
Exploits4References2
Snyk
Snyk
added 2026/02/24 3:36 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ClonePixelCacheRepository function. An attacker can cause a crash of the application by supplying a specially crafted image file. Remediation A fix was pushed into the master branch but not yet published...

7.5CVSS5.9AI score0.00429EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 12:38 a.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the -extract process when the specified dimensions exceed those set by -size. An attacker can access sensitive information by submitting specially crafted image files that trigger out-of-bounds memory reads...

5.9CVSS5.5AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 8:28 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in server-side rendering when attribute spreading is performed on elements. An attacker ca...

6.8CVSS5.8AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 9:17 a.m.3 views

Improper Authorization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Authorization in the /protocol/docker-v2/auth endpoint, which does not ensure that the client is in...

5.1CVSS5.9AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 6:5 a.m.3 views

Infinite loop

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker ...

8.7CVSS5.9AI score0.00554EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/16 5:2 a.m.1 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow ...

9.1CVSS5.9AI score0.00225EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/13 6:58 p.m.5 views

Off-by-one Error

Overview bacnet-stack is a None Affected versions of this package are vulnerable to Off-by-one Error. via the tokenizerstring function. An attacker can cause a crash by providing a string literal longer than the buffer limit, which leads to a stack overflow when the function incorrectly writes a...

6.8CVSS5.8AI score0.0024EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/06 3:46 a.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the identityTriggerType function in the pfcpreports.go file. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference. Remediation Upgrade...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/05 9:31 a.m.1 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the preventopenredirect function. An attacker can cause users to be redirected to arbitrary external websites by tricking them into clicking on specially crafted URLs. Remediation A fix was pushed into the master branc...

7.1CVSS5.8AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 10:4 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the attribute handling logic in restHandler/AttributesRestHandlder.go‎, which is accessible over the /attributes endpoint with /orchestrator/attributes?key=apiTokenSecret. A user can obtain the global API Token...

8.8CVSS6.7AI score0.00393EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/03 6:30 p.m.3 views

Command Injection

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Command Injection via the project files import proccess. An attacker can execute arbitrary system commands by uploading a crafted project file containing...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5899

Name of the Vulnerable Software and Affected Versions Apple Vision Pro affected versions not specified Description The issue appears to be a security flaw in vision-related technology, potentially affecting Apple Vision Pro. While no public jailbreak currently exists for iOS 26.0 as of February...

5.4AI score0.00136EPSS
Exploits0References7
Rows per page
Query Builder